* Re: [LARTC] RE: [LARTC] Load Balance simply doesn´t work...
@ 2004-08-27 10:26 Robert Kurjata
2004-08-31 15:02 ` Marc-Christian Petersen
` (3 more replies)
0 siblings, 4 replies; 8+ messages in thread
From: Robert Kurjata @ 2004-08-27 10:26 UTC (permalink / raw)
To: lartc
Cytowanie Julian Anastasov <ja@ssi.bg>:
>
> Hello,
>
> On Fri, 27 Aug 2004, favero@grad.ufsc.br wrote:
>
> > You mean that using NAT its impossible to do load balance or
> > this is the worng command? If its the wrong command, what´s
> > the right one?
>
> Don't disappoint, you can check the following patches
> and howtos:
>
> http://www.ssi.bg/~ja/#routes
>
> > Tks A LOT for the response!
> > Fernando Favero
>
> Regards
>
> --
> Julian Anastasov <ja@ssi.bg>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
Hi, everybody again:)
As this subject comes and goes from time to time, I have some personal
observations. I'm personally using such a solution :)
Although this solution works perfectly (in bigger setup like few hundred
machines) it has some drawbacks. One of the biggest is that some applications
WILL NOT WORK. It doesn't just matter if it is connectionless or not, it just
depends on security flavour used by the internet side application.
For example I've found this:
1. Home Banking - typically online banks are verifying source IP of the
connecting client, so it just breaks almost every connection :(
2. phpBB - depending on setup, this forum also verifies the origin.
etc.
I've found some misunderstanding in letters at the list: If you use Julian's
patches and the script I've proposed single connection goes through single link
only! during single connection source address and source interface will not be
changed. But different connections with the same target can start from different
interfaces and that is the source of problems mentioned above. If you login
with one source, get the page and in next connection try to get it from another
ip you are lost :(.
But not everything is lost - policy routing comes as a helper. You can route
some applications via only one connection. But this makes things more
complicated as some BW management may be needed, and performance decreases.
I can say that it works, because for me it works with 4 uplinks, but tuning the
correct settings took some time.
From my point of view using equal cost multipath routing blindly without
provider help is a bit complicated thing. But it is some kind of workaround when
you can't buy a bigger, single link.
PS.
Sorry for this long long letter, but I hope it helps.
PS.
Julian, thanks for linking my script mpath2.sh from your hotwo, as I haven't
got ocassion earlier :)
--
Robert Kurjata mailto:rkurjata@ire.pw.edu.pl
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [LARTC] RE: [LARTC] Load Balance simply doesn´t work...
2004-08-27 10:26 [LARTC] RE: [LARTC] Load Balance simply doesn´t work Robert Kurjata
@ 2004-08-31 15:02 ` Marc-Christian Petersen
2004-08-31 15:32 ` Marc-Christian Petersen
` (2 subsequent siblings)
3 siblings, 0 replies; 8+ messages in thread
From: Marc-Christian Petersen @ 2004-08-31 15:02 UTC (permalink / raw)
To: lartc
On Thursday 26 August 2004 15:06, Marcos Schonfeld wrote:
Hi Marcos,
> ip route add $P1_NET dev $IF1 src $IP1 table 10
> ip route add default via $P1 table 10
> ip route add $P2_NET dev $IF2 src $IP2 table 20
> ip route add default via $P2 table 20
>
> ip route add $P1_NET dev $IF1 src $IP1 # This may be not necessary
> ip route add $P2_NET dev $IF2 src $IP2 # This may be not necessary
>
> ## ip route add default via $P1 ## You don't have to set this default
> gw, because you'll be routing accross this gateway instead of doing
> load-balance
>
> ip rule add from $IP1 table T1
> ip rule add from $IP2 table T2
shouldn't this be table 10 and table 20? :)
anyway, I have a problem settings this up. I get:
ip route add 212.71.142.210/29 dev eth1 src 212.71.142.210 table 10
RTNETLINK answers: Invalid argument
ip route add default via 212.71.142.209 table 10
ip route add 61.212.57.152/29 dev eth2 src 61.212.57.152 table 20
ip route add default via 61.212.57.153 table 20
ip route add 212.71.142.210/29 dev eth1 src 212.71.142.210
RTNETLINK answers: Invalid argument
ip route add 61.212.57.152/29 dev eth2 src 61.212.57.152
RTNETLINK answers: File exists
ip rule add from 212.71.142.210 table 10
ip rule add from 61.212.57.152 table 20
strace from 1st RTNETLINK invalid argument:
....
controllen=0, msg_flags=0}, 0) = 36
dup(2) = 4
fcntl64(4, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE)
fstat64(4, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 0), ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x4b3ed000
_llseek(4, 0, 0xb8526df0, SEEK_CUR) = -1 ESPIPE (Illegal seek)
write(4, "RTNETLINK answers: Invalid argum"..., 36) = 36
close(4) = 0
munmap(0x4b3ed000, 4096) = 0
brk(0)
any idea what I am doing wrong?
Thanks alot.
--
ciao, Marc
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [LARTC] RE: [LARTC] Load Balance simply doesn´t work...
2004-08-27 10:26 [LARTC] RE: [LARTC] Load Balance simply doesn´t work Robert Kurjata
2004-08-31 15:02 ` Marc-Christian Petersen
@ 2004-08-31 15:32 ` Marc-Christian Petersen
2004-09-01 9:25 ` Marc-Christian Petersen
2004-09-03 8:29 ` Robert Kurjata
3 siblings, 0 replies; 8+ messages in thread
From: Marc-Christian Petersen @ 2004-08-31 15:32 UTC (permalink / raw)
To: lartc
On Tuesday 31 August 2004 17:02, Marc-Christian Petersen wrote:
> ip route add 212.71.142.210/29 dev eth1 src 212.71.142.210 table 10
> RTNETLINK answers: Invalid argument
blubber bleh silly me. I implemented ipcalc.pl in my brain now ;)
--
ciao, Marc
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [LARTC] RE: [LARTC] Load Balance simply doesn´t work...
2004-08-27 10:26 [LARTC] RE: [LARTC] Load Balance simply doesn´t work Robert Kurjata
2004-08-31 15:02 ` Marc-Christian Petersen
2004-08-31 15:32 ` Marc-Christian Petersen
@ 2004-09-01 9:25 ` Marc-Christian Petersen
2004-09-03 8:29 ` Robert Kurjata
3 siblings, 0 replies; 8+ messages in thread
From: Marc-Christian Petersen @ 2004-09-01 9:25 UTC (permalink / raw)
To: lartc
On Tuesday 31 August 2004 17:32, Marc-Christian Petersen wrote:
> On Tuesday 31 August 2004 17:02, Marc-Christian Petersen wrote:
> > ip route add 212.71.142.210/29 dev eth1 src 212.71.142.210 table 10
> > RTNETLINK answers: Invalid argument
> blubber bleh silly me. I implemented ipcalc.pl in my brain now ;)
hmm, now what:
setting up that script gives me a default route to the 1st providers default
gateway and all traffic is going through that gateway (1st provider) and the
2nd isn't touched in any way. Any idea about it?
--
ciao, Marc
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [LARTC] RE: [LARTC] Load Balance simply doesn´t work...
2004-08-27 10:26 [LARTC] RE: [LARTC] Load Balance simply doesn´t work Robert Kurjata
` (2 preceding siblings ...)
2004-09-01 9:25 ` Marc-Christian Petersen
@ 2004-09-03 8:29 ` Robert Kurjata
3 siblings, 0 replies; 8+ messages in thread
From: Robert Kurjata @ 2004-09-03 8:29 UTC (permalink / raw)
To: lartc
Cytowanie Marc-Christian Petersen <m.c.p@gmx.net>:
> On Tuesday 31 August 2004 17:32, Marc-Christian Petersen wrote:
>
> > On Tuesday 31 August 2004 17:02, Marc-Christian Petersen wrote:
> > > ip route add 212.71.142.210/29 dev eth1 src 212.71.142.210 table 10
> > > RTNETLINK answers: Invalid argument
> > blubber bleh silly me. I implemented ipcalc.pl in my brain now ;)
>
> hmm, now what:
> setting up that script gives me a default route to the 1st providers default
> gateway and all traffic is going through that gateway (1st provider) and the
> 2nd isn't touched in any way. Any idea about it?
> --
> ciao, Marc
look at my work about it at:
http://www.ssi.bg/~ja/tmp/mpath2.sh
maybe it will help :) (it works)
--
Robert Kurjata mailto:rkurjata@ire.pw.edu.pl
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 8+ messages in thread
* [LARTC] RE: [LARTC] Load Balance simply doesn´t work...
@ 2004-08-26 13:06 Marcos Schonfeld
2004-08-27 4:47 ` Ming-Ching Tiew
2004-08-27 6:43 ` Julian Anastasov
0 siblings, 2 replies; 8+ messages in thread
From: Marcos Schonfeld @ 2004-08-26 13:06 UTC (permalink / raw)
To: lartc
Hi, I don't share your opinion. In fact, I worked hard to get all this
things working and finally it DOES work. I followed the explanation in
the LARTC-HOWTO in section 4.2:
ip route add $P1_NET dev $IF1 src $IP1 table 10
ip route add default via $P1 table 10
ip route add $P2_NET dev $IF2 src $IP2 table 20
ip route add default via $P2 table 20
ip route add $P1_NET dev $IF1 src $IP1 # This may be not necessary
ip route add $P2_NET dev $IF2 src $IP2 # This may be not necessary
## ip route add default via $P1 ## You don't have to set this default
gw, because you'll be routing accross this gateway instead of doing
load-balance
ip rule add from $IP1 table T1
ip rule add from $IP2 table T2
ip route add default scope global nexthop via $P1 dev $IF1 weight 1 \
nexthop via $P2 dev $IF2 weight 1
That's all, the last command is the default mutlipath gateway you will
route packets accross.
>
> i´ve been searching for a load balance solution since a month
> ago... what i can say is that it simply doesn´t work. I was
> unable to find one guy that did it with sucess. When "load
> balance" is the subject of the message on the list, the
> message is simply ignored.
> So... if it doesn´t work... why LARTC don´t delete it from the
> HOW TO and answer us with some "it simply doesn´t work...
> give up man!". This can save the time of a lot of guys,
> including me....
> Tks anyway
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 8+ messages in thread
* [LARTC] RE: [LARTC] Load Balance simply doesn´t work...
2004-08-26 13:06 Marcos Schonfeld
@ 2004-08-27 4:47 ` Ming-Ching Tiew
2004-08-27 6:43 ` Julian Anastasov
1 sibling, 0 replies; 8+ messages in thread
From: Ming-Ching Tiew @ 2004-08-27 4:47 UTC (permalink / raw)
To: lartc
> > >
> > > ip route add default scope global nexthop via $P1 dev
> $IF1 weight 1 \
> > > nexthop via $P2 dev $IF2 weight 1
> > >
> >
> > This multipath routing command keep coming up as classic
> > way to perform multipath routing for NAT access, which I
> > considered it as VERY misleading.
> >
> > It should only be used if you are NOT using NAT.
>
> You mean that using NAT its impossible to do load balance or
> this is the worng command? If its the wrong command, what´s
> the right one?
Wrong way to do it. Destine for failure !
Imagine if you have several external IP addresses and your connection
to a particular application keep changing from one IP to another ...
Perhaps you won't see any problem on short sessions or connectionless
application but it is definitely a problem for connection oriented
applications or security conscious applications.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [LARTC] RE: [LARTC] Load Balance simply doesn´t work...
2004-08-26 13:06 Marcos Schonfeld
2004-08-27 4:47 ` Ming-Ching Tiew
@ 2004-08-27 6:43 ` Julian Anastasov
1 sibling, 0 replies; 8+ messages in thread
From: Julian Anastasov @ 2004-08-27 6:43 UTC (permalink / raw)
To: lartc
Hello,
On Fri, 27 Aug 2004, favero@grad.ufsc.br wrote:
> You mean that using NAT its impossible to do load balance or
> this is the worng command? If its the wrong command, what´s
> the right one?
Don't disappoint, you can check the following patches
and howtos:
http://www.ssi.bg/~ja/#routes
> Tks A LOT for the response!
> Fernando Favero
Regards
--
Julian Anastasov <ja@ssi.bg>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2004-09-03 8:29 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-08-27 10:26 [LARTC] RE: [LARTC] Load Balance simply doesn´t work Robert Kurjata
2004-08-31 15:02 ` Marc-Christian Petersen
2004-08-31 15:32 ` Marc-Christian Petersen
2004-09-01 9:25 ` Marc-Christian Petersen
2004-09-03 8:29 ` Robert Kurjata
-- strict thread matches above, loose matches on Subject: below --
2004-08-26 13:06 Marcos Schonfeld
2004-08-27 4:47 ` Ming-Ching Tiew
2004-08-27 6:43 ` Julian Anastasov
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.