Gary Smith
07-24-2004, 08:48 PM
Ok,
We have 128 Ip's on t1, 5 Ip's on ADSL. We have setup 2 routing
tables as described in many other places. We have also setup the
pre/post routing in iptables. Everything works fine until we yank a
cable. Different than before (prior post).
Externally, if you are ssh'd into one server on each ip address it
works fine. If we pull the t1 cable, wait 30 seconds and plug it back
up we cannot get into any machines on the t1. Same issue with the
DSL. If we rerun the routing rules it works.
so, investigation has show that when the t1 is pulled all the machines
on that line failover the the adsl and for some reason the primary
route is never recovered. Same thing on the other side.
I would assume that it has something to do with the "equalize"
statement. so, I tried forcing the routes to use a particular table as
so:
ip route flush cache
ip rule add from 55.55.55.254/25 lookup 1
ip rule add from 44.44.44.254/29 lookup 2
(some of the T1's)
ip route add from 10.0.0.250/32 via 10.0.0.254 table 1
ip route add from 10.0.0.251/32 via 10.0.0.254 table 1
(the ADSL's)
ip route add from 10.0.0.52/32 via 10.0.0.254 table 2
ip route add from 10.0.0.53/32 via 10.0.0.254 table 2
ip route add 55.55.55.254/25 via 55.55.55.129 dev eth0
ip route add 44.44.44.254/29 via 44.44.44.249 dev eth3
ip route add 0/0 via 55.55.55.129 table 1
ip route add 0/0 via 44.44.44.249 table 2
ip route add default scope global equalize \
nexthop via 55.55.55.129 dev eth0 weight 1 \
nexthop via 44.44.44.249 dev eth3 weight 2 \
for the pre/post routing here is a snapshot
-A PREROUTING -d 55.55.55.250 -i eth0 -j DNAT --to-destination
10.0.0.250
-A PREROUTING -d 55.55.55.251 -i eth0 -j DNAT --to-destination
10.0.0.251
-A PREROUTING -d 44.44.44.252 -i eth3 -j DNAT --to-destination
10.0.0.52
-A PREROUTING -d 44.44.44.253 -i eth3 -j DNAT --to-destination
10.0.0.53
-A POSTROUTING -s 10.0.0.250 -j SNAT --to-source 55.55.55.250
-A POSTROUTING -s 10.0.0.251 -j SNAT --to-source 55.55.55.251
-A POSTROUTING -s 10.0.0.52 -j SNAT --to-source 44.44.44.252
-A POSTROUTING -s 10.0.0.53 -j SNAT --to-source 44.44.44.253
-A POSTROUTING -o eth3 -j SNAT --to-source 44.44.44.254
-A POSTROUTING -o eth0 -j SNAT --to-source 55.55.55.254
What am I missing? Is this a limitation of IPTables and Linux routing
(please don't bash me on this one)?
I would like to load balance to connections for outgoing requests but
for incoming requests I would like to it to always go out on the same
path. It has to be possible.
TIA,
Gary Smith
We have 128 Ip's on t1, 5 Ip's on ADSL. We have setup 2 routing
tables as described in many other places. We have also setup the
pre/post routing in iptables. Everything works fine until we yank a
cable. Different than before (prior post).
Externally, if you are ssh'd into one server on each ip address it
works fine. If we pull the t1 cable, wait 30 seconds and plug it back
up we cannot get into any machines on the t1. Same issue with the
DSL. If we rerun the routing rules it works.
so, investigation has show that when the t1 is pulled all the machines
on that line failover the the adsl and for some reason the primary
route is never recovered. Same thing on the other side.
I would assume that it has something to do with the "equalize"
statement. so, I tried forcing the routes to use a particular table as
so:
ip route flush cache
ip rule add from 55.55.55.254/25 lookup 1
ip rule add from 44.44.44.254/29 lookup 2
(some of the T1's)
ip route add from 10.0.0.250/32 via 10.0.0.254 table 1
ip route add from 10.0.0.251/32 via 10.0.0.254 table 1
(the ADSL's)
ip route add from 10.0.0.52/32 via 10.0.0.254 table 2
ip route add from 10.0.0.53/32 via 10.0.0.254 table 2
ip route add 55.55.55.254/25 via 55.55.55.129 dev eth0
ip route add 44.44.44.254/29 via 44.44.44.249 dev eth3
ip route add 0/0 via 55.55.55.129 table 1
ip route add 0/0 via 44.44.44.249 table 2
ip route add default scope global equalize \
nexthop via 55.55.55.129 dev eth0 weight 1 \
nexthop via 44.44.44.249 dev eth3 weight 2 \
for the pre/post routing here is a snapshot
-A PREROUTING -d 55.55.55.250 -i eth0 -j DNAT --to-destination
10.0.0.250
-A PREROUTING -d 55.55.55.251 -i eth0 -j DNAT --to-destination
10.0.0.251
-A PREROUTING -d 44.44.44.252 -i eth3 -j DNAT --to-destination
10.0.0.52
-A PREROUTING -d 44.44.44.253 -i eth3 -j DNAT --to-destination
10.0.0.53
-A POSTROUTING -s 10.0.0.250 -j SNAT --to-source 55.55.55.250
-A POSTROUTING -s 10.0.0.251 -j SNAT --to-source 55.55.55.251
-A POSTROUTING -s 10.0.0.52 -j SNAT --to-source 44.44.44.252
-A POSTROUTING -s 10.0.0.53 -j SNAT --to-source 44.44.44.253
-A POSTROUTING -o eth3 -j SNAT --to-source 44.44.44.254
-A POSTROUTING -o eth0 -j SNAT --to-source 55.55.55.254
What am I missing? Is this a limitation of IPTables and Linux routing
(please don't bash me on this one)?
I would like to load balance to connections for outgoing requests but
for incoming requests I would like to it to always go out on the same
path. It has to be possible.
TIA,
Gary Smith