Re: trouble setting default route for load-balancing routing tables

netfilter.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Andrew Beverley <andy@andybev.com>
To: Lloyd Standish <lloyd@crnatural.net>
Cc: netfilter@vger.kernel.org
Subject: Re: trouble setting default route for load-balancing routing tables
Date: Sun, 20 Nov 2011 14:16:43 +0000	[thread overview]
Message-ID: <1321798603.2382.987.camel@andybev-desktop> (raw)
In-Reply-To: <op.v4721hs0x1lyi3@debiandesk2.net>

On Sat, 2011-11-19 at 20:11 -0600, Lloyd Standish wrote:
> Hi Everyone,
> 
> I'm configuring a load-balancing netfilter router.  It does round-robin load balancing over 2 external interfaces, eth0 and eth1.  The natted LAN is on eth4.  eth0 is attached to table T0, and eth1 uses table T1.
> 
> I am unable to add default routes to the routing tables T0 and T1.  Here is the output from my bash script that sets up the router:
> 
> + ip route flush table T0
> + ip route add 192.168.100.0/24 dev eth0 src 192.168.100.10 table T0
> + ip route add default via 192.168.100.11 table T0
> RTNETLINK answers: No such process

I see nothing wrong with your rules. That error implies that the kernel
doesn't know what 192.168.100.11 is, but it's clearly accepted it for
the default route in the main routing table. Has anything changed
between you writing the rules above and writing the rules for the main
table?

Is the IP address for eth0 correctly configured at this point? An
incorrect netmask will cause the error above.

> 
> Even with the lack of default route for T0 and T1, the router appears
>  to properly load-balance over the 2 outgoing interfaces (!)

I would expect that, as the nexthop rules in the main table are doing
the load balancing.

>   However,
>  it ignores my rules which should direct certain traffic over a
>  particular interface.

I assume that you have no need to keep the same connection stream on the
same interface? If you do, you can use netfilter marks (and netfilter
connection tracking) to do the load balancing instead, as described on
this page:

http://www.sysresccd.org/Sysresccd-Networking-EN-Iptables-and-netfilter-load-balancing-using-connmark

> 
> After setting up the router, here is table main:
> 
> root@debiandesk2:/home/lloyd/data/traffic_shaping# ip route show table main
> 192.168.100.0/24 dev eth0  scope link  src 192.168.100.10
> 192.168.50.0/24 dev eth4  scope link  src 192.168.50.1
> 192.168.90.0/24 dev eth1  scope link  src 192.168.90.10
> default
> 	nexthop via 192.168.100.11  dev eth0 weight 92
> 	nexthop via 192.168.90.1  dev eth1 weight 7
> 
> 
> And here is table T0, devoid of a default route:
> 
> root@debiandesk2:/home/lloyd/data/traffic_shaping# ip route show table T0
> 192.168.100.0/24 dev eth0  scope link  src 192.168.100.10
> 192.168.50.0/24 dev eth4  scope link
> 127.0.0.0/8 dev lo  scope link
> 
> Let me know if any more info is needed to debug this.
> 
> Regards,
> Lloyd
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

next prev parent reply	other threads:[~2011-11-20 14:16 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-11-20  2:11 trouble setting default route for load-balancing routing tables Lloyd Standish
2011-11-20 14:16 ` Andrew Beverley [this message]
2011-11-20 14:53   ` Lloyd Standish
2011-11-20 15:10     ` Lloyd Standish
2011-11-20 20:34       ` Andrew Beverley
2011-11-20 20:57         ` Lloyd Standish
2011-11-20 20:32     ` Andrew Beverley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1321798603.2382.987.camel@andybev-desktop \
    --to=andy@andybev.com \
    --cc=lloyd@crnatural.net \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).