[LARTC] LARTC / Multipath routing: Thanks & feedbacks :)

[LARTC] LARTC / Multipath routing: Thanks & feedbacks :)

[Vincent Jaussaud]

Hello,

A while ago I bothered some people in this list regarding issues with
multipath routing and advanced routing in general. The main goal was to
setup a complex networks where all servers would be available through
both link. Each server was public, and thus had 2 public IP addresses.
This setup included VPN setup with fail-over, firewalls with gateway as
routing key & alternatives routes setup, NAT for internal private
networks, DMZs available over both links,etc... The whole thing was
about setting up full redundancy for every server. 

There was a lot of problems building the whole thing up, but in the end,
everything worked perfectly. I mean it.

I currently have more than 30 Linux servers reachable through 2
dedicated lines, over 2 ISP, using 2 public distinct netblocks. Each
server is linux-based, and does outgoing load-balancing in equalize
mode. Incoming traffic load-balancing is done using standard round-robin
DNS. Everything got filtered by firewalls. I have VPN fail-over setup
using alternatives routes & dead gateway detection.

For all of these, I would like to thanks you. 
Thank you for giving this wonderful toolkit to the Internet Community.
Thank you for your time answering our questions, and finally for you
help & assistance. I wouldn't have been able to build the whole thing up
without you. Thank you also, for keeping my users off my back. :)

I never doubted Linux was the best OS in the world. But now, I have a
proof.

I would especially like to thanks Julian Anastasov (your patches works
just perfectly !), Arthur van Leeuwen and Dawid Kuroczko.

Thanks again.
Yours,
Vincent Jaussaud.

-- 
########################################################
 Kelkoo Security Manager / Networks & Systems Architect 
 	    JID: portsentry@jabber.kelkoo.net 	        
 Office: +(33)04 7629 7163 / Mobile: +(33)06 806 409 62 
########################################################
Kelkoo.com --- GNU/Linux Powered.
-- 
Vincent Jaussaud
Kelkoo.com Security Manager 
email: tatooin@kelkoo.com

"The UNIX philosophy is to design small tools that do one thing, and do
it well."

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] LARTC / Multipath routing: Thanks & feedbacks :)

[Nuno Miguel Pais Fernandes]

[-- Attachment #1: Type: text/plain, Size: 2363 bytes --]

One thing you could do is: make a tutorial showing problems and
solutions you've found in implementing such a system and put it in the
ML.

Thanks
Nuno Fernandes



On Mon, 2003-04-28 at 12:40, Vincent Jaussaud wrote:
> Hello,
> 
> A while ago I bothered some people in this list regarding issues with
> multipath routing and advanced routing in general. The main goal was to
> setup a complex networks where all servers would be available through
> both link. Each server was public, and thus had 2 public IP addresses.
> This setup included VPN setup with fail-over, firewalls with gateway as
> routing key & alternatives routes setup, NAT for internal private
> networks, DMZs available over both links,etc... The whole thing was
> about setting up full redundancy for every server. 
> 
> There was a lot of problems building the whole thing up, but in the end,
> everything worked perfectly. I mean it.
> 
> I currently have more than 30 Linux servers reachable through 2
> dedicated lines, over 2 ISP, using 2 public distinct netblocks. Each
> server is linux-based, and does outgoing load-balancing in equalize
> mode. Incoming traffic load-balancing is done using standard round-robin
> DNS. Everything got filtered by firewalls. I have VPN fail-over setup
> using alternatives routes & dead gateway detection.
> 
> For all of these, I would like to thanks you. 
> Thank you for giving this wonderful toolkit to the Internet Community.
> Thank you for your time answering our questions, and finally for you
> help & assistance. I wouldn't have been able to build the whole thing up
> without you. Thank you also, for keeping my users off my back. :)
> 
> I never doubted Linux was the best OS in the world. But now, I have a
> proof.
> 
> I would especially like to thanks Julian Anastasov (your patches works
> just perfectly !), Arthur van Leeuwen and Dawid Kuroczko.
> 
> Thanks again.
> Yours,
> Vincent Jaussaud.
> 
> -- 
> ########################################################
>  Kelkoo Security Manager / Networks & Systems Architect 
>  	    JID: portsentry@jabber.kelkoo.net 	        
>  Office: +(33)04 7629 7163 / Mobile: +(33)06 806 409 62 
> ########################################################
> Kelkoo.com --- GNU/Linux Powered.
-- 
Nuno Miguel Pais Fernandes <npf@eurotux.com>

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [LARTC] LARTC / Multipath routing: Thanks & feedbacks :)

[Vincent Jaussaud]

On Mon, 2003-04-28 at 16:51, Nuno Miguel Pais Fernandes wrote:
> One thing you could do is: make a tutorial showing problems and
> solutions you've found in implementing such a system and put it in the
> ML.
I will. I'll post an url to the list once it's done. (Might takes some
times, though.)

Regards,
Vincent.

> 
> Thanks
> Nuno Fernandes
> 
> 
> 
> On Mon, 2003-04-28 at 12:40, Vincent Jaussaud wrote:
> > Hello,
> > 
> > A while ago I bothered some people in this list regarding issues with
> > multipath routing and advanced routing in general. The main goal was to
> > setup a complex networks where all servers would be available through
> > both link. Each server was public, and thus had 2 public IP addresses.
> > This setup included VPN setup with fail-over, firewalls with gateway as
> > routing key & alternatives routes setup, NAT for internal private
> > networks, DMZs available over both links,etc... The whole thing was
> > about setting up full redundancy for every server. 
> > 
> > There was a lot of problems building the whole thing up, but in the end,
> > everything worked perfectly. I mean it.
> > 
> > I currently have more than 30 Linux servers reachable through 2
> > dedicated lines, over 2 ISP, using 2 public distinct netblocks. Each
> > server is linux-based, and does outgoing load-balancing in equalize
> > mode. Incoming traffic load-balancing is done using standard round-robin
> > DNS. Everything got filtered by firewalls. I have VPN fail-over setup
> > using alternatives routes & dead gateway detection.
> > 
> > For all of these, I would like to thanks you. 
> > Thank you for giving this wonderful toolkit to the Internet Community.
> > Thank you for your time answering our questions, and finally for you
> > help & assistance. I wouldn't have been able to build the whole thing up
> > without you. Thank you also, for keeping my users off my back. :)
> > 
> > I never doubted Linux was the best OS in the world. But now, I have a
> > proof.
> > 
> > I would especially like to thanks Julian Anastasov (your patches works
> > just perfectly !), Arthur van Leeuwen and Dawid Kuroczko.
> > 
> > Thanks again.
> > Yours,
> > Vincent Jaussaud.
> > 
> > -- 
> > ########################################################
> >  Kelkoo Security Manager / Networks & Systems Architect 
> >  	    JID: portsentry@jabber.kelkoo.net 	        
> >  Office: +(33)04 7629 7163 / Mobile: +(33)06 806 409 62 
> > ########################################################
> > Kelkoo.com --- GNU/Linux Powered.
-- 
Vincent Jaussaud
Kelkoo.com Security Manager 
email: tatooin@kelkoo.com

"The UNIX philosophy is to design small tools that do one thing, and do
it well."

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/