[LARTC] Load-banancing. two ip's from one isp

[LARTC] Load-banancing. two ip's from one isp

[sAwAr]

--------------eth0---80.48.56.70----------    -------------80.48.56.65  ISP 
|    my	|										   router1
|		|										   	
|    linux	|										   
|		|										   router2
 ------------eth1---192.168.200.10-----    ----------------192.168.1.1 ISP

I've two ip from my isp one public and one internal. ISP have two routers router1 is gw for public ip and router2 is gw for internal ip's and do nat of connections. I'm trying to set up load-balanicng. I have only on box and I don't do any nat on my computer

I was trying many scripts and how-to's
http://lartc.org/howto/lartc.rpdb.multiple-links.html
http://www.ssi.bg/~ja/nano.txt

I alsow try to patch kernel 
http://www.ssi.bg/~ja/patch-2.6.14-ja1.diff

but I can't set up it propertly. This is my script:

#         ip route replace 192.168.0.0/16 proto static dev eth1 src 192.168.200.10 table wew
         ip route replace default via 192.168.1.1 dev eth1 src 192.168.200.10 proto static table wew
         ip route append prohibit default table wew metric 1 proto static

#         ip route replace 80.48.56.64/26 proto static dev eth0 src 80.48.56.70 table zew
         ip route replace default via 80.48.56.65 dev eth0 src 80.48.56.70 proto static table zew
         ip route append prohibit default table zew metric 1 proto static

        ip rule add prio 10 table main
        ip rule add prio 100 table brama
         ip rule add prio 50 from 80.48.56.64/26 table zew
         ip rule add prio 60 from 192.168.0.0/16 table wew

ip route del default table main
ip route replace default table brama scope global nexthop via 192.168.1.1 dev eth1 nexthop via 80.48.56.65 dev eth0
ip route flush cache

rp_filter is set to 0
forward is set to 1

I've trayed other configurations but always I have thesame problem:
some packets are sent with wrong src ip via interface
via eth0 with 192.168.200.10
via eht1 with  80.48.56.70
but as I know they souldn't

I make simple test:

 lucy linux # ip ro ge 80.48.56.3
80.48.56.3 via 80.48.56.65 dev eth0  src 192.168.200.10
    cache  mtu 1500 advmss 1460 metric 10 128

lucy linux # ip ro ge 80.48.56.2
80.48.56.2 via 80.48.56.65 dev eth0  src 80.48.56.70
    cache  mtu 1500 advmss 1460 metric 10 128

lucy linux # ip ro ge 80.48.56.1
80.48.56.1 via 80.48.56.65 dev eth0  src 192.168.200.10
    cache  mtu 1500 advmss 1460 metric 10 128

lucy linux # ip ro ge 80.48.56.4
80.48.56.4 via 80.48.56.65 dev eth0  src 80.48.56.70
    cache  mtu 1500 advmss 1460 metric 10 128

As you can see the load-balancing don't work. Only src ip is changing.. I suppose that the gw should alsow change in each "hop" just like src ip.
I think that is very wrong but I can't find answer why. Maby I forgot about something in kernel ... i don't now. What is wrong? What should i do to make it working?

My post on the gentoo forum
http://forums.gentoo.org/viewtopic-t-447016.html
here is more information but I belive that the main problem is shown here --> the wrong src ip and/ or static gw.

I'm sorry for my english, I know it's bad.

Pozdrawiam
Szymon Mroofka


----------------------------------------------------------------------
Jak sie go pozbyc? >>> http://link.interia.pl/f191a

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Load-banancing. two ip's from one isp

[William L. Thomson Jr.]

On Tue, 2006-03-28 at 03:39 +0200, sAwAr wrote:
> I've two ip from my isp one public and one internal. ISP have two
> routers router1 is gw for public ip and router2 is gw for internal
> ip's and do nat of connections. I'm trying to set up load-balanicng. I
> have only on box and I don't do any nat on my computer

That's your problem. The Linux box with multiple gateways needs nat. At
least that was a requirement back in the day. Pretty sure nothing has
change there. Part of what Julian's patches address as well.

When I had a setup like yours. I did two rounds of NAT/PAT. Once in each
of the routers, then again in the Linux router for the multiple gateway
thing to work.

Try doing nat in your Linux box as well, and you should see some better
results.

-- 
Sincerely,
William L. Thomson Jr.
Obsidian-Studios, Inc.
http://www.obsidian-studios.com

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Load-banancing. two ip's from one isp

[sAwAr]

> That's your problem. The Linux box with multiple gateways needs nat. At
> least that was a requirement back in the day. Pretty sure nothing has
> change there. Part of what Julian's patches address as well.
>
> When I had a setup like yours. I did two rounds of NAT/PAT. Once in each
> of the routers, then again in the Linux router for the multiple gateway
> thing to work.
>
> Try doing nat in your Linux box as well, and you should see some better
> results.


Yes I've tryd it. I did it by
-A POSTROUTING -s 192.168.200.10 -o eth0 -j SNAT --to-source 80.48.56.70
-A POSTROUTING -s 80.48.56.70 -o eth1 -j SNAT --to-source 192.168.200.10

And it was working at least the connections with bad src ip was nated and they wasn't drop by ISP routers  due to wrong src ip. It was happen when for example router with ip 80.48.56.65 recived packet from 192.168.200.10. The nat realy help. However with this solution my connections are natted and wan't be able to make direcct connections ie p2p, Will I?

But why this is happen? In my opinion there is still some bug because the gw should change in each "hop" like the src adress is changing. Nat only fix the wrong src addres but not resolve this problem... or maby this is normal behaviour of load-balancing ? I don't think so...

I make simple test:
 lucy linux # ip ro ge 80.48.56.3
80.48.56.3 via 80.48.56.65 dev eth0 src 192.168.200.10
 cache mtu 1500 advmss 1460 metric 10 128
lucy linux # ip ro ge 80.48.56.2
80.48.56.2 via 80.48.56.65 dev eth0 src 80.48.56.70
 cache mtu 1500 advmss 1460 metric 10 128
lucy linux # ip ro ge 80.48.56.1
80.48.56.1 via 80.48.56.65 dev eth0 src 192.168.200.10
 cache mtu 1500 advmss 1460 metric 10 128
lucy linux # ip ro ge 80.48.56.4
80.48.56.4 via 80.48.56.65 dev eth0 src 80.48.56.70
 cache mtu 1500 advmss 1460 metric 10 128


----------------------------------------------------------------------
Samochod zwany EOS... >>> http://link.interia.pl/f191c

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Load-banancing. two ip's from one isp

[William L. Thomson Jr.]

On Tue, 2006-03-28 at 11:27 +0200, sAwAr wrote:
> > That's your problem. The Linux box with multiple gateways needs nat. At
> > least that was a requirement back in the day. Pretty sure nothing has
> > change there. Part of what Julian's patches address as well.
> >
> > When I had a setup like yours. I did two rounds of NAT/PAT. Once in each
> > of the routers, then again in the Linux router for the multiple gateway
> > thing to work.
> >
> > Try doing nat in your Linux box as well, and you should see some better
> > results.
> 
> 
> Yes I've tryd it. I did it by
> -A POSTROUTING -s 192.168.200.10 -o eth0 -j SNAT --to-source 80.48.56.70
> -A POSTROUTING -s 80.48.56.70 -o eth1 -j SNAT --to-source 192.168.200.10
> 
> And it was working at least the connections with bad src ip was nated
> and they wasn't drop by ISP routers  due to wrong src ip. It was
> happen when for example router with ip 80.48.56.65 recived packet from
> 192.168.200.10. The nat realy help. However with this solution my
> connections are natted and wan't be able to make direcct connections
> ie p2p, Will I?

Sure you can, you just need to setup PAT via DNAT, along with SNAT. Your
doing translation from inside out, for P2P or serving stuff. You need to
have translation from the outside in as well.

> But why this is happen? In my opinion there is still some bug because
> the gw should change in each "hop" like the src adress is changing.

Well the request goes back out the interface it came in. If the request
was initiated from the outside. If it's initiated from the inside and
there is nothing in cache. Then each time it tries to send something
out, form the inside. It should use a different gateway.

However if it sends a request out one interface, and that route is
cache. It might send out a few more till the cache expires. Then it will
switch to the other interface.

>  Nat only fix the wrong src addres but not resolve this problem... or
> maby this is normal behaviour of load-balancing ? I don't think so...
> 

It really is design, since it someone on the remote end is expecting a
response from one IP. Responding from another is no good.


If I understood the problem correctly.

-- 
Sincerely,
William L. Thomson Jr.
Obsidian-Studios, Inc.
http://www.obsidian-studios.com

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Load-banancing. two ip's from one isp

[Kirk Reiser]

"William L. Thomson Jr." <wlt@obsidian-studios.com> writes:

> On Tue, 2006-03-28 at 11:27 +0200, sAwAr wrote:
> > But why this is happen? In my opinion there is still some bug because
> > the gw should change in each "hop" like the src adress is changing.
> 
> Well the request goes back out the interface it came in. If the request
> was initiated from the outside. If it's initiated from the inside and
> there is nothing in cache. Then each time it tries to send something
> out, form the inside. It should use a different gateway.

