Re: [LARTC] bgp require in multigateway routing
On 12/13/07, sonu chouhan <[EMAIL PROTECTED]> wrote: > Thanks a lot for your reply, > my isp doesn't support bgp, so i have a second chance to write a script for > this, > but my question is, if i run a script which will detect dead route and then > delete that route, all is fine but after deleting route how can i know that > this route is working again and need to add it again. plz help me and if you > have any script like this plz provide me. > thanks again > > sonu > I had posted a script on this list early this year. You can check out the link and use the script. http://mailman.ds9a.nl/pipermail/lartc/2007q1/020170.html You will have to modify it since this one is for two internet links whereas you have three links. But I think it should be easy to do, just the number of cases would increase. You will have to take care of all possible scenarios (all 3 links active, any two links active and any one link active) and set the default route for these 7 cases. -- Manish Kathuria Tux Technologies http://www.tuxtechnologies.co.in/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] DGD patch not detecting dead gateway
On 5/11/07, Salim S I <[EMAIL PROTECTED]> wrote: I have a doubt. If you use such a script monitoring the link status with ping and then reconfiguring, why do you need the DGD patch? You need to do some reconfiguration (change multipath to a single default route) anyway if you use the script, right? The patches take care of many other issues also. Please refer to the archives here: http://mailman.ds9a.nl/pipermail/lartc/2007q1/020403.html -- Manish Kathuria Tux Technologies http://www.tuxtechnologies.co.in/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] DNAT and Load Balancing
On 3/2/07, Tom Lobato <[EMAIL PROTECTED]> wrote: Hi all! After that good thread "DGD patch not detecting dead gateway" I was able to set up a Load Balancing with ping based DGD (without Julian Anastasov patch). But now I'm facing a new problem and tried some options, with only partial solutions. I made a script based on http://www.mail-archive.com/lartc@mailman.ds9a.nl/msg16257.html (Thank you Manish Kathuria), without Julian A. patch, and with routes/rules as described in nano.txt. It works fine, but... The problem: I do DNAT for internet located people to access my LAN machines (VNC, RDP, etc...). It sometimes works, sometimes don't work. It appears that the connection from outside can enter, but when reply packets try to get back across nat machine, it falls into the round robin default route selection to define its gateway. Well, of course, this reply must leave the router via the same interface whose initial packets entered. vnc initial request packet reply that got \ wrong route \ ^ \ / V / isp1 isp2 isp3 _|||__ || | dnat | |_| ^ | | V LAN estation, the vnc server What I need is a way to force packets leave the router via the same interface whose its request entered this. I'd like to hear opinions about the problem (and also solution =). Remember, I can't apply the DGD patch from J.A. because it only checks the first hop for dead detection. I will apreciate any help. Thank you, Tom Lobato ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc I had overlooked this. I had also faced a similar problem. There are two possible solutions, one is to apply Julian's patches because even though you are not using the patches for DGD, they do help in making NAT processing with multiple gateways work properly. The other option is to mark the packets using CONNTRACK. There was a good discussion on this topic some days back. You can check the thread using the following links to the archives: http://mailman.ds9a.nl/pipermail/lartc/2007q1/020354.html http://mailman.ds9a.nl/pipermail/lartc/2006q2/018964.html -- Manish Kathuria Tux Technologies http://www.tuxtechnologies.co.in/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Two ADSL links and one gateway only
On 2/17/07, Eriberto <[EMAIL PROTECTED]> wrote: Yes! I have two modems acting as bridge. Then my Linux box connects to the ISP and receives the same gateway address. I need to balance these links. I haven't come across a similar scenario but TEQL might be the thing that could work for you. -- Manish Kathuria Tux Technologies http://www.tuxtechnologies.co.in/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Two ADSL links and one gateway only
On 2/17/07, Eriberto <[EMAIL PROTECTED]> wrote: Hello! I read the Split access and Load balancing sections into LARTC (Chapter 4). However I have one gateway only and the LARTC says about 2 links. I need to know how to make a load balance with my links. Thanks in advance. Eriberto - Brazil Don't you have different modems for each of the ADSL links ? Or do you mean to say that they assign you IPs from the subnet and have the same IP as their gateway ? -- Manish Kathuria Tux Technologies http://www.tuxtechnologies.co.in/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] DGD patch not detecting dead gateway
On 2/8/07, Tom Lobato <[EMAIL PROTECTED]> wrote: Thank you for the script. I'm trying it. Well, I made a simple modification and would like to hear opnions. Until now, I just added one more TESTIP, so I'm pinging one IP for each link. Also I'm using the IP instead name address, and used the DNS IP of each provider for the ping. I made this because the ping to external sites (yahoo, google) is too slow here, mainly when the link is under heavy load. So I'm afraid it can try ping without success and "think" the link is down. I just used a popular external site because it may happen that connectivity from your location to the provider's DNS is there but the provider's link with the rest of the internet is down so even if you get a successful ping reply, the link isn't working in the real sense. Also, I preferred using a name instead of IP address because there could be multiple IP addresses associated with the site name and they can change too. But I don't see anything wrong in your approach. What do you mean by slow ? I don't think ping reply time should be an issue. We are more concerned with the success. Obviously, it should not time out. The ping reply times I get here for sites like www.yahoo.com and www.google.com are to the tune of 300 ms. You can increase the pin Also, for don't get falses 'link down', did you tried to increase the number of 4 ping fails before replace the route? What do you think about? 4 successful ping fails means that the link has been down for anywhere between 40-50 seconds which I think was a sufficient time interval to carry a failover. But you can increase it depending upon your requirements. For restoring the link, the script doesn't wait for that much time. PS: although alteration be so simple, if someone want to see, tell me and I send a mail. Tom Lobato It would be great to see your final script. -- Manish Kathuria Tux Technologies http://www.tuxtechnologies.co.in/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] DGD patch not detecting dead gateway
On 1/28/07, Tom Lobato <[EMAIL PROTECTED]> wrote: > Manish Kathuria Wrote: > > The method I have adopted is to use a shell script which pings a > popular remote site 's IP (for example www.yahoo.com or > www.google.com) through each of the interfaces every 10 seconds. The > default multipath route is replaced by a single default gateway if > reply is not received for 4 consecutive tries from one of the links. > This is to avoid very frequent failovers. However, the link is treated > as live as soon as a ping reply is received and the multipath route > is activated. Now I'm using the ping options: ping -n -w 10 -c 2 -I $lnk1_dev $lnk1_pingtarget But so I'm getting some false negatives. Can you show what ping options you use? Tom Lobato Please see the script posted earlier. The simple ping command with the following options is repeated every 10 seconds using an endless loop. ping -I $EXTIF1 -c 1 $TESTIP > /dev/null 2>&1 -- Manish Kathuria Tux Technologies http://www.tuxtechnologies.co.in/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] DGD patch not detecting dead gateway
On 1/27/07, Geoff Dornan <[EMAIL PROTECTED]> wrote: Hi Can you post your script please? Cheers geoff On 1/20/07, Grant Taylor <[EMAIL PROTECTED]> wrote: > On 01/19/07 12:45, Manish Kathuria wrote: > > My experience has been mixed. The patch worked very well in many cases > > but in some it worked only if the first hop gateway was down and not > > any of the subsequent hops. So as you mentioned its happening since it > > can ping the switch / modem, it thinks the link is good. You can make > > a script which will keep on running in the background and check it the > > links are up or not and if any of the links is down, it can change the > > default route and provide a failover. > > I have been tasked with writing such a script. In my scenario, I'm > taking it a bit further though. I am planing on having my script test > the actual service that I'm trying to connect to. I.e. connect to port > 80 and request a page. I'm having to go this route because I've had > sporadic MTU issues in one of our (primary) paths. The provider is > suppose to be repairing the problem, however I need a solution before > that can happen. The method I have adopted is to use a shell script which pings a popular remote site 's IP (for example www.yahoo.com or www.google.com) through each of the interfaces every 10 seconds. The default multipath route is replaced by a single default gateway if reply is not received for 4 consecutive tries from one of the links. This is to avoid very frequent failovers. However, the link is treated as live as soon as a ping reply is received and the multipath route is activated. The script is appended. It assumes that you have followed the steps as described in nano.txt with or without applying the patches. Though it appears to be very simplistic, its working great at a number of locations. #!/bin/bash -x TESTIP=www.yahoo.com CHECK=0 ISPA=1 ISPB=1 LINKSTATUS=1 COUNTA=0 COUNTB=0 EXTIF1=eth1 EXTIF2=eth2 GW1=172.16.1.1 GW2=192.168.1.1 W1=1 W2=1 while : ; do ping -I $EXTIF1 -c 1 $TESTIP > /dev/null 2>&1 RETVAL=$? if [ $RETVAL -ne 0 ]; then COUNTA=`expr $COUNTA + 1` else COUNTA=0 fi if [ $COUNTA -ge 4 ]; then ISPA=0 else ISPA=1 fi ping -I $EXTIF2 -c 1 $TESTIP > /dev/null 2>&1 RETVAL=$? if [ $RETVAL -ne 0 ]; then COUNTB=`expr $COUNTB + 1` else COUNTB=0 fi if [ $COUNTB -ge 4 ]; then ISPB=0 else ISPB=1 fi if [ $ISPA -eq 1 ]; then if [ $ISPB -eq 1 ]; then NEWSTATUS=1 elif [ $ISPB -eq 0 ]; then NEWSTATUS=2 fi elif [ $ISPA -eq 0 ]; then if [ $ISPB -eq 1 ]; then NEWSTATUS=3 fi fi case $LINKSTATUS in 1) if [ $NEWSTATUS -eq 2 ]; then ip route replace default via $GW1 dev $EXTIF1 elif [ $NEWSTATUS -eq 3 ]; then ip route replace default via $GW2 dev $EXTIF2 fi;; 2) if [ $NEWSTATUS -eq 1 ]; then ip route del default ip route replace default table 222 proto static \ nexthop via $GW1 dev $EXTIF1 weight $W1\ nexthop via $GW2 dev $EXTIF2 weight $W2 elif [ $NEWSTATUS -eq 3 ]; then ip route replace default via $GW2 dev $EXTIF2 fi;; 3) if [ $NEWSTATUS -eq 1 ]; then ip route del default ip route replace default table 222 proto static \ nexthop via $GW1 dev $EXTIF1 weight $W1\ nexthop via $GW2 dev $EXTIF2 weight $W2 elif [ $NEWSTATUS -eq 2 ]; then ip route replace default via $GW1 dev $EXTIF1 fi;; *) echo;; esac LINKSTATUS=$NEWSTATUS sleep 10 done Let me know if you can think of any improvements or modifications. -- Manish Kathuria Tux Technologies http://www.tuxtechnologies.co.in/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] two internet providers
On 1/23/07, Danut Chereches <[EMAIL PROTECTED]> wrote: hello i have slackware installed and i have two internet connections , ADSL(2,5mbps) + CableModem(1mbps) i want to share the connections in a small network NAT for the ADSL connection, and a proxy server for the cablemodem connection i searched all over the internet (probably not where i was supposed to) but i could'n find a solution if someone could give me a tip i would really appreciate it The simplest solution would be to use two systems, one connected to the Cable Modem and running proxy server on it and the other one connected to ADSL connection and with packet forwarding enabled and iptables rules for the NAT and forwarding the traffic. The first system can be specified in the proxy server settings and the IP of the second system can be specified as the gateway for the clients. You can also configure the squid proxy server to act as a transparent proxy and redirect the outgoing port 80 traffic through it using iptables rules on the gateway. If you want to use a single system as the gateway and proxy server, you can configure it to use multiple gateways and divide the outgoing traffic where the web traffic (and ftp, if desired) is routed through the Cable Modem and the rest through the ADSL connection. You can also specify the outgoing tcp address in squid proxy server configuration. Please also see the LARTC How To and the documentation for ip tool. -- Manish Kathuria Tux Technologies http://www.tuxtechnologies.co.in/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] DGD patch not detecting dead gateway
On 1/20/07, Grant Taylor <[EMAIL PROTECTED]> wrote: On 01/19/07 12:45, Manish Kathuria wrote: > My experience has been mixed. The patch worked very well in many cases > but in some it worked only if the first hop gateway was down and not > any of the subsequent hops. So as you mentioned its happening since it > can ping the switch / modem, it thinks the link is good. You can make > a script which will keep on running in the background and check it the > links are up or not and if any of the links is down, it can change the > default route and provide a failover. I have been tasked with writing such a script. In my scenario, I'm taking it a bit further though. I am planing on having my script test the actual service that I'm trying to connect to. I.e. connect to port 80 and request a page. I'm having to go this route because I've had sporadic MTU issues in one of our (primary) paths. The provider is suppose to be repairing the problem, however I need a solution before that can happen. The method I have adopted is to use a shell script which pings a popular remote site 's IP (for example www.yahoo.com or www.google.com) through each of the interfaces every 10 seconds. The default multipath route is replaced by a single default gateway if reply is not received for 4 consecutive tries from one of the links. This is to avoid very frequent failovers. However, the link is treated as live as soon as a ping reply is received and the multipath route is activated. -- Manish Kathuria Tux Technologies http://www.tuxtechnologies.co.in/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] DGD patch not detecting dead gateway
On 1/19/07, Tom Lobato <[EMAIL PROTECTED]> wrote: Hello all! I applied http://www.ssi.bg/~ja/routes-2.6.8-10.diff patch to kernel 2.6.8.1 and it works fine, or almost fine. It does the load balancing well, but when one link is dropped it continues to try it. At the end of http://www.ssi.bg/~ja/nano.txt it is said to ping gateway 1 and gateway 2, for the kernel to know if that route is working, but since my linux is connected to the links through 1 dedicated link and one adsl modem, I tryied to: 1) remove ethernet cable from linux nic: the patch worked well, began to send traffic only to the yet working, link. 2) remove telephone line from adsl modem (or external ethernet cable from the dedic. link switch): the patch didn't work, continued trying to send traffic to the dropped link. So, I think its happening because linux, since it can ping the switch (or adsl modem) thinks that link is good. Did you have this problem? Some hint? Thank you! My experience has been mixed. The patch worked very well in many cases but in some it worked only if the first hop gateway was down and not any of the subsequent hops. So as you mentioned its happening since it can ping the switch / modem, it thinks the link is good. You can make a script which will keep on running in the background and check it the links are up or not and if any of the links is down, it can change the default route and provide a failover. -- Manish Kathuria Tux Technologies http://www.tuxtechnologies.co.in/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Problems in Dead Gateway Detection / Failover - Multiple ISP Links
Eduardo Fernández wrote: Hi! Did you finally write a script for dead gateway detection beyond first hop? Did you find any other solution to this problem? I'm quite interested and I bet other multipath users here are interested too. My linux router has 10 dsl links (adding 15 more in short), when one of the dsl routers goes down the kernel does not always notice. Don't know why. Also, if a dsl route is up but the internet link is down dead gateway detection doesn't work either. Thanks! Edu If you follow the nano.txt procedure and apply the patches, it works perfectly as long as the first hop is dead. But to ensure failover, when connectivity goes down at any of the hops, you can use the nano.txt for configuring the interfaces and multipath routes (call it default configuration) and also run a script in the background to modify the routes as described below. 1. Periodically keep on checking if a remote host is reachable from each of the gateways by pinging it after every n seconds. 2. If the remote host is not reachable after a number of tries (which you can decide according to your own specific situation) from a particular gateway, remove that route. If you have just two internet links, there would be only one gateway left. But if you have more than two links alive you can again define multipath routes with appropriate weights for the active gateways. The possible combinations will increase exponentially with the increase in number of internet links so you will have to factor is all the cases in the script. 3. Restore the default configuration when the remote host is reachable from all the gateways. I am not too sure how its going to behave with 10 links because if the links are not so stable it will result in very frequent changes. -- Manish Kathuria http://www.tuxspace.com / ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] load balancing and failover
Payal Rathod wrote: On Thu, Feb 09, 2006 at 07:52:32PM +0530, Manish Kathuria wrote: You can try out implementing configuring a load balancing and failover system referring to the following documents: http://www.ssi.bg/~ja/nano.txt http://www.ssi.bg/~ja/dgd-usage.txt Sigh I thought it must be very easy with lartc. Also, I cannot patch the kernel. It is a live system and the person there will definitely kill me if I even ask him. Payal . It is actually easy. The LARTC How To does not take care of failover but load balancing works fine. So if you want just load balancing you can go with it. You can also try out any of the following approaches / scripts: http://yesican.chsoft.biz/lartc/MultihomedLinuxNetworking.html http://www.burnpc.com/website.nsf/all/FE5F4F294F508EB786256E600019BC30 http://www.linux.com.lb/wiki/index.pl?node=Load%20Balancing%20Across%20Multiple%20Links http://www.initzero.it/products/opensource/izbalancing/download/izbalancing http://routeskeeper.sourceforge.net/Routeskeeper/ But nano.txt is probably the best way out. You can get hold of a spare system or a hard disk and move it there after you set it up. -- Manish Kathuria http://www.tuxspace.com/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] load balancing and failover
Payal Rathod wrote: Hi, A friend of mine has 2 lines of 512kbps terminated in two Linux boxes. He now want to remove those 2 boxes and have some device which will loadbalance the two ISPs and also have a failover arrangement. But he has agreed to give me a chance to do it on Linux for my own satisfication. Is this easy to do with lartc? How do I go about it exactly? I have very less time to do it since his whole network will be done for that time and I cannot afford to play for long time. Is it worth trying it with lartc for academic sake atleast? Can someone suggest some easy steps? With warm regards, -Payal p.s. Is lartc.org down? You can try out implementing configuring a load balancing and failover system referring to the following documents: http://www.ssi.bg/~ja/nano.txt http://www.ssi.bg/~ja/dgd-usage.txt You will need to patch and recompile the linux kernel using the "routes" patch given at http://www.ssi.bg/~ja/#routes for dead gateway detection to work. The load balancing part works fine but dead gateway detection (and hence failover) does not work always. It works best when your first hop gateway is down but may or may not work when a subsequent hop is down. In a recent case, I observed that dead gateway detection and the failover was working very well when one ISP failed but did not happen when the other one went down. So you can try your luck here. -- Manish Kathuria http://www.tuxspace.com/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Please help in choosing the right patches
Sandeep Agarwal wrote: Manish Kathuria wrote: > >>Sandeep Agarwal wrote: >> >> >> I have gone through http://www.ssi.bg/~ja/nano.txt AND further >> http://www.ssi.bg/~ja/ & got confused in choosing the right patch. >> Please suggest if I will choose Jumbo Patch patch-2.4.20-ja1.diff , is >> any other patches also required after this? If yes, is there >> any sequence in applying these patches? >> > >For your purpose, you need to choose one of the patches at >http://www.ssi.bg/~ja/#routes depending on your kernel. You dont need >the Jumbo patch for load balancing and failover. The "routes" patch >should suffice. > >-- >Manish Kathuria >http://www.tuxspace.com/ Thanks Manish. I have download routes-2.4.20-9.diff as I have RHEL3.0 (Kernel 2.4.21-9EL) & apply the same. But the output as follows. Is this normal or any problem? # patch -p1 < routes-2.4.20-9.diff Hunk #1 FAILED at 162. Hunk #2 succeeded at 180 with fuzz 1 (offset 5 lines). 1 out of 3 hunks FAILED -- saving rejects to file linux/include/net/ip_fib.h.rej patching file linux/include/net/route.h Hunk #1 FAILED at 49. Hunk #2 succeeded at 120 with fuzz 2 (offset -8 lines). Hunk #3 FAILED at 140. 2 out of 3 hunks FAILED -- saving rejects to file linux/include/net/route.h.rej patching file linux/net/ipv4/arp.c patching file linux/net/ipv4/fib_frontend.c Hunk #3 succeeded at 212 with fuzz 2. Hunk #4 FAILED at 222. Hunk #5 FAILED at 244. The Red Hat kernels are not just plain vanilla kernels. They already have a number of patches applied by Red Hat and it is likely that the patch being applied by you is conflicting by one of those. You can either try some other kernel version or download a plain vanilla kernel from http://www.kernel.org/ and apply the routes patch on it. -- Manish http://www.tuxspace.com/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Please help in choosing the right patches
