Re: [Leaf-devel] Multiple upstream links
On Wed, Aug 14, 2002 at 09:06:18PM -0700, Jeff Newmiller wrote: On Wed, 14 Aug 2002, Eric B Kiser wrote: [...] The best reference for load balancing is Jack Coates site. He does a great job of summing up the major concerns with load balancing and offering suggestions on how to make it work. There is some great information there and it is a quick read. Here is the link... http://www.leaf-project.org/pub/doc/howto/LRP-Load-Balancing-HOWTO.html Hope this helps. Don't forget the SysAdmin article on redundant connections in the January 2002 issue of SysAdmin magazine, Charles. FYI: http://www.samag.com/documents/s=1824/sam0201h/0201h.htm I'm developing an interest in this type of scenario. How (much more) complicated does it get if you want to have a DMZ in there as well? And: AFAICT from the article, there is little difference in *where* the uplinks connect to? Or to be a little more specific: Scenario: A private (residential) LAN/DMZ is connected via DSL. The capacity of the DSL-line is getting close to saturation. The line has already been 'turned up' to the maximum available bandwidth (let's say 2Mbit). Instead of switching to a different type of uplink that supports higher bandwidth, but is also 1: expensive to get installed 2: expensive to rent it would be nice to just get a second DSL-line (possibly from the same ISP) and bundle the two. This would make no difference to the router, would it? At this point I'm just being curious, so this is basically smalltalk, but a very interesting topic at that... Thoughts? Jon Clausen --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Multiple upstream links
On Wed, 14 Aug 2002, David Douthitt wrote: You'll usually find an NTP server close by. That's interesting! However, the NTP documentation stresses the need to get permission first - and all of the docs list whether permission is required or not. It's unfortunate that people don't see a need for a PUBLIC ntp server instead of one just shared by the community; many have a geographical restriction on them, many require you to send mail. Well, when it's a simple case of attaching a cheap NMEA compatible GPS or a WWVB radio to your LAN's ntp host... --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Multiple upstream links
On Tue, 13 Aug 2002, guitarlynn wrote: On Tuesday 13 August 2002 12:31, Charles Steinkuehler wrote: Not that I have time to mess with this, but what's the current state of the art regarding multiple upstream internet connections and possible bandwidth sharing? I believe Shorewall has this support built-in from some posts a while back. I cannot say that anyone has reported back with a success as of yet though. Shorewall has in-built support for multiple interfaces per zone (the internet being an example of a zone). Shorewall doesn't have native support for load-balancing between two or more interfaces to a zone because like Charles, I haven't had access to a suitable test bed. I have reports from Shorewall users of success in setting up load-balancing and takeover but I haven't done it myself. -Tom -- Tom Eastep\ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED] --- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Multiple upstream links
On Tue, Aug 13, 2002 at 12:31:22PM -0500, Charles Steinkuehler wrote:
Also...I recently got a nifty trick from the local linux users group
regarding time-servers:
quote
Does someone knows of a time server that I can use to
synchronize my linux box at boot time?
There are a bunch listed at www.ntp.org, a.k.a. www.eecis.udel.edu/~ntp.
A possibly better alternative is to use your provider - most ISPs enable
NTP on their routers. This is convenient for them, since they can
correlate router log messages accurately. It's convenient for you,
since
you have a low-latency time source just a few milliseconds away.
Tru running ntpdate -q against a traceroute output, e.g.
traceroute -n www.cnn.com | head -5 | awk '{print $2}' | \
xargs -n 1 ntpdate -q
You'll usually find an NTP server close by.
/quote
That's interesting!
However, the NTP documentation stresses the need to get permission
first - and all of the docs list whether permission is required or not.
It's unfortunate that people don't see a need for a PUBLIC ntp server
instead of one just shared by the community; many have a geographical
restriction on them, many require you to send mail.
I managed to find a source close by: the CompSci department at the
University of Wisconsin has not only three severs providing NTP,
but a Red Hat mirror, a Mandrake mirror, a OpenBSD mirror, a Debian mirror,
a Sendmail mirror, a Linux kernel mirror, a Ximian mirror, a LDP mirror...
---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
___
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
RE: [Leaf-devel] Multiple upstream links
Howdy Charles,
Perhaps I can help with your BGP question.
[snip]
Has anyone tried anything similar with BGP (or similar routing
protocols)? It seems reasonable to expect a router that's not too many
hops away (ie the ISP, or the ISP's upstream provider) would be running
BGP, and while it's hopefully not possible to alter the route list, it
might be possible to import route information.
[...]
Charles Steinkuehler
[/snip]
BGP will not talk to just anybody. It will only send and receive information
with 'peers' and 'peers' are statically configured when you set up BGP. This
can be slightly confusing since BGP is a dynamic routing protocol. The
peering sessions are static, although the routing tables and routing
information that passes between the peers is dynamic.
The best reference for load balancing is Jack Coates site. He does a great
job of summing up the major concerns with load balancing and offering
suggestions on how to make it work. There is some great information there
and it is a quick read. Here is the link...
http://www.leaf-project.org/pub/doc/howto/LRP-Load-Balancing-HOWTO.html
Hope this helps.
Eric
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Charles
Steinkuehler
Sent: Tuesday, August 13, 2002 1:31 PM
To: [EMAIL PROTECTED]
Subject: [Leaf-devel] Multiple upstream links
Not that I have time to mess with this, but what's the current state of
the art regarding multiple upstream internet connections and possible
bandwidth sharing?
At the moment, I have a work-related SDSL connection (sadly, it's only
384K, rather than the 1.1 MBit I used to have...I moved farther away
from the CO : ), as well as the personal cable-modem link (dynamic IP
from cox.net) I had at home prior to moving my office.
I'm eventually going to get rid of the cable-modem connection to save
money, but before I do, it's the first time I've had a real-world
environment for testing multiple uplink configurations. Anyone got any
ideas they'd like to see tested? I can't devote a lot of time to this
(I still haven't even managed to get an updated Dachstein-CD out with
the new ssh packages), but I can probably spend a couple evenings trying
out a few things.
Also...I recently got a nifty trick from the local linux users group
regarding time-servers:
quote
Does someone knows of a time server that I can use to
synchronize my linux box at boot time?
There are a bunch listed at www.ntp.org, a.k.a. www.eecis.udel.edu/~ntp.
A possibly better alternative is to use your provider - most ISPs enable
NTP on their routers. This is convenient for them, since they can
correlate router log messages accurately. It's convenient for you,
since
you have a low-latency time source just a few milliseconds away.
Tru running ntpdate -q against a traceroute output, e.g.
traceroute -n www.cnn.com | head -5 | awk '{print $2}' | \
xargs -n 1 ntpdate -q
You'll usually find an NTP server close by.
/quote
Has anyone tried anything similar with BGP (or similar routing
protocols)? It seems reasonable to expect a router that's not too many
hops away (ie the ISP, or the ISP's upstream provider) would be running
BGP, and while it's hopefully not possible to alter the route list, it
might be possible to import route information. If you could do this on
both links, and run BGP on the LEAF box, you could do *REAL*
load-balancing (or am I missing something major here? I don't do much
backbone type setup/config, so I could be completely off-base).
Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
___
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
___
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
RE: [Leaf-devel] Multiple upstream links
On Wed, 14 Aug 2002, Eric B Kiser wrote: [...] The best reference for load balancing is Jack Coates site. He does a great job of summing up the major concerns with load balancing and offering suggestions on how to make it work. There is some great information there and it is a quick read. Here is the link... http://www.leaf-project.org/pub/doc/howto/LRP-Load-Balancing-HOWTO.html Hope this helps. Don't forget the SysAdmin article on redundant connections in the January 2002 issue of SysAdmin magazine, Charles. --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- --- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[Leaf-devel] Multiple upstream links
Not that I have time to mess with this, but what's the current state of
the art regarding multiple upstream internet connections and possible
bandwidth sharing?
At the moment, I have a work-related SDSL connection (sadly, it's only
384K, rather than the 1.1 MBit I used to have...I moved farther away
from the CO : ), as well as the personal cable-modem link (dynamic IP
from cox.net) I had at home prior to moving my office.
I'm eventually going to get rid of the cable-modem connection to save
money, but before I do, it's the first time I've had a real-world
environment for testing multiple uplink configurations. Anyone got any
ideas they'd like to see tested? I can't devote a lot of time to this
(I still haven't even managed to get an updated Dachstein-CD out with
the new ssh packages), but I can probably spend a couple evenings trying
out a few things.
Also...I recently got a nifty trick from the local linux users group
regarding time-servers:
quote
Does someone knows of a time server that I can use to
synchronize my linux box at boot time?
There are a bunch listed at www.ntp.org, a.k.a. www.eecis.udel.edu/~ntp.
A possibly better alternative is to use your provider - most ISPs enable
NTP on their routers. This is convenient for them, since they can
correlate router log messages accurately. It's convenient for you,
since
you have a low-latency time source just a few milliseconds away.
Tru running ntpdate -q against a traceroute output, e.g.
traceroute -n www.cnn.com | head -5 | awk '{print $2}' | \
xargs -n 1 ntpdate -q
You'll usually find an NTP server close by.
/quote
Has anyone tried anything similar with BGP (or similar routing
protocols)? It seems reasonable to expect a router that's not too many
hops away (ie the ISP, or the ISP's upstream provider) would be running
BGP, and while it's hopefully not possible to alter the route list, it
might be possible to import route information. If you could do this on
both links, and run BGP on the LEAF box, you could do *REAL*
load-balancing (or am I missing something major here? I don't do much
backbone type setup/config, so I could be completely off-base).
Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
___
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Multiple upstream links
Hi - On Tue, Aug 13, 2002 at 12:31:22PM -0500, Charles Steinkuehler wrote: Not that I have time to mess with this, but what's the current state of the art regarding multiple upstream internet connections and possible bandwidth sharing? I saved this posting from the netfilter list, I think it answers your question. Regards, // George Date: Tue, 2 Jul 2002 22:29:16 -0400 From: John Adams [EMAIL PROTECTED] Subject: Re: 2 ISPs on firewall To: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] On Tuesday 02 July 2002 09:53 pm, Matthias Kattanek wrote: There seems to be lots of question about multihomed firewall/routers. I am in similiar situation. Having 2 ISP, where to provide services too. I managed to forward traffic to e.g. a web server in the DMZ zone. Main problem I encounter is that the response is always going out via the DEFAULT gateway on the router. (In my case one ISP doesn't like it and drops the response.) I was under the impression that connection tracking of Netfilter keeps track which interface the traffic came in and anticipated it would go out the same route it came from. What am I missing here? What does it take to make it happen? Do I just need additional rules for Netfilter? Would something like ip_conntrack_isp work out? Understood such module needs to be developed. Q just arises is that a way to go? Here's a script I use with iproute2. It gives two default routes with different weightings for different speed lines. johna GATEWAY0=216.254.97.1 GATEWAY1=65.185.37.22 NIC0=216.254.97.15 NIC1=65.185.37.21 route del default ip route add 0.0.0.0/0 via $GATEWAY0 table E0 ip route add 0.0.0.0/0 via $GATEWAY1 table E1 ip rule add from $NIC0 table E0 ip rule add from $NIC1 table E1 ip route add default scope global \ nexthop via $GATEWAY0 weight 6 \ nexthop via $GATEWAY1 weight 1 ip route flush cache -- GEORGE GEORGALIS, System Admin/Architectcell: 347-451-8229 Security Services, Web, Mail,mailto:[EMAIL PROTECTED] File, Print, DB and DNS Servers. http://www.galis.org/george --- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [Leaf-devel] Multiple upstream links
On Tuesday 13 August 2002 12:31, Charles Steinkuehler wrote: Not that I have time to mess with this, but what's the current state of the art regarding multiple upstream internet connections and possible bandwidth sharing? I believe Shorewall has this support built-in from some posts a while back. I cannot say that anyone has reported back with a success as of yet though. Has anyone tried anything similar with BGP (or similar routing protocols)? It seems reasonable to expect a router that's not too many hops away (ie the ISP, or the ISP's upstream provider) would be running BGP, and while it's hopefully not possible to alter the route list, it might be possible to import route information. If you could do this on both links, and run BGP on the LEAF box, you could do *REAL* load-balancing (or am I missing something major here? I don't do much backbone type setup/config, so I could be completely off-base). You would need to run Zebra to run BGP (or other WAN routing protocols) and there are several people doing this with some form of LEAF. The WAN routing protocols themselves do load-balancing, and I would assume that some form of clock syncing would also be necessary, so I think your up the right path. WISP is running OPSF and RIPv2 instead of Bridging. The big concern here is that you won't want to run the WAN routing protocols on the WAN side without implicit permission from your ISP(s), since your router will automatically update itself to internet WAN routers unless you limit the protocol to the LAN side. Eric Kiser is more of the Zebra-person among the present developers and has indicated that he is/will be working on an image along these lines. Hopefully this makes a little sense? -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
