Answer the question
In order to leave comments, you need to log in
R
R
rockstar912014-02-03 09:22:18
rockstar91, 2014-02-03 09:22:18
Bundling internet links to specific networks in Debian Wheezy?
Peer-to-peer network /24, the network has a server and three Internet gateways (routers).
You need to taxi traffic to certain subnets (subnets, within city peering) with consolidation through these gateways, let the rest of the traffic through _gateway1_.
Before that, static routing was used: ~30% of networks through _gateway1_, another 30% through _gateway2_, etc.
Now balancing using ip route is used:
#!/bin/bash
ip route add 31.135.208.0/21 scope global nexthop via 192.168.1.1 dev eth0 weight 1 \
nexthop via 192.168.1.2 dev eth0 weight 1 \
nexthop via 192.168.1.4 dev eth0 weight 1
ip route add 37.110.208.0/21 scope global nexthop via 192.168.1.1 dev eth0 weight 1 \
nexthop via 192.168.1.2 dev eth0 weight 1 \
nexthop via 192.168.1.4 dev eth0 weight 1
...
ip route add 217.30.160.0/20 scope global nexthop via 192.168.1.1 dev eth0 weight 1 \
nexthop via 192.168.1.2 dev eth0 weight 1 \
nexthop via 192.168.1.4 dev eth0 weight 1It works great in torrents, better than the version used before - the final speed is equal to the sum of the speeds of all gateways.
But if you download from a certain host, the speed is equal to the width of the selected channel, and not all - this behavior does not suit you, you need to get the full speed of all channels even when connecting to one host.
As far as I understand, what I want can be done with iptables and package marking. There are a lot of instructions on the network for balancing all traffic across interfaces, but I don’t understand how to do this, given that balancing is needed only for certain subnets and there is only one interface on the server.
I would be very grateful for any information.
2 answer(s)
@alz
@EvilMan
By doing this, you provide a uniform three-mark marking at the packet level down to the subnet.
But if you also have NAT to different addresses on this router, then it will not work, since the connection tracer (conntrack) also works with streams, not individual packets. In this case, the task becomes non-trivial. If NAT is performed to one address, then it should work.
A
alz, 2014-02-03 @alz
So everything is the same. Three iproute tables with default gates 192.168.1.1, 192.168.1.2 and 192.168.1.4 respectively + default gate 192.168.1.1 in the main table. Well, in the rules you need to do a match on the destination subnet. You can simply duplicate the rules for marking for each of the subnets
E
EvilMan, 2014-02-04 @EvilMan
Here the only option is to do round-robin marking of packets to these subnets. Simply duplicating the rules will not work - only the first one will work, and the rest will not come to pass. Pure means of iproute also cannot resolve this - multipath routing works with streams, not with individual packets.
The scheme is more or less standard: three tables, each with a default route. As well as three rules for routing by label. In iptables write something like this:
iptables -t mangle -A PREROUTING --dst <subnet/prefix> -m statistic --mode nth --every 3 -j MARK --set-mark 0x1
iptables -t mangle -A PREROUTING --dst <subnet/prefix> -m mark ! --mark 0x1 -m statistic --mode nth --every 2 -j MARK --set-mark 0x2
iptables -t mangle -A PREROUTING --dst <subnet/prefix> -m mark ! --mark 0x1 -m mark ! --mark 0x2 -j MARK --set-mark 0x3By doing this, you provide a uniform three-mark marking at the packet level down to the subnet.
But if you also have NAT to different addresses on this router, then it will not work, since the connection tracer (conntrack) also works with streams, not individual packets. In this case, the task becomes non-trivial. If NAT is performed to one address, then it should work.
Similar questions
O
O
J
L
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question