RE: [LARTC] Loadbalancing and failover using TC and Iptables
Another question related with this. I've 4 ADSLs and I already use CONNMARK to MARK out/in traffic from ADSLs in order to make a QoS. # iptables -L -t mangle [... snip ...] Chain POSTROUTING (policy ACCEPT 15M packets, 5610M bytes) pkts bytes target prot opt in out source destination 989K 299M MYSHAPER-OUT all -- * ppp30.0.0.0/0 0.0.0.0/0 985K 222M MYSHAPER-OUT all -- * ppp20.0.0.0/0 0.0.0.0/0 856K 163M MYSHAPER-OUT all -- * ppp10.0.0.0/0 0.0.0.0/0 841K 164M MYSHAPER-OUT all -- * ppp00.0.0.0/0 0.0.0.0/0 [... snip ...] Chain MYSHAPER-OUT (4 references) pkts bytes target prot opt in out source destination 39254 7491K MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:0:1024 MARK set 0x17 1920K 221M MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:0:1024 MARK set 0x17 1882 153K MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 MARK set 0x1a 174 9457 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5190 MARK set 0x17 142K 19M MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1863 MARK set 0x17 [... snip ...] Later, with that MARK I put traffic on a HTB class. ... $TC filter add dev $DEV parent nn:0 prio 0 protocol ip handle XX fw flowid nn:yy ... MY Question is: is possible re-mark traffic or put another mark in order to know which PPP interface going out ? Must I use CLASSIFY to shape in/out PPP traffic , and let MARKs to know which PPP interface going out ? best regards. andres - - :: L i n u XK i D :: wrote: - - I've read next link: - - - I'm not sure this is still a good link - - - http://selab.edu.ms/twiki/bin/view/Networking/MultihomedLinuxNetworking - - is really neccessary mark pakets on this way ? - - From the machine on which the 2 ISPs are connected to two different - NICs, no. It will send and receive packets without marking. Where I - have a problem is with NATted users; they are tied to one or the other - ISP (even though I run 'ip route flush cache') unless I mark. - - Maybe Julian will give us some hints grin? - -- - gypsy - - [... snip ...] - - # iptables -A POSTROUTING -t mangle -j MARK --set-mark 1 \ - -m state --state NEW -o ppp0 - # iptables -A POSTROUTING -t mangle -j MARK --set-mark 2 \ - -m state --state NEW -o ppp1 - # iptables -A POSTROUTING -t mangle -j CONNMARK --save-mark \ - -m state --state NEW - - [... snip ...] - - # iptables -A POSTROUTING -t nat -m mark --mark 1 \ - -j SNAT --to-source 11.1.1.1 - # iptables -A POSTROUTING -t nat -m mark --mark 2 \ - -j SNAT --to-source 22.2.2.2 - - - hareram wrote: - - - - Hi all - - - - iam trying to deploy loadbalance and failover - - - - My setup description - - --Fedora Core 4 - - --Linux 2.6.12.3 #1 SMP Mon Jul 25 22:37:34 IST 2005 - i686 i686 i386 - - GNU/Linux - - --tc utility, iproute2-ss050314 - - --ip utility, iproute2-ss050314 - - --iptables v1.3.0 - - - - You say nothing about Julian's patch, so I assume you did - not patch your - - kernel. You must do that. - - http://www.ssi.bg/~ja/ - - - - http://www.geocities.com/mctiew/ffw/dual.htm - - - - I'm not sure this is still a good link - - - http://selab.edu.ms/twiki/bin/view/Networking/MultihomedLinuxNetworking - - so here is an old copy - - http://yesican.chsoft.biz/lartc/MultihomedLinuxNetworking.html - - -- - - gypsy - - ___ - - LARTC mailing list - - LARTC@mailman.ds9a.nl - - http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc - ___ - LARTC mailing list - LARTC@mailman.ds9a.nl - http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] Loadbalancing and failover using TC and Iptables
I've tried this on my 4 adsl Linux + 10 hosts lan... but works better without marks - - Another question related with this. - - I've 4 ADSLs and I already use CONNMARK - to MARK out/in traffic from ADSLs in order - to make a QoS. - - # iptables -L -t mangle - - [... snip ...] - - Chain POSTROUTING (policy ACCEPT 15M packets, 5610M bytes) - pkts bytes target prot opt in out source - destination - 989K 299M MYSHAPER-OUT all -- * ppp30.0.0.0/0 - 0.0.0.0/0 - 985K 222M MYSHAPER-OUT all -- * ppp20.0.0.0/0 - 0.0.0.0/0 - 856K 163M MYSHAPER-OUT all -- * ppp10.0.0.0/0 - 0.0.0.0/0 - 841K 164M MYSHAPER-OUT all -- * ppp00.0.0.0/0 - 0.0.0.0/0 - - [... snip ...] - - Chain MYSHAPER-OUT (4 references) - pkts bytes target prot opt in out source - destination - 39254 7491K MARK tcp -- * * 0.0.0.0/0 - 0.0.0.0/0 tcp spts:0:1024 MARK set 0x17 - 1920K 221M MARK tcp -- * * 0.0.0.0/0 - 0.0.0.0/0 tcp dpts:0:1024 MARK set 0x17 - 1882 153K MARK tcp -- * * 0.0.0.0/0 - 0.0.0.0/0 tcp dpt:20 MARK set 0x1a - 174 9457 MARK tcp -- * * 0.0.0.0/0 - 0.0.0.0/0 tcp dpt:5190 MARK set 0x17 - 142K 19M MARK tcp -- * * 0.0.0.0/0 - 0.0.0.0/0 tcp dpt:1863 MARK set 0x17 - [... snip ...] - - - Later, with that MARK I put traffic on a HTB class. - ... - $TC filter add dev $DEV parent nn:0 prio 0 protocol ip handle XX - fw flowid - nn:yy - ... - - MY Question is: - is possible re-mark traffic or put another mark in order - to know which PPP interface going out ? - - Must I use CLASSIFY to shape in/out PPP traffic , and let MARKs - to know which PPP interface going out ? - - best regards. - - andres - - - - - - - - - - - - - - - - - - - :: L i n u XK i D :: wrote: - - - - - I've read next link: - - - - - I'm not sure this is still a good link - - - - - - http://selab.edu.ms/twiki/bin/view/Networking/MultihomedLinuxNetworking - - - - is really neccessary mark pakets on this way ? - - - - From the machine on which the 2 ISPs are connected to two different - - NICs, no. It will send and receive packets without marking. Where I - - have a problem is with NATted users; they are tied to one or the other - - ISP (even though I run 'ip route flush cache') unless I mark. - - - - Maybe Julian will give us some hints grin? - - -- - - gypsy - - - - [... snip ...] - - - - # iptables -A POSTROUTING -t mangle -j MARK --set-mark 1 \ - - -m state --state NEW -o ppp0 - - # iptables -A POSTROUTING -t mangle -j MARK --set-mark 2 \ - - -m state --state NEW -o ppp1 - - # iptables -A POSTROUTING -t mangle -j CONNMARK --save-mark \ - - -m state --state NEW - - - - [... snip ...] - - - - # iptables -A POSTROUTING -t nat -m mark --mark 1 \ - - -j SNAT --to-source 11.1.1.1 - - # iptables -A POSTROUTING -t nat -m mark --mark 2 \ - - -j SNAT --to-source 22.2.2.2 - - - - - hareram wrote: - - - - - - Hi all - - - - - - iam trying to deploy loadbalance and failover - - - - - - My setup description - - - --Fedora Core 4 - - - --Linux 2.6.12.3 #1 SMP Mon Jul 25 22:37:34 IST 2005 - - i686 i686 i386 - - - GNU/Linux - - - --tc utility, iproute2-ss050314 - - - --ip utility, iproute2-ss050314 - - - --iptables v1.3.0 - - - - - - You say nothing about Julian's patch, so I assume you did - - not patch your - - - kernel. You must do that. - - - http://www.ssi.bg/~ja/ - - - - - - http://www.geocities.com/mctiew/ffw/dual.htm - - - - - - I'm not sure this is still a good link - - - - - http://selab.edu.ms/twiki/bin/view/Networking/MultihomedLinuxNetworking - - so here is an old copy - - http://yesican.chsoft.biz/lartc/MultihomedLinuxNetworking.html - - -- - - gypsy - - ___ - - LARTC mailing list - - LARTC@mailman.ds9a.nl - - http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc - ___ - LARTC mailing list - LARTC@mailman.ds9a.nl - http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Loadbalancing and failover using TC and Iptables
hareram wrote: Hi all iam trying to deploy loadbalance and failover My setup description --Fedora Core 4 --Linux 2.6.12.3 #1 SMP Mon Jul 25 22:37:34 IST 2005 i686 i686 i386 GNU/Linux --tc utility, iproute2-ss050314 --ip utility, iproute2-ss050314 --iptables v1.3.0 You say nothing about Julian's patch, so I assume you did not patch your kernel. You must do that. http://www.ssi.bg/~ja/ http://www.geocities.com/mctiew/ffw/dual.htm I'm not sure this is still a good link http://selab.edu.ms/twiki/bin/view/Networking/MultihomedLinuxNetworking so here is an old copy http://yesican.chsoft.biz/lartc/MultihomedLinuxNetworking.html -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Loadbalancing and failover using TC and Iptables
Hi sorry i was not mentioned that yes i did with the patch patch-2.6.12-ja1.diff yes iam also seen the document of Dual and try to see how can make that kind of setup any help will be apprciate hare - Original Message - From: gypsy [EMAIL PROTECTED] To: lartc@mailman.ds9a.nl Cc: hareram [EMAIL PROTECTED] Sent: Monday, August 08, 2005 7:16 PM Subject: Re: [LARTC] Loadbalancing and failover using TC and Iptables hareram wrote: Hi all iam trying to deploy loadbalance and failover My setup description --Fedora Core 4 --Linux 2.6.12.3 #1 SMP Mon Jul 25 22:37:34 IST 2005 i686 i686 i386 GNU/Linux --tc utility, iproute2-ss050314 --ip utility, iproute2-ss050314 --iptables v1.3.0 You say nothing about Julian's patch, so I assume you did not patch your kernel. You must do that. http://www.ssi.bg/~ja/ http://www.geocities.com/mctiew/ffw/dual.htm I'm not sure this is still a good link http://selab.edu.ms/twiki/bin/view/Networking/MultihomedLinuxNetworking so here is an old copy http://yesican.chsoft.biz/lartc/MultihomedLinuxNetworking.html -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] Loadbalancing and failover using TC and Iptables
I've read next link: - I'm not sure this is still a good link - http://selab.edu.ms/twiki/bin/view/Networking/MultihomedLinuxNetworking is really neccessary mark pakets on this way ? [... snip ...] # iptables -A POSTROUTING -t mangle -j MARK --set-mark 1 \ -m state --state NEW -o ppp0 # iptables -A POSTROUTING -t mangle -j MARK --set-mark 2 \ -m state --state NEW -o ppp1 # iptables -A POSTROUTING -t mangle -j CONNMARK --save-mark \ -m state --state NEW [... snip ...] # iptables -A POSTROUTING -t nat -m mark --mark 1 \ -j SNAT --to-source 11.1.1.1 # iptables -A POSTROUTING -t nat -m mark --mark 2 \ -j SNAT --to-source 22.2.2.2 - hareram wrote: - - Hi all - - iam trying to deploy loadbalance and failover - - My setup description - --Fedora Core 4 - --Linux 2.6.12.3 #1 SMP Mon Jul 25 22:37:34 IST 2005 i686 i686 i386 - GNU/Linux - --tc utility, iproute2-ss050314 - --ip utility, iproute2-ss050314 - --iptables v1.3.0 - - You say nothing about Julian's patch, so I assume you did not patch your - kernel. You must do that. - http://www.ssi.bg/~ja/ - - http://www.geocities.com/mctiew/ffw/dual.htm - - I'm not sure this is still a good link - http://selab.edu.ms/twiki/bin/view/Networking/MultihomedLinuxNetworking - so here is an old copy - http://yesican.chsoft.biz/lartc/MultihomedLinuxNetworking.html - -- - gypsy - ___ - LARTC mailing list - LARTC@mailman.ds9a.nl - http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Loadbalancing and failover using TC and Iptables