Sandeep Agarwal wrote: I have gone through http://www.ssi.bg/~ja/nano.txt AND further http://www.ssi.bg/~ja/ & got confused in choosing the right patch. Please suggest if I will choose Jumbo Patch patch-2.4.20-ja1.diff , is any other patches also required after this? If yes, is there any sequence in applying these patches? For your purpose, you need to choose one of the patches at http://www.ssi.bg/~ja/#routes depending on your kernel. You dont need the Jumbo patch for load balancing and failover. The "routes" patch should suffice. -- Manish Kathuria http://www.tuxspace.com/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Problems in Dead Gateway Detection / Failover - MultipleISP Links
gypsy wrote: Manish Kathuria wrote: --== snip ==-- However, if there is a problem in the ISP connectivity at any of the subsequent hops, there is no dead gateway detection and failover also does not take place. I have tested this on various linux kernels from 2.4 as well as 2.6 series. Somehow I have never faced a similar problem before and things have been working perfectly. In real life situation here, the first hop gateway is rarely going to be down so dead gateway detection and failover is going to be required whenever there is some connectivity problem at any of the later hops. So that's where dead gateway detection needs to work. What could be the reason ? How can this be resolved ? I would appreciate any pointers or suggestions. Thanks, Manish Kathuria Manish, Same here (a long time ago. I no longer have multiple ISPs). I don't have any answers for you, but here are a few pointers: Thanks for your mail. I wil try out the suggestions given by you. Use arping in a script, pinging the farthest hop that arping can reach that is of interest. Whenever arping returns a bad status, run 'ip route flush cache'. Put a nice long sleep in the script and run it all the time. > Perhaps in that same script, 'ping -n1 -I' each WAN interface in turn to some destination that must always be up but reachable only by/on that interface. Run 'ip route flush cache' whenever that ping fails. The only thing is whether by doing this the kernel would be able to mark the gateway having bad status as down or not. If it does not any other intervention, then its really superb. You are just trying to detect the up or down status of the link, so don't flood the connection with arping and ping packets. Using sleep, space those pings apart to something sensible. I was thinking of writing a daemon which will ping a remote host through each of the WAN interfaces every 5 seconds. If one of them gives a bad status response continuosly for 8-10 times, the default route will be changed to the other ISP's gateway and if the status changes again, it will be restored back to the load balanced multipath state. Will have to actually try and see which method fits in better here and is more elegant. If your suggestion works, its perhaps the best way out. Although Julian has never confirmed (or denied) this, it was my experience that only the **__FIRST__** nexhop affected the up or down status of the connection. If that succeeded, nothing would flag the connection as dead. If you know C, perhaps you can examine Julian's kernel patch to see if there is any useful information there. In my opinion, Julian should document exactly how DGD works. Perhaps he has and I just can't find it on his web site, but (when I cared), I was not able to find anything useful there. There are excellent documents at http://www.ssi.bg/~ja/dgd-usage.txt and http://www.ssi.bg/~ja/nano.txt which have explained it very well. Quoting from the dgd-usage.txt document here ... ---Begin Quote--- * the alternative routes check the neighbour state not only for gateways but for hosts, i.e. for any kind of neighbours. Note that in some cases the neighbour can remain in reachable state while its nexthops are failed. For example, it is even possible the gateway to be a proxy ARP server and the gateway IP to remain always in reachable state. In such case we can not notice the real state of the gateway's IP. * the alternative routes can be a list from unipath or multipath routes, using NOARP and ARP devices. As result, the first alive or first suspected (but not dead) route is selected by inspecting