Hi folks,

I have a firewall/gateway setup with 2 DSL connections (using PPPoe).

As far as I know, there are 2 possibilities when someone wants to use both of them simultaneously (from behind a network, using NAT):

• Load balancing: equalize outbounding connections
  syntax:
  
  Code:

  	ip route add default equalize scope global \
  		nexthop via <default gateway WAN1> dev <interface WAN1> weight 1 \
  		nexthop via <default gateway WAN2> dev <interface WAN2> weight 1

  Weight: the priority to prefer one link over another. The lower this factor, the more priority this WAN link gets. In this case, both WAN links are less or more equalize.
  Used routes are hold in the routing cache, based on the target ip adress. It means, if the cache isn't cleared regularly, targets will always use the same WAN link.
• IP rule based routing: choose the WAN link based on source/target host, port and protocol,..
  For example, one could use WAN link A only for HTTP and SMTP+POP3, while using the second link for file transfers (like FTP).
  To achieve this, it's necessary to make a custom routing table for each link (can be setup in /etc/iproute2/rt_tables).
  For example:
  
  Code:

  1 WAN1_table
  2 WAN2_table

  By adding the default gateway of each WAN link to these defined routing tables, it's possible to route traffic based on some rules:
  Adding default gateway from each WAN link to the separate routing tables:
  
  Code:

  	ip route add default via <default gateway WAN1> dev <interface WAN1> table WAN1_table
  	ip route add default via <default gateway WAN2> dev <interface WAN2> table WAN2_table

  ... and finally, adding ip rule based routing:
  
  Code:

  	ip rule add fwmark 1 table WAN1_table
  	ip rule add fwmark 2 table WAN2_table

  In this example, I'll be using IPtables to mark packets based on some criteria (for example, destination address).
  
  Code:

  	iptables -t mangle -A PREROUTING -d <host a> -j MARK --set-mark 1
  	iptables -t mangle -A OUTPUT -d <host a> -j MARK --set-mark 1
  
  	iptables -t mangle -A PREROUTING -d <host b> -j MARK --set-mark 2
  	iptables -t mangle -A OUTPUT -d <host b> -j MARK --set-mark 2

Now, finally my question:

I want to combine both methods:
As seen above, it's possible to add default gateways from different WAN links to different routing tables.
Using these different WAN links, it's possible to use a WAN link (choosing witch routing table to lookup) based om some criteria.

Now, what I actually want to achieve:

• 1 routing table for WAN1
• 1 routing table for WAN2
• ... and 1 routing table for the load balanced default gateway

This would it make possible, to decide if a client in the network has to use:

• WAN link 1
• WAN link 2
• A load balanced route of WAN link 1 and 2

... and of course other criteria, like:

• FTP needs to use both links in load balancing
• HTTP and mail traffic must use WAN link 1
• all other traffic must use WAN link 2

Actually, this seems to be impossible, because something like:

... seems to be not possible (incorrect syntax).
Does someone has a sollution/idea to this problem?

Thanks in advance

hi,

i've never tried using complex routing using linux,
but i do get your point in cisco's term -- you want to create both PBR and VRRP.
but from your diagram - you only have 1 router.
and, you need to do the policy-based routing after your VRRP properly configure.

sure you can do PBR with 1 router - but you dont have the option of doing balanced-gateway.

HTH.

Unfortunately, Cisco routers are really to expensive for home usage.

Actually, my setup works fine: the default route chosen is the latest one added with this script. So when the load balanced is the last one added, clients use it by default.
Exceptions can be made through ip rules (for example, client a must use ISP 1, client b ISP 2, and client c a load balanced route of ISP 1 and 2).

But: I just want to have the freedom to use 3 custom routing tables in stead of 2.

That would it make possible to choose the routing table based on the earlier mentioned criteria.
The default behavior would be: all clients, protocols, ports,... use ISP 1, all other exceptions to this default behavior can use ISP 2 or load balancing of both.

One thing I still can try: the load balanced route was added by default in the "main" route table (actually, tis is the default routing table, also used by the "route" command).
So what if I make routing rules for the main table?

hi,

the idea of vrrp is that you create a virtual router with a virtual IP handling balanced-gateway - so that you can create a routing-table based on balanced-gateway.

i understand that your :
route A will be packet A and going to line A,
route B will be packet B and going to line B,
but then you need another route for both packet AB going line AB - right?

this thing cant be done in a single router and policy-based routing.

that is the function of VRRP - "another" virtual router which deliver your balanced traffic.

and you can do GLBP (gateway load balancing) which is an alternative to VRRP.

i think thats all for cisco'isme
you've got me interested in developing complex routing based on linux. thanks for the idea. nice one.

HTH.

It's been a while since no-one posted on this topic, but...I've just found the solution to the initial problem mentioned here!
So, to TomG22:
You can add a "weighted" rule to a user-defined routing table, using the following syntax:

So, basically the "table tblname" code must NOT be placed at the end of the command line.
This hint I've found at: http://mailman.ds9a.nl/pipermail/lar...q4/021875.html

Hope this helps!
Cheers