Hi Erik,
Please see below.
Thanks,
Changzhe
On 2015-02-26 17:31, Erik Auerswald wrote:
Hello Changzhe,
On Thu, Feb 26, 2015 at 02:39:03PM +0800, Han Changzhe wrote:
I'm setting up a routing server on Linux with following links
1. An Ethernet link (eth0) to the 1st internet link (fast, but can't
access some sites);
2. A VPN link (tun0) to provide services to local users;
3. A VPN link (tun1) to a proxy server as the 2nd internet link (slow,
free).
My target is:
* for common internet access, routing the packets through eth0;
* for the sites can't be accessed through eth0, routing them
through tun1.
By now, I set the routing table manually for serveral sites and it
works fine. Because there are thousands of them and the sites change
with time, so I want a better solution.
My idea is like this: setting up more than one default routes for
internet access, then dynamically change the route table (or route
table cache) with some software according to the internet access
results.
For example, if we get a timeout from https://www.google.com through
eth0, the software should try it through tun1 link and, when
succeed, adding the later route to current route table.
I don't know if any routing software on Linux work as I expected. I
tried quagga with zebra + ospf but not successful.
As I understand it the list of networks inaccessible via eth0 is
maintained manually and needs to be synced to every site. The sites
are all configured identically, with eth0 as primary Internet access
interface, and tun1 as secondary.
By now, the list is maintained manually while I wish the process to be
automatic.
We may sync the routing list or not because different sites may face
different access
limitations.
In the ideal case, each site should maintain a small common routing list
which should be synced with a central server while at the same time
maintain its
local routing list which changes dynamically according to user requests
and local
networking conditions. So syncing the routing table isn't the most tough
problem.
The problem is not a good fit to traditional IP routing protocols (if
I understand it correctly).
I supposed it a simple and common case easily handled by available open
source
software. Apparently it's not that easy.
I would advise to use some configuration management tool (puppet, chef,
cfengine, ...).
Alternatively, you could roll your own configuration update using
e.g. git or rsync to maintain one config file describing the routing
table, and a program (e.g. script called via cron) periodically checking
for changes in the config file, applying them if needed.
Cheers,
Erik
--
To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html