the state of the gateways in each path or the neighbours through the used device from the path. * as result we take care of the state of each path in a multipath route and we try to use only the alive paths considering their relative weights ---End Quote--- In the current situaion I am dealing with, the firsthop gateway is always reachable. It is only the subsequent hops which can go down. And when that happens, the dead gateway detection doesnt work, the outgoing traffic keeps on going out through the dead ISP's WAN interface. But what confuses me is that DGD does work for one of the ISPs which is also identically connected. Could running routed / gated play a role here in resolving this problem ? Have you tried to engage Julian in a conversation to resolve this? He posts here occasionally but I do not know if he answers questions about DGD off this list. I have not done it so far. -- gypsy Thanks once again for your suggestions. -- Manish Kathuria ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Problems in Dead Gateway Detection / Failover - Multiple ISP Links
Hello, I have configured a load balancing router using Julian's patches and as described in "nano.txt" for two ISP links as shown below. ISP 1 ISP 2 . . | | | | | | | WAN WAN | +-\-+ +-\-+ | | | | |R1 | GW1 GW2 |R2 | | |--.| | | | || | | +---+ || +---+ EXT1 || EXT2 +\\-+ | | | LINUX | | ROUTER| | | | | | | +---/---+ | INT IF | | | /\ | LAN | || \/ LAN NETWORK = 192.168.100.0/24 INT IF = 192.168.100.1 ISP1 NETWORK = 10.20.30.128/29 R1 - ROUTER1 GW1 = 10.20.30.129 EXT1 = 10.20.30.130 ISP2 NETWORK = 172.16.32.128/29 R2 - ROUTER2 GW2 = 172.16.32.129 EXT2 = 172.16.32.130 Both the ISPs have provided /29 subnets of Public IPs. The above mentioned addresses are just for example. The gateways for both the ISPs are routers placed at the same location which are further connected through Radio Link and Leased Line. Things work fine as long as both the ISP links are alive. While testing the dead gateway detection and failover functionality we observed that if we make the first hop gateway (i.e Router R1 or R2) of one of the ISPs dead by either disconnecting the ethernet cable between Linux Router and R1/R2 or by switching off the gateway (R1/R2) itself, dead gateway detection takes place and failover to the other ISP takes place. However, if there is a problem in the ISP connectivity at any of the subsequent hops, there is no dead gateway detection and failover also does not take place. I have tested this on various linux kernels from 2.4 as well as 2.6 series. Somehow I have never faced a similar problem before and things have been working perfectly. In real life situation here, the first hop gateway is rarely going to be down so dead gateway detection and failover is going to be required whenever there is some connectivity problem at any of the later hops. So that's where dead gateway detection needs to work. What could be the reason ? How can this be resolved ? I would appreciate any pointers or suggestions. Thanks, Manish Kathuria ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] multiple isp + nat
Janne Raatikainen wrote: I configured multiple isp (actually only multiple gw) according http://lartc.org/howto/lartc.rpdb.multiple-links.html. Now NAT (Internet) seems to work, both external interfaces work ( I didnt configure load balancing because I dont need it). However I have problem that I can not ping from NAT to public ip of my Linux box. Problem is that I can not connect from 192.168.1.0/24 network to services listening 84.248.213.195, but I can connect to Internet from NAT through that interface gateway (84.248.192.0). Connecting with public ip worked fine when I had simple NAT, with single Internet-connection. Have you used any firewall rules which prevent INPUT from the LAN ? I also notice that portforwarding from Linux-box (public ip) to computer under nat doesnt work too. Anyone has idea what is the problem? You will have to accept the traffic in the FOWARD chain in addition to the port forwarding rule for the system which is being accessed. I think it will be better if you list your firewall rules here to make the things clear. It will make it easier to identify the reason. Do I have to use some different kind of iptables-rules (fwmark?), than I used when I had only one connection to Internet, or do I have to add some route or gw? Janne -- Manish http://www.tuxspace.com/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Internet Satellite connection configuration on linux
Rani Ahmed wrote: hi all. here in Lebanon,Beriut we are allowed only to use satellite for downlink only. uplink is made through a router connected to public land lines. The satellite card is a penta card. i want to distribute Internet connection to customers. such a connection i want to do on linux. but what hinders me is the configuration which i dont know how to do. so please , some one tell me how to configure that, please. this is the diagram of what i want to make with linux: satelitedownlink_only->[Linux box]<>{customers_LAN} || || {ISP} <(cisco_router)<==uplink= Thanks for you help. How are you connecting to the satellite for uplink ? Are you using PPTP or some other method ? You can download the linux modules available from the Pentamedia website on your linux box and make the DVB card receive the download from the satellite. Ideally your linux box should have two ethernet cards and the Pentamedia DVB Card. One ethernet will be connected to the CISCO router for the uplink and the other will be connected to the LAN. Enable IP forwarding on your linux box and use SNAT rules if required. Let me know if you want more information. -- Manish http://www.tuxspace.com/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] [OT?] MikroTik instead Linux ?
LinuXKiD wrote: [Off topic ?] Somebody can help me to convince some people to use Linux instead MikroTik Happy new year. Andres. As far as I remember, MikroTik is also based on Linux, except for that the fact that they have their own shell with a different set of commands. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Multiple ISP Links - Gateway Not Getting Restored
I have been successfully implementing load balancing gateways for multiple ISP links at various locations using Julian's patches and as suggested in LARTC HowTo. At one location, one of the ISPs is providing connectivity through a PPOE DSL link which has to be dialled in everytime to connect. The gateway has been configured on a Fedora Core 3 based system and I have recompiled the 2.6.12 kernel after applying Julian's patches. I have configured the DSL modem in bridge mode and connected it to an ethernet interface on the gateway and use the DSL dialer in Fedora Core 3 to connect to the ISP. This creates a ppp0 interface when the connection goes live which is alloted a static Public IP. The dialer has been configured to redial as and when the link goes down. However the problem is that the kernel is not able to detect when this DSL interface (ppp0) comes back and does not restore the gateway through this link. The loadbalancing script has to be run again to make the kernel treat this gateway as LIVE and make the traffic go out through it. Has anyone encountered a similar problem ? I have never come across such an issue wherever the link is terminating on an ethernet interface. This ISP is insisting on dialling and then establishing the a PPOE interface. Any suggestions ? Thanks, Manish ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Use of CONNMARK in Multiple Internet Links
What are the pros and cons of using CONNMARK along with the Multiple ISP Links and Load Balancing method as suggested in the HOWTO and with Julian's patches for Dead Gateway Detection ? I have been observing excellent results without the CONNMARK rules. How is the performance affected if CONNMARK is used ? Thanks, Manish ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Squid - Load Balancing Multihomed Linux Router
Hi All, In a scenario, where a LAN is being provided internet connectivity through multiple ISPs terminated at a Load Balanced Multihomed Linux Router as described in LARTC HowTo, how would the traffic distribution affected if there is a squid based transparent proxy for the LAN's web traffic on the same system (i.e. the load balanced router itself). The recent squid versions have an option of setting multiple values for "outgoing_tcp_address" depending upon various ACL rules. Its also possible to not specify any IP address for this parameter so that it takes the outtgoing address on its own. But how would the proxy server behave in case of 2 or more outgoing internet links ? Has someone tried out something similar ? What will happen if this transparent proxy server is on a different system within the LAN itself ? Would the traffic distribution between multiple ISPs be affected since the entire web traffic would appear to originate from a single LAN IP (the IP address of the proxy server) ? Thank you in advance for your comments. - Manish ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/