LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (http://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Linux IPTables load balancing with multiple DSL lines (http://www.linuxquestions.org/questions/linux-newbie-8/linux-iptables-load-balancing-with-multiple-dsl-lines-4175438664/)

sekarlinux 11-25-2012 01:05 PM

Linux IPTables load balancing with multiple DSL lines
 
Hello Friends,

I have the below structure in my linux box.

Eth0: LAN
Eth1: DSL-1
Eth2: DSL-2
Eth3: DSL-3
Eth4: DSL-4

Note : My DSL lines are having DHCP IP's

I need to distributes the requests through all the DSL lines as round-Robin with IP tables or any open source solutions.

Also i need a option to stop sending requests if any DSL line not working..

Thanks a lot in advance for your help on this request.

Regards,
Sekar

deswarf 11-25-2012 05:12 PM

I`m not sure, but I suppose it should look like this:
Code:

#!/bin/sh
IP1="`ip addr show eth1 | grep inet | awk '{print $2}'`"
IP2="`ip addr show eth2 | grep inet | awk '{print $2}'`"
IP3="`ip addr show eth3 | grep inet | awk '{print $2}'`"
IP4="`ip addr show eth4 | grep inet | awk '{print $2}'`"
iptables -t mangle -A OUTPUT -j CONNMARK --set-mark 1
iptables -t mangle -A OUTPUT -m statistic --mode nth --every 4 -j RETURN
iptables -t mangle -A OUTPUT -j CONNMARK --set-mark 2
iptables -t mangle -A OUTPUT -m statistic --mode nth --every 3 -j RETURN
iptables -t mangle -A OUTPUT -j CONNMARK --set-mark 3
iptables -t mangle -A OUTPUT -m statistic --mode nth --every 2 -j RETURN
iptables -t mangle -A OUTPUT -j CONNMARK --set-mark 4
iptables -t mangle -A OUTPUT -m statistic --mode nth --every 1 -j RETURN
iptables -t nat -A POSTROUTING -m connmark --mark 1 -j SNAT --to $IP1
iptables -t nat -A POSTROUTING -m connmark --mark 2 -j SNAT --to $IP2
iptables -t nat -A POSTROUTING -m connmark --mark 3 -j SNAT --to $IP3
iptables -t nat -A POSTROUTING -m connmark --mark 4 -j SNAT --to $IP4
exit 0

As for not working, probably it could be realised with couple of rules with
Code:


POSTROUTING  -m conntrack --ctstate NEW -m rateest --rateest-delta --rateest1 eth1 --rateest-bps1 2mbit --rateest-gt --rateest2  eth2 --rateest-bps2 200kbit -j CONNMARK --set-mark 1


sekarlinux 11-26-2012 07:54 AM

Thanks a lot friend.

Sorry i could not understand the second code.

Could you please give me details that second code will do?

Thanks,
Sekar


Quote:

Originally Posted by deswarf (Post 4836849)
I`m not sure, but I suppose it should look like this:
Code:

#!/bin/sh
IP1="`ip addr show eth1 | grep inet | awk '{print $2}'`"
IP2="`ip addr show eth2 | grep inet | awk '{print $2}'`"
IP3="`ip addr show eth3 | grep inet | awk '{print $2}'`"
IP4="`ip addr show eth4 | grep inet | awk '{print $2}'`"
iptables -t mangle -A OUTPUT -j CONNMARK --set-mark 1
iptables -t mangle -A OUTPUT -m statistic --mode nth --every 4 -j RETURN
iptables -t mangle -A OUTPUT -j CONNMARK --set-mark 2
iptables -t mangle -A OUTPUT -m statistic --mode nth --every 3 -j RETURN
iptables -t mangle -A OUTPUT -j CONNMARK --set-mark 3
iptables -t mangle -A OUTPUT -m statistic --mode nth --every 2 -j RETURN
iptables -t mangle -A OUTPUT -j CONNMARK --set-mark 4
iptables -t mangle -A OUTPUT -m statistic --mode nth --every 1 -j RETURN
iptables -t nat -A POSTROUTING -m connmark --mark 1 -j SNAT --to $IP1
iptables -t nat -A POSTROUTING -m connmark --mark 2 -j SNAT --to $IP2
iptables -t nat -A POSTROUTING -m connmark --mark 3 -j SNAT --to $IP3
iptables -t nat -A POSTROUTING -m connmark --mark 4 -j SNAT --to $IP4
exit 0

As for not working, probably it could be realised with couple of rules with
Code:


POSTROUTING  -m conntrack --ctstate NEW -m rateest --rateest-delta --rateest1 eth1 --rateest-bps1 2mbit --rateest-gt --rateest2  eth2 --rateest-bps2 200kbit -j CONNMARK --set-mark 1



deswarf 11-26-2012 12:50 PM

According to man iptables that stuff could be used for balancing outgoing connections depending on bandwidth. It compares lines rates and marks packets if 1st line rate is greater than of the second one. But it's when all lines are working. I don't know whether it can be used for checking not working DSL line... I've never been asked to do that before... so cant say for sure... Sorry... It's obvious that you need to separate working IPs from not working with update option, and if there is no response, then packet should be forwarded to the next line... Firstly I thought to solve this with "-m recent" key...
Anyway the question is very interesting and I hope to find some time later to think about it. Post your solution if you'd find it before that :)


All times are GMT -5. The time now is 11:07 AM.