From: "Barry A Rich" <barich@trisectrix.com>
To: 'Mail List - Netfilter' <netfilter@vger.kernel.org>
Subject: RE: UDP stream load balancing across multiple uplinks
Date: Mon, 28 Jul 2008 09:33:09 -0400 [thread overview]
Message-ID: <000801c8f0b6$7a804580$6f80d080$@com> (raw)
In-Reply-To:
> -----Original Message-----
> From: netfilter-owner@vger.kernel.org
> [mailto:netfilter-owner@vger.kernel.org]
> On Behalf Of Grant Taylor
> Sent: Friday, July 25, 2008 11:10 AM
>
> Given that the source IP of your packets can change mid stream, you
> could use the "nth" match extension. Using "nth" you would match
> packets to decide how to mark them and then use the mark to determine
> what routing table to use which would ultimately decide which outbound
> path to use.
The following setup does load balancing across the uplinks. However, the
source address in the outgoing packets is not being SNAT'ed. Any
suggestions?
iptables -t raw -A PREROUTING -i eth0 -p udp --sport $SPORT -j NOTRACK
iptables -t mangle -A PREROUTING -p udp --sport $SPORT -m statistic --mode
nth --every 3 --packet 1 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p udp --sport $SPORT -m statistic --mode
nth --every 3 --packet 2 -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -p udp --sport $SPORT -m statistic --mode
nth --every 3 --packet 3 -j MARK --set-mark 3
iptables -t nat -A POSTROUTING -o $UPLINK1IF -j SNAT --to $UPLINK1IP
iptables -t nat -A POSTROUTING -o $UPLINK2IF -j SNAT --to $UPLINK2IP
iptables -t nat -A POSTROUTING -o $UPLINK3IF -j SNAT --to $UPLINK3IP
ip route add $UPLINK1NET dev $UPLINK1IF src $UPLINK1IP table uplink1
ip route add default via $UPLINK1GW table uplink1
ip rule add fwmark 1 table uplink1
ip route add $UPLINK2NET dev $UPLINK2IF src $UPLINK2IP table uplink2
ip route add default via $UPLINK2GW table uplink2
ip rule add fwmark 2 table uplink2
ip route add $UPLINK3NET dev $UPLINK3IF src $UPLINK23P table uplink3
ip route add default via $UPLINK3GW table uplink3
ip rule add fwmark 3 table uplink3
next prev parent reply other threads:[~2008-07-28 13:33 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-25 1:23 UDP stream load balancing across multiple uplinks Barry A Rich
[not found] ` <a43edf1b0807241837n7e6dceb4id5a16dd56c6344a9@mail.gmail.com>
2008-07-25 14:19 ` Barry A Rich
2008-07-25 15:09 ` Grant Taylor
2008-07-26 21:36 ` Barry A Rich
2008-07-28 13:33 ` Barry A Rich [this message]
2008-08-04 7:26 ` Покотиленко Костик
2008-08-04 13:57 ` Barry A Rich
2008-08-04 14:41 ` Покотиленко Костик
2008-08-04 15:48 ` Barry A Rich
2008-08-04 17:46 ` Покотиленко Костик
[not found] ` <000001c8ee59$6e86fee0$4b94fca0$@com>
[not found] ` <a43edf1b0807250755s32268b93mcd3227a7f364203b@mail.gmail.com>
2008-07-25 15:10 ` Barry A Rich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='000801c8f0b6$7a804580$6f80d080$@com' \
--to=barich@trisectrix.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.