Re: A smart router for more than one default routes

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Hello Changzhe,

On Thu, Feb 26, 2015 at 02:39:03PM +0800, Han Changzhe wrote:
> I'm setting up a routing server on Linux with following links
> 1. An Ethernet link (eth0) to the 1st internet link (fast, but can't
>    access some sites);
> 2. A VPN link (tun0) to provide services to local users;
> 3. A VPN link (tun1) to a proxy server as the 2nd internet link (slow,
>    free).
> My target is:
>   * for common internet access, routing the packets through eth0;
>   * for the sites can't be accessed through eth0, routing them
> through tun1.
> By now, I set the routing table manually for serveral sites and it
> works fine. Because there are thousands of them and the sites change
> with time, so I want a better solution.
> My idea is like this: setting up more than one default routes for
> internet access, then dynamically change the route table (or route
> table cache) with some software according to the internet access
> results.
> For example, if we get a timeout from through
> eth0, the software should try it through tun1 link and, when
> succeed, adding the later route to current route table.
> I don't know if any routing software on Linux work as I expected. I
> tried quagga with zebra + ospf but not successful.

As I understand it the list of networks inaccessible via eth0 is
maintained manually and needs to be synced to every site. The sites
are all configured identically, with eth0 as primary Internet access
interface, and tun1 as secondary.

The problem is not a good fit to traditional IP routing protocols (if
I understand it correctly).

I would advise to use some configuration management tool (puppet, chef,
cfengine, ...).

Alternatively, you could roll your own configuration update using
e.g. git or rsync to maintain one config file describing the routing
table, and a program (e.g. script called via cron) periodically checking
for changes in the config file, applying them if needed.

But heck, system administration is hard, what's a little more rope?
Here, hold this gun while I position your foot...
                        -- Valerie Aurora
To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux