Re: [plug] Recognizing traffic from multiple gateways

Top Page

Reply to this message
Author: janjan
Date:  
To: Michael Tinsay, Philippine Linux Users' Group (PLUG) Technical Discussion List
Subject: Re: [plug] Recognizing traffic from multiple gateways

Hi Mike,

Try zen loadbalancer, your setup is quite close of this one:

https://www.zenloadbalancer.com/quick-start-guide-for-uplinks-load-balancing-with-zen-load-balancer/

you can set up a vip and route it to your reals, see if that helps.

Thanks.

Regards,

Janjan

On Mon, 4 Jul 2016, Michael Tinsay wrote:

> Hi fooler,
>
>
> I understand multiple routing tables for multi-NIC setup.  However, My setup is more like both routers and my server is connected to a network switch, to put it simply.  To illustrate:
>
>
>  DSL A <==> Router/FW A <====\
>             (10.20.30.40/8)  |
>                       LAN Switch <==> Server (10.9.8.7/8)
>                              |
>  DSL B <==> Router/FW B <====/
>             (10.11.12.13/8)
>
>
> Until a couple of weeks ago, Router B was non-existent and both DSL lines were connected to Router A.  Circumstances forced me to setup router B and connect DSL B to it.  So now, previous
> traffic that flowed through DSL B to the server aren't routed properly, but they have been rerouted through DSL A, so it is not a big concern right now.  I'm just wondering if there's a
> way to get traffic in DSL B bound for the server flowing back again with the new setup.  If not, I can live with it.
>
>
>
> --- mike t.
>
>
> ___________________________________________________________________________________________________________________________________________________________________________________________
> From: fooler mail <fooler.mail@???>
> To: Michael Tinsay <tinsami1@???>; Philippine Linux Users' Group (PLUG) Technical Discussion List <plug@???>
> Sent: Sunday, 3 July 2016, 19:56
> Subject: Re: [plug] Recognizing traffic from multiple gateways
>
> ill give you an idea how to do it as im blind with your network topology
>
> linux can now have multiple virtual routing tables as well as multiple
> network namespaces.. this leads to virtualization in the OS layer such
> as LXC, Docker, etc...
>
> assuming your server have two network interface cards .. eth0
> connected to router A and eth1 connected to router B
>
> virtual routing table id is based on number..  we will make a mapping
> that virtual routing table id number to name.. just like in /etc/hosts
> but the file is /etc/iproute2/rt_tables:
>
> echo "200 routerA" >> /etc/iproute2/rt_tables
> echo "201 routerB" >> /etc/iproute2/rt_tables
>
> then create their default gateway for table routerA and table routerB:
>
> ip route add default via <router A gateway IP address> dev eth0 table routerA
> ip route add default via <router B gateway IP address> dev eth1 table routerB
>
> then you have to mark or tag the incoming packets for eth0 and eth1..
> we will tag all packets coming from eth0 as tag id 1 and all packets
> coming from eth1 as tag id 2:
>
> iptables -A PREROUTING -t mangle -i eth0 -j MARK --set-mark 1
> iptables -A PREROUTING -t mangle -i eth1 -j MARK --set-mark 2
>
> you can add specific destination protocol and port number of your
> server service in the iptables rule above to match specific packet...
>
> next is to add policy based routing rule:
>
> ip rule add from all fwmark 1 table routerA
> ip rule add from all fwmark 2 table routerB
>
> the above rule says:
>
> if outgoing packet tag as 1.. it will consult virtual routing table
> routerA.. because your default gateway is the router A gateway IP
> address.. it will send to router A...
> if outgoing packet tag as 2.. it will consult virtual routing table
> routerB.. because your default gateway is the router B gateway IP
> address.. it will send to router B...
>
> thats the basic of policy based routing...
>
> fooler.
>
>
>
>
> On Sat, Jul 2, 2016 at 1:37 AM, Michael Tinsay <tinsami1@???> wrote:
> > Thank you for the info fooler.
> >
> > I get what you're saying about policy-based routing, but isn't that
> > applicable only to connections initiated by the server?  Can policy-based
> > routing also do "All connections initiated externally and coming through the
> > router ip address so-and-so goes through that router"?
> >
> >
> > ________________________________
> > From: fooler mail <fooler.mail@???>
> > To: Michael Tinsay <tinsami1@???>; Philippine Linux Users' Group
> > (PLUG) Technical Discussion List <plug@???>
> > Sent: Saturday, 2 July 2016, 11:33
> > Subject: Re: [plug] Recognizing traffic from multiple gateways
> >
> > that is correct because traffic came from router A and B use the main
> > routing table... your solution is to use policy based routing....
> > create additional two routing table aside from the default or main
> > routing table.. for incoming traffic for A or B.... mark or tag it ...
> > upon out going.. your policy rule state that packet tag for A goes to
> > gateway of  A and tag for B goes to gateway of B.. non tag packets
> > goes to the main routing table's default gateway...
> >
> > fooler.
> >
> >
> >
> > On Thu, Jun 30, 2016 at 3:05 AM, Michael Tinsay <tinsami1@???> wrote:
> >> Ooops...  My bad. I sent the email without putting a subject.  Please
> >> reply
> >> to this one instead.
> >>
> >>
> >> ________________________________
> >> From: Michael Tinsay <tinsami1@???>
> >> To: "Philippine Linux Users' Group (PLUG) Technical Discussion List"
> >> <plug@???>
> >> Sent: Thursday, 30 June 2016, 15:03
> >> Subject:
> >>
> >> Hi.
> >>
> >> Have a question for the tcp/ip experts here.
> >>
> >> I recently had to split my various DSL lines between 2 routers. So Router
> >> A
> >> have 3 lines connected to it while Router B has 2.  I now have a server
> >> who
> >> will be receiving external traffic through these servers via port
> >> forwarding.  As I understand it, without any additional configuration the
> >> server will send outside-bound traffic through via the default route.  As
> >> such, if Router A is the default route for the server, even if the traffic
> >> came from Router B the responses will be sent via Router A.
> >>
> >> If this is correct, what do I need to set up to have the server recognize
> >> which traffic is coming from which router and send its responses to the
> >> proper router accordingly?
> >>
> >> TIA!
> >>
> >>
> >> --- mike t.
> >
> >>
> >>
> >>
> >> _________________________________________________
> >> Philippine Linux Users' Group (PLUG) Mailing List
> >> http://lists.linux.org.ph/mailman/listinfo/plug
> >> Searchable Archives: http://archives.free.net.ph
> > _________________________________________________
> > Philippine Linux Users' Group (PLUG) Mailing List
> > http://lists.linux.org.ph/mailman/listinfo/plug
> > Searchable Archives: http://archives.free.net.ph
> >
> >
> >
> >
> > _________________________________________________
> > Philippine Linux Users' Group (PLUG) Mailing List
> > http://lists.linux.org.ph/mailman/listinfo/plug
> > Searchable Archives: http://archives.free.net.ph
>
>
>
>
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
http://lists.linux.org.ph/mailman/listinfo/plug
Searchable Archives: http://archives.free.net.ph