|Main Archive Page > Month Archives > shorewall-users archives|
On Mon, 2012-01-09 at 20:51 -0800, Tom Eastep wrote:
> > On Jan 9, 2012, at 7:51 PM, Nick wrote:
> >> I can reproduce the error by setting the gateways to the same address.
> > Which is a configuration that will never work. Neither Shorewall nor the Linux IP stack will handle that.
I should quantify that. Balancing using a multi-hop default route will
not work in that case. Over the past couple of weeks, I have been
working on an alternative for balancing that does not involve multi-hop
routes. It rather uses the 'Statistic Match' feature in
iptables/Netfilter that allows a rule to match randomly with a specified
probability. I have been running it here at shorewall.net for the last
few days and it seems to work well. It will be available in the next
4.5.0 Beta and will provide relief to users with two WAN Ethernet
interfaces that happen to have the same default gateway.
Here is my providers file:
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY
ComcastB 1 - - eth1 22.214.171.124 loose,balance
ComcastC 2 - - eth0 detect loose,fallback
I have PROVIDER_OFFSET=16 and PROVIDER_BITS=2 which means that the
'provider mask' is 0x30000, ComcastB's mark is 0x10000 and ComcastC's
mark is 0x20000. I also have TRACK_PROVIDERS=Yes.
Here are the relevant entries in my tcrules file:
0X10000/0x30000 eth2 - ; test=0/0x30000, probability=0.66666667
0x20000/0x30000 eth2 - ; test=0/0x30000
0X10000/0x30000 fw - ; test=0/0x30000, probability=0.66666667
0x20000/0x30000 fw - ; test=0/0x30000
The first two distribute connections from the local LAN (eth2) between
the two providers with a 2:1 advantage to ComcastB. The second two
perform the same distribution for connections originating on the
firewall itself (Note: $FW = 'fw' in my configuration). I include
0/0x30000 in the TEST column because earlier rules may have already
marked to packet based on other criteria.
I hope to be able to make this easier to configure before 4.5.0 final;
-- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create
new or port existing apps to sell to consumers worldwide. Explore the
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
Shorewall-users mailing list