Cytowanie Julian Anastasov <ja@xxxxxx>: > > Hello, > > On Fri, 27 Aug 2004, favero@xxxxxxxxxxxx wrote: > > > You mean that using NAT its impossible to do load balance or > > this is the worng command? If its the wrong command, what´s > > the right one? > > Don't disappoint, you can check the following patches > and howtos: > > http://www.ssi.bg/~ja/#routes > > > Tks A LOT for the response! > > Fernando Favero > > Regards > > -- > Julian Anastasov <ja@xxxxxx> > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > Hi, everybody again:) As this subject comes and goes from time to time, I have some personal observations. I'm personally using such a solution :) Although this solution works perfectly (in bigger setup like few hundred machines) it has some drawbacks. One of the biggest is that some applications WILL NOT WORK. It doesn't just matter if it is connectionless or not, it just depends on security flavour used by the internet side application. For example I've found this: 1. Home Banking - typically online banks are verifying source IP of the connecting client, so it just breaks almost every connection :( 2. phpBB - depending on setup, this forum also verifies the origin. etc. I've found some misunderstanding in letters at the list: If you use Julian's patches and the script I've proposed single connection goes through single link only! during single connection source address and source interface will not be changed. But different connections with the same target can start from different interfaces and that is the source of problems mentioned above. If you login with one source, get the page and in next connection try to get it from another ip you are lost :(. But not everything is lost - policy routing comes as a helper. You can route some applications via only one connection. But this makes things more complicated as some BW management may be needed, and performance decreases. I can say that it works, because for me it works with 4 uplinks, but tuning the correct settings took some time. >From my point of view using equal cost multipath routing blindly without provider help is a bit complicated thing. But it is some kind of workaround when you can't buy a bigger, single link. PS. Sorry for this long long letter, but I hope it helps. PS. Julian, thanks for linking my script mpath2.sh from your hotwo, as I haven't got ocassion earlier :) -- Robert Kurjata mailto:rkurjata@xxxxxxxxxxxxx ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
