From mboxrd@z Thu Jan 1 00:00:00 1970 From: Han Changzhe Date: Fri, 27 Feb 2015 06:33:37 +0000 Subject: Re: A smart router for more than one default routes Message-Id: <54F00FC1.2020500@nebulat.com> List-Id: References: <54EEBF87.50109@nebulat.com> In-Reply-To: <54EEBF87.50109@nebulat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Hi Erik, Please see below. Thanks, Changzhe On 2015-02-26 17:31, Erik Auerswald wrote: > Hello Changzhe, > > On Thu, Feb 26, 2015 at 02:39:03PM +0800, Han Changzhe wrote: >> I'm setting up a routing server on Linux with following links >> >> 1. An Ethernet link (eth0) to the 1st internet link (fast, but can't >> access some sites); >> 2. A VPN link (tun0) to provide services to local users; >> 3. A VPN link (tun1) to a proxy server as the 2nd internet link (slow, >> free). >> >> My target is: >> * for common internet access, routing the packets through eth0; >> * for the sites can't be accessed through eth0, routing them >> through tun1. >> >> By now, I set the routing table manually for serveral sites and it >> works fine. Because there are thousands of them and the sites change >> with time, so I want a better solution. >> >> My idea is like this: setting up more than one default routes for >> internet access, then dynamically change the route table (or route >> table cache) with some software according to the internet access >> results. >> >> For example, if we get a timeout from https://www.google.com through >> eth0, the software should try it through tun1 link and, when >> succeed, adding the later route to current route table. >> >> I don't know if any routing software on Linux work as I expected. I >> tried quagga with zebra + ospf but not successful. > As I understand it the list of networks inaccessible via eth0 is > maintained manually and needs to be synced to every site. The sites > are all configured identically, with eth0 as primary Internet access > interface, and tun1 as secondary. By now, the list is maintained manually while I wish the process to be automatic. We may sync the routing list or not because different sites may face different access limitations. In the ideal case, each site should maintain a small common routing list which should be synced with a central server while at the same time maintain its local routing list which changes dynamically according to user requests and local networking conditions. So syncing the routing table isn't the most tough problem. > The problem is not a good fit to traditional IP routing protocols (if > I understand it correctly). I supposed it a simple and common case easily handled by available open source software. Apparently it's not that easy. > I would advise to use some configuration management tool (puppet, chef, > cfengine, ...). > > Alternatively, you could roll your own configuration update using > e.g. git or rsync to maintain one config file describing the routing > table, and a program (e.g. script called via cron) periodically checking > for changes in the config file, applying them if needed. > > Cheers, > Erik