[LARTC] Multi-Link Machine

[LARTC] Multi-Link Machine

[Brad Lay]

G'day, I had a quick search through the archives to try and find an answer
but I have come up with a blank, so I'm hoping I can get a little help
here.

I have a linux machine with 2.4.19 on it, and 2 Internet links.

eth0 is Telstra Bigpond Cable (Semi static ip, its dhcp assigned), which I
want to route certain ips ranges over this link. 144.135.23.0/24 for eg.

eth1 is the internal interface on 192.168.0.0/24

eth2 is an adsl connection with a static ip which I want to be the default
route for any traffic left over.

I can get this to sort of work, but traceroute'ing to anything I set
static routes [1] with, doesn't work because I assume that it trys to come
back via the default route. Is that right?

Also I need to break the adsl connection into 2 parts, its a 512kbit link,
so I would like to take 384kbit and 128kbit of the link, and assign
128kbit to 192.168.0.192/27 which would be done on eth1, but I don't want
to limit traffic coming from eth0. (eth0 is 9mbit, so its a bit of a waste
to shape it down to 128kbit now isnt it :)

Is any of this possible or am I just dreaming?


[1] route add -net ip.add.re.ss netmask 255.255.255.255 gw <gw ip of eth0>

Thanks in advance.

Regards,

Brad Lay
(brad@coombabah.net)

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Multi-Link Machine

[Martin A. Brown]

Brad,

 : G'day, I had a quick search through the archives to try and find an
 : answer but I have come up with a blank, so I'm hoping I can get a
 : little help here.

Probably a difficulty of terminology, rather than a difficulty with
finding questions and answers on the multi-link router.....

 : I have a linux machine with 2.4.19 on it, and 2 Internet links.

Right.  /me too!  :)

This is a NATting multi-link router.....(which is also not uncommon).

 : eth0 is Telstra Bigpond Cable (Semi static ip, its dhcp assigned), which I
 : want to route certain ips ranges over this link. 144.135.23.0/24 for eg.

Right....so: "ip route add 144.135.23.0/24 via $TELSTRA_ROUTER".  You
appear to have that down:

 : [1] route add -net ip.add.re.ss netmask 255.255.255.255 gw <gw ip of eth0>
 :
 : I can get this to sort of work, but traceroute'ing to anything I set
 : static routes [1] with, doesn't work because I assume that it trys to come
 : back via the default route. Is that right?

Eh?  What do you mean?  The routing table on your linux router has nothing
to do with the upstream routers.  Your linux box should NAT to an IP in
the network range of the interface from which you wish to send the packet.
(Clunky sentence, I know...)

Example, since the IP on eth0 is dynamic:

  iptables -t POSTROUTING -d 144.135.23.0/24 -o eth0 -j MASQUERADE

The packet will leave with the source address currently on eth0.  So, if
you are tracerouting to any IP in 144.135.23.0/24, you should see packets
on eth0 (transmitted with increasing TTLs) from this source address.  Try
it for yourself, and examine the packets with tcpdump:

  tcpdump -nn -i eth0 udp

 : eth2 is an adsl connection with a static ip which I want to be the default
 : route for any traffic left over.

Yup.  There's no traffic left over after a default route!

 : Also I need to break the adsl connection into 2 parts, its a 512kbit link,
 : so I would like to take 384kbit and 128kbit of the link, and assign
 : 128kbit to 192.168.0.192/27 which would be done on eth1, but I don't want
 : to limit traffic coming from eth0. (eth0 is 9mbit, so its a bit of a waste
 : to shape it down to 128kbit now isnt it :)

I presume you mean you want to split the available bandwidth.  This is
traffic control, and you can accomplish this with tc.  Read

  http://lartc.org/howto/  # -- linux advanced routing and traffic control
  http://docum.org/        # -- Stef Coene's thorough site

You might benefit most by starting with this:

  http://docum.org/stef.coene/qos/docs/BB/BB.html

And....

  A router can only shape what it sends.

Remember the above always.

 : Is any of this possible or am I just dreaming?

Dreaming indeed.  Dream your way right on over into traffic control and
policy routing with linux.  It's a dream to work with linux.

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Multi-Link Machine

[paolopoletti]

It's possible (i've done it for one of my customers two days ago, using 
the Martin manual below).  

It is explained in very simple way here : 
http://www.linux-ip.net/html/adv-multi-internet.html#adv-multi-internet-outbound

Thanks again Martin !!!

Brad Lay wrote:

>G'day, I had a quick search through the archives to try and find an answer
>but I have come up with a blank, so I'm hoping I can get a little help
>here.
>
>I have a linux machine with 2.4.19 on it, and 2 Internet links.
>
>eth0 is Telstra Bigpond Cable (Semi static ip, its dhcp assigned), which I
>want to route certain ips ranges over this link. 144.135.23.0/24 for eg.
>
>eth1 is the internal interface on 192.168.0.0/24
>
>eth2 is an adsl connection with a static ip which I want to be the default
>route for any traffic left over.
>
>I can get this to sort of work, but traceroute'ing to anything I set
>static routes [1] with, doesn't work because I assume that it trys to come
>back via the default route. Is that right?
>
>Also I need to break the adsl connection into 2 parts, its a 512kbit link,
>so I would like to take 384kbit and 128kbit of the link, and assign
>128kbit to 192.168.0.192/27 which would be done on eth1, but I don't want
>to limit traffic coming from eth0. (eth0 is 9mbit, so its a bit of a waste
>to shape it down to 128kbit now isnt it :)
>
>Is any of this possible or am I just dreaming?
>
>
>[1] route add -net ip.add.re.ss netmask 255.255.255.255 gw <gw ip of eth0>
>
>Thanks in advance.
>
>Regards,
>
>Brad Lay
>(brad@coombabah.net)
>
>_______________________________________________
>LARTC mailing list / LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Multi-Link Machine

[Brad Lay]

On Sun, 9 Mar 2003, paolopoletti wrote:

> It's possible (i've done it for one of my customers two days ago, using
> the Martin manual below).
>
> It is explained in very simple way here :
> http://www.linux-ip.net/html/adv-multi-internet.html#adv-multi-internet-outbound

This really helped, but it still didn't achieve what I wanted. I ended up
having all traffic route via the "table 4", instead of just the traffic I
fwmark'd.

Currently its setup backwards to how I'd like it setup, but reversing it
shouldn't be too hard once I have it working.

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use  Iface
203.166.87.135  0.0.0.0         255.255.255.255 UH    0      0        0  ppp0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0  eth1
203.45.180.0    0.0.0.0         255.255.254.0   U     0      0        0  eth0
0.0.0.0         203.45.180.1    0.0.0.0         UG    0      0        0  eth0

traceroute before I run this script

 1  10.224.40.1 (10.224.40.1)  7.413 ms  7.148 ms  5.993 ms
 2  CPE-61-9-209-7.qld.bigpond.net.au (61.9.209.7)  7.527 ms  7.579 ms  8.155 ms
 3  GigabitEthernet4-2.cha23.telstra.net (139.130.193.117)  212.405 ms  214.032 ms  196.079 ms
 4  GigabitEthernet1-2.woo-core1.Brisbane.telstra.net (203.50.50.129)  8.220 ms  8.770 ms  8.499 ms
 5  Pos5-0.ken-core4.Sydney.telstra.net (203.50.6.221)  18.455 ms  20.626 ms  19.562 ms

[what I used below]

eth0 ip = 203.45.180.34 gateway = 203.45.180.1
ppp0 ip = 203.217.13.226 gateway = 203.166.87.135

#!/bin/bash
ip route flush table 4
ip route show table main | grep -Ev ^default \
| while read ROUTE ; do
ip route add table 4 $ROUTE
done

ip route add table 4 default via 203.166.87.135
iptables -t mangle -A PREROUTING -p tcp --dport 22 -j MARK --set-mark 4
iptables -t mangle -A PREROUTING -s 192.168.0.5 -j MARK --set-mark 4

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 203.45.180.34
iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to-source 203.217.13.226

ip rule add fwmark 4 table 4
ip route flush cache

And traceroute after I run it.

[07:25 PM][root@genuis][~]$ traceroute syd1.samford.net
traceroute to syd1.samford.net (202.155.174.85), 30 hops max, 38 byte packets
 1  203.166.87.135 (203.166.87.135)  25.317 ms  27.793 ms  25.888 ms
 2  107.ATM2-0-0.GW2.BNE1.ALTER.NET (203.166.90.249)  41.877 ms  27.741 ms  25.901 ms
 3  422.AT-6-0-0.XR1.BNE1.ALTER.NET (210.80.32.53)  27.930 ms  31.898 ms  31.840 ms
 4  So-0-0-0.XR1.SYD2.ALTER.NET (210.80.33.1)  37.854 ms  43.755 ms


Anybody got any ideas.. I don't really understand fwmark too much, im just
winging it so far. :)

Thanks again.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Multi-Link Machine

[Martin A. Brown]

Brad,

 : This really helped, but it still didn't achieve what I wanted. I ended up
 : having all traffic route via the "table 4", instead of just the traffic I
 : fwmark'd.

Thank you for the feedback.  I'll pay attention to what I failed to convey
in the multi-link section of my documentation, so I can improve it.  (That
section hasn't been rewritten in a *very long time*, and could use some
editing.)

 : Currently its setup backwards to how I'd like it setup, but reversing it
 : shouldn't be too hard once I have it working.
 :
 : traceroute before I run this script
 :
 :  1  10.224.40.1 (10.224.40.1)  7.413 ms  7.148 ms  5.993 ms
 :  2  CPE-61-9-209-7.qld.bigpond.net.au (61.9.209.7)  7.527 ms  7.579 ms  8.155 ms
 :  3  GigabitEthernet4-2.cha23.telstra.net (139.130.193.117)  212.405 ms  214.032 ms  196.079 ms
 :  4  GigabitEthernet1-2.woo-core1.Brisbane.telstra.net (203.50.50.129)  8.220 ms  8.770 ms  8.499 ms
 :  5  Pos5-0.ken-core4.Sydney.telstra.net (203.50.6.221)  18.455 ms  20.626 ms  19.562 ms

Please suppress name lookup on your traceroute--I think it'll be a bit
easier to read and debug....thank you.

 <much-snipped>

What does "ip rule show" produce?

 <much-snipped>

 : Anybody got any ideas.. I don't really understand fwmark too much, im just
 : winging it so far. :)

fwmark is meta-information about a packet.  It is not a part of the
packet.  As meta-information, it expires as soon as the packet is
transmitted from the router.

fwmarks are a way to use tools like ipchains/iptables to select packets
for different treatment in routing and traffic control subsystems.

In order to help you better diagnose your current configuration, I'd
suggest using tcpdump on both outside interfaces while generating traffic
from the inside network:

# tcpdump -nn -i eth0 host 203.50.6.221
# tcpdump -nn -i ppp0 host 203.50.6.221

Now, start your traceroute from an internal machine.  All of your traffic
should go across one of these two links.

Make sure you generate traffic which should go out each link.  In other
words, generate some traffic from 192.168.0.5 and some ssh, and then try
something else from another host.  This will tell you whether policy
routing is functioning or not.

Good luck,

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/