LARTC - Aug 2004 - Load Balance simply doesn´t work...

i´ve been searching for a load balance solution since a month 
ago... what i can say is that it simply doesn´t work. I was 
unable to find one guy that did it with sucess. When "load 
balance" is the subject of the message on the list, the 
message is simply ignored.
So... if it doesn´t work... why LARTC don´t delete it from the 
HOW TO and answer us with some "it simply doesn´t work... 
give up man!". This can save the time of a lot of guys, 
including me....
Tks anyway
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hi, I don''t share your opinion. In fact, I worked hard to get all this
things working and finally it DOES work. I followed the explanation in
the LARTC-HOWTO in section 4.2:

ip route add $P1_NET dev $IF1 src $IP1 table 10
ip route add default via $P1 table 10
ip route add $P2_NET dev $IF2 src $IP2 table 20
ip route add default via $P2 table 20

ip route add $P1_NET dev $IF1 src $IP1  # This may be not necessary
ip route add $P2_NET dev $IF2 src $IP2  # This may be not necessary

## ip route add default via $P1  ## You don''t have to set this default
gw, because you''ll be routing accross this gateway instead of doing
load-balance

ip rule add from $IP1 table T1
ip rule add from $IP2 table T2

ip route add default scope global nexthop via $P1 dev $IF1 weight 1 \
	    nexthop via $P2 dev $IF2 weight 1

That''s all, the last command is the default mutlipath gateway you will
route packets accross.
 
> 
> i´ve been searching for a load balance solution since a month 
> ago... what i can say is that it simply doesn´t work. I was 
> unable to find one guy that did it with sucess. When "load 
> balance" is the subject of the message on the list, the 
> message is simply ignored.
> So... if it doesn´t work... why LARTC don´t delete it from the 
> HOW TO and answer us with some "it simply doesn´t work... 
> give up man!". This can save the time of a lot of guys, 
> including me....
> Tks anyway
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

> 
> ip route add default scope global nexthop via $P1 dev $IF1 weight 1 \
>     nexthop via $P2 dev $IF2 weight 1
> 
This multipath routing command keep coming up as classic 
way to perform multipath routing for NAT access, which I 
considered it as VERY misleading.

It should only be used if you are NOT using NAT.








_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

> > 
> > ip route add default scope global nexthop via $P1 dev 
$IF1 weight 1 \
> >     nexthop via $P2 dev $IF2 weight 1
> > 
> 
> This multipath routing command keep coming up as classic 
> way to perform multipath routing for NAT access, which I 
> considered it as VERY misleading.
> 
> It should only be used if you are NOT using NAT.
You mean that using NAT its impossible to do load balance or 
this is the worng command? If its the wrong command, what´s 
the right one?
Tks A LOT for the response!
Fernando Favero
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

> > >
> > > ip route add default scope global nexthop via $P1 dev
> $IF1 weight 1 \
> > >     nexthop via $P2 dev $IF2 weight 1
> > >
> >
> > This multipath routing command keep coming up as classic
> > way to perform multipath routing for NAT access, which I
> > considered it as VERY misleading.
> >
> > It should only be used if you are NOT using NAT.
>
> You mean that using NAT its impossible to do load balance or
> this is the worng command? If its the wrong command, what´s
> the right one?
Wrong way to do it. Destine for failure !

Imagine if you have several external IP addresses and your connection
to a particular application keep changing from one IP to another ...

Perhaps you won''t see any problem on short sessions or connectionless
application but it is definitely a problem for connection oriented
applications or security conscious applications.









_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hello,

On Fri, 27 Aug 2004, favero@grad.ufsc.br wrote:
> You mean that using NAT its impossible to do load balance or
> this is the worng command? If its the wrong command, what´s
> the right one?
	Don''t disappoint, you can check the following patches
and howtos:

http://www.ssi.bg/~ja/#routes
> Tks A LOT for the response!
> Fernando Favero
Regards

--
Julian Anastasov <ja@ssi.bg>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Cytowanie Julian Anastasov <ja@ssi.bg>:
> 
> 	Hello,
> 
> On Fri, 27 Aug 2004, favero@grad.ufsc.br wrote:
> 
> > You mean that using NAT its impossible to do load balance or
> > this is the worng command? If its the wrong command, what´s
> > the right one?
> 
> 	Don''t disappoint, you can check the following patches
> and howtos:
> 
> http://www.ssi.bg/~ja/#routes
> 
> > Tks A LOT for the response!
> > Fernando Favero
> 
> Regards
> 
> --
> Julian Anastasov <ja@ssi.bg>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 
Hi, everybody again:)

As this subject comes and goes from time to time, I have some personal
observations. I''m personally using such a solution :)

Although this solution works perfectly (in bigger setup like few hundred
machines) it has some drawbacks. One of the biggest is that some applications
WILL NOT WORK. It doesn''t just matter if it is connectionless or not,
it just
depends on security flavour used by the internet side application.
For example I''ve found this:
1. Home Banking - typically online banks are verifying source IP of the
connecting client, so it just breaks almost every connection :(
2. phpBB - depending on setup, this forum also verifies the origin.
etc.

I''ve found some misunderstanding in letters at the list: If you use
Julian''s
patches and the script I''ve proposed single connection goes through
single link
only! during single connection source address and source interface will not be
changed. But different connections with the same target can start from different
 interfaces and that is the source of problems mentioned above. If you login
with one source, get the page and in next connection try to get it from another
ip you are lost :(.

But not everything is lost - policy routing comes as a helper. You can route
some applications via only one connection. But this makes things more
complicated as some BW management may be needed, and performance decreases.

I can say that it works, because for me it works with 4 uplinks, but tuning the
correct settings took some time.

From my point of view using equal cost multipath routing blindly without
provider help is a bit complicated thing. But it is some kind of workaround when
you can''t buy a bigger, single link.

PS. 
Sorry for this long long letter, but I hope it helps.

PS. 
Julian, thanks for linking my script mpath2.sh from your hotwo, as I
haven''t
got ocassion earlier :)

-- 
Robert Kurjata     mailto:rkurjata@ire.pw.edu.pl


-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

On Thursday 26 August 2004 15:06, Marcos Schonfeld wrote:

Hi Marcos,
> ip route add $P1_NET dev $IF1 src $IP1 table 10
> ip route add default via $P1 table 10
> ip route add $P2_NET dev $IF2 src $IP2 table 20
> ip route add default via $P2 table 20
>
> ip route add $P1_NET dev $IF1 src $IP1  # This may be not necessary
> ip route add $P2_NET dev $IF2 src $IP2  # This may be not necessary
>
> ## ip route add default via $P1  ## You don''t have to set this
default
> gw, because you''ll be routing accross this gateway instead of
doing
> load-balance
>
> ip rule add from $IP1 table T1
> ip rule add from $IP2 table T2
shouldn''t this be table 10 and table 20? :)

anyway, I have a problem settings this up. I get:


ip route add 212.71.142.210/29 dev eth1 src 212.71.142.210 table 10
RTNETLINK answers: Invalid argument

ip route add default via 212.71.142.209 table 10
ip route add 61.212.57.152/29 dev eth2 src 61.212.57.152 table 20
ip route add default via 61.212.57.153 table 20

ip route add 212.71.142.210/29 dev eth1 src 212.71.142.210
RTNETLINK answers: Invalid argument

ip route add 61.212.57.152/29 dev eth2 src 61.212.57.152
RTNETLINK answers: File exists

ip rule add from 212.71.142.210 table 10
ip rule add from 61.212.57.152 table 20

strace from 1st RTNETLINK invalid argument:

....
controllen=0, msg_flags=0}, 0) = 36
dup(2)                                  = 4
fcntl64(4, F_GETFL)                     = 0x8002 (flags O_RDWR|O_LARGEFILE)
fstat64(4, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 0), ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0x4b3ed000
_llseek(4, 0, 0xb8526df0, SEEK_CUR)     = -1 ESPIPE (Illegal seek)
write(4, "RTNETLINK answers: Invalid argum"..., 36) = 36
close(4)                                = 0
munmap(0x4b3ed000, 4096)                = 0
brk(0)

any idea what I am doing wrong?

Thanks alot.

-- 
ciao, Marc

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hello, 
>From the looks of it you have the IP Network incorrect, You need to set
this to your Network... for example .. 

ip route add 23.215.4.0/26 dev eth2 src 23.215.4.61 table T2

23.215.4.0 is the network address, because 23.215.4.1 is my gateway for
this interface (Router). If you still have a hard time with it .. You
can post your Netmask and GW and I should be able to figure it out for
you. There may be a way to do it from your IP address, but I had
subnetting and aren''t very good at it :) 



ip route add 212.71.142.210/29 dev eth1 src 212.71.142.210 table 10

On Tue, 2004-08-31 at 11:02, Marc-Christian Petersen
wrote:
> On Thursday 26 August 2004 15:06, Marcos Schonfeld wrote:
> 
> Hi Marcos,
> 
> > ip route add $P1_NET dev $IF1 src $IP1 table 10
> > ip route add default via $P1 table 10
> > ip route add $P2_NET dev $IF2 src $IP2 table 20
> > ip route add default via $P2 table 20
> >
> > ip route add $P1_NET dev $IF1 src $IP1  # This may be not necessary
> > ip route add $P2_NET dev $IF2 src $IP2  # This may be not necessary
> >
> > ## ip route add default via $P1  ## You don''t have to set
this default
> > gw, because you''ll be routing accross this gateway instead of
doing
> > load-balance
> >
> > ip rule add from $IP1 table T1
> > ip rule add from $IP2 table T2
> 
> shouldn''t this be table 10 and table 20? :)
> 
> anyway, I have a problem settings this up. I get:
> 
> 
> ip route add 212.71.142.210/29 dev eth1 src 212.71.142.210 table 10
> RTNETLINK answers: Invalid argument
> 
> ip route add default via 212.71.142.209 table 10
> ip route add 61.212.57.152/29 dev eth2 src 61.212.57.152 table 20
> ip route add default via 61.212.57.153 table 20
> 
> ip route add 212.71.142.210/29 dev eth1 src 212.71.142.210
> RTNETLINK answers: Invalid argument
> 
> ip route add 61.212.57.152/29 dev eth2 src 61.212.57.152
> RTNETLINK answers: File exists
> 
> ip rule add from 212.71.142.210 table 10
> ip rule add from 61.212.57.152 table 20
> 
> strace from 1st RTNETLINK invalid argument:
> 
> ....
> controllen=0, msg_flags=0}, 0) = 36
> dup(2)                                  = 4
> fcntl64(4, F_GETFL)                     = 0x8002 (flags O_RDWR|O_LARGEFILE)
> fstat64(4, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 0), ...}) = 0
> old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) =
> 0x4b3ed000
> _llseek(4, 0, 0xb8526df0, SEEK_CUR)     = -1 ESPIPE (Illegal seek)
> write(4, "RTNETLINK answers: Invalid argum"..., 36) = 36
> close(4)                                = 0
> munmap(0x4b3ed000, 4096)                = 0
> brk(0)
> 
> any idea what I am doing wrong?
> 
> Thanks alot.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

On Tuesday 31 August 2004 17:02, Marc-Christian Petersen wrote:

> ip route add 212.71.142.210/29 dev eth1 src 212.71.142.210 table 10
> RTNETLINK answers: Invalid argument
blubber bleh silly me. I implemented ipcalc.pl in my brain now ;)

-- 
ciao, Marc
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

On Tuesday 31 August 2004 17:32, Marc-Christian Petersen wrote:
> On Tuesday 31 August 2004 17:02, Marc-Christian Petersen wrote:
> > ip route add 212.71.142.210/29 dev eth1 src 212.71.142.210 table 10
> > RTNETLINK answers: Invalid argument
> blubber bleh silly me. I implemented ipcalc.pl in my brain now ;)
hmm, now what:

setting up that script gives me a default route to the 1st providers default 
gateway and all traffic is going through that gateway (1st provider) and the 
2nd isn''t touched in any way. Any idea about it?

-- 
ciao, Marc
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Can you post your Full config?  Might be able to help you out. I had the
same problem until I removed one of my config lines which fixed the
issue (Look at old Posts). 

- Cheers


On Wed, 2004-09-01 at 05:25, Marc-Christian Petersen
wrote:
> On Tuesday 31 August 2004 17:32, Marc-Christian Petersen wrote:
> 
> > On Tuesday 31 August 2004 17:02, Marc-Christian Petersen wrote:
> > > ip route add 212.71.142.210/29 dev eth1 src 212.71.142.210 table
10
> > > RTNETLINK answers: Invalid argument
> > blubber bleh silly me. I implemented ipcalc.pl in my brain now ;)
> 
> hmm, now what:
> 
> setting up that script gives me a default route to the 1st providers
default
> gateway and all traffic is going through that gateway (1st provider) and
the
> 2nd isn''t touched in any way. Any idea about it?
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Cytowanie Marc-Christian Petersen <m.c.p@gmx.net>:
> On Tuesday 31 August 2004 17:32, Marc-Christian Petersen wrote:
> 
> > On Tuesday 31 August 2004 17:02, Marc-Christian Petersen wrote:
> > > ip route add 212.71.142.210/29 dev eth1 src 212.71.142.210 table
10
> > > RTNETLINK answers: Invalid argument
> > blubber bleh silly me. I implemented ipcalc.pl in my brain now ;)
> 
> hmm, now what:
> setting up that script gives me a default route to the 1st providers
default
> gateway and all traffic is going through that gateway (1st provider) and
the
> 2nd isn''t touched in any way. Any idea about it?
> -- 
> ciao, Marc
look at my work about it at:
 http://www.ssi.bg/~ja/tmp/mpath2.sh

maybe it will help :) (it works)

-- 
Robert Kurjata     mailto:rkurjata@ire.pw.edu.pl


-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Is added table 10 to the rt_tables file? :

echo "201 10" >> /etc/iproute2/rt_tables

if no, do it first, one time. Then run the ip route command.

Bye.

Marcos.

Robert Kurjata escribió:
>Cytowanie Marc-Christian Petersen <m.c.p@gmx.net>:
>
>  
>
>>On Tuesday 31 August 2004 17:32, Marc-Christian Petersen wrote:
>>
>>    
>>
>>>On Tuesday 31 August 2004 17:02, Marc-Christian Petersen wrote:
>>>      
>>>
>>>>ip route add 212.71.142.210/29 dev eth1 src 212.71.142.210 table
10
>>>>RTNETLINK answers: Invalid argument
>>>>        
>>>>
>>>blubber bleh silly me. I implemented ipcalc.pl in my brain now ;)
>>>      
>>>
>>hmm, now what:
>>setting up that script gives me a default route to the 1st providers
default
>>gateway and all traffic is going through that gateway (1st provider) and
the
>>2nd isn''t touched in any way. Any idea about it?
>>-- 
>>ciao, Marc
>>    
>>
>
>look at my work about it at:
> http://www.ssi.bg/~ja/tmp/mpath2.sh
>
>maybe it will help :) (it works)
>
>  
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/