LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 11-16-2007, 11:10 AM   #1
icedown
LQ Newbie
 
Registered: May 2007
Distribution: Gentoo
Posts: 18

Rep: Reputation: 0
Load balancing and routing problem


I have 2 internet connections at my home, a dsl connection with speeds of ~700kbit up and ~130kbit down with pings in the 60-100 range and a satellite connection with 1.5mbit down 256kbit up but pings are in the 2000s. I've got some static routes that i have set up, such as for all connections to distfiles.gentoo.org, i use the sat connection. I've tried setting up 2 default routes with

Code:
ip route add default via $DSLGW dev eth1 
ip route add default via $SATGW dev eth3
But it just uses one conection and I can't figure out how it selects the one it's going to use because sometimes it sticks to one of them and then sometimes the other.

I've tried load balancing with the command

Code:
ip route add default nexthop via $DSLGW dev eth1 weight 1 \
nexthop via $SATGW dev eth3 weight 1
but that always ends up using nothing but the sat interface. Is there a way to use iptables to help control routing, ex. all traffic with dest port 21 goes to sat and traffic with dest port 22 goes to dsl?

and What am i doing wrong on the load balancing end, i've tried messing with the weights, but that don't seem to bother it at all...
 
Old 11-16-2007, 11:56 AM   #2
dkm999
Member
 
Registered: Nov 2006
Location: Seattle, WA
Distribution: Fedora
Posts: 407

Rep: Reputation: 35
Unfortunately, what you are trying for is not readily achievable with plain-vanilla routing. The route table only allows for one default route, as you have observed. (If you put more in, it only uses the first one.)

But all is not lost; it might be possible to do this with two servers: put the daemons for interactive services on one machine, and attach it to the Internet via the DSL (low-delay) link, making the default route point out the DSL interface.

Put the daemons for the bulk-transfer services on the second machine, and attach it to the Internet through the satellite (high-capacity) link, making its default route point out the satellite interface. Then attach the two machines to one another over an ethernet, and configure NAT so that you have a private network on the Ethernet.

Finally, set up port forwarding on each machine so that traffic is forwarded to each daemon on the right machine. What this lash-up accomplishes is port-specific routing, which is what I think you were aiming for.

[For extra credit, you might be able to figure out how to do this all on one physical machine using the Xen virtual machine stuff. But I haven't thought that one through all the way .]
 
Old 11-16-2007, 12:52 PM   #3
icedown
LQ Newbie
 
Registered: May 2007
Distribution: Gentoo
Posts: 18

Original Poster
Rep: Reputation: 0
ok, what if I were to install a proxy, ex squid, and bind it to the sat interface. Then redirect all traffic inbound from the internal network on lets say port 21, and redirect it into port 3128, will this work? or will the data get out correcty but not back in?
 
Old 11-17-2007, 03:39 PM   #4
dkm999
Member
 
Registered: Nov 2006
Location: Seattle, WA
Distribution: Fedora
Posts: 407

Rep: Reputation: 35
I have no experience with proxy servers. What I was thinking of was to use the iptables NAT facility to do the port redirection.

After thinking this through for your situation, I have realized that the scheme will not work: direct port redirection using the DNAT facility in the NAT table will get the packets for a particular service directed to the right server, but that server will always reply on its default route. This will confuse the request initiator almightily, because it will receive a reply from an IP address that it was not expecting to hear from, and will almost certainly get confused.

Sorry for the misdirection. I guess I will have to go learn about proxy servers myself.
 
Old 11-17-2007, 07:07 PM   #5
dkm999
Member
 
Registered: Nov 2006
Location: Seattle, WA
Distribution: Fedora
Posts: 407

Rep: Reputation: 35
Over the course of the afternoon, I have thought some more about the underlying problem you have posed, and have come up with two (simpler, I hope) possible approaches:

1. Since you have two IP addresses, you might be able to arrange for incoming connections to arrive only through the link with the right properties by advertising a DNS hostname for each service with the IP address you would like clients to use. As an extension, you could even field two servers, each with one public IP address, with the daemons for the appropriate services running only on the right server. (This adds hardware, to keep from having to configure each daemon to listen only on the IP address you want to be used.

This does not, however, deal with outbound service requests.

2. For outbound connections (where you originate the connection to a remote server) and want the responding daemon to use one or the other IP address, you can use the iptables port-mapping functions; in those cases, the rule in the nat table PREROUTING chain should match only packets whose source address is the wrong IP address and whose source port is the port in question. Such packets should be remapped to the right source address:same_port. The responder will use that address for response, and you are off and running. Unfortunately, you will have to create such rules differently for each of your public IP addresses, and, if you go with the two-system scheme, some rules will have to be unique on each machine.
 
Old 11-19-2007, 07:05 PM   #6
icedown
LQ Newbie
 
Registered: May 2007
Distribution: Gentoo
Posts: 18

Original Poster
Rep: Reputation: 0
Well let me ask this just to clarify, There is no way for iptables to directly affect outbound routing, correct?
 
Old 11-20-2007, 08:28 PM   #7
dkm999
Member
 
Registered: Nov 2006
Location: Seattle, WA
Distribution: Fedora
Posts: 407

Rep: Reputation: 35
That is correct. The only sorts of rules that you can use to alter the routing behavior are in the PREROUTING table; changes you make there to the IP address will be used by the routing code, but the change will be kept as the packet goes out wherever the routing table says it should go. It might be possible to insert a rule into the POSTROUTING table that would change the IP address again, but I do not know of a way to save the original IP address and pass it from before the PREROUTING process over to the POSTROUTING process.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[2 internet connections] Combining load balancing and rule based routing TomG22 Linux - Networking 4 05-18-2009 04:50 PM
Load Balancing problem ist3k Linux - Networking 2 07-08-2007 02:23 AM
Load Balancing unsolved problem amateen Linux - Networking 0 12-26-2006 06:30 AM
Problem Load Balancing...:( caps_phisto Linux - Networking 2 09-07-2006 01:29 PM
Round robin load balancing problem. GuitsBoy Linux - Networking 0 05-03-2004 09:20 AM


All times are GMT -5. The time now is 06:36 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration