But is your test environment using one gateway with two routes? no. I have two Gateways for my firewall.I put the routes in the table with line below: ip route add default scope global equalize nexthop via 201.72.12.17 weight 2 nexthop via 200.247.209.6 weight 1 sometimes data flow outs on gateway 201.72.12.17 and sometimes outs on 200.247.209.6 the two links are of the same ISP. thank. Em 16 de maio de 2011 18:38, Andrew Beverley <andy@xxxxxxxxxxx> escreveu: > On Mon, 2011-05-16 at 17:24 -0300, Usuário do Sistema wrote: >> >> Hello everyone, I'm deploy an test environment with load Balance in my >> >> Firewall using equalize as follow below >> >> >> >> creating the load balance: >> >> >> >> ip route add default scope global equalize nexthop via 200.247.209.65 >> >> weight 1 nexthop via 201.72.12.1 weight 1 >> >> >> > >> > If you are using 2 completely separate ISPs, then you will need to do >> > more than just provide equal-weighted gateways. You will need to send >> > the packets for each connection over the same ISP. The website below >> > gives more information: >> > >> > http://www.sysresccd.org/Sysresccd-networking_en_Iptables-and-netfilter-load-balancing-using-connmark >> > > > <top posting fixed> > >> well.... the link made available for you shows how to do load balance >> with connmark and statistic match module and it doesn't regard global >> equalize. >> >> so...I wonder there is diferent between them ? > > Yes. The example at the link ensures that packets from the *same* > connection stream are always routed through the same ISP (hence the > reason for asking the question). If you don't do this, then each gateway > will only see half the packets for a connection stream, which although I > am not an expert, I guess is not a good thing. > >> with global equalize is very easy I only insert one line inside of the >> script and all it's work! at least in my test environment it's >> working. > > But is your test environment using one gateway with two routes? > >> I want make an test as your how to but I'm using CentOS 5.6 and >> doesn't has libxt_statistic.so module because iptables version is >> 1.3.x > > Use a different distro... > > Andy > > > > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
