Re: [LARTC] Multiple uplinks, ssh connections hang

From: Alex Samad <alex@samad.com.au>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Multiple uplinks, ssh connections hang
Date: Tue, 27 Feb 2007 21:16:24 +0000	[thread overview]
Message-ID: <20070227211624.GD17130@samad.com.au> (raw)
In-Reply-To: <45E35481.5020106@zaneray.com>

[-- Attachment #1.1: Type: text/plain, Size: 3043 bytes --]

On Tue, Feb 27, 2007 at 08:12:17AM +0700, Denny Zulfikar wrote:
> Hello korey,
> 
> I don't think your configuration will work well, because there're
> balancing using "weight" connection. So, if you have
> connection-oriented-application that must sure passing their traffic
> only from one connection (such as ssh and https-please try to test
> open and login to hotmail.com), it will fail when the default routing
> switch from one gateway to another (round robin).
> 
> Dont use this config for connection-oriented application. it's round
> robin rule, that will switch  from one gateway to another without
> notice/know about traffic type.
> "ip route add default scope global nexthop via 192.168.200.1 dev eth2
> weight 1 nexthop via x.175.244.1 dev eth1 weight 1"

I have been using 
default  proto static  metric 5                                                                                                                
        nexthop via 138.130.8.1  dev vlan2 weight 1                                                                                            
        nexthop via 10.20.20.243  dev ppp0 weight 20                                                                                           

for over 4 years and it has worked fine for me, for ssh and other connection
oriented applications.
the key thing is to have contrack (or its new incarnation) loaded.

the default rule is only used when you don't have a source address or route
cache entry.  When you ssh through the machine, the syn packet uses the default
route, but it also setups a entry in contrack, all other packets will have a
source and dest address.  These will match up the ip rul statements.

if you followed your link onto julian pages http://www.ssi.bg/~ja/nano.txt,
there is a howto  on this !

> 
> please refer to this documentation howto develop multpile internet
> connection gateway.
> http://linux-ip.net/html/adv-multi-internet.html
> 
> Best Regards,
> Denny Z
> 
> 
> On 2/27/07, Korey O'Dell <korey@zaneray.com> wrote:
> >Folks,
> >Ive got two ISP connections that I am using with:
> >---
> >ip route add 192.168.200.0/24 dev eth2 src 192.168.200.11 table connection1
> >ip route add default via 192.168.200.1 table connection1
> >
> >ip route add x.175.244.0/24 dev eth1 src x.175.244.2 table connection2
> >ip route add default via x.175.244.1 table connection2
> >
> >ip rule add from 192.168.200.11 table connection1
> >ip rule add from x.175.244.2 table connection2
> >
> >echo "Enabling load balancing between ISP connections..."
> >ip route add default scope global nexthop via 192.168.200.1 dev eth2
> >weight 1 nexthop via x.175.244.1 dev eth1 weight 1
> >
> >iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to x.175.244.2
> >iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to 192.168.200.11
> >
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> 

[-- Attachment #1.2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

[-- Attachment #2: Type: text/plain, Size: 143 bytes --]

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc