On 9/17/2015 12:27 AM, Vieri Di Paola wrote: >> From: Tom Eastep <[email protected]> > >> You can already specify 'default' in rtrules. > > > I rearranged a few things and it now seems to be working for the most part. > Load balancing is just one thing I don't know if it's working as expected. > > I tried two methods mentioned in previous posts. > > 1) using "mangle" and "probability/test": > > mangle config file contains: > > MARK(2):P 10.215.144.48,10.215.247.194 10.215.244.250 { > probability=0.50 } > MARK(3):P 10.215.144.48,10.215.247.194 10.215.244.250 { test=0/0xff } > > Traceroutes from 10.215.144.48 and from 10.215.247.194 to > 10.215.244.250 always go out via CAIB provider (MARK(2)) no matter how > many times I try from each src host.
Were you using UDP traceroute or ICMP traceroute. If the latter, you
need to purge the resulting conntrack table entry between tries or you
need to let it time out. Otherwise, it will always use the same provider.
The probability rules seem to be working correctly:
2 184 MARK all -- * * 10.215.144.48
10.215.244.250 statistic mode random probability 0.50000000000
MARK set 0x2
2 184 MARK all -- * * 10.215.247.194
10.215.244.250 statistic mode random probability 0.50000000000
MARK set 0x2
2 184 MARK all -- * * 10.215.144.48
10.215.244.250 mark match 0x0/0xff MARK set 0x3
2 184 MARK all -- * * 10.215.247.194
10.215.244.250 mark match 0x0/0xff MARK set 0x3
You seem to have TC_EXPERT=Yes, however -- you probably want to change
it to No.
>
> 2) using "rtrules" with high priority and "default" table ("mangle" file
> empty):
>
> rtrules config file contains:
>
> 10.215.144.48,10.215.247.194 10.215.244.250 default
> 11001
>
> Table default:
>
> 172.28.17.110 dev enp5s0 scope link
> 172.20.11.49 dev enp5s1 scope link
> default via 172.28.17.110 dev enp5s0 src 172.28.17.105 metric 3
> default via 172.20.11.49 dev enp5s1 src 172.20.11.62 metric 2
Looks like you simply specified 'fallback' rather than 'fallback=1'. You
need the latter to get balancing.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Monitor Your Dynamic Infrastructure at Any Scale With Datadog! Get real-time metrics from all of your servers, apps and tools in one place. SourceForge users - Click here to start your Free Trial of Datadog now! http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
