This is not really the best place for a routing question. If you raise your question on the quagga list, you might be better off. On Wed, Feb 25, 2015 at 10:39 PM, Han Changzhe <hcz@xxxxxxxxxxx> wrote: > Hello experts, > > I'm setting up a routing server on Linux with following links > > 1. An Ethernet link (eth0) to the 1st internet link (fast, but can't > access some sites); > 2. A VPN link (tun0) to provide services to local users; > 3. A VPN link (tun1) to a proxy server as the 2nd internet link (slow, > free). > > My target is: > * for common internet access, routing the packets through eth0; > * for the sites can't be accessed through eth0, routing them through tun1. Well, one of the things we have been working on in the homenet working group is source specific routing, which could possibly help here, but it is non-deterministic. > By now, I set the routing table manually for serveral sites and it works > fine. Because there are thousands of them and the sites change with time, so > I want a better solution. > > My idea is like this: setting up more than one default routes for internet > access, then dynamically change the route table (or route table cache) with > some software according to the internet access results. > > For example, if we get a timeout from https://www.google.com through eth0, > the software should try it through tun1 link and, when succeed, adding the > later route to current route table. Well you are conflating several layers of the protocol here. It is hard to recognise a timeout, for example, without sniffing for syns/syn_acks on the gateway. That sniffer could simultaneously try a syn out one of the vpn interfaces and if a syn/ack is not received from the main interface, and one IS received from the vpn, insert a route for it. You would still need to clean out that table periodically. Then you would to insert and delete rules for each ip (or more likely network) you wish to reroute based on your measurements of what is working or not, and to otherwise fall back to the default ethernet route. Say for example you could not get dns from 8.8.8.8 locally. ip route add 8.8.8.8 dev tun0 This doesnt help you on any protocols except tcp. udp apps are different. so is quic, etc. a bulk method would be to go through the alexa top 1 million to see what you could and could not access, and set up routes for each (but this does not handle your desire for 2 tunnels) > I don't know if any routing software on Linux work as I expected. I tried > quagga with zebra + ospf but not successful. ospf? oy, no.... > > FYI, it's not a common case for link based fail-over/load balance. > > > Please give me suggestions! Well, my way would probably involve a squid or polipo web proxy to make the failover case easier. A lot of users would not dig that... > Thanks in advance, > > Changzhe > > -- > To unsubscribe from this list: send the line "unsubscribe lartc" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- Dave Täht Let's make wifi fast, less jittery and reliable again! https://plus.google.com/u/0/107942175615993706558/posts/TVX3o84jjmb -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
