Re: [LARTC] Iptables, SNAT/MASQ, Multiple gateways

From: "William L. Thomson Jr." <support@obsidian-studios.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Iptables, SNAT/MASQ,  Multiple gateways
Date: Tue, 01 Oct 2002 04:12:45 +0000	[thread overview]
Message-ID: <marc-lartc-103344591308948@msgid-missing> (raw)
In-Reply-To: <marc-lartc-103332395202631@msgid-missing>

Simon,

On Mon, 2002-09-30 at 00:06, Simon Matthews wrote:
> 
> OK, this may be a reasonable approach, but how do I force it initiate 
> connections from the "fast" interface, yet allow it to fail over to the 
> slow interface if the sytem removes the route to the fast gateway because 
> it has detected that it is not responding? 

The way I see things it basically works like this, the out going traffic
will get balanced via the next hop and weights. So based on the weight
values, one will be used more than the other.

Now to get the same thing to happen from the outside world, you need to
load balance your dns. Look into setting up multiple dns records, and
possible weight values as well.

It's pretty safe to say that if the fast connection goes down, it will
be unavailable for the dns system to load balance, and all should divert
to the line that is up. I would assume it to be best if using internal
dns servers, but may work better with outside dns servers if possible?
Now that's from the outside.

You mentioned using dead gateway detection to remove, and hopefully add
back the route when it becomes available again. Which will be needed so
that the route is no longer used from the inside. Causing the route the
is available to be the only one used from the inside.

This switch over can be seamless, but if you are say streaming media, it
will be interrupted, as an example. Other things like http, will most
likely be fine, stateless things won't care, others will.

You real problem is for say if a large download or something is diverted
from a fast line to a slow line. I would imagine it to be somewhat
unlikely since, the fast one may but in during the lookup process. You
may want to look into some sort of traffic control or shaping, which may
be a good idea in case that the fast line is down. You may really want
to control the left over bandwidth for important stuff. Someone else
also mentioned this. TC and QoS is not an area I have much experience
in, so you will have to look to other there.

In the end the over all load balancing logic is very general, and not
extremely smart/advanced. It would be nice if it was. You have the next
hops from the inside, and dns for the outside. Not to much beyond that.

Beyond that you will have to look to other things to really dial things
in, in my opinion. Not sure if this helps or not, but hopefully it will.

Good luck

-- 
Sincerely,
William L. Thomson Jr.
Support Group
Obsidian-Studios Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone  707.766.9509
Fax    707.766.8989
http://www.obsidian-studios.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/