From: "Usuário do Sistema" <maiconlp@ig.com.br>
To: Andrew Beverley <andy@andybev.com>
Cc: netfilter@vger.kernel.org
Subject: Re: Load Balance
Date: Mon, 16 May 2011 19:42:57 -0300 [thread overview]
Message-ID: <BANLkTik2xc-8jK02wyzj4_Dv4wz1==-jsw@mail.gmail.com> (raw)
In-Reply-To: <1305581912.2041.15.camel@andybev-desktop>
But is your test environment using one gateway with two routes?
no.
I have two Gateways for my firewall.I put the routes in the table with
line below:
ip route add default scope global equalize nexthop via 201.72.12.17
weight 2 nexthop via 200.247.209.6 weight 1
sometimes data flow outs on gateway 201.72.12.17 and sometimes outs on
200.247.209.6
the two links are of the same ISP.
thank.
Em 16 de maio de 2011 18:38, Andrew Beverley <andy@andybev.com> escreveu:
> On Mon, 2011-05-16 at 17:24 -0300, Usuário do Sistema wrote:
>> >> Hello everyone, I'm deploy an test environment with load Balance in my
>> >> Firewall using equalize as follow below
>> >>
>> >> creating the load balance:
>> >>
>> >> ip route add default scope global equalize nexthop via 200.247.209.65
>> >> weight 1 nexthop via 201.72.12.1 weight 1
>> >>
>> >
>> > If you are using 2 completely separate ISPs, then you will need to do
>> > more than just provide equal-weighted gateways. You will need to send
>> > the packets for each connection over the same ISP. The website below
>> > gives more information:
>> >
>> > http://www.sysresccd.org/Sysresccd-networking_en_Iptables-and-netfilter-load-balancing-using-connmark
>> >
>
> <top posting fixed>
>
>> well.... the link made available for you shows how to do load balance
>> with connmark and statistic match module and it doesn't regard global
>> equalize.
>>
>> so...I wonder there is diferent between them ?
>
> Yes. The example at the link ensures that packets from the *same*
> connection stream are always routed through the same ISP (hence the
> reason for asking the question). If you don't do this, then each gateway
> will only see half the packets for a connection stream, which although I
> am not an expert, I guess is not a good thing.
>
>> with global equalize is very easy I only insert one line inside of the
>> script and all it's work! at least in my test environment it's
>> working.
>
> But is your test environment using one gateway with two routes?
>
>> I want make an test as your how to but I'm using CentOS 5.6 and
>> doesn't has libxt_statistic.so module because iptables version is
>> 1.3.x
>
> Use a different distro...
>
> Andy
>
>
>
>
next prev parent reply other threads:[~2011-05-16 22:42 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-17 23:22 Load Balance Usuário do Sistema
2011-05-15 17:23 ` Andrew Beverley
2011-05-16 20:24 ` Usuário do Sistema
2011-05-16 21:38 ` Andrew Beverley
2011-05-16 22:42 ` Usuário do Sistema [this message]
2011-05-17 0:45 ` Grant Taylor
2011-05-17 17:00 ` Usuário do Sistema
2011-05-17 18:07 ` Grant Taylor
2011-05-17 20:06 ` Usuário do Sistema
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='BANLkTik2xc-8jK02wyzj4_Dv4wz1==-jsw@mail.gmail.com' \
--to=maiconlp@ig.com.br \
--cc=andy@andybev.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).