Randy - thanks for the reply - it was a big help. I agree with your points - the single router approach would be easier, but I'm conscious of availability. My thinking is that with a 3 node approach (1 node for Provider 1 uplink, 1 node for provider 2 uplink, and the 3rd router for the internal core router), if one of the border routers go down we loose half the connectivity; we'd also look to run a standard active-standby LVS node to provide HA on the single core router. At this stage, we're leaning towards the three node approach but we're not 100% sure if this will work with the configuration I outlined below. Provider 1 Provider 2 | | SDSL SDSL | | Border Rtr 1 Border Rtr 2 | | +--------+ +-----+ +--Core Rtr 1--+ | +--------------+--------------+ | | | Server1 Server 2 Server 3 As I noted above, core router 1 would be HA'd in an active standby. Cheers Adam -----Original Message----- From: lartc-bounces@xxxxxxxxxxxxxxx [mailto:lartc-bounces@xxxxxxxxxxxxxxx] On Behalf Of Randy Wallace Sent: Monday, 25 December 2006 2:39 AM To: lartc@xxxxxxxxxxxxxxx Subject: RE: Question regarding Split Access description (Adam Neat) IMHO, i believe that it would be more realistic to have one router providing load balancing/dead gateway to one/several subnet(s). otherwise, each server/user would have to do their own load balancing for each subnet! that, or you would need 3 routers, one for each subnet and a linux router doing the load balancing in the middle. with 3 routers, the load balancing configurations shouldn't change, just ip addresses there is a discussion of how to use DNAT (port forwarding) at http://www.ssi.bg/~ja/dgd-usage.txt with dead gateway detection xx.xx.xx.x1/32--->SHDSL#1 (wan0)/ xx.xx.xx.x2/32 server(s) ------> Switch -------> (lan0) Linux Router -- ex. LAMP Server ip 192.168.1.1/28 (wan1)\ ip 192.168.1.2/28 yy.yy.yy.y1/32--->SHDSL#2 gw 192.168.1.1 yy.yy.yy.y2/32 ip rule add prio 10 table main ip rule add prio 20 from xx.xx.xx.x1/32 table 20 ip route append default via xx.xx.xx.x2 dev wan0 src xx.xx.xx.x1 table 20 ip rule add prio 30 from yy.yy.yy.y1/32 table 30 ip route append default via yy.yy.yy.y2 dev wan1 src yy.yy.yy.y1 table 30 ip rule add prio 100 from 192.168.1.0/28 table 100 ip route add default table 100 \ nexthop via xx.xx.xx.x1 dev wan0 \ nexthop via yy.yy.yy.y1 dev wan1 the key is using 192.168.1.1 as the gateway ipTables masq and dnat rules could take care of src and dest ip addressing to xx.xx.xx.x1 and yy.yy.yy.y1. i prefer keeping some routing in iptables as a firewall advantage. iptables -t nat -A POSTROUTING -o wan0 -j MASQUERADE iptables -t nat -A POSTROUTING -o wan1 -j MASQUERADE iptables -t nat -A PREROUTING -p tcp -d xx.xx.xx.x1 --dport 80 \ -j DNAT --to-destination 192.168.1.2 iptables -t nat -A PREROUTING -p tcp -d yy.yy.yy.y1 --dport 80 \ -j DNAT --to-destination 192.168.1.2 DNS Records, at godaddy.com for example, should specify both xx.xx.xx.x1 and yy.yy.yy.y1 for the LAMP. then you would have a path to both SHDSL connections from the internet for one domain. this makes the most sense to me, but isn't the only solution, the only fault i can see is that there is one major point of failure. _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
