Hi, fellow LARTC members,
I have some questions about Linux load balancing which I hope nobody will
mind me asking here.
We're using Linux firewalls in an application which requires load
balancing across multiple connections (e.g. ISDN PPP links, ADSL, VPNs).
I'm trying to figure out how to achieve this at the moment.
We already have a working solution using the TEQL scheduler, but it
doesn't do everything we want: you can only specify one gateway, which
makes it less useful for links over ethernet (e.g. multiple ADSL routers).
I'm also not sure how to adjust the weighting of the various devices: I
tried attaching the teql0 scheduler to a leaf class of an HTB scheduler
with a low rate, but it doesn't seem to work according to iptraf, and even
the counters on the class never get incremented.
So, I'm looking at doing this with the kernel's multipath routing option
(CONFIG_IP_ROUTE_MULTIPATH). So far I've been able to configure a route
with multiple nexthops as described in the "ip" tool documentation:
ip route add default equalize \
nexthop via 10.0.0.2 \
nexthop via 10.0.0.2 dev eth3 \
nexthop via 192.168.3.254 dev eth1 \
nexthop via 192.168.3.254 dev eth4
The reason for repeating the first nexthop is that the first route is
always marked as dead for some reason. None of the others get marked dead
for me, and I can't figure out why it's happening, but if I add a dummy
route before the real ones then it seems to work.
Anyway, it does what I think it's supposed to, which is choose one route
at random _and cache it for that destination address_. However, this is
not an ideal property of a load balancer. Ideally each packet would be
routed out through a separate connection.
So my questions to you all are:
- Is there a simple way to do this with iproute2 as it stands, or with
some other method (apart from TEQL) which I missed?
- If not, can anyone point me to an explanation of how the routing code
caches and retrieves routes, so that I can disable the route caching?
(I know this is probably not a good idea for performance)
- Is there any documentation of the kernel routing code, e.g. the path
taken by a packet through that code? (LARTC howto doesn't seem to cover
it, nor Stef's docum.org, nor Google searches).
- If this documentation isn't available, would anyone be interested in me
writing some, and would anyone mind if I send the requisite questions to
this list?
Cheers, Chris.
--
___ __ _
/ __// / ,__(_)_ | Chris Wilson -- UNIX Firewall Lead Developer |
/ (_ / ,\/ _/ /_ \ | NetServers.co.uk http://www.netservers.co.uk |
\ _//_/_/_//_/___/ | 21 Signet Court, Cambridge, UK. 01223 576516 |
_______________________________________________
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
