From: Brian Austin - Standard Universal <brian@standarduniversal.com.au>
To: Lloyd Standish <lloyd@crnatural.net>
Cc: netfilter@vger.kernel.org
Subject: Re: load-balancing router: trouble with breaking connections
Date: Sun, 19 Feb 2012 16:17:52 +1100 [thread overview]
Message-ID: <4F408600.7000103@standarduniversal.com.au> (raw)
In-Reply-To: <op.v9woumuyx1lyi3@debiandesk2.net>
Hi Lloyd,
after months of bashing at this and I'm onto revision 3 of the rig,
conntrack is the answer.
also conntrack allows you to connect to both wan IP eg ssh to one and
smtp to the other.
without conntrack, the route cache will only allow connection to one wan
port, so if your
ssh into one side, any connection to the other side will mysteriously
fail, then vica versa.
cheers
On 19/02/2012 2:19 PM, Lloyd Standish wrote:
> On Sat, 18 Feb 2012 19:59:00 -0600, Brian Austin - Standard Universal
> <brian@standarduniversal.com.au> wrote:
>
>> you need to restore connmarks coming in from the wan so the system
>> can send them back out that way
>>
>
> Hello Brian,
>
> Thanks for the reply. The router I described does not use connmark.
> It uses a command like this to set up round-robin balancing:
> ip route add default scope global nexthop via 192.168.1.1 dev eth1
> weight 1 nexthop via 192.168.2.1 dev eth2 weight 1 nexthop via
> 200.91.104.144 dev ppp0 weight 1
>
> This is described here:
> http://lartc.org/howto/lartc.rpdb.multiple-links.html
>
> The article teaches that this balancing depend on the following rule
> (one for each interface) to route traffic out the same interface as it
> was received on:
> ip rule add from ${!wan} table $table priority $((${#ifaces[@]}*100))
>
> (Of course, the priority value can be ignored.)
>
> Since this system results in breaking connections, I am forced for the
> time being to use a connmarks for balancing, and restoration of marks,
> as you mentioned.
>
next prev parent reply other threads:[~2012-02-19 5:17 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-18 22:40 load-balancing router: trouble with breaking connections Lloyd Standish
2012-02-19 1:59 ` Brian Austin - Standard Universal
2012-02-19 3:19 ` Lloyd Standish
2012-02-19 5:17 ` Brian Austin - Standard Universal [this message]
2012-02-22 3:07 ` Lloyd Standish
2012-02-22 3:46 ` Brian Austin - Standard Universal
2012-02-22 4:19 ` Lloyd Standish
2012-02-22 7:22 ` Amos Jeffries
2012-02-22 14:53 ` Lloyd Standish
2012-02-22 20:57 ` Brian Austin - Standard Universal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F408600.7000103@standarduniversal.com.au \
--to=brian@standarduniversal.com.au \
--cc=lloyd@crnatural.net \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox