On 29/03/2012 20:49, Chris Ross wrote:
On Mar 29, 2012, at 14:42, "Robert Collins"<robe...@squid-cache.org> wrote:
On Fri, Mar 30, 2012 at 4:18 AM, Chris Ross<cr...@markmonitor.com> wrote:
So, I suspect someone has looked at this before, but I have an edge device that is
multi-homed. I have multiple WAN connections available, and what I'd really like to do
is have a squid that's smart enough to "learn" which web sites are better out
of which WAN connection. But, shy of something that advanced, is it possible to have
squid know to bind to N outside addresses, and then either round-robin them, or try one
always, and then try the other if there is a failure on the first?
I'd be happy to help implement such a thing if it doesn't already exist, but
I assume this is the sort of problem that has already been faced and hopefully
solved.
'tcp_outgoing_address' in the config ;)
Last time I looked, that could only accept one address. I want to bind to
multiple outgoing addresses, so I can control routing of queries.
Can tcp_outgoing_address take multiple addresses now? Does it just
round-robin through them?
- Chris
well the simple solution is to use routing tables instead of other things.
there are routing protocols that are ment to measure these kind of stuff
like shorter path to site or by line speed routing.
i was just putting my hands on some bgp stuff and it's nice to know how
things are done.
the problem is that if you are connected to two ISP's you can use BGP to
measure the best path and it's the better way then others.
to just round robin stuff can be very nice and i have a good way to do
it on linux based on http://lartc.org/howto/
i will give a specific case that is based on specific subnets but can be
changed to other and also on a 32 bit masks
(if someone knows how to draw this diagram on ASCII i will be happy to
learn)
A common configuration is the following, in which there are two
providers that connect a local network (or even a single machine) to the
big Internet.
________
+------------+ /
| | |
+-------------+ Provider 1 +-------
__ | | | /
___/ \_ +------+-------+ +------------+ |
_/ \__ | if1 | /
/ \ | | |
| Local network -----+ Linux router |
| Internet
\_ __/ | | |
\__ __/ | if2 | \
\___/ +------+-------+ +------------+ |
| | | \
+-------------+ Provider 2 +-------
| | |
+------------+ \________
There are usually two questions given this setup.
There are usually two questions given this setup.
#start
#ISP1
#eth0 – IP 192.168.10.137 / Gateway 192.168.10.201
#ISP2
#eth1 – IP 192.168.11.155 / Gateway 192.168.11.201
#LAN
#eth2 - IP 172.16.1.1
#Simple Configuration
#First, we need to add two lines to /etc/iproute2/rt_tables
T1 ISP1
T2 ISP2
#And then set up the routing for those tables.
ip route add 127.0.0.0/8 dev lo table T1
ip route add 172.16.1.0/24 dev eth0 table T1
ip route add 192.168.10.0/24 dev eth1 src 192.168.10.137 table T1
ip route add default via 192.168.10.201 table T1
ip route add 127.0.0.0/8 dev lo table T2
ip route add 172.16.1.0/24 dev eth0 table T2
ip route add 192.168.11.0/24 dev eth2 src 192.168.11.155 table T2
ip route add default via 192.168.11.201 table T2
ip rule add from 192.168.10.137 table T1
ip rule add from 192.168.11.155 table T2
ip route del default
ip route append default scope global nexthop via 192.168.11.201 dev eth1
weight 1 nexthop via 192.168.10.201 dev eth0 weight 1
#in case you do want specific destination to be routed throuth specific
link such as ISP1 dns servers or just faster link to specific network
use the next command
#to send specific destination using ISP1 link
ip rule del to 8.8.8.8 table T2
#or to send using ISP2 link
ip rule add to 8.8.8.8/32 table T2
#in order to remove the rule just use:
ip rule del to 8.8.8.8 table T1
#or
ip rule del to 8.8.8.8 table T2
#in case you want to see the list of rules\route you specified use the
command:
ip rule ls
#you can also use a "from" and not to rule.
like
ip rule add from 172.16.1.120 table T2
#end
if you do want to read and understand more you can read here:
http://lukecyca.com/2004/howto-multirouting-with-linux.html
instead of the amazing lartc doc.
next i will post the openBSD "how to".
Regards,
Eliezer
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il
