[LARTC] Example of load balancing/redundant internet connections

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a working example from a network I had in CA.
This is not a how to. There are no instructions provided. Please do not
ask me for them, as I did not write the original ones I followed when
doing this.

Only ask me for help after you have done your homework, and spent at
least a day of complete frustration. If you can prove both to me in your
first email, I will help out. Otherwise the web, and Google are your
friends.

The links I used have been posted to this list more times than I care to
say, but for completeness.

Load balance traffic from the inside out (Kernel)
http://www.ssi.bg/~ja/
http://www.ssi.bg/~ja/#routes

Load balance from the outside in (DNS)
http://www.samag.com/documents/s=1824/sam0201h/0201h.htm
(Pay attention to the DNS part and forget the rest)

You must compile a customer kernel with multipath route support, and
patched with Julian's patches.

There are three sections. The first applies to all. The second to 2.2
kernels, and the third to 2.4 kernels.

<--Begin example->

ip link set lo up
ip link set eth0 up
ip link set eth1 up
ip link set eth2 up

ip addr add 127.0.0.1/8 brd 127.0.0.255 dev lo
ip addr add 192.168.1.250/24 brd 192.168.1.255 dev eth0
ip addr add 10.1.0.2/16 brd 10.1.255.255 dev eth1
ip addr add 10.1.0.97/16 brd 10.1.255.255 dev eth1
ip addr add 10.1.0.98/16 brd 10.1.255.255 dev eth1
ip addr add 10.1.0.99/16 brd 10.1.255.255 dev eth1
ip addr add 10.1.0.103/16 brd 10.1.255.255 dev eth1
ip addr add 10.2.0.2/16 brd 10.2.255.255 dev eth2
ip addr add 10.2.0.57/16 brd 10.2.255.255 dev eth2
ip addr add 10.2.0.58/16 brd 10.2.255.255 dev eth2
ip addr add 10.2.0.59/16 brd 10.2.255.255 dev eth2
ip addr add 10.2.0.62/16 brd 10.2.255.255 dev eth2

ip route add 127.0.0.0/8 dev lo

ip rule add prio 10 table main
ip route del default table main

ip rule add prio 20 from 10.1.0.0/16 table 20
ip route add default via 10.1.0.1 dev eth1 src 10.1.0.2 proto static table 20
ip route append prohibit default table 20 metric 1 proto static

ip rule add prio 30 from 10.2.0.0/16 table 30
ip route add default via 10.2.0.1 dev eth2 src 10.2.0.2 proto static table 30
ip route append prohibit default table 30 metric 1 proto static

# Set up load balancing gateways
ip rule add prio 50 table 50
ip route add default table 50 proto static \
        nexthop via 10.1.0.1 dev eth1 \
        nexthop via 10.2.0.1 dev eth2

<--End example-->

<--Begin 2.2 NAT-->
ipmasqadm portfw -a -P tcp -L 10.1.0.103  443 -R 192.168.1.3    443
ipmasqadm portfw -a -P tcp -L 10.1.0.103  143 -R 192.168.1.3    143
ipmasqadm portfw -a -P tcp -L 10.1.0.103  110 -R 192.168.1.3    110
ipmasqadm portfw -a -P tcp -L 10.1.0.103   81 -R 192.168.1.3     81
ipmasqadm portfw -a -P tcp -L 10.1.0.103   80 -R 192.168.1.3     80
ipmasqadm portfw -a -P tcp -L 10.1.0.103   25 -R 192.168.1.3     25
ipmasqadm portfw -a -P tcp -L 10.1.0.99   443 -R 192.168.1.1    443
ipmasqadm portfw -a -P tcp -L 10.1.0.99   143 -R 192.168.1.1    143
ipmasqadm portfw -a -P tcp -L 10.1.0.99   110 -R 192.168.1.1    110
ipmasqadm portfw -a -P tcp -L 10.1.0.99    81 -R 192.168.1.1     81
ipmasqadm portfw -a -P tcp -L 10.1.0.99    80 -R 192.168.1.1     80
ipmasqadm portfw -a -P tcp -L 10.1.0.99    25 -R 192.168.1.1     25
ipmasqadm portfw -a -P tcp -L 10.1.0.99    22 -R 192.168.1.1     22
ipmasqadm portfw -a -P tcp -L 10.1.0.99    21 -R 192.168.1.1     21
ipmasqadm portfw -a -P udp -L 10.1.0.98    53 -R 192.168.1.222   53
ipmasqadm portfw -a -P tcp -L 10.1.0.98    53 -R 192.168.1.222   53
ipmasqadm portfw -a -P udp -L 10.1.0.97    53 -R 192.168.1.221   53
ipmasqadm portfw -a -P tcp -L 10.1.0.97    53 -R 192.168.1.221   53

ipmasqadm portfw -a -P tcp -L 10.2.0.62   443 -R 192.168.1.3    443
ipmasqadm portfw -a -P tcp -L 10.2.0.62   143 -R 192.168.1.3    143
ipmasqadm portfw -a -P tcp -L 10.2.0.62   110 -R 192.168.1.3    110
ipmasqadm portfw -a -P tcp -L 10.2.0.62    81 -R 192.168.1.3     81
ipmasqadm portfw -a -P tcp -L 10.2.0.62    80 -R 192.168.1.3     80
ipmasqadm portfw -a -P tcp -L 10.2.0.62    25 -R 192.168.1.3     25
ipmasqadm portfw -a -P tcp -L 10.2.0.59   443 -R 192.168.1.1    443
ipmasqadm portfw -a -P tcp -L 10.2.0.59   143 -R 192.168.1.1    143
ipmasqadm portfw -a -P tcp -L 10.2.0.59   110 -R 192.168.1.1    110
ipmasqadm portfw -a -P tcp -L 10.2.0.59    81 -R 192.168.1.1     81
ipmasqadm portfw -a -P tcp -L 10.2.0.59    80 -R 192.168.1.1     80
ipmasqadm portfw -a -P tcp -L 10.2.0.59    25 -R 192.168.1.1     25
ipmasqadm portfw -a -P tcp -L 10.2.0.59    22 -R 192.168.1.1     22
ipmasqadm portfw -a -P tcp -L 10.2.0.59    21 -R 192.168.1.1     21
ipmasqadm portfw -a -P udp -L 10.2.0.58    53 -R 192.168.1.222   53
ipmasqadm portfw -a -P tcp -L 10.2.0.58    53 -R 192.168.1.222   53
ipmasqadm portfw -a -P udp -L 10.2.0.57    53 -R 192.168.1.221   53
ipmasqadm portfw -a -P tcp -L 10.2.0.57    53 -R 192.168.1.221   53

ipchains -A forward -s 192.168.1.0/24 -j MASQ

<--End 2.2 NAT-->

<--Begin 2.4 NAT-->

iptables -t nat -A PREROUTING -i eth1 -d 10.1.0.99 -p tcp -m multiport --dport 443,143,110,81,80,25,22,21 -j DNAT --to 192.168.1.1
iptables -t nat -A PREROUTING -i eth1 -d 10.1.0.103 -p tcp -m multiport --dport 443,143,110,81,80,25 -j DNAT --to 192.168.1.3
iptables -t nat -A PREROUTING -i eth2 -d 10.1.0.97 -p udp --dport 53 -j DNAT --to 192.168.1.221
iptables -t nat -A PREROUTING -i eth2 -d 10.1.0.97 -p tcp --dport 53 -j DNAT --to 192.168.1.221
iptables -t nat -A PREROUTING -i eth2 -d 10.1.0.98 -p udp --dport 53 -j DNAT --to 192.168.1.222
iptables -t nat -A PREROUTING -i eth2 -d 10.1.0.98 -p tcp --dport 53 -j DNAT --to 192.168.1.222

iptables -t nat -A PREROUTING -i eth2 -d 10.2.0.59 -p tcp -m multiport --dport 443,143,110,81,80,25,22,21 -j DNAT --to 192.168.1.1
iptables -t nat -A PREROUTING -i eth1 -d 10.2.0.62 -p tcp -m multiport --dport 443,143,110,81,80,25 -j DNAT --to 192.168.1.3
iptables -t nat -A PREROUTING -i eth2 -d 10.2.0.57 -p udp --dport 53 -j DNAT --to 192.168.1.221
iptables -t nat -A PREROUTING -i eth2 -d 10.2.0.57 -p tcp --dport 53 -j DNAT --to 192.168.1.221
iptables -t nat -A PREROUTING -i eth2 -d 10.2.0.58 -p udp --dport 53 -j DNAT --to 192.168.1.222
iptables -t nat -A PREROUTING -i eth2 -d 10.2.0.58 -p tcp --dport 53 -j DNAT --to 192.168.1.222

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE

<--End 2.4 NAT-->

Then before you are done make sure to

# Turn on ip forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

Good luck, and hopefully the above can save others from having to ask
questions, and others having to answer them.

-- 
Sincerely,
William L. Thomson Jr.
Support Group
Obsidian-Studios, Inc.
3548 Jamestown Ln.
Jacksonville, FL 32223
Phone/Fax  904.260.2445
http://www.obsidian-studios.com
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux