From: "Martin A. Brown" <mabrown-lartc@securepipe.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Multi-Link Machine
Date: Mon, 10 Mar 2003 14:55:14 +0000 [thread overview]
Message-ID: <marc-lartc-104730835530791@msgid-missing> (raw)
In-Reply-To: <marc-lartc-104717218710987@msgid-missing>
Brad,
: This really helped, but it still didn't achieve what I wanted. I ended up
: having all traffic route via the "table 4", instead of just the traffic I
: fwmark'd.
Thank you for the feedback. I'll pay attention to what I failed to convey
in the multi-link section of my documentation, so I can improve it. (That
section hasn't been rewritten in a *very long time*, and could use some
editing.)
: Currently its setup backwards to how I'd like it setup, but reversing it
: shouldn't be too hard once I have it working.
:
: traceroute before I run this script
:
: 1 10.224.40.1 (10.224.40.1) 7.413 ms 7.148 ms 5.993 ms
: 2 CPE-61-9-209-7.qld.bigpond.net.au (61.9.209.7) 7.527 ms 7.579 ms 8.155 ms
: 3 GigabitEthernet4-2.cha23.telstra.net (139.130.193.117) 212.405 ms 214.032 ms 196.079 ms
: 4 GigabitEthernet1-2.woo-core1.Brisbane.telstra.net (203.50.50.129) 8.220 ms 8.770 ms 8.499 ms
: 5 Pos5-0.ken-core4.Sydney.telstra.net (203.50.6.221) 18.455 ms 20.626 ms 19.562 ms
Please suppress name lookup on your traceroute--I think it'll be a bit
easier to read and debug....thank you.
<much-snipped>
What does "ip rule show" produce?
<much-snipped>
: Anybody got any ideas.. I don't really understand fwmark too much, im just
: winging it so far. :)
fwmark is meta-information about a packet. It is not a part of the
packet. As meta-information, it expires as soon as the packet is
transmitted from the router.
fwmarks are a way to use tools like ipchains/iptables to select packets
for different treatment in routing and traffic control subsystems.
In order to help you better diagnose your current configuration, I'd
suggest using tcpdump on both outside interfaces while generating traffic
from the inside network:
# tcpdump -nn -i eth0 host 203.50.6.221
# tcpdump -nn -i ppp0 host 203.50.6.221
Now, start your traceroute from an internal machine. All of your traffic
should go across one of these two links.
Make sure you generate traffic which should go out each link. In other
words, generate some traffic from 192.168.0.5 and some ssh, and then try
something else from another host. This will tell you whether policy
routing is functioning or not.
Good luck,
-Martin
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
prev parent reply other threads:[~2003-03-10 14:55 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-03-09 1:08 [LARTC] Multi-Link Machine Brad Lay
2003-03-09 4:41 ` Martin A. Brown
2003-03-09 11:09 ` paolopoletti
2003-03-10 9:27 ` Brad Lay
2003-03-10 14:55 ` Martin A. Brown [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-104730835530791@msgid-missing \
--to=mabrown-lartc@securepipe.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.