This has not been my experience.  Packets which have been de'DNATed
seem to go out the default route not the interface they came in on.
If they did most of my problems would go away.

  Kirk

-- 

Kirk Reiser				The Computer Braille Facility
e-mail: kirk@braille.uwo.ca		University of Western Ontario
phone: (519) 661-3061
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Load-banancing. two ip's from one isp

[William L. Thomson Jr.]

On Tue, 2006-03-28 at 09:59 -0500, Kirk Reiser wrote:
>
> This has not been my experience.  Packets which have been de'DNATed
> seem to go out the default route not the interface they came in on.

Somethings is not setup correctly then. Outgoing packets should use the
same interface as incoming packets either SNAT or DNAT. If it is not,
then that's because rules and tables are not setup properly.

> If they did most of my problems would go away.

Sure that's a nasty way of load balancing. Which will cause multiple
problems. Since you can't flush the clients catch easily and they will
still have a route in their cache to the first interface/isp. Despite
the response coming from the other.

-- 
Sincerely,
William L. Thomson Jr.
Obsidian-Studios, Inc.
http://www.obsidian-studios.com

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Load-banancing. two ip's from one isp

[William L. Thomson Jr.]

Kirk,

On Tue, 2006-03-28 at 10:46 -0500, Kirk Reiser wrote:
> "William L. Thomson Jr." <wlt@obsidian-studios.com> writes:
> 
> > Somethings is not setup correctly then. Outgoing packets should use the
> > same interface as incoming packets either SNAT or DNAT. If it is not,
> > then that's because rules and tables are not setup properly.
> 
> Well, would this interface tracking be something provided by Julian
> Andresson's patches?

YES, that is exactly what provides it. Julians patches with no nat, no
go. Nat with no patches no go ;) It's his patches with the natting that
allows for proper lookup and route back out the proper interface.

>   I haven't applied those yet because up until now
> I didn't think they applied to my situation.  I don't know how
> differently I could set up the DNAT'ing than what I am doing but it
> sure isn't interface tracking currently.

Nope leave DNAT'ting alone. Just look into patching a kernel and booting
it. Then see what you get. I would imagine the results you want if have
all the rules setup properly.

> > Sure that's a nasty way of load balancing. Which will cause multiple
> > problems. Since you can't flush the clients catch easily and they will
> > still have a route in their cache to the first interface/isp. Despite
> > the response coming from the other.
> 
> Oh yes.  It really screws up udp connections because the various
> packets go out different interfaces when nexthopping.

I have seen that and came across it during my painful trial and errors
as I was trying to get load balancing working.

-- 
Sincerely,
William L. Thomson Jr.
Obsidian-Studios, Inc.
http://www.obsidian-studios.com

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Load-banancing. two ip's from one isp

[sAwAr]

 
> On Tue, 2006-03-28 at 11:27 +0200, sAwAr wrote:
> > > That's your problem. The Linux box with multiple gateways needs nat. At
> > > least that was a requirement back in the day. Pretty sure nothing has
> > > change there. Part of what Julian's patches address as well.
> > >
> > > When I had a setup like yours. I did two rounds of NAT/PAT. Once in
> > > each of the routers, then again in the Linux router for the multiple
> > > gateway thing to work.
> > >
> > > Try doing nat in your Linux box as well, and you should see some better
> > > results.
> >
> > Yes I've tryd it. I did it by
> > -A POSTROUTING -s 192.168.200.10 -o eth0 -j SNAT --to-source 80.48.56.70
> > -A POSTROUTING -s 80.48.56.70 -o eth1 -j SNAT --to-source 192.168.200.10
> >
> > And it was working at least the connections with bad src ip was nated
> > and they wasn't drop by ISP routers  due to wrong src ip. It was
> > happen when for example router with ip 80.48.56.65 recived packet from
> > 192.168.200.10. The nat realy help. However with this solution my
> > connections are natted and wan't be able to make direcct connections
> > ie p2p, Will I?
>
> Sure you can, you just need to setup PAT via DNAT, along with SNAT. Your
> doing translation from inside out, for P2P or serving stuff. You need to
> have translation from the outside in as well.
>
> > But why this is happen? In my opinion there is still some bug because
> > the gw should change in each "hop" like the src adress is changing.
>
> Well the request goes back out the interface it came in. If the request
> was initiated from the outside. If it's initiated from the inside and
> there is nothing in cache. Then each time it tries to send something
> out, form the inside. It should use a different gateway.
>
> However if it sends a request out one interface, and that route is
> cache. It might send out a few more till the cache expires. Then it will
> switch to the other interface.
>
> >  Nat only fix the wrong src addres but not resolve this problem... or
> > maby this is normal behaviour of load-balancing ? I don't think so...
>
> It really is design, since it someone on the remote end is expecting a
> response from one IP. Responding from another is no good.
>
>
> If I understood the problem correctly.

