[LARTC] Multipath route problem

[LARTC] Multipath route problem

[niels]

Hi ... I have 2 DSL lines all up and running on one RedHat box... 

I want to balance traffic going out over the two providers

The 2 DSL routers Have IP's 10.10.10.1 / 10.10.10.2 ... my linux box (eth0)
has IP 10.10.10.10 connected on a separate ethernet 

SO I read the http://lartc.org/howto/lartc.rpdb.multiple-links.html guide
(chapter 4.2.2)

In my case I have to make these routes

# ip route add default nexthop via 10.10.10.1 dev eth0 nexthop via
10.10.10.2 dev eth0

Works Fine!! every connection request going is perfectly balanced sent out
via both gateways
But works only on the linux box itself! from the (masqueraded) clients it
doesn't:

Every first  request which is masqueraded -> gateway 10.10.10.1 (works fine)
Every second request which is masqueraded -> gateway 10.10.10.2 (don't get
reply back)

When I change the multipath route so that 10.10.10.2 is the first hop

# ip route add default nexthop via 10.10.10.2 dev eth0 nexthop via
10.10.10.1 dev eth0

Gw 10.10.10.2 (fine) 
Gw 10.10.10.1 (doesn't work ... Only from the linux box itself)

So it every time seems to be the second "hop" in the multipath route which
isn't beeing masqueraded properly!

Can anyone help?

Thanks in advance! 
Niels!






_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] Multipath route problem

[Greg Scott]

> # ip route add default nexthop via 10.10.10.2 dev eth0 nexthop via
> 10.10.10.1 dev eth0

I wonder if this is a problem going out over the same NIC to the two 
providers?  All the docs I can find show each provider on its own NIC.  

I am setting up something similar and was just about to ask if I can 
do it with one NIC connecting all the providers.  That would save me 
a bunch of precious PCI slots!

In my case there are 4 - count 'em - 4 external routers to the 
Internet!  3 of them are supposed to load-balance for user traffic 
and the fourth is for a bunch of internal servers with known IP 
Addresses.  So there will be a fwmark policy that puts the routes 
for those servers into its own table.  

Life would be great if I could do all this on a single NIC connecting 
all of those routers.  Or do Neils and I both need a separate NIC for 
each router?

thanks

- Greg



-----Original Message-----
From: niels@wxn.nl [mailto:niels@wxn.nl]
Sent: Wednesday, July 31, 2002 8:42 AM
To: lartc@mailman.ds9a.nl
Subject: [LARTC] Multipath route problem


Hi ... I have 2 DSL lines all up and running on one RedHat box... 

I want to balance traffic going out over the two providers

The 2 DSL routers Have IP's 10.10.10.1 / 10.10.10.2 ... my linux box (eth0)
has IP 10.10.10.10 connected on a separate ethernet 

SO I read the http://lartc.org/howto/lartc.rpdb.multiple-links.html guide
(chapter 4.2.2)

In my case I have to make these routes

# ip route add default nexthop via 10.10.10.1 dev eth0 nexthop via
10.10.10.2 dev eth0

Works Fine!! every connection request going is perfectly balanced sent out
via both gateways
But works only on the linux box itself! from the (masqueraded) clients it
doesn't:

Every first  request which is masqueraded -> gateway 10.10.10.1 (works fine)
Every second request which is masqueraded -> gateway 10.10.10.2 (don't get
reply back)

When I change the multipath route so that 10.10.10.2 is the first hop

# ip route add default nexthop via 10.10.10.2 dev eth0 nexthop via
10.10.10.1 dev eth0

Gw 10.10.10.2 (fine) 
Gw 10.10.10.1 (doesn't work ... Only from the linux box itself)

So it every time seems to be the second "hop" in the multipath route which
isn't beeing masqueraded properly!

Can anyone help?

Thanks in advance! 
Niels!






