From: don-lartc@isis.cs3-inc.com (Don Cohen)
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Iptables, SNAT/MASQ, Multiple gateways
Date: Mon, 30 Sep 2002 15:55:27 +0000 [thread overview]
Message-ID: <marc-lartc-103340140324594@msgid-missing> (raw)
In-Reply-To: <marc-lartc-103332395202631@msgid-missing>
Simon Matthews writes:
> OK, this may be a reasonable approach, but how do I force it initiate
> connections from the "fast" interface, yet allow it to fail over to the
> slow interface if the sytem removes the route to the fast gateway because
> it has detected that it is not responding?
Off hand I don't know anything built in for this (I look forward to
hearing an answer from someone who does), but I don't think this is
really what you want anyway. It's not as if your link is the only one
that could fail!
If ISP1's upstream link fails then you want to use ISP2 for all
traffic other than that intended for ISP1 itself. And of course,
problems further upstream prevent you from reaching certain addresses
but not others, and you don't really know which without a global view
of the routing.
I think the "right" solution involves monitoring the traffic.
There's a wide range of things you could do, the simplest being
simply detecting that the link is not responding. You could also
try to detect tcp retransmits, measure RTT, aggregate data to measure
how well individual connections are working, further aggregate data to
determine which addresses blocks are working well and which poorly, etc.
Then use that data to decide which of your links to use for a given
destination.
I actually sent a proposal to this list that I think provides a good
solution to the general problem: an extension to TCP (possibly even
IP) that supports multiple addresses/ports. This would even allow you
to switch addresses in the middle of a connection. I think what I
described before applies more to the machine on the other side of your
connection, which now would know both of your addresses. Whenever it
does a tcp retransmit it switches the address. It therefore tends to
stay on the one that works most reliably. (Perhaps this algorithm
could be improved to take speed into account too.) This discussion
points out that something similar should be done on your end: you
should switch the output interface you use when you retransmit.
Of course this is not yet implemented. It's on my queue, but not
close to the beginning. I'd be glad if someone out there could beat
me to it.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2002-09-30 15:55 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-09-29 18:24 [LARTC] Iptables, SNAT/MASQ, Multiple gateways Simon Matthews
2002-09-29 22:45 ` José Luis Domingo López
2002-09-30 5:18 ` Don Cohen
2002-09-30 7:06 ` Simon Matthews
2002-09-30 15:55 ` Don Cohen [this message]
2002-09-30 17:05 ` Michael T. Babcock
2002-09-30 18:11 ` Jose Luis Domingo Lopez
2002-09-30 19:23 ` Julian Anastasov
2002-09-30 19:24 ` Simon Matthews
2002-09-30 19:26 ` Simon Matthews
2002-09-30 19:41 ` Greg Scott
2002-10-01 4:12 ` William L. Thomson Jr.
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-103340140324594@msgid-missing \
--to=don-lartc@isis.cs3-inc.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.