Re: A smart router for more than one default routes

[Han Changzhe <hcz@nebulat.com>]

Hi Erik,

Please see below.

Thanks,

Changzhe

On 2015-02-26 17:31, Erik Auerswald wrote:
> Hello Changzhe,
>
> On Thu, Feb 26, 2015 at 02:39:03PM +0800, Han Changzhe wrote:
>> I'm setting up a routing server on Linux with following links
>>
>> 1. An Ethernet link (eth0) to the 1st internet link (fast, but can't
>>     access some sites);
>> 2. A VPN link (tun0) to provide services to local users;
>> 3. A VPN link (tun1) to a proxy server as the 2nd internet link (slow,
>>     free).
>>
>> My target is:
>>    * for common internet access, routing the packets through eth0;
>>    * for the sites can't be accessed through eth0, routing them
>> through tun1.
>>
>> By now, I set the routing table manually for serveral sites and it
>> works fine. Because there are thousands of them and the sites change
>> with time, so I want a better solution.
>>
>> My idea is like this: setting up more than one default routes for
>> internet access, then dynamically change the route table (or route
>> table cache) with some software according to the internet access
>> results.
>>
>> For example, if we get a timeout from https://www.google.com through
>> eth0, the software should try it through tun1 link and, when
>> succeed, adding the later route to current route table.
>>
>> I don't know if any routing software on Linux work as I expected. I
>> tried quagga with zebra + ospf but not successful.
> As I understand it the list of networks inaccessible via eth0 is
> maintained manually and needs to be synced to every site. The sites
> are all configured identically, with eth0 as primary Internet access
> interface, and tun1 as secondary.
By now, the list is maintained manually while I wish the process to be 
automatic.
We may sync the routing list or not  because different sites may face 
different access
limitations.

In the ideal case, each site should maintain a small common routing list
which should be synced with a central server while  at the same time 
maintain its
local routing list which changes dynamically according to user requests 
and local
networking conditions. So syncing the routing table isn't the most tough 
problem.


> The problem is not a good fit to traditional IP routing protocols (if
> I understand it correctly).
I supposed it a simple and common case easily handled by available open 
source
software. Apparently it's not that easy.

> I would advise to use some configuration management tool (puppet, chef,
> cfengine, ...).
>
> Alternatively, you could roll your own configuration update using
> e.g. git or rsync to maintain one config file describing the routing
> table, and a program (e.g. script called via cron) periodically checking
> for changes in the config file, applying them if needed.
>
> Cheers,
> Erik