[LARTC] Gre Tos
Hi, how does gre tunnels handle the TOS/DS field in the encapsulated packet? Is the value copied to the encapsulating ip header? thx jason___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] nat for nonconnected network
Hi, how do you nat an address pool that is routed to a router but the router does not have/contain that network. For example: [isp 1.2.3.4] --[customer router 1.2.3.5]-[dmz network] [route for 200.0.0.0/x get sent to customer router this address pool is assigned to customer, the isp is routing all 200.0.0.0/x to customer router] I would like to map address 200.0.0.x/32 to dmz servers (web,mail...etc), but I have 'isp interface' and 'dmz interface' What would be preferable using iptables of ip route, and is it possible to do this while not physically having this network bound the the customer system, or must I add the network to an interface such as lo? thx jason___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] failover routing
Hi, our network has a hand full of 2k servers that use silent rip. We use 2 Linux gateways with separate isp's. Each gateway does a ' default-originate' to advertise its default route in ripv2(with on having a different metric). The main gateway has a ping script written in shell that will ping the gateway, determine if its up or down; With either result it checks its history of the last 3 intervals, and will only stop rip if or start rip if there is/was 3 concurrent ups or downs. I have been running this for 2 years with no problems. I hope this helps ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] failover routing
Hi, yes we run ripv2 and both quagga and zebra. The script on the primary gateway just pings the nexthop. The return value is formated. and stored in a log file. Next the script checks the last three values in the log, if current value 100 (down) or 0 (up) matches the last three values in the log file determines the outcome of either stopping rip or starting it. For example: logfile values 100 100 100 current value 100 --this would stop ripd In order for ripd to start we would need: 0 0 0 in the logfile and a current value 0, this would then start ripd ! this is what is in my secondary gateway ripd.conf router ripdefault-information originateoffset-list 1 out 4 eth0network eth0 access-list 1 permit 0.0.0.0 !this is what is in my primary gateway ripd.conf router ripdefault-information originatenetwork eth0 Jason From: the sew [mailto:[EMAIL PROTECTED]Sent: Tue 2/7/2006 1:58 PMTo: comp.techsCc: lartc@mailman.ds9a.nlSubject: Re: [LARTC] failover routing sounds good, do your run ripv2 with zebra or quagga?, your idea sounds exactly what I have in mind. Mind explaining a bit more technical and sharing some usefull bits in your config?ThanksSew On 2/7/06, comp.techs [EMAIL PROTECTED] wrote: Hi, our network has a hand full of 2k servers that use silent rip. We use 2 Linux gateways with separate isp's. Each gateway does a ' default-originate' to advertise its default route in ripv2(with on having a different metric). The main gateway has a ping script written in shell that will ping the gateway, determine if its up or down; With either result it checks its history of the last 3 intervals, and will only stop rip if or start rip if there is/was 3 concurrent ups or downs. I have been running this for 2 years with no problems. I hope this helps ___LARTC mailing listLARTC@mailman.ds9a.nlhttp://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] prio test results
Hi, below are some test results from implementing a prio qdisc 'that is also below'.The qdisc is attacted to a vlan interface for my external network. Both tests were runat the same time.The links are policed at 6.0M 'by our provider'. 192.168.70.1 -- 192.168.30.1 My question is: If using a prio qdisc should'nt the iperf run with a tos of b8have the majority of the bandwidth? thx jason ./iperf -c 192.168.30.1 -t 20 -i 5 --tos 0xb8 [dscp 46] ef [ 5] local 192.168.70.1 port 33483 connected with 192.168.30.1 port 5001[ ID] Interval Transfer Bandwidth[ 5] 0.0- 5.0 sec 2.80 MBytes 4.69 Mbits/sec[ 5] 5.0-10.0 sec 968 KBytes 1.59 Mbits/sec[ 5] 10.0-15.0 sec 1.73 MBytes 2.90 Mbits/sec[ 5] 15.0-20.0 sec 2.05 MBytes 3.45 Mbits/sec[ 5] 0.0-20.2 sec 7.53 MBytes 3.13 Mbits/sec ./iperf -c 192.168.30.1 -t 20 -i 5 --tos 0x28 [dscp 10] af11 [ 5] local 192.168.70.1 port 33484 connected with 192.168.30.1 port 5001[ ID] Interval Transfer Bandwidth[ 5] 0.0- 5.0 sec 2.13 MBytes 3.58 Mbits/sec[ 5] 5.0-10.0 sec 2.37 MBytes 3.97 Mbits/sec[ 5] 10.0-15.0 sec 2.20 MBytes 3.68 Mbits/sec[ 5] 15.0-20.0 sec 1.75 MBytes 2.94 Mbits/sec[ 5] 0.0-20.3 sec 8.45 MBytes 3.49 Mbits/sec #!/bin/sh tc qdisc del dev eth0.2 root tc qdisc add dev eth0.2 root handle 1: prio tc filter add dev eth0.2 parent 1:0 prio 1 protocol ip u32 \ match ip tos 0xb8 0xfc flowid 1:1 tc filter add dev eth0.2 parent 1:0 prio 2 protocol ip u32 \ match ip tos 0x68 0xfc flowid 1:2 tc filter add dev eth0.2 parent 1:0 prio 3 protocol ip u32 \ match ip tos 0x28 0xfc flowid 1:3 tc filter add dev eth0.2 parent 1:0 prio 3 protocol ip u32 \ match ip tos 0x00 0xfc flowid 1:3 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] Gred/dsmark/htb
Title: Re: [LARTC] Gred/dsmark/htb Hi, thx for the reply. If I changed the parent to 2.0 for the filters this would not pass the minor classid field back to the tcindex, which is required for gred? thx jason From: Andy Furniss [mailto:[EMAIL PROTECTED]Sent: Thu 1/12/2006 2:43 PMTo: comp.techsCc: lartc@mailman.ds9a.nlSubject: Re: [LARTC] Gred/dsmark/htb comp.techs wrote: Hi, I am trying to get assured forwarding/expedited forwarding with gred and htb working. Below is the script I am using. The following steps are what I thing is how the script works. My problem is that if I remove the HTB qdisc from the script and have the GREDS parent as the dsmark it works, but when I add the htb as a parent of GRED and DSmark the parent of htb it does not work? Any suggestion appreciated. thx jason 1. The DS field is marked by iptables in prerouting/mangle to the appropriate class. 2. DSMark masks the ds and copies ths dscp to the tcindex field. 3. filters are selected as per what dscp there handle is. 4. the minor of the filter is returned back to the dsmark and copied to the tcindex #!/bin/sh tc qdisc del dev eth0 root tc qdisc add dev eth0 handle 1:0 root dsmark indices 16 set_tc_index tc filter add dev eth0 parent 1:0 protocol ip prio 1 tcindex \ mask 0xfc shift 2 pass_on #af class 1I think all the filters below here should be on 2:0 tc filter add dev eth0 parent 1:0 protocol ip prio 1 \ handle 10 tcindex classid 1:11 tc filter add dev eth0 parent 1:0 protocol ip prio 1 \ handle 12 tcindex classid 1:12 tc filter add dev eth0 parent 1:0 protocol ip prio 1 \ handle 14 tcindex classid 1:13 #af class 2Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] multicast over GRE tunnel
Title: [LARTC] multicast over GRE tunnel Hi, if this is for the purpose of using OSPF. You must setup Point-to-Point interfaces. That is when giving your local gre tunnel ip address you must also specify a peer address. jason From: [EMAIL PROTECTED] on behalf of Steve EckmannSent: Wed 12/7/2005 10:55 AMTo: lartc@mailman.ds9a.nlSubject: [LARTC] multicast over GRE tunnel I need to send multicast traffic through a GRE tunnel between two Linuxrouters. The tunnel works for normal IP packets, but I can't see how tomake it work for multicast. Here's the setup: 10.10.10.0/24LAN-B--RtrB-RtrC--LAN-C 192.168.2.0/24 192.168.1.0/24RtrB interfaces: eth0 192.168.2.1 eth1 10.10.10.11RtrC interfaces: eth0 192.168.1.1 eth1 10.10.10.201Tunnel setup on RtrB: ip tunnel add netC mode gre remote 10.10.10.201 local 10.10.10.11 ip link set netC up ip addr add 10.10.10.11 dev netC ip route add 192.168.1.0/24 dev netCTunnel setup on RtrC: ip tunnel add netB mode gre remote 10.10.10.11 local 10.10.10.201 ip link set netB up ip addr add 10.10.10.201 dev netB ip route add 192.168.2.0/24 dev netBI'm stuck here. I tried adding routes for 224.0.0.0/4 and for a specificmulticast group (say 239.16.2.2) to the netB and netC "devices", but themulticast traffic isn't getting out of its source LAN. Are there ipcommands that will do it? Do I need additional software running formulticast? I couldn't get mrouted or pimd to compile on Fedora Core 4. Iinstalled xorp but haven't tried running it yet because I'm veryconfused about what is needed, besides the basic kernel and iproute2,for a multicast-capable Linux router.Thanks.___LARTC mailing listLARTC@mailman.ds9a.nlhttp://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] HTB and GRED for AF and EF services
Hi, just wondering if this type of configuration would be possible for using AF and EF classes. HTB (6.0M) --GRED 5 (AF1) --HTB(1M) [is it possible to have this with a 1M rate and a 6M ceiling?] --GRED [3 greds using grio] VQ1 -3 --GRED 4 (AF2) --HTB(1M) --GRED VQ1 -3 --GRED 3 (AF3) --HTB(1M) --GRED VQ1 -3 --GRED 2 (AF4) --HTB(1.5M) --GRED VQ1 -3 --GRED 1 (EF) --HTB(1.5M) --GRED VQ1 -3 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Marking DSCP
Hi, what would be the easiest way to mark packets for AF. For example ingress www traffic being marked as AF31? thx jason___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] multipath
Hi, I have setup a ECMP route between two linux systems. I do not have the equalize enabled. This would be flow based. After sending a few ftp/scp sessions I noticed that the 'per flow based' was jumping between interfaces for just one session. My question is, would this be a result of the routing cache changing between the two ECMP systems. If this is the case would removing/disabling the route cache improve this ? Has anyone have a simular setup? Any suggestions appreciated jason___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] ip route mpath rr problem
Title: [LARTC] ip route mpath rr problem Hi, I have been trying to do something simular using 2 gre tunnels between linux routers. I have used Policy based routing with seperate routing tables, with kernel patches such as http://www.ssi.bg/~ja/#multigw. I also tried both per flow/per packet based balancing. So far everything tends to be very inconsistant; packets seem to be dictated by the route cache (?). Here are some suggestions you might try: Teql using nth or random from iptables if you do find an answer I would be intrested. thx jason From: [EMAIL PROTECTED] on behalf of ronnie sahlbergSent: Thu 11/24/2005 2:52 AMTo: lartc@mailman.ds9a.nlSubject: [LARTC] ip route mpath rr problem Hi list,I have tried google but just cant get this to work or figure it out.My setupvanilla 2.6.13 kernel withCONFIG_IP_ROUTE_MULTIPATH=yCONFIG_IP_ROUTE_MULTIPATH_CACHED=yCONFIG_IP_ROUTE_MULTIPATH_RR=yCONFIG_IP_ROUTE_MULTIPATH_RANDOM=yCONFIG_IP_ROUTE_MULTIPATH_WRANDOM=yCONFIG_IP_ROUTE_MULTIPATH_DRR=yMy configuration:A host with two ppp links.Ontop of these two ppp dialup links i have created two CIPE tunnels,one on each link.Both A and B are under my control.++ cipcb0/ppp0 +-+| |--| || A | | B || | cipcb1/ppp1 | || |--| |++ +-+From A's perspectiveppp0 : local ip:10.1.1.1 peer:10.1.1.254ppp1 : local ip:10.1.1.2 peer:10.1.1.254(my ISP givesd me the same peer for concurretn dialupsa)The two tunnels:cipcb0: local:10.2.2.1 peer:10.2.2.2cipcb1: local:10.2.2.5 peer:10.2.2.6Both CIPE tunnels work fine. I can ping my other box B fine usingeither 10.2.2.2 or 10.2.2.6 and the traffic goes across the correctinterface.What I want===I would like packet by packet load-balancing between A and B.Traffic originating from A going to B will be load balanced packet bypacket across cipcb0 and cipcb1.What I have tried=ip route add 10.3.3.3/32 equalize nexthop via 10.2.2.2 dev cipcb0nexthop via 10.2.2.6 dev cipcb1I also run a tcpdump on each of the two itnerfaces cipcb0 and cipcb1to see where the traffic goes.On A : ping 10.3.3.3 : this makes all outgoing traffic go through a single link.I tried it while at the same time i ran while true;do ip route flushcache; done but that just made tcpdump show the echo reply packetcoming back jump back and forth between cipcb0/cipcb1 with agranularity of changing every 2 seconds or so. weird.All outgoing traffic from A still went through the same cipcb interface.What i have searched for but failed to find===I have found posts that refer to something likeip route add ... mpath rrbut can not find which iproute2 package that contains the mpath arguments.Request for help:=I currently use 2.6.13 with the config options i listed above.How can I do packet by packet load balancing from packets from A to B?I am willing to change to whatever 2.6 kernel known to work.Where can i find an iproute2 tool that supports mpath argument? isuppose i need this?Anyone willing to help me?best regardsronnie sahlberg, ethereal developer___LARTC mailing listLARTC@mailman.ds9a.nlhttp://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Multipath TE
Hi, is there any way to route traffic between 2 ECMP routes dependent on the current utilization(packet loss/bandwidth)? For example using OSPF on 2 linux routers with ECMP gre tunnels between them. If the bandwidth on one tunnel starts to exceed a given value the "mechanism" will start sending traffice to the other interface. thx jason___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] load balancing
Hi, I have 2 routers that are connected using 2 gre tunnels over ipsec, and ospf. Ospf sets up the equal cost route, but uses the 'equalize' in the route. Is there a way to remove/disable packet based load balancing? I would just like to do a flow based load balance? thx jason___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] multipath routing
Hi, I have set up multipath routing using two gre tunnels. The multipath routes are setup via (zebra/ospf). I managed to modify zebra not to include the 'equalize' in the multpath route, and set theweights 1:2. My question is that after doing 4+ ftp transfers I still do not see much traffic on the interface with a weight of 1 even thought the first tunnel is near maximum capacity. If this is due to the route cache, is there a way to reduce the TTL on the cache ? thx jason___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] multipath routing
Title: Re: [LARTC] multipath routing Hi, I also used TEQL this worked very well, but I require the (weight) option. thx jason From: [EMAIL PROTECTED] on behalf of Edmundo CarmonaSent: Thu 10/27/2005 8:20 AMTo: lartcSubject: Re: [LARTC] multipath routing Multipath takes a little more that just setting the default route. Youhave to set separate routing tables for each interface involved in themultipath routing (though I haven't understood yet why they areneeded.. the fact is that if you don't set them, multipath won'troute).Also, even if you set it all right, it doesn't mean that if you sendtwo packets to a location X, one will go through one interface and thesecond will go through the other. Routes are cached, and after arouting decision has been made for the first packet, packets going tothat same host will go through the same interface till the cachingtime has gone by.On 10/26/05, comp.techs [EMAIL PROTECTED] wrote: Hi, I am tring to us ip route to load balance between two interfaces. ip route add equalize 10.200.1.0/24 nexthop via 10.200.0.2 dev neta nexthop via 10.200.0.2 dev neta2 Where neta and neta2 are gre tunnels. Testing show that packets travel in a single sided manner. Do I need to use the multipath (IP_ROUTE_MULTIPATH_CACHED) module? thx jason ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc___LARTC mailing listLARTC@mailman.ds9a.nlhttp://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] multipath routing
Title: Re: [LARTC] multipath routing Hi, using the following: ip route add equalize 10.200.1.0/24 nexthop via 10.200.0.2 dev neta nexthop via 10.200.0.2 dev neta2 while doing a - while [ 1 ] do ip route flush cache done the transfer of packets almost seems equal? thx jason From: [EMAIL PROTECTED] on behalf of comp.techsSent: Thu 10/27/2005 10:02 AMTo: Edmundo Carmona; lartc@mailman.ds9a.nlSubject: RE: [LARTC] multipath routing Hi, I also used TEQL this worked very well, but I require the (weight) option. thx jason From: [EMAIL PROTECTED] on behalf of Edmundo CarmonaSent: Thu 10/27/2005 8:20 AMTo: lartcSubject: Re: [LARTC] multipath routing Multipath takes a little more that just setting the default route. Youhave to set separate routing tables for each interface involved in themultipath routing (though I haven't understood yet why they areneeded.. the fact is that if you don't set them, multipath won'troute).Also, even if you set it all right, it doesn't mean that if you sendtwo packets to a location X, one will go through one interface and thesecond will go through the other. Routes are cached, and after arouting decision has been made for the first packet, packets going tothat same host will go through the same interface till the cachingtime has gone by.On 10/26/05, comp.techs [EMAIL PROTECTED] wrote: Hi, I am tring to us ip route to load balance between two interfaces. ip route add equalize 10.200.1.0/24 nexthop via 10.200.0.2 dev neta nexthop via 10.200.0.2 dev neta2 Where neta and neta2 are gre tunnels. Testing show that packets travel in a single sided manner. Do I need to use the multipath (IP_ROUTE_MULTIPATH_CACHED) module? thx jason ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc___LARTC mailing listLARTC@mailman.ds9a.nlhttp://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] multipath routing
Hi, I am tring to us ip route to load balance between two interfaces. ip route add equalize 10.200.1.0/24 nexthop via 10.200.0.2 dev neta nexthop via 10.200.0.2 dev neta2 Where neta and neta2 are gre tunnels.Testing show that packets travel in a single sided manner. Do I need to use the multipath (IP_ROUTE_MULTIPATH_CACHED) module? thx jason___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] loadbalance/gre tunnels
Hi, I have two systems eachwith 2 two gre tunnels over ipsec. The tunnels are setup to loadbalance using 'ip route'. Using ping from one server to the other I get equal results via the two gre tunnels, but when I try a large ftp transfer the utilization of one tunnel is 90% and the other 10%. The two interfaces are both 100/full. What would be the reason for this, or would there be a better way of doing this? thx jason___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] (no subject)
Hi, I have the following setup. Two linux systems with two [test] external interfaces encrypted with ipsec [transport]. Two gre tunnels that pass 10.200.0.0/24 and 10.200.1.0/24 network traffic. Testing the balanced tunnels I would setup iptraf on one and ping from the other. The results would be as expected; traffic would be split between the two interfaces. Testing with an ftp transfer of 300MB I would get various results: 1. one interface would be transfering at 36Mbit/s the other would be at 1.5Mbits/s [a - b] or one interface would be transfering at 29Mbit/s and the other a 0. 2. I would get the same results from [b-a] Is there something I missed or did not configure properly? Any help or suggestions would be appreciated. jason 192.168.0.1[ipsec tunnel] 192.168.0.2 [A] - [B] 172.16.0.1[ipsec tunnel]172.16.0.2 - [A] linux 2.6.13 internal 10.200.1.2/24 ext 192.168.0.1 ext 172.16.0.1 [gre tunnels] netb 10.200.1.2 netb2 10.200.1.2 [B] linux 2.6.13 internal 10.200.0.2 ext 192.168.0.2 ext 172.16.0.2 [gre tunnels] neta 10.200.0.2 neta2 10.200.0.2 a. ip tunnel add netb mode gre remote 172.16.0.2 local 172.16.0.1 ttl 255 ip link set netb up ip addr add 10.200.1.2 deb netb ip tunnel add netb2 mode gre remote 192.168.0.2 local 192.168.0.1 ttl 255 ip link set netb2 up ip addr add 10.200.1.2 dev netb2 ip route add equalize 10.200.0.0/24 nexthop via 10.200.1.2 dev netb nexthop via 10.200.1.2 dev netb2 b. ip tunnel add neta mode gre remote 172.16.0.1 local 172.16.0.2 ttl 255 ip link set neta up ip addr add 10.200.0.2 deb netb ip tunnel add neta2 mode gre remote 192.168.0.1 local 192.168.0.2 ttl 255 ip link set neta2 up ip addr add 10.200.0.2 dev neta2 ip route add equalize 10.200.1.0/24 nexthop via 10.200.0.2 dev neta nexthop via 10.200.0.2 dev neta2 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] load balance with gre/ipsec
Hi, I have the following setup. Two linux systems with two [test] external interfaces encrypted with ipsec [transport]. Two gre tunnels that pass 10.200.0.0/24 and 10.200.1.0/24 network traffic. Testing the balanced tunnels I would setup iptraf on one and ping from the other. The results would be as expected; traffic would be split between the two interfaces. Testing with an ftp transfer of 300MB I would get various results: 1. one interface would be transfering at 36Mbit/s the other would be at 1.5Mbits/s [a - b] or one interface would be transfering at 29Mbit/s and the other a 0. 2. I would get the same results from [b-a] Is there something I missed or did not configure properly? Any help or suggestions would be appreciated. jason 192.168.0.1[ipsec tunnel] 192.168.0.2 [A] - [B] 172.16.0.1[ipsec tunnel]172.16.0.2 - [A] linux 2.6.13 internal 10.200.1.2/24 ext 192.168.0.1 ext 172.16.0.1 [gre tunnels] netb 10.200.1.2 netb2 10.200.1.2 [B] linux 2.6.13 internal 10.200.0.2 ext 192.168.0.2 ext 172.16.0.2 [gre tunnels] neta 10.200.0.2 neta2 10.200.0.2 a. ip tunnel add netb mode gre remote 172.16.0.2 local 172.16.0.1 ttl 255 ip link set netb up ip addr add 10.200.1.2 deb netb ip tunnel add netb2 mode gre remote 192.168.0.2 local 192.168.0.1 ttl 255 ip link set netb2 up ip addr add 10.200.1.2 dev netb2 ip route add equalize 10.200.0.0/24 nexthop via 10.200.1.2 dev netb nexthop via 10.200.1.2 dev netb2 b. ip tunnel add neta mode gre remote 172.16.0.1 local 172.16.0.2 ttl 255 ip link set neta up ip addr add 10.200.0.2 deb netb ip tunnel add neta2 mode gre remote 192.168.0.1 local 192.168.0.2 ttl 255 ip link set neta2 up ip addr add 10.200.0.2 dev neta2 ip route add equalize 10.200.1.0/24 nexthop via 10.200.0.2 dev neta nexthop via 10.200.0.2 dev neta2 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] gre/ipsec loadbalancing
Hi, I have the following setup. Two linux systems with two [test] external interfaces encrypted with ipsec [transport]. Two gre tunnels that pass 10.200.0.0/24 and 10.200.1.0/24 network traffic. Testing the balanced tunnels I would setup iptraf on one and ping from the other. The results would be as expected; traffic would be split between the two interfaces. Testing with an ftp transfer of 300MB I would get various results: 1. one interface would be transfering at 36Mbit/s the other would be at 1.5Mbits/s [a - b] or one interface would be transfering at 29Mbit/s and the other a 0. 2. I would get the same results from [b-a] Is there something I missed or did not configure properly? Any help or suggestions would be appreciated. jason 192.168.0.1[ipsec tunnel] 192.168.0.2 [A] - [B] 172.16.0.1[ipsec tunnel]172.16.0.2 - [A] linux 2.6.13 internal 10.200.1.2/24 ext 192.168.0.1 ext 172.16.0.1 [gre tunnels] netb 10.200.1.2 netb2 10.200.1.2 [B] linux 2.6.13 internal 10.200.0.2 ext 192.168.0.2 ext 172.16.0.2 [gre tunnels] neta 10.200.0.2 neta2 10.200.0.2 a. ip tunnel add netb mode gre remote 172.16.0.2 local 172.16.0.1 ttl 255 ip link set netb up ip addr add 10.200.1.2 deb netb ip tunnel add netb2 mode gre remote 192.168.0.2 local 192.168.0.1 ttl 255 ip link set netb2 up ip addr add 10.200.1.2 dev netb2 ip route add equalize 10.200.0.0/24 nexthop via 10.200.1.2 dev netb nexthop via 10.200.1.2 dev netb2 b. ip tunnel add neta mode gre remote 172.16.0.1 local 172.16.0.2 ttl 255 ip link set neta up ip addr add 10.200.0.2 deb netb ip tunnel add neta2 mode gre remote 192.168.0.1 local 192.168.0.2 ttl 255 ip link set neta2 up ip addr add 10.200.0.2 dev neta2 ip route add equalize 10.200.1.0/24 nexthop via 10.200.0.2 dev neta nexthop via 10.200.0.2 dev neta2 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
