All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] failover works - but balancing does not
@ 2005-01-18  7:20 roderick tapang
  2005-01-18  8:30 ` Tóth Nándor
  2005-01-18 14:34 ` ro0ot
  0 siblings, 2 replies; 3+ messages in thread
From: roderick tapang @ 2005-01-18  7:20 UTC (permalink / raw)
  To: lartc

here's the setup (two dsl - same provider)

                                +-----> link1
LAN----- linux box  --|             |----------internet
                                +-----> link2

the setup is ok in terms of the failover requirement. the other link
takes over when one is down. however, there is a very noticeable lag
when both lines are up. i've tried changing the weight value to a
higher one but the links are still under utilized and some client machines
playing games or mostly disconnected. taking down one link makes the
connection ok.
any suggestions? do i need to patch the kernel?

below is the script i'm  using on a mandrake 10.1 box.

thanks.
erik

<start of script>
#!/bin/sh
# Iptables userspace executable
IPTABLES="/sbin/iptables"
# Internal Interface
NET_INT_INT=eth1
# Internal IP
NET_INT_IP\x192.168.0.101
# Internal Subnet
NET_INT_SUB=/24
# Internal Network
NET_INT_NET\x192.168.0.0
# First external interface
NET_EXT_INT1=eth0
# First external IP
NET_EXT_IP1\x192.168.1.7
# First external interface's gateway
NET_EXT_GW1\x192.168.1.1
# Second external interface
NET_EXT_INT2=eth2
# Second external IP
NET_EXT_IP2\x192.168.1.3
# Second external interface's gateway
NET_EXT_GW2\x192.168.1.1
echo "Flushing All Tables"
$IPTABLES -F
$IPTABLES -F -t nat
$IPTABLES -F -t mangle
$IPTABLES -X -t nat
$IPTABLES -X -t mangle
$IPTABLES -X

$IPTABLES -t mangle -N ETH0
$IPTABLES -t mangle -F ETH0
$IPTABLES -t mangle -A ETH0 -j MARK --set-mark 1

$IPTABLES -t mangle -N ETH2
$IPTABLES -t mangle -F ETH2
$IPTABLES -t mangle -A ETH2 -j MARK --set-mark 2

$IPTABLES -t nat -N SPOOF_ETH0
$IPTABLES -t nat -F SPOOF_ETH0"
$IPTABLES -t nat -A SPOOF_ETH0 -j SNAT --to ${NET_EXT_IP1}

$IPTABLES -t nat -N SPOOF_ETH2
$IPTABLES -t nat -F SPOOF_ETH2H2 "
$IPTABLES -t nat -A SPOOF_ETH2 -j SNAT --to ${NET_EXT_IP2}

echo "Setting some local network rules..."
$IPTABLES -A INPUT -p icmp -s ${NET_INT_NET}/24 -d ${NET_INT_IP} -j ACCEPT

echo "Setting Mangle rules for eth0..."
$IPTABLES -t mangle -A OUTPUT -o ! ${NET_INT_INT} -m random --average 50 -j ETH0
$IPTABLES -t mangle -A PREROUTING -i ${NET_INT_INT} -m random
--average 50 -j ETH0
ip ro add table 10 default via ${NET_EXT_GW1} dev ${NET_EXT_INT1}
ip ru add fwmark 1 table 10
ip ro fl ca

echo "Setting Mangle rules for eth2..."
$IPTABLES -t mangle -A OUTPUT -o ! ${NET_INT_INT} -m random --average 50 -j ETH2
$IPTABLES -t mangle -A PREROUTING -i ${NET_INT_INT} -m random
--average 50 -j ETH2
ip ro add table 20 default via ${NET_EXT_GW2} dev ${NET_EXT_INT2}
ip ru add fwmark 2 table 20
ip ro fl ca

echo "Setting up spoofing rules..."
$IPTABLES -t nat -A POSTROUTING -o ${NET_EXT_INT1} -j SPOOF_ETH0
$IPTABLES -t nat -A POSTROUTING -o ${NET_EXT_INT2} -j SPOOF_ETH2

echo "Adding default route..."
ip ro add default nexthop via ${NET_EXT_GW1} dev ${NET_EXT_INT1}
weight 1 nexthop via ${NET_EXT_GW2} dev ${NET_EXT_INT2} weight 1

echo "Disabling Reverse Path Filtering..."
echo 0> /proc/sys/net/ipv4/conf/eth0/rp_filter
echo 0> /proc/sys/net/ipv4/conf/eth2/rp_filter

echo "Enabling IPv4 Packet forwarding..."
echo "1"> /proc/sys/net/ipv4/ip_forward
<end of script>

-- 
roderick e. tapang
retapang at gmail dot com

(o_.'       http://counter.li.org/
//\         ----------------------
V_/_        Linux User   #  253842
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [LARTC] failover works - but balancing does not
  2005-01-18  7:20 [LARTC] failover works - but balancing does not roderick tapang
@ 2005-01-18  8:30 ` Tóth Nándor
  2005-01-18 14:34 ` ro0ot
  1 sibling, 0 replies; 3+ messages in thread
From: Tóth Nándor @ 2005-01-18  8:30 UTC (permalink / raw)
  To: lartc

Hi!

roderick tapang wrote:
> here's the setup (two dsl - same provider)
> 
>                                 +-----> link1
> LAN----- linux box  --|             |----------internet
>                                 +-----> link2
> 
> the setup is ok in terms of the failover requirement. the other link
> takes over when one is down. however, there is a very noticeable lag
> when both lines are up. i've tried changing the weight value to a
> higher one but the links are still under utilized and some client machines
> playing games or mostly disconnected. taking down one link makes the
> connection ok.
> any suggestions? do i need to patch the kernel?

I was in the situation like yours. Following the lartc howto did not 
result in correct functionality (not the same problems as yours).

I managed to do it using these links:
http://www.ssi.bg/~ja/nano.txt
http://www.ssi.bg/~ja/#routes

I had to read the nano howto about 5 times to understand it.


-- 
Udv,
   Nandor
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [LARTC] failover works - but balancing does not
  2005-01-18  7:20 [LARTC] failover works - but balancing does not roderick tapang
  2005-01-18  8:30 ` Tóth Nándor
@ 2005-01-18 14:34 ` ro0ot
  1 sibling, 0 replies; 3+ messages in thread
From: ro0ot @ 2005-01-18 14:34 UTC (permalink / raw)
  To: lartc

Hi,

Can I know how is your failover works?  Any additional scripts?

Regards,
ro0ot


roderick tapang wrote:

>here's the setup (two dsl - same provider)
>
>                                +-----> link1
>LAN----- linux box  --|             |----------internet
>                                +-----> link2
>
>the setup is ok in terms of the failover requirement. the other link
>takes over when one is down. however, there is a very noticeable lag
>when both lines are up. i've tried changing the weight value to a
>higher one but the links are still under utilized and some client machines
>playing games or mostly disconnected. taking down one link makes the
>connection ok.
>any suggestions? do i need to patch the kernel?
>
>below is the script i'm  using on a mandrake 10.1 box.
>
>thanks.
>erik
>
><start of script>
>#!/bin/sh
># Iptables userspace executable
>IPTABLES="/sbin/iptables"
># Internal Interface
>NET_INT_INT=eth1
># Internal IP
>NET_INT_IP\x192.168.0.101
># Internal Subnet
>NET_INT_SUB=/24
># Internal Network
>NET_INT_NET\x192.168.0.0
># First external interface
>NET_EXT_INT1=eth0
># First external IP
>NET_EXT_IP1\x192.168.1.7
># First external interface's gateway
>NET_EXT_GW1\x192.168.1.1
># Second external interface
>NET_EXT_INT2=eth2
># Second external IP
>NET_EXT_IP2\x192.168.1.3
># Second external interface's gateway
>NET_EXT_GW2\x192.168.1.1
>echo "Flushing All Tables"
>$IPTABLES -F
>$IPTABLES -F -t nat
>$IPTABLES -F -t mangle
>$IPTABLES -X -t nat
>$IPTABLES -X -t mangle
>$IPTABLES -X
>
>$IPTABLES -t mangle -N ETH0
>$IPTABLES -t mangle -F ETH0
>$IPTABLES -t mangle -A ETH0 -j MARK --set-mark 1
>
>$IPTABLES -t mangle -N ETH2
>$IPTABLES -t mangle -F ETH2
>$IPTABLES -t mangle -A ETH2 -j MARK --set-mark 2
>
>$IPTABLES -t nat -N SPOOF_ETH0
>$IPTABLES -t nat -F SPOOF_ETH0"
>$IPTABLES -t nat -A SPOOF_ETH0 -j SNAT --to ${NET_EXT_IP1}
>
>$IPTABLES -t nat -N SPOOF_ETH2
>$IPTABLES -t nat -F SPOOF_ETH2H2 "
>$IPTABLES -t nat -A SPOOF_ETH2 -j SNAT --to ${NET_EXT_IP2}
>
>echo "Setting some local network rules..."
>$IPTABLES -A INPUT -p icmp -s ${NET_INT_NET}/24 -d ${NET_INT_IP} -j ACCEPT
>
>echo "Setting Mangle rules for eth0..."
>$IPTABLES -t mangle -A OUTPUT -o ! ${NET_INT_INT} -m random --average 50 -j ETH0
>$IPTABLES -t mangle -A PREROUTING -i ${NET_INT_INT} -m random
>--average 50 -j ETH0
>ip ro add table 10 default via ${NET_EXT_GW1} dev ${NET_EXT_INT1}
>ip ru add fwmark 1 table 10
>ip ro fl ca
>
>echo "Setting Mangle rules for eth2..."
>$IPTABLES -t mangle -A OUTPUT -o ! ${NET_INT_INT} -m random --average 50 -j ETH2
>$IPTABLES -t mangle -A PREROUTING -i ${NET_INT_INT} -m random
>--average 50 -j ETH2
>ip ro add table 20 default via ${NET_EXT_GW2} dev ${NET_EXT_INT2}
>ip ru add fwmark 2 table 20
>ip ro fl ca
>
>echo "Setting up spoofing rules..."
>$IPTABLES -t nat -A POSTROUTING -o ${NET_EXT_INT1} -j SPOOF_ETH0
>$IPTABLES -t nat -A POSTROUTING -o ${NET_EXT_INT2} -j SPOOF_ETH2
>
>echo "Adding default route..."
>ip ro add default nexthop via ${NET_EXT_GW1} dev ${NET_EXT_INT1}
>weight 1 nexthop via ${NET_EXT_GW2} dev ${NET_EXT_INT2} weight 1
>
>echo "Disabling Reverse Path Filtering..."
>echo 0> /proc/sys/net/ipv4/conf/eth0/rp_filter
>echo 0> /proc/sys/net/ipv4/conf/eth2/rp_filter
>
>echo "Enabling IPv4 Packet forwarding..."
>echo "1"> /proc/sys/net/ipv4/ip_forward
><end of script>
>
>  
>



_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-01-18 14:34 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-01-18  7:20 [LARTC] failover works - but balancing does not roderick tapang
2005-01-18  8:30 ` Tóth Nándor
2005-01-18 14:34 ` ro0ot

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.