Le ven 02/01/2004 à 20:08, Tushar Thakker a écrit : > Hi all, > i have network setup with 3 gateways and a large number of intranet > nodes, > i want to do automatic load balancing with failover, One find way to do this is to use a combination of : - nth : http://www.netfilter.org/documentation/pomlist/pom-base.html#nth - condition : http://www.netfilter.org/documentation/pomlist/pom-extra.html#condition - CONNMARK : http://www.netfilter.org/documentation/pomlist/pom-extra.html#CONNMARK - iproute2 the first three are patch available in patch-o-matic from netfilter, see provided link for explanation. The idea is the following : let say that we've got a link A at 512 and a link B at 1024 kbits. I want to have twice the number of connection on B as on A to really use link B so i set a counter with 3 slots, I fed slots 0 and 2 to B and slots 1 to A. iptables -t mangle -A FORWARD -m state --state NEW NEW -m nth --counter 1 \ --every 3 --packet 0 -j MARK --set-mark 0x1 iptables -t mangle -A FORWARD -m state --state NEW -m nth --counter 1 \ --every 3 --packet 1 -j MARK --set-mark 0x2 iptables -t mangle -A FORWARD -m state --state NEW -m nth --counter 1 \ --every 3 --packet 1 -j MARK --set-mark 0x1 You need to restore and save the mark with connmark to have mark follow connection and tcp session coming from the same IP. Next route mark 0x1 on link B and route 0x2 on link A (use ip rules and diferrent routing tables) Here you've got a good load-balancing. Next thing use condition on each line to have packet being marked only if the corresponding link is detected as UP (else marked it with the other link mark if it is itself not down). To test if the link is up you'll have to write a simple daemon which ping gateway and set the corresponding condition to 0 or 1 if link is down or up. BR, -- Eric Leblond NuFW, Now User Filtering Works (http://www.nufw.org)
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e=2E?=
