On Mon, Jul 13, 2009 at 5:39 PM, Nelson Serafica<[email protected]> wrote: > The client cannot provide another machine for the pfsense. I'm looking > on this one http://lartc.org/howto/lartc.rpdb.multiple-links.html. This > is the setup I want to configure > > I gonna setup two domain. www.foo.com (PLDT IP) and www.fee.com > (Bayantel IP). Server has Bayantel IP and PLDT IP. Currently working was > PLDT IP since it was the default ip/gw. I just added Bayantel IP as > virtual IP. At first, I can ssh to the server using Bayantel IP but > resolving to www.fee.com doesn't resolved. Also after a couple of > minutes, I got disconnected from Bayantel IP. Probably a routing issue > occur. > > As of the moment, I'm trying to ask the client to put another NIC > dedicated for Bayantel IP instead of virtual ip. > > Does anyone from the list already done this setup?
your simple answer there is the link above at section 4.2.2... it just only a one liner code... ip route add default scope global nexthop via <PLDT default gateway> dev <PLDT ethernet nic> weight 1 nexthop via <BAYAN default gateway> dev <BAYAN ethernet nic> weight 1 the routing path for the code above either symmetric or asymetric for its load balancing algorithm... meaning if the traffic goes in to PLDT.. it goes out either to PLDT (symmetric) or BAYAN (asymmetric).. same goes also if the traffic goes in to BAYAN.. it goes out to BAYAN (symmetric) or PLDT (asymmetric)... the problem with the algorithm above is that if one of the service provider implemented *ingress* filtering (see RFC 2267)... ingress filtering where the provider only allows the packet to sent out as long as the source IP address is in their defined network address... otherwise the packet drops.. for example.. if the incoming packet or the destination ip address is PLDT ip address and goes to PLDT link... upon return.. the source ip address is PLDT adddress but the routing path goes out to BAYAN link.. assuming BAYAN implemented RFC 2267.. therefore your packet drops there... furthermore.. tcp session problem is nothing to do with the multiple gateway paths.. tcp is on layer 4 while routing is on layer 3... tcp/ip allows symmetric and asymmetric routing... if one of the provider implemented RFC 2267.. your alternative solution for that is *source policy routing*... source policy routing where if the incoming packet goes to PLDT link.. it must send to PLDT link when it goes out.. same goes also if the packet came in from BAYAN link.. it goes out to BAYAN link... in that way.. you assure that the routing path is symmetric... source routing policy can be found at your link above at section 4.1.. example of source routing policy.. echo 200 PLDT >> /etc/iproute2/rt_tables echo 300 BAYAN >> /etc/iproute2/rt_tables ip rule add from <PLDT IP address of your server> table PLDT ip rule add from <BAYAN IP address of your server> table BAYAN ip route add default via <PLDT default gateway> dev <PLDT ethernet nic> table PLDT ip route add default via <BAYAN default gateway> dev <BAYAN ethernet nic> table BAYAN fooler. _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
