Re: [LARTC] Load-banancing. two ip's from one isp

From: "William L. Thomson Jr." <wlt@obsidian-studios.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Load-banancing. two ip's from one isp
Date: Tue, 28 Mar 2006 14:16:17 +0000	[thread overview]
Message-ID: <1143555378.8215.9.camel@wlt.obsidian-studios.com> (raw)
In-Reply-To: <20060328013941.CB4311B58DB@poczta.interia.pl>

On Tue, 2006-03-28 at 11:27 +0200, sAwAr wrote:
> > That's your problem. The Linux box with multiple gateways needs nat. At
> > least that was a requirement back in the day. Pretty sure nothing has
> > change there. Part of what Julian's patches address as well.
> >
> > When I had a setup like yours. I did two rounds of NAT/PAT. Once in each
> > of the routers, then again in the Linux router for the multiple gateway
> > thing to work.
> >
> > Try doing nat in your Linux box as well, and you should see some better
> > results.
> 
> 
> Yes I've tryd it. I did it by
> -A POSTROUTING -s 192.168.200.10 -o eth0 -j SNAT --to-source 80.48.56.70
> -A POSTROUTING -s 80.48.56.70 -o eth1 -j SNAT --to-source 192.168.200.10
> 
> And it was working at least the connections with bad src ip was nated
> and they wasn't drop by ISP routers  due to wrong src ip. It was
> happen when for example router with ip 80.48.56.65 recived packet from
> 192.168.200.10. The nat realy help. However with this solution my
> connections are natted and wan't be able to make direcct connections
> ie p2p, Will I?

Sure you can, you just need to setup PAT via DNAT, along with SNAT. Your
doing translation from inside out, for P2P or serving stuff. You need to
have translation from the outside in as well.

> But why this is happen? In my opinion there is still some bug because
> the gw should change in each "hop" like the src adress is changing.

Well the request goes back out the interface it came in. If the request
was initiated from the outside. If it's initiated from the inside and
there is nothing in cache. Then each time it tries to send something
out, form the inside. It should use a different gateway.

However if it sends a request out one interface, and that route is
cache. It might send out a few more till the cache expires. Then it will
switch to the other interface.

>  Nat only fix the wrong src addres but not resolve this problem... or
> maby this is normal behaviour of load-balancing ? I don't think so...
> 

It really is design, since it someone on the remote end is expecting a
response from one IP. Responding from another is no good.

If I understood the problem correctly.

-- 
Sincerely,
William L. Thomson Jr.
Obsidian-Studios, Inc.
http://www.obsidian-studios.com

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc