The LARTC howto correctly describes load balancing and split
access for traffic from a machine with multiple ISP connections
(http://www.lartc.org/lartc.html#LARTC.RPDB.MULTIPLE-LINKS) --
*provided* the traffic originates from the machine itself (i.e.
traffic regularly handled by the INPUT and OUTPUT chains of
iptables).
When forwarding traffic from an attached local network, the
following problems occur with traffic from the local network to
internet hosts:
1. The ip rule add from x.x.x.x refers to local IP addresses
before NAT, such as 192.168.0.44, rather than the public IP
address after NAT (and certainly not both). This is the
fundamental problem that causes load balancing and split
access to be unreliable.
2. Cached routes are dropped periodically from the route cache,
even while in active use: this causes connection reset errors
and strange timeouts.
3. To frustrate iptables based work-arounds, routing does not
obey marks added with iptables -t mangle -A PREROUTING. It
seems that ip fwmark rules are not obeyed if the route is
cached, and the cache hash does not include the firewall mark
(or maybe it does, but it doesn't work ?!?). (Interestingly,
cached routing *does* obey the TOS bits, which makes creative
work-arounds marginally possible. There just aren't too many
TOS values to play with.)
Is there a solution to these problems which works with the official
kernels? If so, which versions? If not, which patches resolve these
problems?
&:-)
--
Disclaimer: in the event of this disclaimer being incomplete
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
