[LARTC] Advance Routing Guidance

[LARTC] Advance Routing Guidance

[Arindam Haldar]

hi all,

i want guidance in advance routing--to be specific load balance between 
two links..
i have gone thru the LARTC docs and docs for julians patches too.. am 
yet to implement it but have a few queries/doubts..
our setup--> we have two providers. the present one is thru a wan link 
using cisco router & the 2nd is a wireless link terminated in another 
router. these two routers will be connected to linux box(its a 
compulsion to have 2 routers).. the linx box has 3 interface, 2 of wich 
are connected to the router via a switch.. we already have valid/real ip 
with us
after going thru the docs i find that with julians patch one needs to 
**MASQUERADE** to the links... we dont want that !.. we want our real ip 
to flow in these 2 links(real ip already being broadcasted on provider's 
network)..
so my Question is-->possible without **MASQUERADE** ??.. will the 
setup(as shown in docs) loadbalance for our real ip's ?? ..
what other things i have to consider ?..
Awaiting a reply very very anxiously..
A.H

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Advance Routing Guidance

[William L. Thomson Jr.]

On Thu, 2002-08-15 at 00:33, Arindam Haldar wrote:
> so my Question is-->possible without **MASQUERADE** ??.. 

No

> will the 
> setup(as shown in docs) loadbalance for our real ip's ?? ..

Not without the Linux router performing NAT.

> what other things i have to consider ?..

I would consider doing some NAT in one way or another. In my case I
perform two consecutive rounds of NAT, one in each router, and again in
the Linux router.

In short, in order for Julian's patches to work and to load balance the
connections, the Linux router must be doing NAT. So I would look into a
topology in your network that would allow for the Linux router to
perform NAT. Otherwise I do not believe you will be able to load balance
your connections.

-- 
Sincerely,
William L. Thomson Jr.
Support Group
Obsidian-Studios Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone  707.766.9509
Fax    707.766.8989
http://www.obsidian-studios.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] Advance Routing Guidance

[Laurens van Alphen]

> so my Question is-->possible without **MASQUERADE** ??.. will the 
> setup(as shown in docs) loadbalance for our real ip's ??

Short answer: No.

Long answer:

You should first answer the question: what kind of LB do you want? Incoming, outgoing or both? If you want incoming only, you don't need Julian's patches, nor NAT per sé. You can use DNS to balance your incoming connections and assing every backend server two IP addresses: one from both IP ranges.

If you want outgoing LB, or both:

Julian's patches work when you have more than one IP range, but each IP range is going only through one provider, that is: you do not have PI address space and do not use BGP4 to announce your routes through multiple providers. If you do have PI address space and speak BGP4, you don't need Julian's patches nor do you need NAT.

This is probably not your case, and the IP ranges you received from your providers are PA, that is they are part of the larger address space of your provider. This means that IP range 1 will only come through provider 1 and IP range 2 will only flow through provider 2.

Because of this: if you don't use NAT and assign an IP from IP range 1 to some machine, the server will never be able to use the link through provider 2, because his address is from IP range 1 and will only flow through provider 1 (read above). For this to work, you THUS need NAT.

Why don't you want to use NAT? NAT is not dirty. NAT is stable, fast, secure and saves you from renumbering your network when you switch providers.

Hope this is clear and helps, if not, ask.

Cheers,

Laurens van Alphen
Keen on dots
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

RE: [LARTC] Advance Routing Guidance

[Arthur van Leeuwen]

On Thu, 15 Aug 2002, Laurens van Alphen wrote:

> Why don't you want to use NAT? NAT is not dirty. NAT is stable, fast,
> secure and saves you from renumbering your network when you switch
> providers.

On the other hand, NAT breaks useful stuff such as IPSec.

Doei, Arthur.

-- 
  /\    / |      arthurvl@sci.kun.nl      | Work like you don't need the money
 /__\  /  | A friend is someone with whom | Love like you have never been hurt
/    \/__ | you can dare to be yourself   | Dance like there's nobody watching

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Advance Routing Guidance

[Julian Anastasov]

	Hello,

On Thu, 15 Aug 2002, Arindam Haldar wrote:

> after going thru the docs i find that with julians patch one needs to
> **MASQUERADE** to the links... we dont want that !.. we want our real ip
> to flow in these 2 links(real ip already being broadcasted on provider's
> network)..
> so my Question is-->possible without **MASQUERADE** ??.. will the
> setup(as shown in docs) loadbalance for our real ip's ?? ..

	Of course, it is possible ... and depends on how restrictive
are your providers. But if one link fails you can have the problem
of using sources for the failed link, then the replies from world
will hit the failed provider and will not reach you. As result,
your internal servers should know which source addresses to use
according to the link state. The masquerade simply guarantees that
one link is used only from addresses that are reachable from this
link.

> what other things i have to consider ?..

	As for applying the patches you need to download them
correctly. More likely you have white space problem (try with
patch -l).

> Awaiting a reply very very anxiously..
> A.H

Regards

--
Julian Anastasov <ja@ssi.bg>

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Advance Routing Guidance

[Arindam Haldar]

hi julian
hi all
thanx to you all.. many doubts are now cleared.. the **NATing** 
soulution is ofcource a very steady one but am not able to convince my 
management for it !.. hopefully they will...
ys julian you r right :).. there were white spaces--it's patched 
perfectly now .. :) ..
to you all---> have a :) sunday..
:)
A.H

Julian Anastasov wrote:
> 	Hello,
> 
> On Thu, 15 Aug 2002, Arindam Haldar wrote:
> 
> 
>>after going thru the docs i find that with julians patch one needs to
>>**MASQUERADE** to the links... we dont want that !.. we want our real ip
>>to flow in these 2 links(real ip already being broadcasted on provider's
>>network)..
>>so my Question is-->possible without **MASQUERADE** ??.. will the
>>setup(as shown in docs) loadbalance for our real ip's ?? ..
> 
> 
> 	Of course, it is possible ... and depends on how restrictive
> are your providers. But if one link fails you can have the problem
> of using sources for the failed link, then the replies from world
> will hit the failed provider and will not reach you. As result,
> your internal servers should know which source addresses to use
> according to the link state. The masquerade simply guarantees that
> one link is used only from addresses that are reachable from this
> link.
> 
> 
>>what other things i have to consider ?..
> 
> 
> 	As for applying the patches you need to download them
> correctly. More likely you have white space problem (try with
> patch -l).
> 
> 
>>Awaiting a reply very very anxiously..
>>A.H
> 
> 
> Regards
> 
> --
> Julian Anastasov <ja@ssi.bg>
> 
> 
> 


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/