All, I''d appreciate any suggestions for my Multi Isp setup outlined below. I have the following setup ISP1 ISP2 | | Shorewall Shorewall Server 1 ------ Server 2 10.0.0.1 10.0.0.2 \ / LAN I require the Server 1 and Server 2 to access the Internet via both ISP1 and ISP2 hence I think I would need to use the LAN IP of Server 2 (10.0.0.2) as a provider for Server 1 and vice versa which doesn''t seem to work. Can somebody advise the MultiISP configuration that would be involved for the same? Here is the relevant configuration for Server 1 (Server 2 mirrors): Providers (Server1) ############################################################################################ #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY ISP1 2 2 - eth2 X.X.X.X balance=128 - LAN 1 1 - eth0:10.0.0.1 10.0.0.2 balance=128 - Interfaces (Server1): ############################################################################### #ZONE INTERFACE BROADCAST OPTIONS loc eth0 - dhcp,tcpflags,routeback net eth2 - tcpflags,nosmurfs,routeback Thanks, Anshu ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On 5/25/12 1:05 AM, Anshuman Aggarwal wrote:> All, > I''d appreciate any suggestions for my Multi Isp setup outlined below. > > I have the following setup > > ISP1 ISP2 > | | > Shorewall Shorewall > Server 1 ------ Server 2 > 10.0.0.1 10.0.0.2 > \ / > LAN > > I require the Server 1 and Server 2 to access the Internet via both ISP1 > and ISP2 hence I think I would need to use the LAN IP of Server 2 > (10.0.0.2) as a provider for Server 1 and vice versa which doesn''t seem > to work. Can somebody advise the MultiISP configuration that would be > involved for the same?I really don''t have any idea; I''ve never considered such a configuration. What symptoms are you seeing with this configuration? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Anshuman Aggarwal wrote:>I have the following setup > > ISP1 ISP2 > | | >Shorewall Shorewall >Server 1 ------ Server 2 >10.0.0.1 10.0.0.2 > \ / > LAN > >I require the Server 1 and Server 2 to access the Internet via both >ISP1 and ISP2 ...Do you want to load share, or just have failover ? If it would work to have each server use it''s ''local'' connection as a primary for all traffic, but fail over to the other connection in the event of a failure then I can see a way to make it work (dunno about Shorewall config though). On server 1, make the default route via ISP1, but provide a lower priority route to 0.0.0.0/0 via server 2. Similarly for server 2. While both connections are up, each server will use it''s own connection - including routing traffic for internal machines*. If it''s ISP connection is down**, then it will fall back to the lower priority route and send it''s traffic via the other server which will route it out via the other connection. Of course, if both connections are down, the packets will ping-pong back and forth until they reach max TTL. * For ''load balancing'' you will need to split your clients into two groups - half to use server1 as the default gateway, the other half to use server2. Or split them according to any other criteria you want. it might work to have routing policies on each server - but there''s a complication. If a routing rule on server1 says to route via ISP2 (server2), then if ISP2 link is down, the packets will get punted back to server1 so you''d need your rules to cater for that and route such packets out instead of punting them back to server2. ** If it''s not a connection type (eg PPP) where ''down'' is obvious, then you''ll need some means to monitor the connection and remove the default route when it''s down. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/