ISP Load Balancing breaks on my Gentoo

man3uuu · 07-16-2009, 12:42 AM

Hi All,

After researches and reading I am not able to solve a very strange issue with my Network Load Balancing.

I have a Gentoo 2008.0, and I have installed iproute2.

I have setup, as it is explained on lartc.org some scripts to be able to automatically load balance 2 ISP.

Everything is working fine, both lines are used but ..... sometimes the networks breaks. For example, I can't be connected to pidgin more than 1 or 2 or 3 minutes. Also, my downloads are stopped after 5 min, sometimes less, sometimes more and finally my skype is "blinking" : connecting and disconnecting everytime.

Here are my files :

/etc/iproute2/rt_tables

Code:

#
# reserved values
#
255     local
254     main
253     default
0       unspec
#
# local
#
#1      inr.ruhep
1 TTATA
2 TAIRTEL

ISPLoadBalancing.sh

Code:

#!/bin/bash
IF0=lan
IF1=tata
IF2=airtel
IP1=192.168.1.2
IP2=192.168.0.2
P1=192.168.1.1
P2=192.168.0.1
P0_NET=192.168.2.0
P1_NET=192.168.1.0
P2_NET=192.168.0.0

echo "ip route del $P1_NET"
      ip route del $P1_NET
echo "ip route del $P2_NET"
      ip route del $P2_NET
echo "ip route del default via $P1"
      ip route del default via $P1
echo "ip route del default via $P2"
      ip route del default via $P2
echo ""


# route for TATA
echo "ip route add $P1_NET dev $IF1 src $IP1 table TTATA"
      ip route add $P1_NET dev $IF1 src $IP1 table TTATA
echo "ip route add default via $P1 table TTATA metric 1"
      ip route add default via $P1 table TTATA metric 1
# routes for Airtel
echo "ip route add $P2_NET dev $IF2 src $IP2 table TAIRTEL"
      ip route add $P2_NET dev $IF2 src $IP2 table TAIRTEL
echo "ip route add default via $P2 table TAIRTEL metric 2"
      ip route add default via $P2 table TAIRTEL metric 2
echo ""


echo "ip route add $P1_NET dev $IF1 src $IP1"
      ip route add $P1_NET dev $IF1 src $IP1
echo "ip route add $P2_NET dev $IF2 src $IP2"
      ip route add $P2_NET dev $IF2 src $IP2
echo ""


echo "ip rule del from $IP1"
      ip rule del from $IP1
echo "ip rule del from $IP2"
      ip rule del from $IP2
echo "ip rule add from $IP1 table TTATA"
      ip rule add from $IP1 table TTATA
echo "ip rule add from $IP2 table TAIRTEL"
      ip rule add from $IP2 table TAIRTEL


# load balancing
echo "ip route del default scope global"
      ip route del default scope global
echo "ip route add default via $P1 metric 1"
      ip route add default via $P1 metric 1
echo "ip route add default via $P2 metric 2"
      ip route add default via $P2 metric 2
echo ""


# add the routes for local
# for tata
echo "ip route add $P0_NET     dev $IF0 table TTATA"
      ip route add $P0_NET     dev $IF0 table TTATA
echo "ip route add $P2_NET     dev $IF2 table TTATA"
      ip route add $P2_NET     dev $IF2 table TTATA
echo "ip route add 127.0.0.0/8 dev lo   table TTATA"
      ip route add 127.0.0.0/8 dev lo   table TTATA
# for airtel
echo "ip route add $P0_NET     dev $IF0 table TAIRTEL"
      ip route add $P0_NET     dev $IF0 table TAIRTEL
echo "ip route add $P1_NET     dev $IF1 table TAIRTEL"
      ip route add $P1_NET     dev $IF1 table TAIRTEL
echo "ip route add 127.0.0.0/8 dev lo   table TAIRTEL"
      ip route add 127.0.0.0/8 dev lo   table TAIRTEL


echo "ip route add default scope global nexthop via $P1 dev $IF1 weight 1 nexthop via $P2 dev $IF2 weight 1"
      ip route add default scope global nexthop via $P1 dev $IF1 weight 1 nexthop via $P2 dev $IF2 weight 1


killall router
/etc/init.d/router &

My ip tables rules into :
/etc/init.d/router

Code:

#!/bin/bash
iptables -F
iptables -t nat -F

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

export LAN=lan
export TATA=tata
export AIRTEL=airtel

iptables -I INPUT 1 -i ${LAN} -j ACCEPT
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A INPUT -p UDP --dport bootps ! -i ${LAN} -j REJECT
iptables -A INPUT -p UDP --dport domain ! -i ${LAN} -j REJECT

iptables -A INPUT -p TCP --dport ssh -i ${TATA} -j ACCEPT


iptables -I FORWARD -i ${LAN} -d 192.168.2.0/255.255.0.0 -j DROP
iptables -A FORWARD -i ${LAN} -s 192.168.2.0/255.255.0.0 -j ACCEPT

iptables -A FORWARD -i ${TATA}   -d 192.168.2.0/255.255.0.0 -j ACCEPT
iptables -A FORWARD -i ${AIRTEL} -d 192.168.2.0/255.255.0.0 -j ACCEPT
iptables -t nat -A POSTROUTING -o ${TATA}   -j MASQUERADE
iptables -t nat -A POSTROUTING -o ${AIRTEL} -j MASQUERADE

echo 1 > /proc/sys/net/ipv4/ip_forward
for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done



# Keeping Alive
while : ; do
  ping -c 1 192.168.1.1 > /dev/null 2>&1
  ping -c 1 192.168.0.1 > /dev/null 2>&1
  sleep 10
done

And finally my sysctl.conf :

Code:

# Disables packet forwarding
net.ipv4.ip_forward = 1
# Disables IP dynaddr
net.ipv4.ip_dynaddr = 1
# Disable ECN
#net.ipv4.tcp_ecn = 0
# Enables source route verification
net.ipv4.conf.default.rp_filter = 0
# Enable reverse path
net.ipv4.conf.all.rp_filter = 0

# Disable redirects
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

If somebody could help me ... please

Thanks !

blietaer · 07-25-2011, 07:14 AM

Hey,

This is very valuable to me.
I tried different HowTos and turorials with different tables and platforms,...never could reach the joy of having my conky eth0 and eth1 graphs both roofing...today I can, thank to you. Thought it could be nice to let you know your work is appreciated.

Your scripts are clear, easy to personalize (thank to the use of variables), very nice.

Well, now about your issue, I am not sure I'll reproduce it easily, but skype and kopete keep connected.
Actually, I am not doing it on a third machine router, but directly on my Gentoo Desktop (only using 2 interfaces, and no need for iptable)

But I am sure you figure out by now (2009-2011), so please, keep this post up to date!