Re: [LARTC] Load Balance and SNAT problem.

[Peter Rabbitson <rabbit@rabbit.us>]

Grant Taylor wrote:
> On 6/27/2007 12:54 AM, Peter Rabbitson wrote:
>> I am actually simply jealous that some people apparently get it to 
>> work in-kernel, and I can't seem to.
> 
> Ah, so the truth comes out.  ;)

Hehe

>> My requirements are pretty simple:
>> o As transparrent as possible DGD, that can detect 2nd and 3rd hop 
>> failures
> 
> Think about what you just asked for.  "Dead Gateway Detection" is used 
> to detect dead (upstream) (default) gateway(s).  Rather it is not meant 
> to detect dead routes beyond your gateway(s).  To do this you will need 
> some sort of utility to monitor things for you.  I.e. you will not be 
> able to get the kernel to detect that a gateway is good for some things 
> but not for others.  Actually if you stop to think about it, this is 
> beyond the scope of what the kernel should do.  This is more the scope 
> of a routing protocol and / or a route management daemon.
> 
> In short, use something to test reachability to destinations and use ip 
> rules to choose routing tables accordingly.  I.e. have a default routing 
> table that will try to use any / all interfaces routes and have 
> alternative routing tables that will try fewer interfaces / routes.

This is the most fragile part of my current setup. And DGD based on 
packet counts IMO is an extremely simple thing to do, I discussed it 
recently with you. If something like this was present in-kernel the 
world would be a better place.

>> o Robust load balancing - connections are distributed over all 
>> available links, regardless of source and destination, with the 
>> possibility of assigning relative channel priorities
> 
> I think this is close to being possible depending on your scenario (NAT 
> or not) and a few other things.
> 
> It was my understanding that equal cost multi path routing was suppose 
> to accomplish this very thing.  I.e. if you had globally routable IP 
> addresses behind the router, you could send traffic out either link, 
> hopefully in such a fashion as to (hopefully) fully utilize all links. 
> ECMP does include weight options to assign ratios to routes.

For globally routable addresses it doesn't really matter, because you 
can not usually detect it (things still work).

> What you have proposed with load balancing via Netfilter should be able 
> to achieve this with out any problems.  Or at least I would think such.

It actually does work in production for quite some time now. But as said 
before - it is ugly and fragile.

I understand that we are coming from different environments, but I still 
think that my figure of 90% is rather accurate. If you can afford not to 
do NAT, means that most likely you also have access to the ISPs dynamic 
routing protocols as well, and the entire discussion becomes pointless. 
On the contrary if you run NAT, most likely you are a poor-mans-ISP or 
smaller, running off two consumer DSL links, and all of the above applies.

Either way I rest my case here, as we are comparing apples to dinosaurs, 
and went too far OT :)

Peter
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc