thanks. i think i had some of this kind of weirdness too in pfsense using pf.conf manually to load balance without failover -- i couldn't get to the internet on the loadbalancing machine although the loadbalancing was working from the internal network.
looks like ip is loadbalanced but tcp is the problem. http://www.tipsternet.com/articles/advance%20routing.htm looks helpful it says "Tip: Keep your router as a router. Don't start sticking applications and services on it. Locally generated packets may seem to work the same but they are exempt from certain routing logic and manipulations." looks like better run squid in another box On Mon, Jul 6, 2009 at 3:44 PM, Alec Joseph Rivera<[email protected]> wrote: > Winelfred G. Pasamba wrote: >> i'm been trying this "ip route add ... equalize..." thing. sometimes >> it works, sometimes it doesn't. >> > The thing with this is if you're testing from a single station you won't > see much. But if you have many stations, looking at the outbound routes > will show you that it works. It doesn't make sense for the router to > keep on switching gateways, even if say gateway A is unresponsive for a > while (not that long). It's the way IP works, it allows for delay. Try > to get around this mechanism is usually not a good idea. Normal users > won't notice a lot of disruption on the traffic anyway if setup correctly. >> however failover is automatic and looks like it works. i can unplug >> any of the routers and after some time all the pings to different >> hosts work again. (dead route detection) >> >> i also see pings to google going out of routerA and pings to facebook >> going out of routerB, which means routes are distributed. >> >> despite of successful pings i can't telnet to port 80 of google or >> facebook, and i wonder why? >> >> > TCP Sessions are the key here and complicates the setup a bit. This is > related to what the target sees on the source ip of the packets. You > should look at netfilter's conntrack and packet mangling capability. > >> >> >> On Fri, Jul 3, 2009 at 7:22 PM, Alec Joseph Rivera<[email protected]> wrote: >> >>> Try looking for LARTC on googs. It's got a lot of examples to help you >>> achieve what you want. >>> >>> Agi >>> >>> Nelson Serafica wrote: >>> >>>> I have 2 isp provider (ISPA and ISPB) and I have 1 machine. The 2 isp >>>> provide a modem/router and both of them hook up on the same switch. I >>>> called it "PUBLIC SWITCH". My web server was connected also on the >>>> PUBLIC SWITCH and use ISPA provided ip address and its gateway. >>>> >>>> What I want to do is also use ISPB on the same server. I have only 2 NIC >>>> (1 on PUBLIC SWITCH and 1 on my private network) on my webserver. But >>>> since it was connected on the PUBLIC SWITCH, I can use ISPB. >>>> >>>> I put ip address provided by ISPB as virtual (ifcfg-eth0:1) and the >>>> metric gateway was 1. But I think this won't work as expected. >>>> >>>> Is there a way wherein I can use both ISP and their provided ip block on >>>> my web server (just like a router)? My client is on a tight budget and >>>> don't want to purchase another machine just for a load balancer. But >>>> purchasing another NIC card is ok. >>>> >>>> The OS is CentOS 5.3 with kernel 2.6.18-128.el5. Upon Googling, there is >>>> a patch on the kernel on how to do this but it seems old. Just asking a >>>> recommendation on the list who is expert to this. _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
