From: Grant Taylor <gtaylor@riverviewtech.net>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Load Balance and SNAT problem.
Date: Mon, 25 Jun 2007 14:47:46 +0000 [thread overview]
Message-ID: <467FD592.5010700@riverviewtech.net> (raw)
In-Reply-To: <7e47206b0706242007q487365d3gb7c12658b9669edd@mail.gmail.com>
On 06/24/07 22:07, John Chang wrote:
> iptables -t mangle -A PREROUTING -t mangle -j CONNMARK --restore-mark
> iptables -t mangle -A PREROUTING -m state --state NEW -m statistic
> --mode nth --every 2 --packet 1 -j MARK --set-mark 1
> iptables -t mangle -A PREROUTING -m state --state NEW -m statistic
> --mode nth --every 2 --packet 2 -j MARK --set-mark 2
> iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark
I don't think these rules are going to do what you anticipate them to
do. These rules will alternate which route is used based on sequential
entry of packets in to the router. Consider if you have any transaction
that will take more than one packet. The connection will be sent out
both routes, each with different source IP addresses, thus the two
packets are no longer associated with each other thus breaking your
connection.
> 2. I capture packets on WAN1 and WAN2, it works fine.
> The ICMP request/response would come out on WAN1 and WAN2 sequentially.
(See the above comment.)
> 3. I unplug WAN1. Only the packets on WAN1 will lost, but WAN2 should
> works, right?
> I should saw "ping Time Out" and "ping OK" on PC1 sequentially.
*IF* the rules do work, yes this should be what you see.
> 4. But the both connections all breaks. It always "ping Time Out" on PC1.
*nod*
> 5. After caputre the packets on WAN1 and WAN2. I saw a weird behavior.
> The source IP of packets on WAN2 is 111.111.111.2
> but it should be 222.222.222.2
> That is why WAN2 breaks.
I don't know what to say here, other than something is not working right.
> Could you give me a suggestion?
> Thanks.
Do not use this method to load balance. Look in to Equal Cost Multi
Path (a.k.a. ECMP) routing and specifying multiple default gateways on
one route command. The kernel should try to load balance across the
multiple default gateways for you while maintaining connections.
Grant. . . .
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
next prev parent reply other threads:[~2007-06-25 14:47 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-06-25 3:07 [LARTC] Load Balance and SNAT problem John Chang
2007-06-25 14:47 ` Grant Taylor [this message]
2007-06-25 21:30 ` VladSun
2007-06-26 6:46 ` Peter Rabbitson
2007-06-26 11:36 ` John Chang
2007-06-26 14:37 ` Grant Taylor
2007-06-26 15:04 ` Patrick Brandão
2007-06-26 17:44 ` Peter Rabbitson
2007-06-27 1:24 ` Grant Taylor
2007-06-27 1:51 ` Grant Taylor
2007-06-27 2:07 ` Grant Taylor
2007-06-27 2:22 ` Salim S I
2007-06-27 2:34 ` Grant Taylor
2007-06-27 2:39 ` Grant Taylor
2007-06-27 3:07 ` Salim S I
2007-06-27 3:16 ` Grant Taylor
2007-06-27 5:54 ` Peter Rabbitson
2007-06-27 6:41 ` Salim S I
2007-06-27 6:43 ` Grant Taylor
2007-06-27 6:58 ` Peter Rabbitson
2007-06-27 7:28 ` Grant Taylor
2007-06-27 7:37 ` Grant Taylor
2007-06-27 7:53 ` Grant Taylor
2007-06-27 7:57 ` Grant Taylor
2007-06-27 8:03 ` Peter Rabbitson
2007-06-27 8:03 ` Grant Taylor
2007-06-27 8:11 ` Grant Taylor
2007-06-27 8:24 ` Grant Taylor
2007-06-27 8:26 ` Grant Taylor
2007-06-27 9:09 ` Peter Rabbitson
2007-06-27 10:19 ` Grant Taylor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=467FD592.5010700@riverviewtech.net \
--to=gtaylor@riverviewtech.net \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.