[LARTC] Aliases and Multipath

[LARTC] Aliases and Multipath

[Guillermo Gomez]

Hi all

Does anyone know if i can use ethernet aliases like eth0:1 in advanced
routing like multipath routing in order to avoid to have nxEthernet
interfaces in my Linux box.

Thansk in advanced

-- 
Guillermo Gomez <ggomez@neotechgw.net>
neotech

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Aliases and Multipath

[Guillermo Gomez]

Thanks guys for such quick response :) coool

Well let me go deeper now with my routing issuess.

My desirable topology is:

LAN ---- Linux Box ---- eth0    -- dsl router (dhcp)
                        eth0:1  -- Frame Router ISP1 (fixed ip range)
                        eth0:2  -- Frame Router ISP2 (fixed ip range)

Then i would config:

        eth0    according dhcp server aa.aa.aa.aa
        eth0:1  xx.xx.xx.xx
        eth0:2  yy.yy.yy.yy

The idea is to balance the outgoing traffic through the three ISPs. One
little trouble is dhcp renewal (it always tries to set the default
gateway, anyone knows how to avoid that? i could find out from
dhcp-client-leases and then configure myself at the right place at the
right moment).

According to the FAQ i need to guarantee first that any request from
eth0 IPADDR goes to the right gateway and so on with eth0:1 and eth0:2
(that's reasonable).

After that i would do the multipath config. The question goes now with
the NAT stuff, how can i do the SNAT after balancing the traffic with
the multipath routing? I can't do:

iptables -t nat -A POSTROUTING -o eth0   -j SNAT aa.aa.aa.aa
iptables -t nat -A POSTROUTING -o eth0:1 -j SNAT xx.xx.xx.xx
iptables -t nat -A POSTROUTING -o eth0:2 -j SNAT yy.yy.yy.yy

iptables just does not likes eth0:1 neither eth0:2, is this the right
behaviour of iptables or what? i read something about NAT in advance
routing engine but never used before and i'm little confuse on how it
works. Will it crash with iptables NAT engine?

Just to finish to build the router i need to do DNAT for my internal
servers but that's trivial with iptables but anyway it would be great to
know how to do it with a single tool (don't need to do firewalling in
this machine so far, just routing and stateless nat, our should it be
statefull? hmmmm need to think about).

Heeey, does anyone knows if someone has translated the LARTC-FAQs to
Spanish? I could do that :) I would like to contribute...

Kind regards

Guillermo

-- 
Guillermo Gomez <ggomez@neotechgw.net>
neotech

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Aliases and Multipath

[Damion de Soto]

Hi Guillermo,

> iptables just does not likes eth0:1 neither eth0:2, is this the right
> behaviour of iptables or what? i read something about NAT in advance
> routing engine but never used before and i'm little confuse on how it
> works. Will it crash with iptables NAT engine?
As far as I know, the ethX:X terminology is just for ifconfig usage.
Inside the kernel, eth0:1 is exactly the same as eth0.
So for iptables rules, you just use the eth0:1 IP address with eth0.
this is the same way the 'ip' tool works too.


Regards,
Damion.


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Damion de Soto - Software Engineer  email:     damion@snapgear.com
SnapGear - A CyberGuard Company ---    ph:         +61 7 3435 2809
  | Custom Embedded Solutions          fax:         +61 7 3891 3630
  | and Security Appliances            web: http://www.snapgear.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ---  Free Embedded Linux Distro at   http://www.snapgear.org  ---

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Aliases and Multipath

[Guillermo Gomez]

Got it, thanks Damion

It was so easy to think in using directly ethx:y in iptables :(

Anyway,my point is that i need to do SNAT in a three ISP environment
with multipath routing to balance the outgoing traffic.

So far i decided to go with separate Ethernet cards so i will go back to
the aliasing thing later.

Now i will do NAT with iptables in separate cards in POSTROUTING chain
(after routing decision has taken).

By the way, what's the behaviour of multipath routing if one of the
providers goes down ? Should i take care manually to take it out from
the multipath ?

Guillermo

On Sun, 2003-12-07 at 20:37, Damion de Soto wrote:
> Hi Guillermo,
> 
> > iptables just does not likes eth0:1 neither eth0:2, is this the right
> > behaviour of iptables or what? i read something about NAT in advance
> > routing engine but never used before and i'm little confuse on how it
> > works. Will it crash with iptables NAT engine?
> As far as I know, the ethX:X terminology is just for ifconfig usage.
> Inside the kernel, eth0:1 is exactly the same as eth0.
> So for iptables rules, you just use the eth0:1 IP address with eth0.
> this is the same way the 'ip' tool works too.
> 
> 
> Regards,
> Damion.
> 

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Aliases and Multipath

[Jose Luis Domingo Lopez]

On Thursday, 04 December 2003, at 11:06:58 -0400,
Guillermo Gomez wrote:

> Does anyone know if i can use ethernet aliases like eth0:1 in advanced
> routing like multipath routing in order to avoid to have nxEthernet
> interfaces in my Linux box.
> 
I think it is always better to think "in ip terms" instead of "in
ifconfig terms" with respect to multiple IP addresses assigned to the
same network interface.

I don't know exactly for "ifconfig", but the syntax for "ip address"
states clearly what seems to be happening behind the scenes:
# ip address add 172.16.1.1/24 broad + dev eth1
# ip address add 172.16.2.1/24 broad + dev eth1
# ip address add 172.16.3.1/24 broad + dev eth1

So what you are doing is assigning several IP to the same physical
interface, and you deal just with IP, anything else.
# ip address show dev eth1
2: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:05:1c:09:f2:14 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.12/24 brd 192.168.1.255 scope global eth0
    inet 172.16.1.1/24 brd 172.16.1.255 scope global eth0
    inet 172.16.2.1/24 brd 172.16.2.255 scope global eth0
    inet 172.16.3.1/24 brd 172.16.3.255 scope global eth0

Greetings.

-- 
Jose Luis Domingo Lopez
Linux Registered User #189436     Debian Linux Sid (Linux 2.6.0-test10-mm1)
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Aliases and Multipath

[Damion de Soto]

Guillermo Gomez wrote:

> By the way, what's the behaviour of multipath routing if one of the
> providers goes down ? Should i take care manually to take it out from
> the multipath ?
I think it will still try to be routed out the link that is down.
The linux kernel only removes routes if the actual eth device goes down.
You'll need some way of determining which links are down and removing the routes.

have you read:
http://www.ssi.bg/~ja/nano.txt
You probabaly don't want to use all of that, but some parts will be suitable.

Regards,

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Damion de Soto - Software Engineer  email:     damion@snapgear.com
SnapGear - A CyberGuard Company ---    ph:         +61 7 3435 2809
  | Custom Embedded Solutions          fax:         +61 7 3891 3630
  | and Security Appliances            web: http://www.snapgear.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ---  Free Embedded Linux Distro at   http://www.snapgear.org  ---

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/