LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-23-2015, 10:57 AM   #1
bonowax
Member
 
Registered: Jul 2006
Location: Suburbs of Lisbon, Portugal
Distribution: Slackware, FreeBSD
Posts: 75

Rep: Reputation: 16
IPROUTE2 - Load balance over two ISP connections breaks HTTPS


Hello forum;

I have (almost) successfuly set up a Linux router and load balancer, with IPROUTE2 and SQUID.

Simplifying: I have two default routes, with equal wheight, and traffic is distributed in what seems a round-robin fashion.

This also causes traffic directed to HTTPS servers to be sourced from diferent interfaces - and IP address - during the same session, which these servers won't tolerate, and expire the session.

I thought I could fine tune route cache parameters in the kernel, to avoid route lookups during a certain period of time, but alas, route cache was removed from kernel since 3.10, which is what I use.

I could force HTTPS traffic to always be directed through the same route, but that would defeat the load-balancing purpose.

I haven't been able to Google anything helpful so far.

Has anyone used such a setup and came across the same problem?

Thanks you in advance for any pointers...

--
Paulo
 
Old 03-23-2015, 01:38 PM   #2
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: Fedora
Posts: 4,162

Rep: Reputation: 1268Reputation: 1268Reputation: 1268Reputation: 1268Reputation: 1268Reputation: 1268Reputation: 1268Reputation: 1268Reputation: 1268
I don't think you can split traffic in a single TCP session over two routes. You won't get in-order delivery, for one thing. You should be able to load balance traffic to different IPs.
 
Old 03-24-2015, 06:36 AM   #3
bonowax
Member
 
Registered: Jul 2006
Location: Suburbs of Lisbon, Portugal
Distribution: Slackware, FreeBSD
Posts: 75

Original Poster
Rep: Reputation: 16
Hi, and thank you for your response.
Perhaps my initial description was confusing, incomplete or both;

The intention is to use a SQUID proxy server, for our users to browse the web. This proxy runs in a box on which I have configured policy routing to use two dynamicaly-configured Internet connections, each from a different ISP.
By having two default routes, with equal wheight, SQUID's requests to websites are routed in a round-robin fashion through both links.

The problem occurs when, during the same HTTPS session, packets arrive at the destination server from different source IPs, which causes some servers to immediatly expire the session and terminate it, which seems pretty sensible to me.

I could force one of the default routes to be the prefered one, based on criteria such as client IP, protocol or destination server, but that would defeat the main purpose of evenly balancing web traffic through both links.

I'm at a loss here, so any help will be very much appreciated...

--
Paulo
 
Old 05-15-2015, 05:23 AM   #4
bonowax
Member
 
Registered: Jul 2006
Location: Suburbs of Lisbon, Portugal
Distribution: Slackware, FreeBSD
Posts: 75

Original Poster
Rep: Reputation: 16
Hello again, forum;

As it turned out, I had to resort to different aproaches to find a solution.

The one in place right now:
- Using IPROUTE2, I 'divided' the Internet into two /1 subnets; depending on destination, a different routing table and thus default gateway will be used.
- The shortfal of this 'solution' is that there will be no randomness in routes; same destination will always use the same gateway which might not distribute traffic evenly, as desired.

The other one I tried but did not work:
- Using NETFILTER, with the statistics module to mark every new ip connection with either '1' or '2' alternately, and then using different routing tables, based on fwmark.
- Everything works as expected except when traffic returns through the second established route, where kernel returns "rtnetlink answers invalid cross-device link" and the packet is dropped.

The second solution would be much more ellegant, but I'm at a loss as to why it doesn't work. My searching has been fruitless, so far. Any pointers are welcome.

--
Paulo
 
  


Reply

Tags
gateway, https, multihomed, route, router


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How do i load balance 3 WAN connections? touser Linux - Networking 4 09-05-2005 05:39 AM
load balance with DHCP connections eantoranz Linux - Networking 0 06-02-2005 04:10 PM
Load balance 2 dial-up connections morosband Linux - General 2 03-04-2005 05:09 PM
Load balance 2 dial-up connections morosband Linux - Networking 1 03-03-2005 11:58 PM
Load balance 2 adsl conn. from same ISP? joey_m Linux - Networking 3 02-12-2005 02:53 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:53 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration