LARTC - Jul 2005 - Loadbalancing how to ? ? ? ?

I have 2 ADSL ad1 and ad2 , one PC for my firewall and some deamon on it
with 3 ethernet : eth0 connect to my LAN ( 192.168.60.0/24 ) and 2 other
connect to ad1 and ad2

 

 
|eth1 (10.0.1.2)--------------------ad1 ( ADSL 1 )

 
|

My LAN(192.168.60.0/24) |---------eth0( 192.168.60.2)--> PC

 
|

 
|eth2 (10.0.2.2)---------------------ad2 (ADSL 2 )

 

All computer   in LAN has default router = 191.168.60.2 ( eth0 of PC )

 

In the /etc/network/option I enable the forwardable = 1

 

I use iptable to NAT the outgoing of eth1 and eth2 

 

Iptables -t nat -A POSTROUTING -s 192.168.60.0/24 -o eth1 -j SNAT -to
10.0.1.2

 

Iptables -t nat -A POSTROUTING -s 192.168.60.0/24 -o eth2 -j SNAT -to
10.0.2.2

 

Ofcause by default the eth1 will always be forwarded from LAN and nerver the
ADSL 2 was use

 

The ideal of mine is  writing a programe loadbalancing for n line ADSL
contact to one PC as gateway  ,But when the packet reach the eth0 , how to
control it forwarld to eth1 or eth2 is my problem . 

 

If I could do that , maybe I could find the way to loadbalacing n line ADSL
as one biger . If someone know how to or have some idea , give me some
information :-)

 

Thank for reading

 

 



_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

> Iptables -t nat -A POSTROUTING -s 192.168.60.0/24 -j SNAT -to
> 10.0.1.2,10.0.2.2
> 
>  
this does some primitive lb i think :
man iptables says : 

You can add several --to-source options.  If  you  specify  more
              than one source address, either via an address range or multiple
              --to-source options, a simple round-robin (one after another  in
              cycle) takes place between these adresses.


-- 
*Dariusz ''tdi'' Dwornikowski | Gentoo | admin at pozman.pl    
|
*[JID]:tdi@gentoo.pl|[gg]:2266034|[IRC]:#gentoo-pl@freenode   |
*[MAIL]:tdi@pozman.pl|[WWW]:www.tdi.pozman.pl                 | 
*Serwery,administracja,webapps - www.ProAdmin.com.pl          |
*Fingerprint:43E21CC46DAFD2F754E91547D59B39F56AAA4B5F         |


_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Witaj Cao,

W Twoim liście datowanym 2 lipca 2005 (17:40:05) można przeczytać:

CVK> I have 2 ADSL ad1 and ad2 , one PC for my firewall and some
CVK> deamon on it with 3 ethernet : eth0 connect to my LAN (

This question comes and goes on this list :)

Please read information at: http://www.ssi.bg/~ja/ , especially
http://www.ssi.bg/~ja/nano.txt
and you can try my script http://www.ssi.bg/~ja/tmp/mpath2.sh to
load balance 2 (or more - I was using 4) connections with great
success. No daemon needed :)

There are also other solutions in list archive.

IMHO the routing code has precedence over iptables so it chooses the
outgoing interface over which the iptables will SNAT in input routing
process. And thats why you will not see the effect in this setup (thi
interface has already been chosen). It is possible (and
reasonable) to SNAT to multiple IPs residing on one interface.

Correct me if I''m wrong, please...:)

-- 
Greetings,
 Robert Kurjata

Is it possible to combine the 2 or 4 ADSL line into 1 line (big pipe)?

Regards,
ro0ot


Robert Kurjata wrote:
>Witaj Cao,
>
>W Twoim liście datowanym 2 lipca 2005 (17:40:05) można przeczytać:
>
>CVK> I have 2 ADSL ad1 and ad2 , one PC for my firewall and some
>CVK> deamon on it with 3 ethernet : eth0 connect to my LAN (
>
>This question comes and goes on this list :)
>
>Please read information at: http://www.ssi.bg/~ja/ , especially
http://www.ssi.bg/~ja/nano.txt
>and you can try my script http://www.ssi.bg/~ja/tmp/mpath2.sh to
>load balance 2 (or more - I was using 4) connections with great
>success. No daemon needed :)
>
>There are also other solutions in list archive.
>
>IMHO the routing code has precedence over iptables so it chooses the
>outgoing interface over which the iptables will SNAT in input routing
>process. And thats why you will not see the effect in this setup (thi
>interface has already been chosen). It is possible (and
>reasonable) to SNAT to multiple IPs residing on one interface.
>
>Correct me if I''m wrong, please...:)
>
>  
>

Witaj ro0ot,

W Twoim liście datowanym 3 lipca 2005 (18:25:32) można przeczytać:

r> Is it possible to combine the 2 or 4 ADSL line into 1 line (big pipe)?

As I already wrote: Yes, (more or less :) with some limitations. All
those "blind" loadbalancing solutions have one BIG drawback - they
work for setups with lots and lots of concurent connections [cause
single connection has to use single line], and one smaller but annoying -
they cannot guarantee that subsequent reqests to the same host will
use the same source IP - home banking affected most.


r> Regards,
r> ro0ot


r> Robert Kurjata wrote:
>>Witaj Cao,
>>
>>W Twoim liście datowanym 2 lipca 2005 (17:40:05) można przeczytać:
>>
>>CVK> I have 2 ADSL ad1 and ad2 , one PC for my firewall and some
>>CVK> deamon on it with 3 ethernet : eth0 connect to my LAN (
>>
>>This question comes and goes on this list :)
>>
>>Please read information at: http://www.ssi.bg/~ja/ , especially
http://www.ssi.bg/~ja/nano.txt
>>and you can try my script http://www.ssi.bg/~ja/tmp/mpath2.sh to
>>load balance 2 (or more - I was using 4) connections with great
>>success. No daemon needed :)
>>
>>There are also other solutions in list archive.
>>
>>IMHO the routing code has precedence over iptables so it chooses the
>>outgoing interface over which the iptables will SNAT in input routing
>>process. And thats why you will not see the effect in this setup (thi
>>interface has already been chosen). It is possible (and
>>reasonable) to SNAT to multiple IPs residing on one interface.
>>
>>Correct me if I''m wrong, please...:)
>>
>>  
>>



-- 
Pozdrowienia,
 Robert

Hi

in this case merging of all links to one big pipe
what if the one of the link fails.. its automatically detect
 and combine rest of the links or it keep tries to send the packets  dead 
gateway


for  example

if i have 3 links.. one fails.. rest 2 become one (big pipe) link right ?

or any other configuration required ?? or you given script works ??

hare
----- Original Message ----- 
From: "Robert Kurjata" <rkurjata@ire.pw.edu.pl>
To: "ro0ot" <ro0ot@phreaker.net>
Cc: "Linux Advanced Routing" <lartc@mailman.ds9a.nl>
Sent: Sunday, July 03, 2005 11:53 PM
Subject: Re[2]: [LARTC] Loadbalancing how to ? ? ? ?

> Witaj ro0ot,
>
> W Twoim liście datowanym 3 lipca 2005 (18:25:32) można przeczytać:
>
> r> Is it possible to combine the 2 or 4 ADSL line into 1 line (big
pipe)?
>
> As I already wrote: Yes, (more or less :) with some limitations. All
> those "blind" loadbalancing solutions have one BIG drawback -
they
> work for setups with lots and lots of concurent connections [cause
> single connection has to use single line], and one smaller but annoying -
> they cannot guarantee that subsequent reqests to the same host will
> use the same source IP - home banking affected most.
>
>
> r> Regards,
> r> ro0ot
>
>
> r> Robert Kurjata wrote:
>
>>>Witaj Cao,
>>>
>>>W Twoim liście datowanym 2 lipca 2005 (17:40:05) można przeczytać:
>>>
>>>CVK> I have 2 ADSL ad1 and ad2 , one PC for my firewall and some
>>>CVK> deamon on it with 3 ethernet : eth0 connect to my LAN (
>>>
>>>This question comes and goes on this list :)
>>>
>>>Please read information at: http://www.ssi.bg/~ja/ , especially 
>>>http://www.ssi.bg/~ja/nano.txt
>>>and you can try my script http://www.ssi.bg/~ja/tmp/mpath2.sh to
>>>load balance 2 (or more - I was using 4) connections with great
>>>success. No daemon needed :)
>>>
>>>There are also other solutions in list archive.
>>>
>>>IMHO the routing code has precedence over iptables so it chooses the
>>>outgoing interface over which the iptables will SNAT in input
routing
>>>process. And thats why you will not see the effect in this setup
(thi
>>>interface has already been chosen). It is possible (and
>>>reasonable) to SNAT to multiple IPs residing on one interface.
>>>
>>>Correct me if I''m wrong, please...:)
>>>
>>>
>>>
>
>
>
>
> -- 
> Pozdrowienia,
> Robert
>
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
>

yes , I would like to findout the solution for this situation too 

On 7/5/05, hareram <hareram@sol.net.in> wrote:
> Hi
> 
> in this case merging of all links to one big pipe
> what if the one of the link fails.. its automatically detect
>  and combine rest of the links or it keep tries to send the packets  dead
> gateway
> 
> 
> for  example
> 
> if i have 3 links.. one fails.. rest 2 become one (big pipe) link right ?
> 
> or any other configuration required ?? or you given script works ??
> 
> hare
> ----- Original Message -----
> From: "Robert Kurjata" <rkurjata@ire.pw.edu.pl>
> To: "ro0ot" <ro0ot@phreaker.net>
> Cc: "Linux Advanced Routing" <lartc@mailman.ds9a.nl>
> Sent: Sunday, July 03, 2005 11:53 PM
> Subject: Re[2]: [LARTC] Loadbalancing how to ? ? ? ?
> 
> 
> > Witaj ro0ot,
> >
> > W Twoim liście datowanym 3 lipca 2005 (18:25:32) można przeczytać:
> >
> > r> Is it possible to combine the 2 or 4 ADSL line into 1 line (big
pipe)?
> >
> > As I already wrote: Yes, (more or less :) with some limitations. All
> > those "blind" loadbalancing solutions have one BIG drawback
- they
> > work for setups with lots and lots of concurent connections [cause
> > single connection has to use single line], and one smaller but
annoying -
> > they cannot guarantee that subsequent reqests to the same host will
> > use the same source IP - home banking affected most.
> >
> >
> > r> Regards,
> > r> ro0ot
> >
> >
> > r> Robert Kurjata wrote:
> >
> >>>Witaj Cao,
> >>>
> >>>W Twoim liście datowanym 2 lipca 2005 (17:40:05) można
przeczytać:
> >>>
> >>>CVK> I have 2 ADSL ad1 and ad2 , one PC for my firewall and
some
> >>>CVK> deamon on it with 3 ethernet : eth0 connect to my LAN (
> >>>
> >>>This question comes and goes on this list :)
> >>>
> >>>Please read information at: http://www.ssi.bg/~ja/ , especially
> >>>http://www.ssi.bg/~ja/nano.txt
> >>>and you can try my script http://www.ssi.bg/~ja/tmp/mpath2.sh
to
> >>>load balance 2 (or more - I was using 4) connections with great
> >>>success. No daemon needed :)
> >>>
> >>>There are also other solutions in list archive.
> >>>
> >>>IMHO the routing code has precedence over iptables so it
chooses the
> >>>outgoing interface over which the iptables will SNAT in input
routing
> >>>process. And thats why you will not see the effect in this
setup (thi
> >>>interface has already been chosen). It is possible (and
> >>>reasonable) to SNAT to multiple IPs residing on one interface.
> >>>
> >>>Correct me if I'm wrong, please...:)
> >>>
> >>>
> >>>
> >
> >
> >
> >
> > --
> > Pozdrowienia,
> > Robert
> >
> > _______________________________________________
> > LARTC mailing list
> > LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> >
> >
> 
> 
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> 

-- 
-------------------------------
Cao Van Khanh

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc