LARTC - Oct 2005 - gre/ipsec loadbalancing

Hi, I have the following setup. Two linux systems with two [test] external
interfaces encrypted with ipsec [transport].
Two gre tunnels that pass 10.200.0.0/24 and 10.200.1.0/24 network traffic.
Testing the balanced tunnels I would setup iptraf on one and ping from the
other. The results would be as expected; traffic would be split between the two
interfaces.
 
Testing with an ftp transfer of 300MB I would get various results:
1. one interface would be transfering at 36Mbit/s the other would be at
1.5Mbits/s [a -> b]
    or one interface would be transfering at 29Mbit/s and the other a 0.
2. I would get the same results from [b->a]
 
Is there something I missed or did not configure properly? Any help or
suggestions would be appreciated.
 
jason
 
 
                    192.168.0.1     [ipsec tunnel]             192.168.0.2
             [A]     
-------------------------------------------------------------        [B]
                    172.16.0.1       [ipsec tunnel]             172.16.0.2
                      
-------------------------------------------------------------
 
 
[A] linux 2.6.13
internal 10.200.1.2/24
ext 192.168.0.1
ext 172.16.0.1
 
[gre tunnels]
netb 10.200.1.2
netb2 10.200.1.2
 
[B] linux 2.6.13
internal 10.200.0.2
ext 192.168.0.2
ext 172.16.0.2
 
[gre tunnels]
neta 10.200.0.2
neta2 10.200.0.2
 
 
a.
ip tunnel add netb mode gre remote 172.16.0.2 local 172.16.0.1 ttl 255
ip link set netb up
ip addr add 10.200.1.2 deb netb
 
ip tunnel add netb2 mode gre remote 192.168.0.2 local 192.168.0.1 ttl 255
ip link set netb2 up
ip addr add 10.200.1.2 dev netb2
ip route add equalize 10.200.0.0/24 nexthop via 10.200.1.2 dev netb nexthop via
10.200.1.2 dev netb2
 
b.
ip tunnel add neta mode gre remote 172.16.0.1 local 172.16.0.2 ttl 255
ip link set neta up
ip addr add 10.200.0.2 deb netb
 
ip tunnel add neta2 mode gre remote 192.168.0.1 local 192.168.0.2 ttl 255
ip link set neta2 up
ip addr add 10.200.0.2 dev neta2
ip route add equalize 10.200.1.0/24 nexthop via 10.200.0.2 dev neta nexthop via
10.200.0.2 dev neta2
 
 
 
 


_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Hi, I managed to get the equal load balancing working using the sch_teql device,
using two gre tunnels over ipsec.
 
thx jason

________________________________

From: lartc-bounces@mailman.ds9a.nl on behalf of comp.techs
Sent: Wed 10/19/2005 4:04 PM
To: lartc@mailman.ds9a.nl
Subject: [LARTC] gre/ipsec loadbalancing


Hi, I have the following setup. Two linux systems with two [test] external
interfaces encrypted with ipsec [transport].
Two gre tunnels that pass 10.200.0.0/24 and 10.200.1.0/24 network traffic.
Testing the balanced tunnels I would setup iptraf on one and ping from the
other. The results would be as expected; traffic would be split between the two
interfaces.
 
Testing with an ftp transfer of 300MB I would get various results:
1. one interface would be transfering at 36Mbit/s the other would be at
1.5Mbits/s [a -> b]
    or one interface would be transfering at 29Mbit/s and the other a 0.
2. I would get the same results from [b->a]
 
Is there something I missed or did not configure properly? Any help or
suggestions would be appreciated.
 
jason
 
 
                    192.168.0.1     [ipsec tunnel]             192.168.0.2
             [A]     
-------------------------------------------------------------        [B]
                    172.16.0.1       [ipsec tunnel]             172.16.0.2
                      
-------------------------------------------------------------
 
 
[A] linux 2.6.13
internal 10.200.1.2/24
ext 192.168.0.1
ext 172.16.0.1
 
[gre tunnels]
netb 10.200.1.2
netb2 10.200.1.2
 
[B] linux 2.6.13
internal 10.200.0.2
ext 192.168.0.2
ext 172.16.0.2
 
[gre tunnels]
neta 10.200.0.2
neta2 10.200.0.2
 
 
a.
ip tunnel add netb mode gre remote 172.16.0.2 local 172.16.0.1 ttl 255
ip link set netb up
ip addr add 10.200.1.2 deb netb
 
ip tunnel add netb2 mode gre remote 192.168.0.2 local 192.168.0.1 ttl 255
ip link set netb2 up
ip addr add 10.200.1.2 dev netb2
ip route add equalize 10.200.0.0/24 nexthop via 10.200.1.2 dev netb nexthop via
10.200.1.2 dev netb2
 
b.
ip tunnel add neta mode gre remote 172.16.0.1 local 172.16.0.2 ttl 255
ip link set neta up
ip addr add 10.200.0.2 deb netb
 
ip tunnel add neta2 mode gre remote 192.168.0.1 local 192.168.0.2 ttl 255
ip link set neta2 up
ip addr add 10.200.0.2 dev neta2
ip route add equalize 10.200.1.0/24 nexthop via 10.200.0.2 dev neta nexthop via
10.200.0.2 dev neta2
 
 
 
 


_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc