RE: Load Balancing , MSN and SSL

["Salim S I" <salim.si@xxxxxxxxxxxxxxxx>]

http://mailman.ds9a.nl/pipermail/lartc/2007q2/020779.html

 

http://mailman.ds9a.nl/pipermail/lartc/2006q2/018964.html

 

Two different approaches.

 

-----Original Message-----
From: Saulo Silva [mailto:sauloaugustosilva@xxxxxxxxx]
Sent: Thursday, July 05, 2007 11:58 AM
To: Salim S I
Subject: Re: Load Balancing , MSN and SSL

 

I already tried with that with no success .
Could you explain that better  ?

2007/7/4, Salim S I <salim.si@xxxxxxxxxxxxxxxx>:

Refer to the archives.

Use connmark.

 

-----Original Message-----
From: lartc-bounces@xxxxxxxxxxxxxxx [mailto: lartc-bounces@xxxxxxxxxxxxxxx] On Behalf Of Saulo Silva
Sent: Thursday, July 05, 2007 9:01 AM
To: LARTC@xxxxxxxxxxxxxxx
Subject: Load Balancing , MSN and SSL

 

HI All ,

I am running a FC6 box with two internet links with load balance . Every thing is working fine expect the MSN connection that failed and reconnect every time and SSL connections .  I would link to know if with the nona howto I could fix that .

I have been tried with no success to redirect that connection only to one link but its look like do not work . Here my configuration :

#!/bin/bash
#
# Script Baseado em http://lartc.org/howto/lartc.rpdb.multiple-links.html
#
#
#


IF0=eth1

function interface_interna() {
        VALOR_IP=0
        while [ $VALOR_IP -lt 254 ] ; do
           if [ $VALOR_IP -ne 33 ] ; then
                P0_NET=192.168.${VALOR_IP}.0
                IP0=192.168.${VALOR_IP}.1
                ip route add $P0_NET dev $IF0 src $IP0 table T1
                ip route add $P0_NET dev $IF0 src $IP0 table T2
           fi
           VALOR_IP=$(expr $VALOR_IP + 1)
        done
        ip route add 192.168.33.0/24  via 10.1.2.1 dev eth1 src 10.1.2.2
        ip route add 192.168.33.0/24  via 10.1.2.1 dev eth1 src 10.1.2.2 table T1
        ip route add 192.168.33.0/24  via 10.1.2.1 dev eth1 src 10.1.2.2 table T2
}



IP1=xxx.xxx.xxx.18
IF1=eth0
P1_NET=xxx.xxx.xxx.16/30
P1=xxx.xxx.xxx.17


IP2=192.168.254.250
IF2=eth2
P2_NET=192.168.254.248/29
P2=192.168.254.254



ip route add $P1_NET dev $IF1 src $IP1 table T1
ip route add default via $P1 table T1
ip route add $P2_NET dev $IF2 src $IP2 table T2
ip route add default via $P2 table T2

ip route add $P1_NET dev $IF1 src $IP1
ip route add $P2_NET dev $IF2 src $IP2

ip rule add from $IP1 table T1
ip rule add from $IP2 table T2

ip route add $P0_NET     dev $IF0 table T1
ip route add $P1_NET     dev $IF1 table T1
ip route add $P2_NET     dev $IF2 table T1
ip route add 127.0.0.0/8 dev lo   table T1

ip route add $P0_NET     dev $IF0 table T2
ip route add $P1_NET     dev $IF1 table T2
ip route add $P2_NET     dev $IF2 table T2
ip route add 127.0.0.0/8 dev lo   table T2

interface_interna

ip route add default scope global nexthop via $P1 dev $IF1 weight 1 \
nexthop via $P2 dev $IF2 weight 1

#ROTAS DE BACKUP

ip route add default via $P2 dev $IF2 metric 1 table T1
ip route add default via $P1 dev $IF1 metric 1 table T2

#ROTAS DE SERVICOS

ip rule add fwmark 2 table 21 prio 20  
ip rule add fwmark 3 table 22 prio 20

ip route add default via $P1 dev $IF1 table 21
ip route add default via $P2 dev $IF2 table 22

ip route flush cache

Here the iptables mangles rules :

############# MSN Services #####################
iptables -t mangle -A PREROUTING -i eth1 -p tcp -m layer7 --l7proto msnmessenger -j MARK  --set-mark 2
iptables -t mangle -A PREROUTING -i eth1 -p udp -m layer7 --l7proto msnmessenger -j MARK  --set-mark 2
############### SSL Services ###########
iptables -t mangle -A PREROUTING -i eth1 -p tcp -m layer7 --l7proto ssl -j MARK  --set-mark 2

I add the rules from DNS and FTP too .

But it's not seems to work .

Any help will be appreciated .

Saulo Silva

 

_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc