[LARTC] Load Balance Outbound AND Inbound Internet Traffic to one location over multiple links

[LARTC] Load Balance Outbound AND Inbound Internet Traffic to one location over multiple links

[Joe Nuts]

I've read through the nano documentation, and it says that it wont
handle scenarios where the main traffic is input. Also, I've read
through the linuxvirtualserver documentation, and i dont think that
applies to me either, as that set up intercepts traffic and
manipulates the final destination IP and port for the traffic.
What I would like to do is 
1) from the ISP standpoint, deliver traffic for a given public IP
network to a client over multiple (load balanced) links. I have a
linux router on site that receives traffic for this network, but i
dont know how to encapsulate / balance the traffic so it gets to the
client site.

2) from the client standpoint, receive traffic for that given public
IP network, deliver it accordingly to computers, and also, send out
traffic from the computers on it's network with the correct public IP
source address.
it's actually a lot like the
http://www.linuxvirtualserver.org/VS-IPTunneling.html diagram, but
instead of the "server" sending / manipulating packets to go to three
destinations, it's taking a complete (sub)network of 16 or so IP's and
sending them directly to one computer.

Any suggestions are greatly appreciated
Thanks
-Joe Comeaux
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Load Balance Outbound AND Inbound Internet Traffic to

[Andy Furniss]

Joe Nuts wrote:
> I've read through the nano documentation, and it says that it wont
> handle scenarios where the main traffic is input. Also, I've read
> through the linuxvirtualserver documentation, and i dont think that
> applies to me either, as that set up intercepts traffic and
> manipulates the final destination IP and port for the traffic.
> What I would like to do is 
> 1) from the ISP standpoint, deliver traffic for a given public IP
> network to a client over multiple (load balanced) links. I have a
> linux router on site that receives traffic for this network, but i
> dont know how to encapsulate / balance the traffic so it gets to the
> client site.
> 
> 2) from the client standpoint, receive traffic for that given public
> IP network, deliver it accordingly to computers, and also, send out
> traffic from the computers on it's network with the correct public IP
> source address.
> it's actually a lot like the
> http://www.linuxvirtualserver.org/VS-IPTunneling.html diagram, but
> instead of the "server" sending / manipulating packets to go to three
> destinations, it's taking a complete (sub)network of 16 or so IP's and
> sending them directly to one computer.
> 
> Any suggestions are greatly appreciated
> Thanks
> -Joe Comeaux


If you have boxes at both ends of the links then you could use multilink 
ppp. Maybe I don't understand the setup properly.

Andy.


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Load Balance Outbound AND Inbound Internet Traffic to one location over multiple links

[Joe Nuts]

I have boxes at both ends of the link. I have spent my whole day
searching the internet on anything to do with 'multilink ppp', and
have not found any decent documentation on how to set something like
that up. perhaps somone could point me to something?
As for the setup, server at the ISP has one public IP A, on public
network A. it receives/routes traffic for public network B.
the server at the client site has two public IP's, X and Y on public
network X and Y.
I would like for traffic sent to public network B to make it to client
computer, divided across the two IP's X, and Y. (this traffic will of
course go through server at the ISP, which will do the work in
splitting the traffic up)
Whether traffic outbound from the client site goes out directly to the
internet, or is tunneled to the server at the ISP, to go out to the
internet is not a big deal, so long as something works.

I have a test environment set up with a computer with two 10M/s cards
connected to a hub connected to a computer with one 100M/s card. I've
tried setting up multipath routes between each other to hopefully be
able to split traffic to the two cards to get close to 20M/s
throughput. Everything I have tried has been unsuccessful, though.

Any advice is appreciated.
Thanks
-Joe


On Wed, 22 Dec 2004 13:40:19 +0000, Andy Furniss
<andy.furniss@dsl.pipex.com> wrote:
> Joe Nuts wrote:
> > I've read through the nano documentation, and it says that it wont
> > handle scenarios where the main traffic is input. Also, I've read
> > through the linuxvirtualserver documentation, and i dont think that
> > applies to me either, as that set up intercepts traffic and
> > manipulates the final destination IP and port for the traffic.
> > What I would like to do is
> > 1) from the ISP standpoint, deliver traffic for a given public IP
> > network to a client over multiple (load balanced) links. I have a
> > linux router on site that receives traffic for this network, but i
> > dont know how to encapsulate / balance the traffic so it gets to the
> > client site.
> >
> > 2) from the client standpoint, receive traffic for that given public
> > IP network, deliver it accordingly to computers, and also, send out
> > traffic from the computers on it's network with the correct public IP
> > source address.
> > it's actually a lot like the
> > http://www.linuxvirtualserver.org/VS-IPTunneling.html diagram, but
> > instead of the "server" sending / manipulating packets to go to three
> > destinations, it's taking a complete (sub)network of 16 or so IP's and
> > sending them directly to one computer.
> >
> > Any suggestions are greatly appreciated
> > Thanks
> > -Joe Comeaux
> 
> 
> If you have boxes at both ends of the links then you could use multilink
> ppp. Maybe I don't understand the setup properly.
> 
> Andy.
> 
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Load Balance Outbound AND Inbound Internet Traffic to

[Andy Furniss]

Joe Nuts wrote:
> I have boxes at both ends of the link. I have spent my whole day
> searching the internet on anything to do with 'multilink ppp', and
> have not found any decent documentation on how to set something like
> that up. perhaps somone could point me to something?

I am not sure about setting up a server, but there must be a few 
examples of client setups around for ISDN. Here is one for DSL

http://www.freestuffjunction.co.uk/bondedadsl.shtml


> As for the setup, server at the ISP has one public IP A, on public
> network A. it receives/routes traffic for public network B.
> the server at the client site has two public IP's, X and Y on public
> network X and Y.
> I would like for traffic sent to public network B to make it to client
> computer, divided across the two IP's X, and Y. (this traffic will of
> course go through server at the ISP, which will do the work in
> splitting the traffic up)

You probably know more advanced routing than me - I have never played 
about with complicated setups. As far as using ppp  - I don't think you 
have to worry about IP addresses too much - it's link level, so I think 
you can send whatever you like down it and it will appear at the other end.

Andy.

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Load Balance Outbound AND Inbound Internet Traffic to one location over multiple links

[Joe Nuts]

Thanks again for the response, Andy.
I've done a tremendous amount of research, and set-up to test the
multi-link ppp, and I still have not been successful in my search.
The problem i've found out from working with ppp, and pppoe, is that I
can only create a ppp connection between two devices on the same
broadcast network. I.E. two devices connected by some kind of bridged
ethernet.
This wouldnt be an option for me, because the DSL connections to the
client make it to the ISP over an ATM line, directly to a router. The
router plugs in to a layer-2 switch, which then our server plugs in
to.
I would need to create maybe a GRE tunnel from the client to the
server, so that the pppoe client requests would make it to the server,
to then create the ppp connection.

And that's just to get the one connection going, i'd like to be able
to multilink multiple connections.

If there were some way to multilink gre (or IPIP) tunnels, to get
combined bandwith on single connections, that would be ideal. But I
have not found any solutions along those lines.
My next attempts will be multilink pppoe tunnels over gre tunnels, and
I'm also researching what BSD has to offer in that arena.

Any suggestions are welcome.

Thanks
-Joe Comeaux

On Sun, 26 Dec 2004 20:03:44 +0000, Andy Furniss
<andy.furniss@dsl.pipex.com> wrote:
> Joe Nuts wrote:
> > I have boxes at both ends of the link. I have spent my whole day
> > searching the internet on anything to do with 'multilink ppp', and
> > have not found any decent documentation on how to set something like
> > that up. perhaps somone could point me to something?
> 
> I am not sure about setting up a server, but there must be a few
> examples of client setups around for ISDN. Here is one for DSL
> 
> http://www.freestuffjunction.co.uk/bondedadsl.shtml
> 
> 
> > As for the setup, server at the ISP has one public IP A, on public
> > network A. it receives/routes traffic for public network B.
> > the server at the client site has two public IP's, X and Y on public
> > network X and Y.
> > I would like for traffic sent to public network B to make it to client
> > computer, divided across the two IP's X, and Y. (this traffic will of
> > course go through server at the ISP, which will do the work in
> > splitting the traffic up)
> 
> You probably know more advanced routing than me - I have never played
> about with complicated setups. As far as using ppp  - I don't think you
> have to worry about IP addresses too much - it's link level, so I think
> you can send whatever you like down it and it will appear at the other end.
> 
> Andy.
> 
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Load Balance Outbound AND Inbound Internet Traffic to

[Andy Furniss]

Joe Nuts wrote:
> Thanks again for the response, Andy.
> I've done a tremendous amount of research, and set-up to test the
> multi-link ppp, and I still have not been successful in my search.
> The problem i've found out from working with ppp, and pppoe, is that I
> can only create a ppp connection between two devices on the same
> broadcast network. I.E. two devices connected by some kind of bridged
> ethernet.
> This wouldnt be an option for me, because the DSL connections to the
> client make it to the ISP over an ATM line, directly to a router. The
> router plugs in to a layer-2 switch, which then our server plugs in
> to.
> I would need to create maybe a GRE tunnel from the client to the
> server, so that the pppoe client requests would make it to the server,
> to then create the ppp connection.
> 
> And that's just to get the one connection going, i'd like to be able
> to multilink multiple connections.
> 
> If there were some way to multilink gre (or IPIP) tunnels, to get
> combined bandwith on single connections, that would be ideal. But I
> have not found any solutions along those lines.
> My next attempts will be multilink pppoe tunnels over gre tunnels, and
> I'm also researching what BSD has to offer in that arena.
> 
> Any suggestions are welcome.

I don't know whether you can link tunnels or not.

Another way you could look into is doing it at IP level using the 
netfilter patch Nth. You could just round robin packets over the links - 
not as nice as multilink as packet size isn't accounted for, but may be 
OK in practise.

Below is the help for it - You may not need to do the NAT but AIUI you 
could use it to mark and then route using the marks.

Andy.

Author: Fabrice MARIE <fabrice@netfilter.org>
Status: Works For Me.

This option adds CONFIG_IP_NF_MATCH_NTH, which supplies a match
module that will allow you to match every Nth packet encountered.
By default there are 16 different counters that can be used.

This match functions in one of two ways
1) Match ever Nth packet, and only the Nth packet.
    example:
     iptables -t mangle -A PREROUTING -m nth --every 10 -j DROP
    This rule will drop every 10th packet.
2) Unique rule for every packet.  This is an easy and quick
    method to produce load-balancing for both inbound and outbound.
    example:
     iptables -t nat -A POSTROUTING -o eth0 -m nth --counter 7 \
              --every 3 --packet 0 -j SNAT --to-source 10.0.0.5
     iptables -t nat -A POSTROUTING -o eth0 -m nth --counter 7 \
              --every 3 --packet 1 -j SNAT --to-source 10.0.0.6
     iptables -t nat -A POSTROUTING -o eth0 -m nth --counter 7 \
              --every 3 --packet 2 -j SNAT --to-source 10.0.0.7
    This example evenly splits connections between the three SNAT
    addresses.

    By using the mangle table and iproute2, you can setup complex
    load-balanced routing.  There's lot of other uses.  Be creative!

Suppported options are:
    --every     Nth         Match every Nth packet
   [--counter]  num         Use counter 0-15 (default:0)
   [--start]    num         Initialize the counter at the number 'num'
                            instead of 0. Must be between 0 and Nth-1
   [--packet]   num         Match on 'num' packet. Must be between 0
                            and Nth-1.
                            If --packet is used for a counter than
                            there must be Nth number of --packet
                            rules, covering all values between 0 and
                            Nth-1 inclusively.




_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/