LARTC - Mar 2006 - Re: Load-banancing. two ip''s from one isp - solution

hi for those who was fallowing this topic I can say that 

IP_ROUTE_MULTIPATH_CACHED must be disabled! After few tests I''m quite
sure that this was cousing my problems. Now I''m using 2.5.15 kernel
without patch of Julian Anastasov and load-balancing is working.

lartc split-access how to and http://www.ssi.bg/~ja/nano.txt now both are
working fine

Now I will try to use fwmark based routing and propably I will write with next
problem soon :P

Pozdrawiam
Szymon Mroofka

On Wed, 2006-03-29 at 19:12 +0200, sAwAr wrote:
> hi for those who was fallowing this topic I can say that 
> 
> IP_ROUTE_MULTIPATH_CACHED must be disabled! After few tests I''m
quite
> sure that this was cousing my problems. Now I''m using 2.5.15
kernel
> without patch of Julian Anastasov and load-balancing is working. 
FYI those patches do allot of things. Like static routes, unplug an
interface or shut it down and watch all your routes and tables go away.
Much less all the stuff the alt routes patch addresses.

As for no nat? Interesting.
> lartc split-access how to and http://www.ssi.bg/~ja/nano.txt now both
> are working fine
Yeah over all you are cool if the rules are correct, but if you have a
line go down or etc. You will want the prohibit line so a icmp message
is sent.
> Now I will try to use fwmark based routing and propably I will write
> with next problem soon :P
Cool, that''s one I have not done myself. Not found a need so far, been
able to do all I have need via other means.

-- 
Sincerely,
William L. Thomson Jr.
Obsidian-Studios, Inc.
http://www.obsidian-studios.com

Dnia środa, 29 marca 2006 20:18, William L. Thomson Jr.
napisał:
> On Wed, 2006-03-29 at 19:12 +0200, sAwAr wrote:
> > hi for those who was fallowing this topic I can say that
> >
> > IP_ROUTE_MULTIPATH_CACHED must be disabled! After few tests
I''m quite
> > sure that this was cousing my problems. Now I''m using 2.5.15
kernel
> > without patch of Julian Anastasov and load-balancing is working.
>
> FYI those patches do allot of things. Like static routes, unplug an
> interface or shut it down and watch all your routes and tables go away.
> Much less all the stuff the alt routes patch addresses.
I''ll patch when I''ll upgrading kernel or if there will be such
need maby very
soon. For now I''m tired of compiling and instaling new kernel it takes
too
long on my old and slow box ;).
>
> As for no nat? Interesting.
>
lucy ~ # iptables -L -nv -t nat
Chain PREROUTING (policy ACCEPT 47557 packets, 5508K bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain POSTROUTING (policy ACCEPT 1484 packets, 116K bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain OUTPUT (policy ACCEPT 1404 packets, 99243 bytes)
 pkts bytes target     prot opt in     out     source               
destination

Yes... no nat needed.
> > lartc split-access how to and http://www.ssi.bg/~ja/nano.txt now both
> > are working fine
>
> Yeah over all you are cool if the rules are correct, but if you have a
> line go down or etc. You will want the prohibit line so a icmp message
> is sent.
My box is only used as a desktop so I don''t need to care about any
errors,
this will not couse any problem like in big networks or companys where people 
need to have access to the internet all the time.

I thing I''ve done it by in my script:
         ip route append prohibit default table wew metric 1 proto static
         ip route append prohibit default table zew metric 1 proto static

in my "new" routing tables.
>
> > Now I will try to use fwmark based routing and propably I will write
> > with next problem soon :P
>
> Cool, that''s one I have not done myself. Not found a need so far,
been
> able to do all I have need via other means.
I''m using iptables to mark packets for htb so it should be easy to add
few new
rules and use it in routing... I hope it will be.... but I''m afraid
that
becouse of I can''t use PRERUTING chain (only local packets OUTPUT
chain)
there may be some problems with it.... I''ll check it soon. 


Pozdrawiam

----------------------------------------------------------------------
Seksualna edukacja... >>> http://link.interia.pl/f191b

On Wed, 2006-03-29 at 21:32 +0200, Szymon Mroofka wrote:
>
> I''ll patch when I''ll upgrading kernel or if there will be
such need maby very
> soon. For now I''m tired of compiling and instaling new kernel it
takes too
> long on my old and slow box ;).
Yeah been there and done that. So long as you do not run into issues.
The patches should cause no harm being in place. If anything could help
out in some scenarios. 
> 
> Yes... no nat needed.
That was just part of how Julians patches fixed things to work? But if
it''s not needed or does not apply in your case. Then great.
> 
> My box is only used as a desktop so I don''t need to care about any
errors,
> this will not couse any problem like in big networks or companys where
people
> need to have access to the internet all the time.
Yeah I was load balancing two SDSL lines for my servers. So it was
critical I resolved any bugs, or minor issues. As it could work fine for
a while, till a cache got flushed or etc. Then all hell would break
lose.
> I thing I''ve done it by in my script:
>          ip route append prohibit default table wew metric 1 proto static
>          ip route append prohibit default table zew metric 1 proto static
Just a safety net in case the default cant be reached. Ideally it was
routed already per the preceding rule. If that does not happy, safety
net. So you do not have to wait for a time out or etc.
> I''m using iptables to mark packets for htb so it should be easy to
add few new
> rules and use it in routing... I hope it will be.... but I''m
afraid that
> becouse of I can''t use PRERUTING chain (only local packets OUTPUT
chain)
> there may be some problems with it.... I''ll check it soon. 
Ah shaping and etc. On my list, just don''t want to go limiting a
service
unnecessarily. One of these days :) Then again I said that years ago and
it never happened :)

-- 
Sincerely,
William L. Thomson Jr.
Obsidian-Studios, Inc.
http://www.obsidian-studios.com