Re: [ilugd] Load balancing with multiple ISPs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ,--[ On Fri, Jan 18, 2008 at 01:15:41PM +0530, Kenneth Gonsalves wrote: [...] | I use shorewall multiisp for load balancing with 3 ISPs through | eth1, eth2 and eth3 with the lan on eth0. Works fine but the moment | one ISP goes down, the dns acts up and the various entries for that | ISP have to be removed and firewall restarted. There also doesnt seem | to be any way to detect when the isp comes up again, so the whole | thing is manual at present - users scream, check which is down and | restart without that. How about using a recursive nameserver instead of using forwarder ? Even if you've to rely on forwarders (probably because of your IP being blacklisted in RBLs and couple of DNS servers not responding to you), you can use public DNS servers rather than ISPs DNS servers. e.g. OpenNIC[1], or OpenDNS[2]. OpenNIC also provides some alternate domains not available with ICANN :) . Also you a simple workaround is that you can do this every 20-30s, ping -c2 -I ethX [ip-address] and see if exitcode is not 0, which implies ethX is not working. Hmm...? References: 1. OpenNIC - http://www.opennicproject.org/en/client_setup.html#nix 2. OpenDNS - http://www.opendns.com/ HTH - -- Ashish Shukla आशीष शुक्ल http://wahjava.wordpress.com/ ·-- ·- ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHkF1kHy+EEHYuXnQRAv5WAJ9GwIUAfTW0x3Kc5F3K+l23MDpLDACeIRcG D6b/GcKK5jvrynCGrlXcUaQ= =j/7a -END PGP SIGNATURE- ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Next Event: http://freed.in - February 22/23, 2008 Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
Re: [ilugd] Load balancing with multiple ISPs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ,--[ On Fri, Jan 18, 2008 at 01:09:56PM +0530, Raj Mathur wrote: [...] | Ah, I hadn't checked out that part of things and was under the | impression that load balancing won't work if you have a single | interface. If you can confirm that you can do this with both modems in | router mode I'll update the document accordingly, thanks. I'm running such configuration since past 8-9 months, with VSNL + Airtel :) It'll be a thread hijack, but can someone tell me if its okay for VSNL to let their Internet users, be able to connect their Datacenters on some RFC 1918 addresses. I mean from the perspective of security. I think they suck too. I found this last year, and this issue is still present here. I've posted the whole episode at http://wahjava.wordpress.com/2007/07/11/traceroute-1921681210/ . | | BtW, did you ever get a chance to verify 'weight' assigned to | networkroutes, hmm...? | | Nope, haven't tried that. Haven't even tried to download anything heavy | yet, just checked that it's possible. And anyideas, what'll be the logic. I think one needs a connection monitor like iptraf, and starts connect() to a large number of hosts in parallel, hmm...? TIA - -- Ashish Shukla आशीष शुक्ल http://wahjava.wordpress.com/ ·-- ·- ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHkGCjHy+EEHYuXnQRAlGDAKCBfaR/2w4pZfR1A+ubF9rms6ma8wCeI74c uc0RMyhv6rT/MnjWYoxf8SY= =RAR9 -END PGP SIGNATURE- ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Next Event: http://freed.in - February 22/23, 2008 Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
Re: [ilugd] Load balancing with multiple ISPs
On 18-Jan-08, at 1:33 PM, आशीष शुक्ल Ashish Shukla wrote: How about using a recursive nameserver instead of using forwarder ? Even if you've to rely on forwarders (probably because of your IP being blacklisted in RBLs and couple of DNS servers not responding to you), you can use public DNS servers rather than ISPs DNS servers. e.g. OpenNIC[1], or OpenDNS[2]. OpenNIC also provides some alternate domains not available with ICANN :) . i am using opendns servers - but still if an ISP goes down the dns gets b0rked Also you a simple workaround is that you can do this every 20-30s, ping -c2 -I ethX [ip-address] and see if exitcode is not 0, which implies ethX is not working. Hmm...? ping will work to check if the isp is down - and we can restart with new config. How to check if it has come up? Dont forget, ping has to go through the firewall and if the ISP in question is not on the firewall, how to find out? -- regards Kenneth Gonsalves Associate, NRC-FOSS [EMAIL PROTECTED] http://nrcfosshelpline.in/web/ Foss conference for the common man: http://registration.fossconf.in/web/ ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Next Event: http://freed.in - February 22/23, 2008 Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
Re: [ilugd] Load balancing with multiple ISPs
Raj Mathur [EMAIL PROTECTED] writes: Hi, Got myself a second Internet link (Airtel) yesterday and was fooling around trying to get traffic multiplexed over both the new and the existing (MTNL) links. It's working now, and on some applications I'm getting up to 512Kb/s speeds over my 2 256Kb/s connections. Have documented the process in a short document that explains what you need to do to load balance traffic over multiple Internet links: Kewl. After having waded through that sort of thing a while ago (dealing with glitchy multipath behaviour and other quirks, trying to modularize it to work with n uplinks etc), I would have suggested using pfsense for that sort of thing in future. Then Mary said ebox (http://www.ebox-platform.com/) is pretty much ready for real use. Bonus for you Raj: perl and mason front-ends. Hooray! (Well, anything will be better than my heroic abuse of webserving with bash shell scripts for a primitive version of that sort of functionality) PJ ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Next Event: http://freed.in - February 22/23, 2008 Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
Re: [ilugd] Load balancing with multiple ISPs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ,--[ On Fri, Jan 18, 2008 at 01:40:26PM +0530, Kenneth Gonsalves wrote: [...] | i am using opendns servers - but still if an ISP goes down the dns | gets b0rked That's probably because you need to switch gateways. | | Also you a simple workaround is that you can do this every 20-30s, | ping -c2 -I ethX [ip-address] and see if exitcode is not 0, which | implies ethX is not working. Hmm...? | | ping will work to check if the isp is down - and we can restart with | new config. How to check if it has come up? Dont forget, ping has to | go through the firewall and if the ISP in question is not on the | firewall, how to find out? I hope by ISP is down you meant gateway is not replying, but interface is still up, right ? So, if you do ping with '-I ethX', it'll use IPv4 address assigned to the interface 'ethX' as source address of ICMP echo packets. So make sure you've a source-based rule already set for 'ethX' (Hint: ip rule from ). What kind of firewall do you've ? Do you change firewall rules on fly if ISP goes down, hmm...? HTH - -- Ashish Shukla आशीष शुक्ल http://wahjava.wordpress.com/ ·-- ·- ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHkGP7Hy+EEHYuXnQRAjknAJ40+9jcnle0XFDm07liGkaoSg8yuACg5U8h 1hdTqx1pyMa2QhdLFbVvtTo= =TCI+ -END PGP SIGNATURE- ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Next Event: http://freed.in - February 22/23, 2008 Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
Re: [ilugd] Load balancing with multiple ISPs
On Friday 18 Jan 2008, pj wrote: [snip] Then Mary said ebox (http://www.ebox-platform.com/) is pretty much ready for real use. Bonus for you Raj: perl and mason front-ends. Hooray! (Well, anything will be better than my heroic abuse of webserving with bash shell scripts for a primitive version of that sort of functionality) You know, now I'm really glad I wrote that document -- not because it's providing gyaan, but because I myself have learnt a lot from the list after posting that link :) Thanks to all the people who've responded to the original message with tips and further information! Regards, -- Raju -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ Freedom in Technology Software || February 2008 || http://freed.in/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F PsyTrance Chill: http://schizoid.in/ || It is the mind that moves ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Next Event: http://freed.in - February 22/23, 2008 Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
[ilugd] Load balancing with multiple ISPs
Hi, Got myself a second Internet link (Airtel) yesterday and was fooling around trying to get traffic multiplexed over both the new and the existing (MTNL) links. It's working now, and on some applications I'm getting up to 512Kb/s speeds over my 2 256Kb/s connections. Have documented the process in a short document that explains what you need to do to load balance traffic over multiple Internet links: http://wiki.kandalaya.org/cgi-bin/twiki/view/Main/LoadBalancing Feedback welcome. Regards, -- Raju -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ Freedom in Technology Software || February 2008 || http://freed.in/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F PsyTrance Chill: http://schizoid.in/ || It is the mind that moves ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Next Event: http://freed.in - February 22/23, 2008 Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
Re: [ilugd] Load balancing with multiple ISPs
On 18-Jan-08, at 11:54 AM, Raj Mathur wrote: Got myself a second Internet link (Airtel) yesterday and was fooling around trying to get traffic multiplexed over both the new and the existing (MTNL) links. It's working now, and on some applications I'm getting up to 512Kb/s speeds over my 2 256Kb/s connections. Have documented the process in a short document that explains what you need to do to load balance traffic over multiple Internet links: http://wiki.kandalaya.org/cgi-bin/twiki/view/Main/LoadBalancing what happens if one interface goes down - does it screw up the dns? -- regards Kenneth Gonsalves Associate, NRC-FOSS [EMAIL PROTECTED] http://nrcfosshelpline.in/web/ Foss conference for the common man: http://registration.fossconf.in/web/ ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Next Event: http://freed.in - February 22/23, 2008 Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
Re: [ilugd] Load balancing with multiple ISPs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ,--[ On Fri, Jan 18, 2008 at 11:54:39AM +0530, Raj Mathur wrote: | Hi, | | Got myself a second Internet link (Airtel) yesterday and was fooling | around trying to get traffic multiplexed over both the new and the | existing (MTNL) links. It's working now, and on some applications I'm | getting up to 512Kb/s speeds over my 2 256Kb/s connections. Have | documented the process in a short document that explains what you need | to do to load balance traffic over multiple Internet links: | | http://wiki.kandalaya.org/cgi-bin/twiki/view/Main/LoadBalancing Quoting from above URL: - 88 Multiple routers If both your ISP modems are in router mode, you may have issues getting load balancing to work. This is because both the connections will be using the same interface (eth0). (Note that I'm using two interfaces, ppp0 and eth0, so I don't face this problem) - 88 What issues one will experience, hmm...? I did some similar setup with eth0 connected to a hub, and both internet connections (PPPoE) terminating to a hub. And used following command to do setup a default route: ip r a nexthop via $gateway_1 nexthop via $gateway_2 All I need is that interface eth0 has two IPv4 addresses assigned corresponding to networks of $gateway_1, and $gateway_2 . BtW, did you ever get a chance to verify 'weight' assigned to network routes, hmm...? TIA - -- Ashish Shukla आशीष शुक्ल http://wahjava.wordpress.com/ ·-- ·- ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHkFRiHy+EEHYuXnQRAvibAKDc4nCs18ysjEBhbs4OQe9k6QIVBwCfa715 v2IeGVhnTg275GIRQ32n7dg= =aWXn -END PGP SIGNATURE- ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Next Event: http://freed.in - February 22/23, 2008 Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
Re: [ilugd] Load balancing with multiple ISPs
On Friday 18 Jan 2008, Kenneth Gonsalves wrote: On 18-Jan-08, at 11:54 AM, Raj Mathur wrote: Got myself a second Internet link (Airtel) yesterday and was fooling around trying to get traffic multiplexed over both the new and the existing (MTNL) links. It's working now, and on some applications I'm getting up to 512Kb/s speeds over my 2 256Kb/s connections. Have documented the process in a short document that explains what you need to do to load balance traffic over multiple Internet links: http://wiki.kandalaya.org/cgi-bin/twiki/view/Main/LoadBalancing what happens if one interface goes down - does it screw up the dns? Well, it screws up half your connections. The commands I've given are for a rudimentary setup: no dead gateway detection, etc. OTOH, if one interface goes down you can always /etc/init.d/networking restart (or equivalent) to get back to your single-point access setup. Regards, -- Raju -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ Freedom in Technology Software || February 2008 || http://freed.in/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F PsyTrance Chill: http://schizoid.in/ || It is the mind that moves ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Next Event: http://freed.in - February 22/23, 2008 Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
Re: [ilugd] Load balancing with multiple ISPs
On Friday 18 Jan 2008, आशीष शुक्ल Ashish Shukla wrote: [snip] http://wiki.kandalaya.org/cgi-bin/twiki/view/Main/LoadBalancing Quoting from above URL: - 88Multiple routers If both your ISP modems are in router mode, you may have issues getting loadbalancing to work. This is because both the connections will be using the sameinterface (eth0). (Note that I'm using two interfaces, ppp0 and eth0, so Idon't face this problem)- 88 What issues one will experience, hmm...? I did some similar setup witheth0 connected to a hub, and both internet connections (PPPoE) terminating to ahub. And used following command to do setup a default route: ip r a nexthop via $gateway_1 nexthop via $gateway_2 All I need is that interface eth0 has two IPv4 addresses assignedcorresponding to networks of $gateway_1, and $gateway_2 . Ah, I hadn't checked out that part of things and was under the impression that load balancing won't work if you have a single interface. If you can confirm that you can do this with both modems in router mode I'll update the document accordingly, thanks. BtW, did you ever get a chance to verify 'weight' assigned to networkroutes, hmm...? Nope, haven't tried that. Haven't even tried to download anything heavy yet, just checked that it's possible. Regards, -- Raju -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ Freedom in Technology Software || February 2008 || http://freed.in/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F PsyTrance Chill: http://schizoid.in/ || It is the mind that moves ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Next Event: http://freed.in - February 22/23, 2008 Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
Re: [ilugd] Load balancing with multiple ISPs
Hi, --- On Jan 18, 2008 1:07 PM, Raj Mathur [EMAIL PROTECTED] wrote: | OTOH, if one interface goes down you can always | | /etc/init.d/networking restart \-- Or use fail-over to use the other connection line: http://www.ssi.bg/~ja/nano.txt My reference documentation: http://www.shakthimaan.com/downloads/glv/load-balancing/load-balancing-single-multipath.html SK -- Shakthi Kannan http://www.shakthimaan.com ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Next Event: http://freed.in - February 22/23, 2008 Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
Re: [ilugd] Load balancing with multiple ISPs
On 18-Jan-08, at 1:07 PM, Raj Mathur wrote: http://wiki.kandalaya.org/cgi-bin/twiki/view/Main/LoadBalancing what happens if one interface goes down - does it screw up the dns? Well, it screws up half your connections. The commands I've given are for a rudimentary setup: no dead gateway detection, etc. OTOH, if one interface goes down you can always /etc/init.d/networking restart (or equivalent) to get back to your single-point access setup. I use shorewall multiisp for load balancing with 3 ISPs through eth1, eth2 and eth3 with the lan on eth0. Works fine but the moment one ISP goes down, the dns acts up and the various entries for that ISP have to be removed and firewall restarted. There also doesnt seem to be any way to detect when the isp comes up again, so the whole thing is manual at present - users scream, check which is down and restart without that. -- regards Kenneth Gonsalves Associate, NRC-FOSS [EMAIL PROTECTED] http://nrcfosshelpline.in/web/ Foss conference for the common man: http://registration.fossconf.in/web/ ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Next Event: http://freed.in - February 22/23, 2008 Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
Re: [ilugd] Load balancing with multiple ISPs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ,--[ On Fri, Jan 18, 2008 at 12:09:53PM +0530, Kenneth Gonsalves wrote: | | On 18-Jan-08, at 11:54 AM, Raj Mathur wrote: | | Got myself a second Internet link (Airtel) yesterday and was fooling | around trying to get traffic multiplexed over both the new and the | existing (MTNL) links. It's working now, and on some applications I'm | getting up to 512Kb/s speeds over my 2 256Kb/s connections. Have | documented the process in a short document that explains what you need | to do to load balance traffic over multiple Internet links: | | http://wiki.kandalaya.org/cgi-bin/twiki/view/Main/LoadBalancing | | what happens if one interface goes down - does it screw up the dns? It doesn't screw up DNS, but the multipath route is lost. HTH - -- Ashish Shukla आशीष शुक्ल http://wahjava.wordpress.com/ ·-- ·- ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHkFTtHy+EEHYuXnQRAqgFAJoDpI/LZjT0R+F4bv3riN0BvG5+vwCgu7/5 F2q2fcGjwjUpbFDO1SQMxrM= =LzM3 -END PGP SIGNATURE- ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Next Event: http://freed.in - February 22/23, 2008 Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
