Re: [LARTC] Which CPU for heavy traffic with much filtering/shaping?
Hi is there any how-to which can guide me through all available tuning options in /proc/ filesystem Pozdrawiam Szymon Turkiewicz > >Hi > > Hi > > >I have a router with a large number of iptables rules and some > >extensive traffic shaping (HTB + RED + ... ) + conntrack. > > Performance boost tips: > > - Use "set" module instead of sequential iptables rules. It can lower > cpu usage. > > - Use hashing filters for shaping if you're using many u32 filters. > > - configure conntrack to use bigger hashsize for better performance; > i'm passing following parameter to kernel in grub to achieve this: > ip_conntrack.hashsize=1048575 > > - configure routecache to use bigger to use more memory for better > performance; i'm passing following parameter to kernel in grub to > achieve this: rhash_entries=240 > > >1. What processors should I be looking for in order to achieve the > >best routing throughput on a linux router? > > I've had good experiences with P4 (with and without HT), Athlon64, Xeon > [dempsey], Xeon [woodcrest]. The last one is the best choice because of > the large cache and architecture. I think you can use Core 2 Duo too > if you want to save some money. > > >2. Is it true that multicore processors will not help much in this > >situation? > > Not true. In your setup with two nics with same load you can easily use > two cores. You can assign each nic to different core by the means of > smp_affinity setting in /proc/irq/... or by using irqbalance daemon. > > >Best regards, > >Derek > > pozdrawiam > Marek Kierdelewicz > KoBa ISP > ___ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] How to fight with encrypted p2p
Rtorrent which I use sometimes have ability to completely disable plain text communication : man rtorrent allow_incoming (allow incoming encrypted connections), try_outgoing (use encryption for outgoing connections), require (disable unencrypted handshakes), require_RC4 (also disable plaintext transmission after the initial encrypted handshake), enable_retry (if the initial outgoing connection fails, retry with encryption turned on if it was off or off if it was on), prefer_plain text (choose plaintext when peer offers a choice between plaintext transmission and RC4 encryption, otherwise RC4 will be used). and many other clients have similar abilities. I'm afraid that full encrypted and enabled by default communication is only a matter of time and we will lose this "fight" very soon. > Some clients P2P clients are nice about there encryption and negotiate > encryption ahead of time using plain communication. I.E. Limewire, > Azureus. However, some just start TLS and that is all you can see. > > Looking at ipp2ps signatures, I don't see anything that leads me to > believe they track that kind of info. > > > > David Bierce > > On Nov 11, 2007, at 9:48 PM, Mohan Sundaram wrote: > > sAwAr wrote: > >> Hi > >> I believe that whole question is in topic. Is there any way to > >> recognize ( and then shape ) p2p traffic which is encrypted? > >> Modern p2p clients have this ability moreover some of them have > >> this enabled by default. Now I'm using ipp2p for iptables but as I > >> know this doesn't recognize encrypted traffic. > >> Thanks in advance. > >> Pozdrawiam > >> Szymon Turkiewicz > > > > Have not tried this. An idea. P2P initiations are not encrypted > > AFAIK. Thus connections can be marked and related traffic shaped. If > > initiation is also encrypted, then I think we have a serious problem. > > > > Mohan > > ___ > > LARTC mailing list > > LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > ___ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] How to fight with encrypted p2p
Hi I believe that whole question is in topic. Is there any way to recognize ( and then shape ) p2p traffic which is encrypted? Modern p2p clients have this ability moreover some of them have this enabled by default. Now I'm using ipp2p for iptables but as I know this doesn't recognize encrypted traffic. Thanks in advance. Pozdrawiam Szymon Turkiewicz ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Weird problem with maximum upload speed on Windows
Witam, I had very big problem since last Friday. I noticed that clients with Windows can't upload faster than ~140kB/s at one connection ( ftp http). It's quite weird because when I do exactly the same test (the same server, time, computer, client ip address, even switch and port) but on Linux upload speed is much bigger. Very interesting is that this is always something about 140KB/s. Does somebody have any suggestions or possible solutions for this ? Thanks in advance Pozdrawiam Szymon Turkieiwcz -- Bedac w toalecie korzystala z ... >>> http://link.interia.pl/f1c16 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] LoadBalancing on many asimetric different dsl's.
Thanks for all your answers. I ask my question in different way because I still don't get answer which will be satysfying for me. Did anybody set similar configuration in the past? Have someone any suggestions how to set it to configure loadbalancing to avoid situation when one link is empty or only upload is used and other links are full. Does weights ensure that upload and download on all links with different up/down speeds will be equally loaded? Pozdrawiam sawar > On Mon, Jan 22, 2007 at 01:21:32PM +0100, Jordi Segues wrote: > > >the above is actually covered in the wiki howto. Bu tyou need to setup > > > >snat on > > >each interface, then connection tracking takes care of sending each > stream > > >out > > >the right interface, you need to use snat and not MASQ. > > > > Great news :) > > And thankyou for the details. > > But could you give the link to the wiki howto? > > I only found old doc. > been a while since i had a look, quick google gave me this > > http://lartc.org/howto/lartc.rpdb.multiple-links.html > > I have this booked market as the wiki > http://linux-net.osdl.org/index.php/Main_Page > > But I think the former is what you want > > > > > Thanks! > > > > > > > >Then you need to setup up some ip rule tables for each of the > interfaces. > > > > > > > > >my ip ru looks like this > > > > > >0: from all lookup local > > >200:from 144.132.145.38 lookup cable > > >201:from 60.241.248.86 lookup adsl > > >32766: from all lookup main > > >32767: from all lookup default > > > > > > > > >my ip r sh tab default > > > > > >default proto static metric 5 > > >nexthop via 144.132.144.1 dev vlan2 weight 1 > > >nexthop via 10.20.20.230 dev ppp0 weight 20 > > >default via 10.20.20.230 dev ppp0 src 60.241.248.86 metric 20 > > >default via 144.132.144.1 dev vlan2 src 144.132.145.38 metric 30 > > > > > > > > >This works fine for me, I have tracked packets with tcpdump on both the > > > >server > > >and the client. > > > > > >Alex > > > > > > > > > > > >> > > >> Thanks! > > >> > > >> Jordi Segues > > >> > > >> On 22 Jan 2007 09:49:28 +0100, sAwAr >[EMAIL PROTECTED]> wrote: > > >> >Hi, > > >> > > > >> >my company have just bought new network and I have question about > one > > >> >problem. > > >> >As in topic we must use few completely different dsl's and balance > > >traffic > > >> >between them. > > >> >2M/0,5M 4Mb/0,5M 8M/0,5M > > >> >M=Mb/s > > >> >I've never done such thing before so I have doubts how it will > > >> >work. > If > > >> >the links are symmetric 2/2 4/4 8/8 there is no problem because > with > > >> >weights I can compensate the difference between them and achieve > nice > > >> >results. But what in my situation? > > >> >My questions are: how to set load balancing to get all links > equally > > >> >loaded and avoid situation when the up load will be full and > download > > >> >almost empty? I believe this situation can happen due to fact that > load > > >> >balancing is based on flows and for example p2p or smpt/pop3 will > eat > > >> >whole upload. > > >> >If my problem isn't clear I'll try to explain it better later. > > >> > > > >> > > > >> >Thanks in advance. > > >> >Pozdrawiam > > >> >sawar > > >> > > > >> > >-- > > >> >Wolne adresy pocztowe @interia.eu >>> http://link.interia.pl/f19e8 > > >> > > > >> >___ > > >> >LARTC mailing list > > >> >LARTC@mailman.ds9a.nl > > >> >http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > >> > > > >> > > >> > > >> -- > > >> Jordi Segués Daina > > >> --- > > >> Andorra GSM: (+376) 35 35 68 > > >> France GSM: (+33) (0)6 81 88 35 55 > > >> [EMAIL PROTECTE
[LARTC] LoadBalancing on many asimetric different dsl's.
Hi, my company have just bought new network and I have question about one problem. As in topic we must use few completely different dsl's and balance traffic between them. 2M/0,5M 4Mb/0,5M 8M/0,5M M=Mb/s I've never done such thing before so I have doubts how it will work. If the links are symmetric 2/2 4/4 8/8 there is no problem because with weights I can compensate the difference between them and achieve nice results. But what in my situation? My questions are: how to set load balancing to get all links equally loaded and avoid situation when the up load will be full and download almost empty? I believe this situation can happen due to fact that load balancing is based on flows and for example p2p or smpt/pop3 will eat whole upload. If my problem isn't clear I'll try to explain it better later. Thanks in advance. Pozdrawiam sawar -- Wolne adresy pocztowe @interia.eu >>> http://link.interia.pl/f19e8 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Intel or AMD is better processor for router (800+ users)
Hi I would like to ask you which processor is beter solution for router? Please shortly explain why? I have about 800 users. For each I create 2 htb classes and 4 filters. Moreower router have dhcp serwer and lots of iptables rules. I'm interested in P4 3Ghz HT and AMD Athlon 64 3000+. What is beter choice for my needs? What parametrs of processors are important: clock, cache, fsb or something else ? Thanks in advance Pozdrawiam Szymon Turkiewicz -- Jestes kierowca? To poczytaj! >>> http://link.interia.pl/f199e ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Load-banancing. two ip's from one isp - solution
hi for those who was fallowing this topic I can say that IP_ROUTE_MULTIPATH_CACHED must be disabled! After few tests I'm quite sure that this was cousing my problems. Now I'm using 2.5.15 kernel without patch of Julian Anastasov and load-balancing is working. lartc split-access how to and http://www.ssi.bg/~ja/nano.txt now both are working fine Now I will try to use fwmark based routing and propably I will write with next problem soon :P Pozdrawiam Szymon Mroofka ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Load-banancing. two ip's from one isp
Hi, while I was waiting for your reply i decided to read everything once more: http://www.ssi.bg/~ja/#route routes-2.6.14-12.diff - March 3, 2005. Patch containing all following parts (applied in the same order), apply after disabling the IP_ROUTE_MULTIPATH_CACHED config option AND after this I decided look at my kernel configuration - ofcourse I have the IP_ROUTE_MULTIPATH_CACHED enabled on my 2.6.15. I decided to use older version of kernel 2.6.14-gennto-r5 (all test till now I'was doing on 2.6.15-gentoo-r1) to have sure that this is a clear (non patched copy of kernel) i mark the route_multipath and multipath_cached i've lived disabled. I've patch the route.diff of Anastasov compile kernel reboot system and NOW IT'S WORKING :) with my old script. Now my "test of truth" is showing correct gw and src ip. Now every thing is just I wanted to be. I don't need to use NAT/PAT witch was wierd for me. I don't know where was problem IP_ROUTE_MULTIPATH_CACHED must be disabled or maby some bug in 2.6.15 kernel. Now I'm too tired and huppy to test it out and make sure. I'll do it tommorow and will send the solution or rather answer where was my mistake. Once more thanks for support! pozdrawiam Szymon Mroofka lucy mroofka # ip rou ge 80.48.56.1 80.48.56.1 via 80.48.56.65 dev eth0 src 80.48.56.70 cache mtu 1500 advmss 1460 metric 10 128 lucy mroofka # ip rou ge 80.48.56.2 80.48.56.2 via 192.168.1.1 dev eth1 src 192.168.200.10 cache mtu 1500 advmss 1460 metric 10 128 lucy mroofka # ip rou ge 80.48.56.3 80.48.56.3 via 80.48.56.65 dev eth0 src 80.48.56.70 cache mtu 1500 advmss 1460 metric 10 128 lucy mroofka # ip rou ge 80.48.56.4 80.48.56.4 via 192.168.1.1 dev eth1 src 192.168.200.10 cache mtu 1500 advmss 1460 metric 10 128 lucy mroofka # ip rou ge 80.48.56.5 80.48.56.5 via 80.48.56.65 dev eth0 src 80.48.56.70 cache mtu 1500 advmss 1460 metric 10 128 lucy mroofka # ip rou ge 80.48.56.6 80.48.56.6 via 192.168.1.1 dev eth1 src 192.168.200.10 cache mtu 1500 advmss 1460 metric 10 128 lucy mroofka # ip rou ge 80.48.56.7 80.48.56.7 via 80.48.56.65 dev eth0 src 80.48.56.70 cache mtu 1500 advmss 1460 metric 10 128 lucy mroofka # ip rou ge 80.48.56.8 80.48.56.8 via 192.168.1.1 dev eth1 src 192.168.200.10 cache mtu 1500 advmss 1460 metric 10 128 lucy mroofka # ip rou ge 80.48.56.9 80.48.56.9 via 80.48.56.65 dev eth0 src 80.48.56.70 cache mtu 1500 advmss 1460 metric 10 128 lucy mroofka # ip rou ge 80.48.56.10 80.48.56.10 via 192.168.1.1 dev eth1 src 192.168.200.10 cache mtu 1500 advmss 1460 metric 10 128 -- Jak sie go pozbyc? >>> http://link.interia.pl/f191a ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Load-banancing. two ip's from one isp
Dnia wtorek, 28 marca 2006 20:56, William L. Thomson Jr. napisał: > On Tue, 2006-03-28 at 19:55 +0200, sAwAr wrote: > > > Ignore it, it's not what you need or want. > > > > Why not ?? > > Does it work? No, that's why ;) > > > It is about two diferent isp and I have only on but I have two nic's > > with diferent nets it is just like two ISP in the example. I need > > (want to) split outgoing connections through two gw so I don't > > understand why this solution isn't for me. > > Are you trying to do one gateway or two? If two, routing different > networks to different gateways. That is totally different. I am doing > that now, but it's all done via tables and rules. > > For multipath routing, the nano how to is the definitive doc. > > > If you have access to serwer with load balancing could you just make > > similar test for me. > > I do not any more, but still recall what I did that worked in did not. I > went through just about every scenario imaginable. But it seems you are > talking about two things. > > Two ISP's two gateways? Or Two ISP's on gateway via multipath? > > > Thank you for quick answerss and patinent for my english. > > No worries. Others helped me before. Just returning the favor. Please do > the same once you get things working. > > > Pozdrawiam > > Szymon Mroofka > > > > P.S > > I've read your faq. > > I'm argueing with routing guru... ohh my ;) > > Don't argue or assume. Just follow the examples and docs. It's tricky > stuff. Unfortunately there are lots of docs that do things a bit > differently. Which does not help matters at all. > > For multipath gateway routing I recommend the nano how to only. If you > are using two gateway's two ISPs totally different scenario. That I am > doing now. Multipath gateway I am not at this moment. But since I just > switched back to my core router being Linux, and ditched all others. > Once I get another line, or static IP's for my cable modem. I will do it > again. Ok. Now I'm realy confused. I have two gw in different subnets 192.168.1.1 and 80.48.56.65. Both of them belongs to the same ISP but those are completly different serwers and I suppose that I can treat it like two ISP with two gateways, can I? Gw 1.1 does NAT for 192.168.0.0/16 and 56.65 is a gw for 80.48.56.64/26 with roxy-arp or whatever I have two ip's 192.168.200.10 and 80.48.56.70. I can connect to internet via 1.1 with 200.10 src ip and via 56.65 with 56.70 src ip. With standard routing configuration I can use only on gw at the time and I lose adittional bandwith. So I want to use two gateways. I hope this time this is enough clearly explained. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Load-banancing. two ip's from one isp
Dnia wtorek, 28 marca 2006 19:06, William L. Thomson Jr. napisał: > On Tue, 2006-03-28 at 18:58 +0200, sAwAr wrote: > > According to: > > http://lartc.org/howto/lartc.rpdb.multiple-links.html > > This setup is responsible for sending answer with proper interface (witch > > it comes). > > Ignore it, it's not what you need or want. > > > my setup is copy of this (with some things from > > http://www.ssi.bg/~ja/nano.txt but without them it stil wasn't wrok): > > Needs to be exact. > > http://www.docum.org/docum.org/faq/cache/57.html > That was my setup. To the T > > > According to > > http://lartc.org/howto/lartc.rpdb.multiple-links.html > > Don't use both. It's one or the other. You can't mix and match. I do not > believe the lartc doc on multiple links to be accurate. IMHO. The nano > how to is right on. 100%. > > If you read all of the nano how to, and follow it to the letter. You > well get the results you are after. Ok I'll start everything from begining once more and I will write after it. > Ignore it, it's not what you need or want. Why not ?? It is about two diferent isp and I have only on but I have two nic's with diferent nets it is just like two ISP in the example. I need (want to) split outgoing connections through two gw so I don't understand why this solution isn't for me. If you have access to serwer with load balancing could you just make similar test for me. I would like to compare with my results I belive that this will convince me that I'm wrong :]. ip ro g some.ip.intenet.1 ip ro g some.ip.intenet.2 ip ro g some.ip.intenet.3 ip ro g some.ip.intenet.4 ip ro g some.ip.intenet.5 My results once more. lucy linux # ip ro ge 80.48.56.3 80.48.56.3 via 80.48.56.65 dev eth0 src 192.168.200.10 cache mtu 1500 advmss 1460 metric 10 128 lucy linux # ip ro ge 80.48.56.2 80.48.56.2 via 80.48.56.65 dev eth0 src 80.48.56.70 cache mtu 1500 advmss 1460 metric 10 128 lucy linux # ip ro ge 80.48.56.1 80.48.56.1 via 80.48.56.65 dev eth0 src 192.168.200.10 cache mtu 1500 advmss 1460 metric 10 128 lucy linux # ip ro ge 80.48.56.4 80.48.56.4 via 80.48.56.65 dev eth0 src 80.48.56.70 cache mtu 1500 advmss 1460 metric 10 128 Thank you for quick answerss and patinent for my english. Pozdrawiam Szymon Mroofka P.S I've read your faq. I'm argueing with routing guru... ohh my ;) -- Samochod zwany EOS... >>> http://link.interia.pl/f191c ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Load-banancing. two ip's from one isp
> On Tue, 2006-03-28 at 11:27 +0200, sAwAr wrote: > > > That's your problem. The Linux box with multiple gateways needs nat. At > > > least that was a requirement back in the day. Pretty sure nothing has > > > change there. Part of what Julian's patches address as well. > > > > > > When I had a setup like yours. I did two rounds of NAT/PAT. Once in > > > each of the routers, then again in the Linux router for the multiple > > > gateway thing to work. > > > > > > Try doing nat in your Linux box as well, and you should see some better > > > results. > > > > Yes I've tryd it. I did it by > > -A POSTROUTING -s 192.168.200.10 -o eth0 -j SNAT --to-source 80.48.56.70 > > -A POSTROUTING -s 80.48.56.70 -o eth1 -j SNAT --to-source 192.168.200.10 > > > > And it was working at least the connections with bad src ip was nated > > and they wasn't drop by ISP routers due to wrong src ip. It was > > happen when for example router with ip 80.48.56.65 recived packet from > > 192.168.200.10. The nat realy help. However with this solution my > > connections are natted and wan't be able to make direcct connections > > ie p2p, Will I? > > Sure you can, you just need to setup PAT via DNAT, along with SNAT. Your > doing translation from inside out, for P2P or serving stuff. You need to > have translation from the outside in as well. > > > But why this is happen? In my opinion there is still some bug because > > the gw should change in each "hop" like the src adress is changing. > > Well the request goes back out the interface it came in. If the request > was initiated from the outside. If it's initiated from the inside and > there is nothing in cache. Then each time it tries to send something > out, form the inside. It should use a different gateway. > > However if it sends a request out one interface, and that route is > cache. It might send out a few more till the cache expires. Then it will > switch to the other interface. > > > Nat only fix the wrong src addres but not resolve this problem... or > > maby this is normal behaviour of load-balancing ? I don't think so... > > It really is design, since it someone on the remote end is expecting a > response from one IP. Responding from another is no good. > > > If I understood the problem correctly. > > Sure you can, you just need to setup PAT via DNAT, along with SNAT. Your > doing translation from inside out, for P2P or serving stuff. You need to > have translation from the outside in as well. I belive that I can do it correctly but I have to say that I don't understand why? > Well the request goes back out the interface it came in. If the request > was initiated from the outside. If it's initiated from the inside and > there is nothing in cache. Then each time it tries to send something > out, form the inside. It should use a different gateway. According to: http://lartc.org/howto/lartc.rpdb.multiple-links.html This setup is responsible for sending answer with proper interface (witch it comes). ip route add $P1_NET dev $IF1 src $IP1 table T1 ip route add default via $P1 table T1 ip route add $P2_NET dev $IF2 src $IP2 table T2 ip route add default via $P2 table T2 ip route add $P1_NET dev $IF1 src $IP1 ip route add $P2_NET dev $IF2 src $IP2 ip route add default via $P1 ip rule add from $IP1 table T1 ip rule add from $IP2 table T2 my setup is copy of this (with some things from http://www.ssi.bg/~ja/nano.txt but without them it stil wasn't wrok): ip route replace 192.168.0.0/16 proto static dev eth1 src 192.168.200.10 table wew ip route replace default via 192.168.1.1 dev eth1 src 192.168.200.10 proto static table wew ip route append prohibit default table wew metric 1 proto static ip route replace 80.48.56.64/26 proto static dev eth0 src 80.48.56.70 table zew ip route replace default via 80.48.56.65 dev eth0 src 80.48.56.70 proto static table zew ip route append prohibit default table zew metric 1 proto static ip rule add prio 10 table main ip rule add prio 100 table brama ip rule add prio 50 from 80.48.56.64/26 table zew ip rule add prio 60 from 192.168.0.0/16 table wew ip route del default table main ip route flush cache only diference is that I've changed the table of default gateway from main to "brama" but I ofcourse have trayed wiht oryginal setup with no luck. So it don't make any problem. when I use ip rute add default via 192,168,1,1 table brama or instead ip route add default via 80.48.56.65 table brama everythi
Re: [LARTC] Load-banancing. two ip's from one isp
> That's your problem. The Linux box with multiple gateways needs nat. At > least that was a requirement back in the day. Pretty sure nothing has > change there. Part of what Julian's patches address as well. > > When I had a setup like yours. I did two rounds of NAT/PAT. Once in each > of the routers, then again in the Linux router for the multiple gateway > thing to work. > > Try doing nat in your Linux box as well, and you should see some better > results. Yes I've tryd it. I did it by -A POSTROUTING -s 192.168.200.10 -o eth0 -j SNAT --to-source 80.48.56.70 -A POSTROUTING -s 80.48.56.70 -o eth1 -j SNAT --to-source 192.168.200.10 And it was working at least the connections with bad src ip was nated and they wasn't drop by ISP routers due to wrong src ip. It was happen when for example router with ip 80.48.56.65 recived packet from 192.168.200.10. The nat realy help. However with this solution my connections are natted and wan't be able to make direcct connections ie p2p, Will I? But why this is happen? In my opinion there is still some bug because the gw should change in each "hop" like the src adress is changing. Nat only fix the wrong src addres but not resolve this problem... or maby this is normal behaviour of load-balancing ? I don't think so... I make simple test: lucy linux # ip ro ge 80.48.56.3 80.48.56.3 via 80.48.56.65 dev eth0 src 192.168.200.10 cache mtu 1500 advmss 1460 metric 10 128 lucy linux # ip ro ge 80.48.56.2 80.48.56.2 via 80.48.56.65 dev eth0 src 80.48.56.70 cache mtu 1500 advmss 1460 metric 10 128 lucy linux # ip ro ge 80.48.56.1 80.48.56.1 via 80.48.56.65 dev eth0 src 192.168.200.10 cache mtu 1500 advmss 1460 metric 10 128 lucy linux # ip ro ge 80.48.56.4 80.48.56.4 via 80.48.56.65 dev eth0 src 80.48.56.70 cache mtu 1500 advmss 1460 metric 10 128 -- Samochod zwany EOS... >>> http://link.interia.pl/f191c ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Load-banancing. two ip's from one isp
--eth0---80.48.56.70---80.48.56.65 ISP |my | router1 | | |linux | | | router2 eth1---192.168.200.10-192.168.1.1 ISP I've two ip from my isp one public and one internal. ISP have two routers router1 is gw for public ip and router2 is gw for internal ip's and do nat of connections. I'm trying to set up load-balanicng. I have only on box and I don't do any nat on my computer I was trying many scripts and how-to's http://lartc.org/howto/lartc.rpdb.multiple-links.html http://www.ssi.bg/~ja/nano.txt I alsow try to patch kernel http://www.ssi.bg/~ja/patch-2.6.14-ja1.diff but I can't set up it propertly. This is my script: # ip route replace 192.168.0.0/16 proto static dev eth1 src 192.168.200.10 table wew ip route replace default via 192.168.1.1 dev eth1 src 192.168.200.10 proto static table wew ip route append prohibit default table wew metric 1 proto static # ip route replace 80.48.56.64/26 proto static dev eth0 src 80.48.56.70 table zew ip route replace default via 80.48.56.65 dev eth0 src 80.48.56.70 proto static table zew ip route append prohibit default table zew metric 1 proto static ip rule add prio 10 table main ip rule add prio 100 table brama ip rule add prio 50 from 80.48.56.64/26 table zew ip rule add prio 60 from 192.168.0.0/16 table wew ip route del default table main ip route replace default table brama scope global nexthop via 192.168.1.1 dev eth1 nexthop via 80.48.56.65 dev eth0 ip route flush cache rp_filter is set to 0 forward is set to 1 I've trayed other configurations but always I have thesame problem: some packets are sent with wrong src ip via interface via eth0 with 192.168.200.10 via eht1 with 80.48.56.70 but as I know they souldn't I make simple test: lucy linux # ip ro ge 80.48.56.3 80.48.56.3 via 80.48.56.65 dev eth0 src 192.168.200.10 cache mtu 1500 advmss 1460 metric 10 128 lucy linux # ip ro ge 80.48.56.2 80.48.56.2 via 80.48.56.65 dev eth0 src 80.48.56.70 cache mtu 1500 advmss 1460 metric 10 128 lucy linux # ip ro ge 80.48.56.1 80.48.56.1 via 80.48.56.65 dev eth0 src 192.168.200.10 cache mtu 1500 advmss 1460 metric 10 128 lucy linux # ip ro ge 80.48.56.4 80.48.56.4 via 80.48.56.65 dev eth0 src 80.48.56.70 cache mtu 1500 advmss 1460 metric 10 128 As you can see the load-balancing don't work. Only src ip is changing.. I suppose that the gw should alsow change in each "hop" just like src ip. I think that is very wrong but I can't find answer why. Maby I forgot about something in kernel ... i don't now. What is wrong? What should i do to make it working? My post on the gentoo forum http://forums.gentoo.org/viewtopic-t-447016.html here is more information but I belive that the main problem is shown here --> the wrong src ip and/ or static gw. I'm sorry for my english, I know it's bad. Pozdrawiam Szymon Mroofka -- Jak sie go pozbyc? >>> http://link.interia.pl/f191a ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc