Re: [LARTC] Secure / Redundant router configuration

From: Matthew Crocker <matthew@crocker.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Secure / Redundant router configuration
Date: Mon, 10 Feb 2003 15:27:31 +0000	[thread overview]
Message-ID: <marc-lartc-104489104630567@msgid-missing> (raw)
In-Reply-To: <marc-lartc-104489002428749@msgid-missing>

On Mon, 2003-02-10 at 10:12, John Cushnie wrote:
> Hi all,
> 
> Has anyone configued a Linux Router in a secure / redundant
> configuration ?
> By this I mean a dual (or more) boxen router, using multiple multiple 
> connections on both sides of the router, so that if hardware failures 
> strike the impact on the users is minimised.
> 

I use keepalived (keepalived.sourceforge.net) to handle the fail over of
my two Linux NAT routers.  keepalived supports VRRP and will fail over a
virtual address to the other machines.  My working machines use the
virtual address as their default gateway.

Another solution is to install OSPF on everything and let the working
machines decide which route to take based on dynamic routing (OSPF).

Here is how we do it

Two Cisco routers handle our upstream bandwidth with BGP4 to multiple
providers.  The cisco routers use HSRP to fail over their Ethernet
ports.  The cisco routers also speak OSPF with my two linux
firewall/LVS/routers (using zebra) which handle inbound load balancing
and outbound NAT of my working machines.  Working machines are setup
with a virtual IP address for default gateway which is only active on
one Linux firewall at a time (using keepalived)

-Matt
> In particular, I'm interested how load sharing can be configured for 
> when all the hardware is working, ie normal state.
> 
> Also anyone used LARTC to set up a 'mesh' type configuration for sharing
> 
> Internet connections with a wireless based network.
> I am interested in how several internet connections can be connected 
> to a wireless mesh using LARTC.
> 
> We are looking to implement this in our local 'remote' community. 
> The Internet feeds will be from 10MB wireless bridges located in 
> several locations (local schools) several miles apart. 
> Wireless bridges and access points will then be used to distribute 
> the Internet connectivity over a radius of several miles.
> LARTC may then be used top provide a level of QoS to all users 
> (approx 2000 house in total) of the network using bandwidth 
> sharing/allocation and queuing based on IP address and traffic.
> Anyone done anything similar and willing to share experiences ?
> 
> Any pointers/suggestions please ? 
> 
> Many thanks.
> John Cushnie
> 
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
-- 
Matthew S. Crocker
Crocker Communications, Inc.  / Vice President
PO BOX 710
Greenfield, MA 01302-0710

Voice: 413-746-2760
Fax: 413-746-3704
Web: http://www.crocker.com
E-mail: matthew@crocker.com
GPG Public Key: www.keyserver.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/