>
> Sure you can, you just need to setup PAT via DNAT, along with SNAT. Your
> doing translation from inside out, for P2P or serving stuff. You need to
> have translation from the outside in as well.

I belive that I can do it correctly but I have to say that I don't understand why?

> Well the request goes back out the interface it came in. If the request
> was initiated from the outside. If it's initiated from the inside and
> there is nothing in cache. Then each time it tries to send something
> out, form the inside. It should use a different gateway.

According to:
http://lartc.org/howto/lartc.rpdb.multiple-links.html
This setup is responsible for sending answer with proper interface (witch it comes).
	  ip route add $P1_NET dev $IF1 src $IP1 table T1
	  ip route add default via $P1 table T1
	  ip route add $P2_NET dev $IF2 src $IP2 table T2
	  ip route add default via $P2 table T2

	    ip route add $P1_NET dev $IF1 src $IP1
	    ip route add $P2_NET dev $IF2 src $IP2

	    ip route add default via $P1

	    ip rule add from $IP1 table T1
	    ip rule add from $IP2 table T2

my setup is copy of this (with some things from http://www.ssi.bg/~ja/nano.txt but without them it stil wasn't wrok):
         ip route replace 192.168.0.0/16 proto static dev eth1 src 192.168.200.10 table wew
         ip route replace default via 192.168.1.1 dev eth1 src 192.168.200.10 proto static table wew
         ip route append prohibit default table wew metric 1 proto static

        ip route replace 80.48.56.64/26 proto static dev eth0 src 80.48.56.70 table zew
         ip route replace default via 80.48.56.65 dev eth0 src 80.48.56.70 proto static table zew
         ip route append prohibit default table zew metric 1 proto static

        ip rule add prio 10 table main
        ip rule add prio 100 table brama
         ip rule add prio 50 from 80.48.56.64/26 table zew
         ip rule add prio 60 from 192.168.0.0/16 table wew

ip route del default table main
ip route flush cache

only diference is that I've changed the table of default gateway from main to "brama" but I ofcourse have trayed wiht oryginal setup with no luck. So it don't make any problem.

when I use
ip rute add default via 192,168,1,1 table brama
or instead
ip route add default via 80.48.56.65 table brama

everything is correct. I can connect from my box and the incoming (new) connections correctly send back with good interface and src ip.
However I can use on gw so all my (new) connections witch are send out are send via only 1 gw.

Problem is when I setup multipath instead on default gw with:

ip route replace default table brama scope global nexthop via 192.168.1.1 dev eth1 nexthop via 80.48.56.65 dev eth0


According to 
http://lartc.org/howto/lartc.rpdb.multiple-links.html
this should be enough to send new outdoging (not responses for conecctions from outside they are routed in proper way as i wrote above) through 2 gw each new connection from one of them and in this way make a load-balancing. In my case system trys to use only one gw !!NOT TWO!! with two diferent src ip ones it is 192.168.200.10 and next 80.48.56.70 next 192.168.200.10.. So I'm still saying that there is something wrong with config or something else. If I set NAT I can connect without problem but still only ONE GW is used but the wrong srcip is maped to right srcip of outgoing interface

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Load-banancing. two ip's from one isp

[William L. Thomson Jr.]

On Tue, 2006-03-28 at 18:58 +0200, sAwAr wrote:
>
> According to:
> http://lartc.org/howto/lartc.rpdb.multiple-links.html
> This setup is responsible for sending answer with proper interface (witch it comes).

Ignore it, it's not what you need or want.

> my setup is copy of this (with some things from http://www.ssi.bg/~ja/nano.txt but without them it stil wasn't wrok):

Needs to be exact.

http://www.docum.org/docum.org/faq/cache/57.html
That was my setup. To the T

> According to 
> http://lartc.org/howto/lartc.rpdb.multiple-links.html

Don't use both. It's one or the other. You can't mix and match. I do not
believe the lartc doc on multiple links to be accurate. IMHO. The nano
how to is right on. 100%.

If you read all of the nano how to, and follow it to the letter. You
well get the results you are after.