_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] Multipath route problem

[niels]

I'm almost sure I don't need more NIC's... (only if you want to separate the
nets physically you do neet more NIC's)

With simple policy routing I already have a succesfull masquerading network
with Source Subnet X going through gateway 1 and Source subnet Y going
through gateway 2  (balancing the load based on subnet)

It even works if those 2 gateways are on totally different subnets! 

just add an extra IP adress to your interface like this:
#Ip addr add 10.50.50.10/24 dev eth0 brd 10.50.50.255

then add a second default route (for example to gateway 10.50.50.254) in
table (for example testtable) like this:
#Ip route add default dev eth0 via 10.50.50.254 table test

Then add a rule to use the table from (for example) a specific subnet
#Ip rule add pref 1000 table test from 192.168.0.0/16

And it's up and running!

SO, I'm sure load balancing (multi path routes) must also be possible

from the local machine I have it already working... so why not via
masquerading?

PS.. I read something about the "src" option in the route add command .. But
it didn't seem to help me out.



-----Original Message-----
From: Greg Scott [mailto:GregScott@InfraSupportEtc.com] 
Sent: 31 July 2002 17:15
To: niels@wxn.nl; lartc@mailman.ds9a.nl
Subject: RE: [LARTC] Multipath route problem


> # ip route add default nexthop via 10.10.10.2 dev eth0 nexthop via 
> 10.10.10.1 dev eth0

I wonder if this is a problem going out over the same NIC to the two 
providers?  All the docs I can find show each provider on its own NIC.  

I am setting up something similar and was just about to ask if I can 
do it with one NIC connecting all the providers.  That would save me 
a bunch of precious PCI slots!
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] Multipath route problem

[Martin A. Brown]

Greg,

 : I wonder if this is a problem going out over the same NIC to the two 
 : providers?  All the docs I can find show each provider on its own NIC.  
 : 
 : I am setting up something similar and was just about to ask if I can 
 : do it with one NIC connecting all the providers.  That would save me 
 : a bunch of precious PCI slots!

You could always try the multi-port ethernet cards.  They are usually a
bit more expensive, but they give you up to four ports on a single PCI
card.  Occasionally, you may run into IRQ problems, depending on the card
and your motherboard, but this solves your PCI slot availablity problem.


The DLink DFE 570TX is the one I use (with the tulip driver), and it works 
well and reliably.

  http://www.dlink.com/products/adapters/dfe570tx/

There are, I'm sure many others which people on this list can recommend.

 : Life would be great if I could do all this on a single NIC connecting
 : all of those routers.  Or do Neils and I both need a separate NIC for
 : each router?

I don't think you *need* to have a separate NIC for each router, but if I 
were doing it, I'd want each router on a separate network.

Good luck,

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Multipath route problem

[William L. Thomson Jr.]

Niels,
	I do not think the two nics are your problem. First off you will need
two things. The first is patches made by Julian Anastasov,
I had a link but it does not seem to work. Julian subscribes to this
list so maybe he will post an updated link to where they can be found.

After you apply the patches the Linux machine will need to be running
NAT in some manor.

Because I have routers on each of my DSL lines I perform two rounds of
NAT or PAT. One in each router, and then again in the Linux router.

Without those two things, I was not able to get things to work by using
only the example on lartc.org that you posted below.

You will also want to dial in your DNS to servers for each IP block, and
load balance that as well.

In doing the NAT/PAT you will need to give the outgoing interface each
of the IP's that your routers will be translating to.

Example.

Public IP - Router Nat to say 10.1.0.3

On the Linux router your interface may have 
10.1.0.1 as the ip, so you will need to add the other ip as well.

ip addr add 10.1.0.1/16 brd 10.1.255.255 dev eth1
ip addr add 10.1.0.3/16 brd 10.1.255.255 dev eth1

You will need to do that for each IP that the routers will NAT/PAT the
public ips to. Then in the Linux box, you can map those IP to what ever
internal ones you want from there via NAT or PAT.

Hope that makes sense and helps.



