On Mon, 2011-05-16 at 17:24 -0300, UsuÃrio do Sistema wrote: > >> Hello everyone, I'm deploy an test environment with load Balance in my > >> Firewall using equalize as follow below > >> > >> creating the load balance: > >> > >> ip route add default scope global equalize nexthop via 200.247.209.65 > >> weight 1 nexthop via 201.72.12.1 weight 1 > >> > > > > If you are using 2 completely separate ISPs, then you will need to do > > more than just provide equal-weighted gateways. You will need to send > > the packets for each connection over the same ISP. The website below > > gives more information: > > > > http://www.sysresccd.org/Sysresccd-networking_en_Iptables-and-netfilter-load-balancing-using-connmark > > <top posting fixed> > well.... the link made available for you shows how to do load balance > with connmark and statistic match module and it doesn't regard global > equalize. > > so...I wonder there is diferent between them ? Yes. The example at the link ensures that packets from the *same* connection stream are always routed through the same ISP (hence the reason for asking the question). If you don't do this, then each gateway will only see half the packets for a connection stream, which although I am not an expert, I guess is not a good thing. > with global equalize is very easy I only insert one line inside of the > script and all it's work! at least in my test environment it's > working. But is your test environment using one gateway with two routes? > I want make an test as your how to but I'm using CentOS 5.6 and > doesn't has libxt_statistic.so module because iptables version is > 1.3.x Use a different distro... Andy -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
