Re: [Shorewall-users] providers track option and rtrules

Thu, 17 Sep 2015 03:46:12 -0700 

> From: Tom Eastep <[email protected]>

> You can already specify 'default' in rtrules.


I rearranged a few things and it now seems to be working for the most part. 
Load balancing is just one thing I don't know if it's working as expected.

I tried two methods mentioned in previous posts.

1) using "mangle" and "probability/test":

mangle config file contains:

MARK(2):P      10.215.144.48,10.215.247.194    10.215.244.250 { 
probability=0.50 }
MARK(3):P      10.215.144.48,10.215.247.194    10.215.244.250 { test=0/0xff }

Traceroutes from 10.215.144.48 and from 10.215.247.194 to 10.215.244.250 always 
go out via CAIB provider (MARK(2)) no matter how many times I try from each src 
host.

2) using "rtrules" with high priority and "default" table ("mangle" file empty):

rtrules config file contains:

10.215.144.48,10.215.247.194            10.215.244.250          default         
11001

Table default:

172.28.17.110 dev enp5s0 scope link
172.20.11.49 dev enp5s1 scope link
default via 172.28.17.110 dev enp5s0 src 172.28.17.105 metric 3
default via 172.20.11.49 dev enp5s1 src 172.20.11.62 metric 2

Same results as in the first example (packets always go to the CAIB provider 
through enp5s1).
Seen with traceroutes from each client host and even on the firewall with 
commands such as:
# tcpdump -n -i enp5s1 src host 10.215.144.48 and dst host 10.215.244.250

I'm attaching a shorewall dump and a trace log for each case.

Is this expected behavior and I've always hit "CAIB" out of sheer probability 
or is there something I should tweak?

Thanks,

Vieri

Attachment: dump_mangle_probability.gz
Description: application/gzip

Attachment: dump_rtrules_default.gz
Description: application/gzip

Attachment: iptrace_mangle_probability.log.gz
Description: application/gzip

Attachment: iptrace_rtrules_default.log.gz
Description: application/gzip

------------------------------------------------------------------------------
Monitor Your Dynamic Infrastructure at Any Scale With Datadog!
Get real-time metrics from all of your servers, apps and tools
in one place.
SourceForge users - Click here to start your Free Trial of Datadog now!
http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to