Hi you all, Thanks for your ideas. I finally decided that Staphans suggestion was the best way to go in my situation. I bonded my interfaces on the webservers as well as on the loadbalancers (following this guide http://glasnost.beeznest.org/articles/179), inter-connected the two local switches and everything works like a charm. I tested various combinations of failover scenarious and lost no packages while pinging an external host :)...
For NAT translation I'm using a simple masquerading rule: iptables -t nat -A POSTROUTING -j MASQUERADE -s 192.168.7.0/24 Stephan, thx a lot for your help it really is much easier to manage having a single IP for each web server!! Regards Jean-Philippe -----Message d'origine----- De : Dave Lim [mailto:[EMAIL PROTECTED] Envoyé : Donnerstag, 18. August 2005 05:52 À : [EMAIL PROTECTED] Cc : [email protected]; Rainer Nagel Objet : Re: 2 default gateway on two diffrent nic Hi, Just a question. How are you going to go about doing NAT for the 2 lines since the webserver inbound traffic is coming from the 2 different lines? On 8/18/05, Rainer Nagel <[EMAIL PROTECTED]> wrote: > Hi Jean-Philippe, > > On Wed, Aug 17, 2005 at 08:36:22PM +0200, Jean-Philippe Egger wrote: > > > I've been trying to set up a full redundant web system using loadbalancing > > technics (ultramonkey). To incorporate a redundancy in the network itself > > (in case a switch fails) each machine behind the loadbalancer has two > > internal nics on two diffrent networks. > > > > > > (external ip) > > eth0 > > loadbalancer > > eth1 eth2 > > 192.168.7.2 192.168.8.2 > > ¦ ¦ > > ¦ ¦ > > ¦ ¦ > > 192.168.7.4 192.168.8.4 > > eth0 eth1 > > webserver1 > > > > default gateway for eth0 (webserver1) is 192.168.7.2 > > default gateway for eth1 (webserver1) is 192.168.8.2 > > > > > > My problem is the following: > > > > I set up load balancing which works fine when only one nic is up on the web > > server. I can ping -I eth0 www.google.com or ping -I eth1 www.google.com > > respectevely when eth0 or eth1 is up. The problems start when both cards are > > up. I can only ping with one interface outside of the local net (local pings > > works on both nics). It is always the last card ifup'ed that can ping. If I > > don't specify the interface while pinging it works fine using the last > > ifup'ed interface. My biggest problem is that the load balancer thinks both > > nics are up and that the service is available on both, thus every second > > time i get no response from the web server. > > > > I'm pretty shure this has to do with having two gateways for a single > > machine. When I remove the default route of the first card (the one that > > works) I can suddenly ping the outside world on the second card. > > Use policy routing to tie a default route to any ip. > Install iproute, add two table names to /etc/iproute2/rt_tables and set > rules for both ips: > > ip rule add from 192.168.7.4 table eth0 > ip rule add from 192.168.8.4 table eth1 > > Than add two default routes: > > ip route add default via 192.168.7.2 dev eth0 table eth0 > ip route add default via 192.168.8.2 dev eth1 table eth1 > > Ciao > -- > Rainer Nagel, freenet.de AG [EMAIL PROTECTED] > WillstätterStr. 13, D-40549 Düsseldorf Tel.: +49 211 53087 423 > Vorstand: Eckhard Spoerr (Vors.), Fax.: +49 211 53087 500 > Axel Krieger, Stephan Esch, Eric Berger Amtsgericht Hamburg > Vorsitzender des Aufsichtsrates: Prof. Dr. Helmut Thoma HRB 74048 > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.1 (GNU/Linux) > > iD8DBQFDA87RtQLHqnxMUgYRAntIAKCLwfCQuHtJaXgA2BLZD/BjrgIn9wCfaueN > EHXM2eTwFt5GFF4v6ZupzNc= > =Rn6v > -----END PGP SIGNATURE----- > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