On Wed, 2002-07-31 at 06:42, niels@wxn.nl wrote:
> Hi ... I have 2 DSL lines all up and running on one RedHat box... 
> 
> I want to balance traffic going out over the two providers
> 
> The 2 DSL routers Have IP's 10.10.10.1 / 10.10.10.2 ... my linux box (eth0)
> has IP 10.10.10.10 connected on a separate ethernet 
> 
> SO I read the http://lartc.org/howto/lartc.rpdb.multiple-links.html guide
> (chapter 4.2.2)
> 
> In my case I have to make these routes
> 
> # ip route add default nexthop via 10.10.10.1 dev eth0 nexthop via
> 10.10.10.2 dev eth0
> 
> Works Fine!! every connection request going is perfectly balanced sent out
> via both gateways
> But works only on the linux box itself! from the (masqueraded) clients it
> doesn't:
> 
> Every first  request which is masqueraded -> gateway 10.10.10.1 (works fine)
> Every second request which is masqueraded -> gateway 10.10.10.2 (don't get
> reply back)
> 
> When I change the multipath route so that 10.10.10.2 is the first hop
> 
> # ip route add default nexthop via 10.10.10.2 dev eth0 nexthop via
> 10.10.10.1 dev eth0
> 
> Gw 10.10.10.2 (fine) 
> Gw 10.10.10.1 (doesn't work ... Only from the linux box itself)
> 
> So it every time seems to be the second "hop" in the multipath route which
> isn't beeing masqueraded properly!
> 
> Can anyone help?
> 
> Thanks in advance! 
> Niels!
> 
> 
> 
> 
> 
> 
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 
-- 
Sincerely,
William L. Thomson Jr.
Support Group
Obsidian-Studios Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone  707.766.9509
Fax    707.766.8989
http://www.obsidian-studios.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Multipath route problem

[Julian Anastasov]

	Hello,

On 31 Jul 2002, William L. Thomson Jr. wrote:

> two things. The first is patches made by Julian Anastasov,
> I had a link but it does not seem to work. Julian subscribes to this
> list so maybe he will post an updated link to where they can be found.

	The box that hosts the patches is down. I can't provide
another link, I don't know whether it is mirrored with wget
somewhere by someone. When the site is ok I'll upload the
files. Until then, I still can use email, just let me know
what files you like to see. I simply didn't started to think for another 
place for this page, I hope the issue will be resolved in days.

Regards

--
Julian Anastasov <ja@ssi.bg>

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] Multipath route problem

[niels]

> After you apply the patches the Linux machine will need to be running NAT
in some manor.
> Because I have routers on each of my DSL lines I perform two 
> rounds of NAT or PAT. One in each router, and then again in the Linux
router.
> In doing the NAT/PAT you will need to give the outgoing interface each of
the 
> IP's that your routers will be translating to.

Have that up and running alrady ... :-)

> You will also want to dial in your DNS to servers for each IP block, 
> and load balance that as well.

What do you mean by that?

Hope that the patches work when I get my hands on them :-)

Regards, Niels
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] Multipath route problem

[William L. Thomson Jr.]

Niels,

On Thu, 2002-08-01 at 01:14, niels@wxn.nl wrote:
> > After you apply the patches the Linux machine will need to be running NAT
> in some manor.
> > Because I have routers on each of my DSL lines I perform two 
> > rounds of NAT or PAT. One in each router, and then again in the Linux
> router.
> > In doing the NAT/PAT you will need to give the outgoing interface each of
> the 
> > IP's that your routers will be translating to.
> 
> Have that up and running alrady ... :-)

Your routers translation? Good, then you will need to do second round of
translation in the Linux box as well.

Also helps to act as a second in line firewall that is transparent from
the outside world.

The Linux box must perform translation at some point or no go. The
patches only work when translating.

> > You will also want to dial in your DNS to servers for each IP block, 
> > and load balance that as well.
> 
> What do you mean by that?

The docs from isc.org, the pdf will help. You may have to use a later
version of bind, 9.x not 8.x, but it may work in older ones as well.

Normally an A record looks like

domain.com.	IN  	A	ip

So all you will need is
domain.com.	IN  	A	ip1
		IN	A	ip2

Which will use ip1 half the time, and ip2 the other half. In theory.

There are other params like the time for each one to last and etc.

Download this pdf doc on admin Bind and it should tell you what you will
need from there

http://www.nominum.com/resources/documentation/Bv9ARM.pdf

> Hope that the patches work when I get my hands on them :-)

They do, have you emailed Julian? He will send you the ones you will
need.

Without the patches things will not work correctly or at all. They are a
must not an option.

-- 
Sincerely,
William L. Thomson Jr.
Support Group
Obsidian-Studios Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone  707.766.9509
Fax    707.766.8989
http://www.obsidian-studios.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/