-- 
Sincerely,
William L. Thomson Jr.
Obsidian-Studios, Inc.
http://www.obsidian-studios.com

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Load-banancing. two ip's from one isp

[sAwAr]

Dnia wtorek, 28 marca 2006 19:06, William L. Thomson Jr. napisa³:
> On Tue, 2006-03-28 at 18:58 +0200, sAwAr wrote:
> > According to:
> > http://lartc.org/howto/lartc.rpdb.multiple-links.html
> > This setup is responsible for sending answer with proper interface (witch
> > it comes).
>
> Ignore it, it's not what you need or want.
>
> > my setup is copy of this (with some things from
> > http://www.ssi.bg/~ja/nano.txt but without them it stil wasn't wrok):
>
> Needs to be exact.
>
> http://www.docum.org/docum.org/faq/cache/57.html
> That was my setup. To the T
>
> > According to
> > http://lartc.org/howto/lartc.rpdb.multiple-links.html
>
> Don't use both. It's one or the other. You can't mix and match. I do not
> believe the lartc doc on multiple links to be accurate. IMHO. The nano
> how to is right on. 100%.
>
> If you read all of the nano how to, and follow it to the letter. You
> well get the results you are after.

Ok I'll start everything from begining once more and I will write after it.

> Ignore it, it's not what you need or want.

Why not ?? It is about two diferent isp and I have only on but I have two nic's with diferent nets it is just like two ISP in the example. I need (want to) split outgoing connections through two gw so I don't understand why this solution isn't for me.

If you have access to serwer with load balancing could you just make similar test for me. I would like to compare with my results I belive that this will convince me that I'm wrong :].

ip ro g some.ip.intenet.1
ip ro g some.ip.intenet.2
ip ro g some.ip.intenet.3
ip ro g some.ip.intenet.4
ip ro g some.ip.intenet.5

My results once more.
 lucy linux # ip ro ge 80.48.56.3
80.48.56.3 via 80.48.56.65 dev eth0  src 192.168.200.10
    cache  mtu 1500 advmss 1460 metric 10 128

lucy linux # ip ro ge 80.48.56.2
80.48.56.2 via 80.48.56.65 dev eth0  src 80.48.56.70
    cache  mtu 1500 advmss 1460 metric 10 128

lucy linux # ip ro ge 80.48.56.1
80.48.56.1 via 80.48.56.65 dev eth0  src 192.168.200.10
    cache  mtu 1500 advmss 1460 metric 10 128

lucy linux # ip ro ge 80.48.56.4
80.48.56.4 via 80.48.56.65 dev eth0  src 80.48.56.70
    cache  mtu 1500 advmss 1460 metric 10 128

Thank you for quick answerss and patinent for my english.

Pozdrawiam
Szymon Mroofka

P.S 
I've read your faq.
I'm argueing with routing guru... ohh my ;)


----------------------------------------------------------------------
Samochod zwany EOS... >>> http://link.interia.pl/f191c

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Load-banancing. two ip's from one isp

[William L. Thomson Jr.]

On Tue, 2006-03-28 at 19:55 +0200, sAwAr wrote:
>
> > Ignore it, it's not what you need or want.
> 
> Why not ??

Does it work? No, that's why ;)

>  It is about two diferent isp and I have only on but I have two nic's
> with diferent nets it is just like two ISP in the example. I need
> (want to) split outgoing connections through two gw so I don't
> understand why this solution isn't for me.

Are you trying to do one gateway or two? If two, routing different
networks to different gateways. That is totally different. I am doing
that now, but it's all done via tables and rules.

For multipath routing, the nano how to is the definitive doc.


> If you have access to serwer with load balancing could you just make
> similar test for me.

I do not any more, but still recall what I did that worked in did not. I
went through just about every scenario imaginable. But it seems you are
talking about two things.

Two ISP's two gateways? Or Two ISP's on gateway via multipath?


> Thank you for quick answerss and patinent for my english.

No worries. Others helped me before. Just returning the favor. Please do
the same once you get things working.

> Pozdrawiam
> Szymon Mroofka
> 
> P.S 
> I've read your faq.
> I'm argueing with routing guru... ohh my ;)

Don't argue or assume. Just follow the examples and docs. It's tricky
stuff. Unfortunately there are lots of docs that do things a bit
differently. Which does not help matters at all.

For multipath gateway routing I recommend the nano how to only. If you
are using two gateway's two ISPs totally different scenario. That I am
doing now. Multipath gateway I am not at this moment. But since I just
switched back to my core router being Linux, and ditched all others.
Once I get another line, or static IP's for my cable modem. I will do it
again.

