Hi all! I have a set up of router with two ISP providers. Each on ADSL modem and with public IP address. I''ve the patch from Julian Anastasov applied (routed-2.4.20-9.diff). External interfaces are: eth1 and eth2, internal is: eth0. The modems serve as gateways to my router, so, I simply set them as gateways on correspondent interfaces. Multipath routing is implemented as two nexthop''s: ip route add default table 222 proto static \ nexthop via $GATEWAY1 dev eth1 weight 1 \ nexthop via $GATEWAY2 dev eth2 weight 10 so when I plug-off the eth1 link to first modem, all the traffic moves to go through the eth2 and vice-versa. It works successfully. The problem is that the most probably situation is not when one of my gateways is down (because it''s really a modem and I have full access to it), but when the modem link to one of providers is down. So almost always I have the routes to be present in the system (I think because of the gateways are really up) and cached while one of my provider is down. The point is that the packets passed through the eth2 keep the same route even after my second provider fails (but gateway remains reachable) and they dont want to switch to the eth1. So any connection seems not working. Please, help. How to detect that the link _behind_ a gateway is break? All the time gateways are reachable. _______________________ -- Nikita________________ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
when interface goes down you must flush the cache to generate a new routing table. this perl script cheks and fix this. have you done masquerading from an internal network? cause that does not work for mi..you may help me :) On Mon, 2003-03-03 at 10:43, Никита Винокуров wrote:> Hi all! > > I have a set up of router with two ISP providers. Each on ADSL modem and with public IP address. I''ve the patch from Julian Anastasov applied (routed-2.4.20-9.diff). > External interfaces are: eth1 and eth2, internal is: eth0. The modems serve as gateways to my router, so, I simply set them as gateways on correspondent interfaces. > > Multipath routing is implemented as two nexthop''s: > > ip route add default table 222 proto static \ > nexthop via $GATEWAY1 dev eth1 weight 1 \ > nexthop via $GATEWAY2 dev eth2 weight 10 > > so when I plug-off the eth1 link to first modem, all the traffic moves to go through the eth2 and vice-versa. It works successfully. > > The problem is that the most probably situation is not when one of my gateways is down (because it''s really a modem and I have full access to it), but when the modem link to one of providers is down. So almost always I have the routes to be present in the system (I think because of the gateways are really up) and cached while one of my provider is down. The point is that the packets passed through the eth2 keep the same route even after my second provider fails (but gateway remains reachable) and they dont want to switch to the eth1. So any connection seems not working. > > Please, help. How to detect that the link _behind_ a gateway is break? All the time gateways are reachable. _______________________ > > -- > Nikita________________ > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >-- Esteban Ribicic Network Operation Center UOL-Sinectis S.A. Florida 537 Piso 6, Buenos Aires, Argentina +54-11-4321-9110 Ext 2503 +54-11-4321-9107 Directo eribicic@uolsinectis.com www.uolsinectis.com
-----Original Message----- From: Esteban Ribicic <eribicic@UolSinectis.com> To: vinokurov@mail.ru Date: 03 Mar 2003 12:55:18 -0300 Subject: Re: [LARTC] further than dead gateway detection> when interface goes down you must flush the cache to generate a new > routing table. > this perl script cheks and fix this. >ip route flush cache does not help even it I do it manually The problem is that the route _never_ marked as down because the correspondent gateway successfully reached. The break of the line occures _after_ gateway: internal /eth1----modem1 (gateway1) --X-- Provider1 -------- eth0 |router| \eth2----modem2 (gateway2) --X-- Provider2 ^^^^ ^^^^^ here is no breaks here is possible breaks> have you done masquerading from an internal network? > cause that does not work for mi..you may help me :) > >Yes, I''ve done it by the means of iptables (I have a 2.4.20 kernel). masquarade does not interacts with routing, just put it in the two routes: iptables -t nat -A POSTROUTING -o $IFACE1 -j SNAT --to-source $IP1 ipdables -t nat -A POSTROUTING -o $IFACE2 -j SNAT --to-source $IP2 where $IP1 and $IP2 -- the external addresses of the certain interfaces ($IFACE1 and $IFACE2) may be you need more specific configuration. -- Nikita _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On March 3, 2003 08:22 am, Никита Винокуров wrote:> > have you done masquerading from an internal network? > > cause that does not work for mi..you may help me :) > > Yes, I''ve done it by the means of iptables (I have a 2.4.20 kernel). > > masquarade does not interacts with routing, just put it in the two routes: > > iptables -t nat -A POSTROUTING -o $IFACE1 -j SNAT --to-source $IP1 > ipdables -t nat -A POSTROUTING -o $IFACE2 -j SNAT --to-source $IP2 > > > where $IP1 and $IP2 -- the external addresses of the certain interfaces > ($IFACE1 and $IFACE2)I have this which also works: iptables -t nat -A POSTROUTING -s net/mask -o $IP1 -j MASQUERADE iptables -t nat -A POSTROUTING -s net/mask -o $IP2 -j MASQUERADE Why would it be better to SNAT? -- Regards, Paul Evans _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
-----Original Message----- From: Paul Evans <pevans@catholic.org> To: lartc@mailman.ds9a.nl Date: Mon, 3 Mar 2003 09:38:17 -0800 Subject: Re: Re[2]: [LARTC] further than dead gateway detection> > On March 3, 2003 08:22 am, Никита Винокуров wrote: > > > have you done masquerading from an internal network? > > > cause that does not work for mi..you may help me :) > > > > Yes, I''ve done it by the means of iptables (I have a 2.4.20 kernel). > > > > masquarade does not interacts with routing, just put it in the two routes: > > > > iptables -t nat -A POSTROUTING -o $IFACE1 -j SNAT --to-source $IP1 > > ipdables -t nat -A POSTROUTING -o $IFACE2 -j SNAT --to-source $IP2 > > > > > > where $IP1 and $IP2 -- the external addresses of the certain interfaces > > ($IFACE1 and $IFACE2) > > I have this which also works: > iptables -t nat -A POSTROUTING -s net/mask -o $IP1 -j MASQUERADE > iptables -t nat -A POSTROUTING -s net/mask -o $IP2 -j MASQUERADE > > Why would it be better to SNAT? > >You may use a MASQUERADE tag only if your ip-addresses are assinged dynamycally. In other cases it would be better to set SNAT. -- Nikita _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/