Re: load-balancing router: trouble with breaking connections

[Brian Austin - Standard Universal <brian@xxxxxxxxxxxxxxxxxxxxxxxx>]

Hi Lloyd,

after months of bashing at this and I'm onto revision 3 of the rig, 
conntrack is the answer.

also conntrack allows you to connect to both wan IP eg ssh to one and 
smtp to the other.
without conntrack, the route cache will only allow connection to one wan 
port, so if your
ssh into one side, any connection to the other side will mysteriously 
fail, then vica versa.

cheers

On 19/02/2012 2:19 PM, Lloyd Standish wrote:
> On Sat, 18 Feb 2012 19:59:00 -0600, Brian Austin - Standard Universal 
> <brian@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>
> > you need to restore connmarks coming in from the wan so the system 
> > can send them back out that way
>
> Hello Brian,
>
> Thanks for the reply.  The router I described does not use connmark.  
> It uses a command like this to set up round-robin balancing:
> ip route add default scope global  nexthop via 192.168.1.1 dev eth1 
> weight 1 nexthop via 192.168.2.1 dev eth2 weight 1 nexthop via 
> 200.91.104.144 dev ppp0 weight 1
>
> This is described here:
> http://lartc.org/howto/lartc.rpdb.multiple-links.html
>
> The article teaches that this balancing depend on the following rule 
> (one for each interface) to route traffic out the same interface as it 
> was received on:
> ip rule add from ${!wan} table $table priority $((${#ifaces[@]}*100))
>
> (Of course, the priority value can be ignored.)
>
> Since this system results in breaking connections, I am forced for the 
> time being to use a connmarks for balancing, and restoration of marks, 
> as you mentioned.

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html