-- 
Sincerely,
William L. Thomson Jr.
Obsidian-Studios, Inc.
http://www.obsidian-studios.com

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Load-banancing. two ip's from one isp

[sAwAr]

Dnia wtorek, 28 marca 2006 20:56, William L. Thomson Jr. napisa³:
> On Tue, 2006-03-28 at 19:55 +0200, sAwAr wrote:
> > > Ignore it, it's not what you need or want.
> >
> > Why not ??
>
> Does it work? No, that's why ;)
>
> >  It is about two diferent isp and I have only on but I have two nic's
> > with diferent nets it is just like two ISP in the example. I need
> > (want to) split outgoing connections through two gw so I don't
> > understand why this solution isn't for me.
>
> Are you trying to do one gateway or two? If two, routing different
> networks to different gateways. That is totally different. I am doing
> that now, but it's all done via tables and rules.
>
> For multipath routing, the nano how to is the definitive doc.
>
> > If you have access to serwer with load balancing could you just make
> > similar test for me.
>
> I do not any more, but still recall what I did that worked in did not. I
> went through just about every scenario imaginable. But it seems you are
> talking about two things.
>
> Two ISP's two gateways? Or Two ISP's on gateway via multipath?
>
> > Thank you for quick answerss and patinent for my english.
>
> No worries. Others helped me before. Just returning the favor. Please do
> the same once you get things working.
>
> > Pozdrawiam
> > Szymon Mroofka
> >
> > P.S
> > I've read your faq.
> > I'm argueing with routing guru... ohh my ;)
>
> Don't argue or assume. Just follow the examples and docs. It's tricky
> stuff. Unfortunately there are lots of docs that do things a bit
> differently. Which does not help matters at all.
>
> For multipath gateway routing I recommend the nano how to only. If you
> are using two gateway's two ISPs totally different scenario. That I am
> doing now. Multipath gateway I am not at this moment. But since I just
> switched back to my core router being Linux, and ditched all others.
> Once I get another line, or static IP's for my cable modem. I will do it
> again.

Ok. Now I'm realy confused. 

I have two gw in different subnets 192.168.1.1 and 80.48.56.65. Both of them belongs to the same ISP but those are completly different serwers and I suppose that I can treat it like two ISP with two gateways, can I?

Gw 1.1 does NAT for 192.168.0.0/16 and 56.65 is a gw for 80.48.56.64/26 with roxy-arp or whatever....

I have two ip's 192.168.200.10 and 80.48.56.70.

I can connect to internet via 1.1 with 200.10 src ip and via 56.65 with 56.70 src ip. With standard routing configuration I can use only on gw at the time and I lose adittional bandwith.

So I want to use two gateways. 

I hope this time this is enough clearly explained.

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Load-banancing. two ip's from one isp

[sAwAr]

Hi,

while I was waiting for your reply i decided to read everything once more:
http://www.ssi.bg/~ja/#route
routes-2.6.14-12.diff - March 3, 2005. Patch containing all following parts (applied in the same order), apply after disabling the IP_ROUTE_MULTIPATH_CACHED config option

AND after this I decided look at my kernel configuration - ofcourse I have the IP_ROUTE_MULTIPATH_CACHED enabled on my 2.6.15. I decided to use older version of kernel 2.6.14-gennto-r5 (all test till now I'was doing on 2.6.15-gentoo-r1) to have sure that this is a clear (non patched copy of kernel) i mark the route_multipath and multipath_cached i've lived disabled. I've patch the route.diff of Anastasov compile kernel reboot system and NOW IT'S WORKING :) with my old script. Now my "test of truth" is showing correct gw and src ip. Now every thing is just I wanted to be. I don't need to use NAT/PAT witch was wierd for me.

I don't know where was problem 
IP_ROUTE_MULTIPATH_CACHED must be disabled or maby some bug in 2.6.15 kernel. Now I'm too tired and huppy to test it out and make sure. I'll do it tommorow and will send the solution or rather answer where was my mistake.

Once more thanks for support!

pozdrawiam Szymon Mroofka

lucy mroofka # ip rou ge 80.48.56.1
80.48.56.1 via 80.48.56.65 dev eth0  src 80.48.56.70
    cache  mtu 1500 advmss 1460 metric 10 128
lucy mroofka # ip rou ge 80.48.56.2
80.48.56.2 via 192.168.1.1 dev eth1  src 192.168.200.10
    cache  mtu 1500 advmss 1460 metric 10 128
lucy mroofka # ip rou ge 80.48.56.3
80.48.56.3 via 80.48.56.65 dev eth0  src 80.48.56.70
    cache  mtu 1500 advmss 1460 metric 10 128
lucy mroofka # ip rou ge 80.48.56.4
80.48.56.4 via 192.168.1.1 dev eth1  src 192.168.200.10
    cache  mtu 1500 advmss 1460 metric 10 128
lucy mroofka # ip rou ge 80.48.56.5
80.48.56.5 via 80.48.56.65 dev eth0  src 80.48.56.70
    cache  mtu 1500 advmss 1460 metric 10 128
lucy mroofka # ip rou ge 80.48.56.6
80.48.56.6 via 192.168.1.1 dev eth1  src 192.168.200.10
    cache  mtu 1500 advmss 1460 metric 10 128
lucy mroofka # ip rou ge 80.48.56.7
80.48.56.7 via 80.48.56.65 dev eth0  src 80.48.56.70
    cache  mtu 1500 advmss 1460 metric 10 128
lucy mroofka # ip rou ge 80.48.56.8
80.48.56.8 via 192.168.1.1 dev eth1  src 192.168.200.10
    cache  mtu 1500 advmss 1460 metric 10 128
lucy mroofka # ip rou ge 80.48.56.9
80.48.56.9 via 80.48.56.65 dev eth0  src 80.48.56.70
    cache  mtu 1500 advmss 1460 metric 10 128
lucy mroofka # ip rou ge 80.48.56.10
80.48.56.10 via 192.168.1.1 dev eth1  src 192.168.200.10
    cache  mtu 1500 advmss 1460 metric 10 128

----------------------------------------------------------------------
Jak sie go pozbyc? >>> http://link.interia.pl/f191a

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Load-banancing. two ip's from one isp

[William L. Thomson Jr.]

On Wed, 2006-03-29 at 03:11 +0200, sAwAr wrote:
> 
> Hi,
> 
> while I was waiting for your reply i decided to read everything once
> more:
> http://www.ssi.bg/~ja/#route

Excellent.


> routes-2.6.14-12.diff - March 3, 2005. Patch containing all following
> parts (applied in the same order), apply after disabling the
> IP_ROUTE_MULTIPATH_CACHED config option

I think that's a newer option. Can't say I recall that from my 2.2
days :)

> AND after this I decided look at my kernel configuration - ofcourse I
> have the IP_ROUTE_MULTIPATH_CACHED enabled on my 2.6.15. I decided to
> use older version of kernel 2.6.14-gennto-r5 (all test till now I'was
> doing on 2.6.15-gentoo-r1) to have sure that this is a clear (non
> patched copy of kernel) i mark the route_multipath and
> multipath_cached i've lived disabled. I've patch the route.diff of
> Anastasov compile kernel reboot system and NOW IT'S WORKING :) with my
> old script. Now my "test of truth" is showing correct gw and src ip.
> Now every thing is just I wanted to be. I don't need to use NAT/PAT
> witch was wierd for me.

Yeah no worries, things might have changed there. Julian would be the
one to confirm or not if NAT/PAT is needed or not. But that's excellent
you got things working. I knew at some point when following it all to
the letter it would work. It is easy to deviate, and I tried just about
it all before the nano how to. Even that I did not follow to well at
first. Once I did, I got what I was after ;)

> I don't know where was problem 
> IP_ROUTE_MULTIPATH_CACHED must be disabled or maby some bug in 2.6.15
> kernel. Now I'm too tired and huppy to test it out and make sure. I'll
> do it tommorow and will send the solution or rather answer where was
> my mistake.

Cool, that would be good to know for the record and for others.

> Once more thanks for support!

Hey no problem, just please return the favor and support to someone else
in the future :) We are not the first to attempt or do this. Nor we will
be the last. So we need to do our part to keep passing the knowledge and
etc along ;)

-- 
Sincerely,
William L. Thomson Jr.
Obsidian-Studios, Inc.
http://www.obsidian-studios.com

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Load-banancing. two ip's from one isp - solution

[sAwAr]

hi for those who was fallowing this topic I can say that 

IP_ROUTE_MULTIPATH_CACHED must be disabled! After few tests I'm quite sure that this was cousing my problems. Now I'm using 2.5.15 kernel without patch of Julian Anastasov and load-balancing is working. 

lartc split-access how to and http://www.ssi.bg/~ja/nano.txt now both are working fine

Now I will try to use fwmark based routing and propably I will write with next problem soon :P

Pozdrawiam
Szymon Mroofka
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Load-banancing. two ip's from one isp - solution

[William L. Thomson Jr.]

On Wed, 2006-03-29 at 19:12 +0200, sAwAr wrote:
> hi for those who was fallowing this topic I can say that 
> 
> IP_ROUTE_MULTIPATH_CACHED must be disabled! After few tests I'm quite
> sure that this was cousing my problems. Now I'm using 2.5.15 kernel
> without patch of Julian Anastasov and load-balancing is working. 

FYI those patches do allot of things. Like static routes, unplug an
interface or shut it down and watch all your routes and tables go away.
Much less all the stuff the alt routes patch addresses.

As for no nat? Interesting.

> lartc split-access how to and http://www.ssi.bg/~ja/nano.txt now both
> are working fine

Yeah over all you are cool if the rules are correct, but if you have a
line go down or etc. You will want the prohibit line so a icmp message
is sent.

> Now I will try to use fwmark based routing and propably I will write
> with next problem soon :P

Cool, that's one I have not done myself. Not found a need so far, been
able to do all I have need via other means.

-- 
Sincerely,
William L. Thomson Jr.
Obsidian-Studios, Inc.
http://www.obsidian-studios.com

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Load-banancing. two ip's from one isp - solution

[Szymon Mroofka]

Dnia ¶roda, 29 marca 2006 20:18, William L. Thomson Jr. napisa³:
> On Wed, 2006-03-29 at 19:12 +0200, sAwAr wrote:
> > hi for those who was fallowing this topic I can say that
> >
> > IP_ROUTE_MULTIPATH_CACHED must be disabled! After few tests I'm quite
> > sure that this was cousing my problems. Now I'm using 2.5.15 kernel
> > without patch of Julian Anastasov and load-balancing is working.
>
> FYI those patches do allot of things. Like static routes, unplug an
> interface or shut it down and watch all your routes and tables go away.
> Much less all the stuff the alt routes patch addresses.

I'll patch when I'll upgrading kernel or if there will be such need maby very 
soon. For now I'm tired of compiling and instaling new kernel it takes too 
long on my old and slow box ;).

>
> As for no nat? Interesting.
>
lucy ~ # iptables -L -nv -t nat
Chain PREROUTING (policy ACCEPT 47557 packets, 5508K bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain POSTROUTING (policy ACCEPT 1484 packets, 116K bytes)
 pkts bytes target     prot opt in     out     source               
destination

Chain OUTPUT (policy ACCEPT 1404 packets, 99243 bytes)
 pkts bytes target     prot opt in     out     source               
destination

Yes... no nat needed.

> > lartc split-access how to and http://www.ssi.bg/~ja/nano.txt now both
> > are working fine
>
> Yeah over all you are cool if the rules are correct, but if you have a
> line go down or etc. You will want the prohibit line so a icmp message
> is sent.

My box is only used as a desktop so I don't need to care about any errors, 
this will not couse any problem like in big networks or companys where people 
need to have access to the internet all the time.

I thing I've done it by in my script:
         ip route append prohibit default table wew metric 1 proto static
         ip route append prohibit default table zew metric 1 proto static

in my "new" routing tables.
>
> > Now I will try to use fwmark based routing and propably I will write
> > with next problem soon :P
>
> Cool, that's one I have not done myself. Not found a need so far, been
> able to do all I have need via other means.

I'm using iptables to mark packets for htb so it should be easy to add few new 
rules and use it in routing... I hope it will be.... but I'm afraid that 
becouse of I can't use PRERUTING chain (only local packets OUTPUT chain) 
there may be some problems with it.... I'll check it soon. 


Pozdrawiam

----------------------------------------------------------------------
Seksualna edukacja... >>> http://link.interia.pl/f191b

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] Load-banancing. two ip's from one isp - solution

[William L. Thomson Jr.]

On Wed, 2006-03-29 at 21:32 +0200, Szymon Mroofka wrote:
>
> I'll patch when I'll upgrading kernel or if there will be such need maby very 
> soon. For now I'm tired of compiling and instaling new kernel it takes too 
> long on my old and slow box ;).

Yeah been there and done that. So long as you do not run into issues.
The patches should cause no harm being in place. If anything could help
out in some scenarios. 

> 
> Yes... no nat needed.

That was just part of how Julians patches fixed things to work? But if
it's not needed or does not apply in your case. Then great.

> 
> My box is only used as a desktop so I don't need to care about any errors, 
> this will not couse any problem like in big networks or companys where people 
> need to have access to the internet all the time.

Yeah I was load balancing two SDSL lines for my servers. So it was
critical I resolved any bugs, or minor issues. As it could work fine for
a while, till a cache got flushed or etc. Then all hell would break
lose.

> I thing I've done it by in my script:
>          ip route append prohibit default table wew metric 1 proto static
>          ip route append prohibit default table zew metric 1 proto static

Just a safety net in case the default cant be reached. Ideally it was
routed already per the preceding rule. If that does not happy, safety
net. So you do not have to wait for a time out or etc.

> I'm using iptables to mark packets for htb so it should be easy to add few new 
> rules and use it in routing... I hope it will be.... but I'm afraid that 
> becouse of I can't use PRERUTING chain (only local packets OUTPUT chain) 
> there may be some problems with it.... I'll check it soon. 

Ah shaping and etc. On my list, just don't want to go limiting a service
unnecessarily. One of these days :) Then again I said that years ago and
it never happened :)

-- 
Sincerely,
William L. Thomson Jr.
Obsidian-Studios, Inc.
http://www.obsidian-studios.com

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc