Perhaps I missed the original point of the first message, but why exactly don't you just use BGP, as it was basically designed for this purpose? There are at least two good implementations of BGP for Linux, one of which is easy to use, the other obfuscated. (Zebra and GateD) Of course, that requires having globally routable address space in the first place, but I assume that you do. Is there a reason not to use BGP in this case? Aaron On Wed, 25 Jun 2003, William L. Thomson Jr. wrote: > On Wed, 2003-06-25 at 04:35, Tomas Bonnedahl wrote: > > > the "problem" im having is that i will not do nat on the core router, but on the border routers. > > I was faced with the same problem and ended up doing two rounds of > NAT/PAT. The next step to that is to stop doing any NAT on the routers > and let the core router deal with all that. From my experience a > properly designed and dialed in Linux router can perform better than > most other name brand dedicated routers. > > Now I am not saying it will be out a $100,000 Cisco router. The > performance should easily be equal to or greater than your existing > routers. > > For example when I had my setup in CA my Linux router through put > latency was about half that of my Cisco 827 ADSL router, or either of my > Netopia SDSL routers. > > > the multipath default route is on the core router. > > Linux router, correct. > > > from what i understand, could be totally wrong, > > you have to have nat, at least connection tracking on the core to make the multipath route per > > flow and not per packet. > > Correct, sort of. NAT will keep the path in cache, which will allow > packets to keep traveling the same router. > > The word flow is much better than connection. You will not get per > connection load balancing. Either way using multipath it will be per > packet load balancing. However with NAT and Julian's patches the NAT > routes are cached which will allow further packets to flow or traverse > the same path. > > I have seen others, I think even Julian, said that it is possible to > accomplish without NAT. That has not been my experience. Based on my > experience I would say that NAT is a must. > >