Hi yes i have tried with the docs but from the box iam not able to go out even i configureed on of client and try to access the internet, iam not able to ?? any suggestions hare - Original Message - From: :: L i n u XK i D :: [EMAIL PROTECTED] To: lartc lartc@mailman.ds9a.nl Sent: Monday, August 08, 2005 11:05 PM Subject: RE: [LARTC] Loadbalancing and failover using TC and Iptables I've read next link: - I'm not sure this is still a good link - http://selab.edu.ms/twiki/bin/view/Networking/MultihomedLinuxNetworking is really neccessary mark pakets on this way ? [... snip ...] # iptables -A POSTROUTING -t mangle -j MARK --set-mark 1 \ -m state --state NEW -o ppp0 # iptables -A POSTROUTING -t mangle -j MARK --set-mark 2 \ -m state --state NEW -o ppp1 # iptables -A POSTROUTING -t mangle -j CONNMARK --save-mark \ -m state --state NEW [... snip ...] # iptables -A POSTROUTING -t nat -m mark --mark 1 \ -j SNAT --to-source 11.1.1.1 # iptables -A POSTROUTING -t nat -m mark --mark 2 \ -j SNAT --to-source 22.2.2.2 - hareram wrote: - - Hi all - - iam trying to deploy loadbalance and failover - - My setup description - --Fedora Core 4 - --Linux 2.6.12.3 #1 SMP Mon Jul 25 22:37:34 IST 2005 i686 i686 i386 - GNU/Linux - --tc utility, iproute2-ss050314 - --ip utility, iproute2-ss050314 - --iptables v1.3.0 - - You say nothing about Julian's patch, so I assume you did not patch your - kernel. You must do that. - http://www.ssi.bg/~ja/ - - http://www.geocities.com/mctiew/ffw/dual.htm - - I'm not sure this is still a good link - http://selab.edu.ms/twiki/bin/view/Networking/MultihomedLinuxNetworking - so here is an old copy - http://yesican.chsoft.biz/lartc/MultihomedLinuxNetworking.html - -- - gypsy - ___ - LARTC mailing list - LARTC@mailman.ds9a.nl - http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Loadbalancing and failover using TC and Iptables
:: L i n u XK i D :: wrote: I've read next link: - I'm not sure this is still a good link - http://selab.edu.ms/twiki/bin/view/Networking/MultihomedLinuxNetworking is really neccessary mark pakets on this way ? From the machine on which the 2 ISPs are connected to two different NICs, no. It will send and receive packets without marking. Where I have a problem is with NATted users; they are tied to one or the other ISP (even though I run 'ip route flush cache') unless I mark. Maybe Julian will give us some hints grin? -- gypsy [... snip ...] # iptables -A POSTROUTING -t mangle -j MARK --set-mark 1 \ -m state --state NEW -o ppp0 # iptables -A POSTROUTING -t mangle -j MARK --set-mark 2 \ -m state --state NEW -o ppp1 # iptables -A POSTROUTING -t mangle -j CONNMARK --save-mark \ -m state --state NEW [... snip ...] # iptables -A POSTROUTING -t nat -m mark --mark 1 \ -j SNAT --to-source 11.1.1.1 # iptables -A POSTROUTING -t nat -m mark --mark 2 \ -j SNAT --to-source 22.2.2.2 - hareram wrote: - - Hi all - - iam trying to deploy loadbalance and failover - - My setup description - --Fedora Core 4 - --Linux 2.6.12.3 #1 SMP Mon Jul 25 22:37:34 IST 2005 i686 i686 i386 - GNU/Linux - --tc utility, iproute2-ss050314 - --ip utility, iproute2-ss050314 - --iptables v1.3.0 - - You say nothing about Julian's patch, so I assume you did not patch your - kernel. You must do that. - http://www.ssi.bg/~ja/ - - http://www.geocities.com/mctiew/ffw/dual.htm - - I'm not sure this is still a good link - http://selab.edu.ms/twiki/bin/view/Networking/MultihomedLinuxNetworking - so here is an old copy - http://yesican.chsoft.biz/lartc/MultihomedLinuxNetworking.html - -- - gypsy - ___ - LARTC mailing list - LARTC@mailman.ds9a.nl - http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
