Monday, December 24, 2007

Example of load balancing/redundant internet connections

taken from other website

Example of load balancing/redundant internet connections

Posted on December 16, 2007 by harrychanputra

[LARTC] Example of load balancing/redundant internet connections
From: "William L. Thomson Jr."
To: lartc This is a working example from a network I had in CA.
This is not a how to. There are no instructions provided. Please do not ask me for them, as I did not write the original ones I followed when doing this.Only ask me for help after you have done your homework, and spent at least a day of complete frustration. If you can prove both to me in your first email, I will help out. Otherwise the web, and Google are your friends.

The links I used have been posted to this list more times than I care to say, but for completeness.

Load balance traffic from the inside out (Kernel)

  • http://www.ssi.bg/~ja/
  • http://www.ssi.bg/~ja/#routes

Load balance from the outside in (DNS)

  • http://www.samag.com/documents/s=1824/sam0201h/0201h.htm
    (Pay attention to the DNS part and forget the rest)

You must compile a customer kernel with multipath route support, and patched with Julian's patches.

There are three sections. The first applies to all. The second to 2.2 kernels, and the third to 2.4 kernels.

general rules

ip link set lo up ip link set eth0 up ip link set eth1 up ip link set eth2 up  ip addr add 127.0.0.1/8 brd 127.0.0.255 dev lo ip addr add 192.168.1.250/24 brd 192.168.1.255 dev eth0 ip addr add 10.1.0.2/16 brd 10.1.255.255 dev eth1 ip addr add 10.1.0.97/16 brd 10.1.255.255 dev eth1 ip addr add 10.1.0.98/16 brd 10.1.255.255 dev eth1 ip addr add 10.1.0.99/16 brd 10.1.255.255 dev eth1 ip addr add 10.1.0.103/16 brd 10.1.255.255 dev eth1 ip addr add 10.2.0.2/16 brd 10.2.255.255 dev eth2 ip addr add 10.2.0.57/16 brd 10.2.255.255 dev eth2 ip addr add 10.2.0.58/16 brd 10.2.255.255 dev eth2 ip addr add 10.2.0.59/16 brd 10.2.255.255 dev eth2 ip addr add 10.2.0.62/16 brd 10.2.255.255 dev eth2  ip route add 127.0.0.0/8 dev lo  ip rule add prio 10 table main ip route del default table main  ip rule add prio 20 from 10.1.0.0/16 table 20 ip route add default via 10.1.0.1 dev eth1 src 10.1.0.2 proto static table 20 ip route append prohibit default table 20 metric 1 proto static  ip rule add prio 30 from 10.2.0.0/16 table 30 ip route add default via 10.2.0.1 dev eth2 src 10.2.0.2 proto static table 30 ip route append prohibit default table 30 metric 1 proto static  # Set up load balancing gateways ip rule add prio 50 table 50 ip route add default table 50 proto static \         nexthop via 10.1.0.1 dev eth1 \         nexthop via 10.2.0.1 dev eth2
Begin 2.2 NAT

ipmasqadm portfw -a -P tcp -L 10.1.0.103  443 -R 192.168.1.3    443 ipmasqadm portfw -a -P tcp -L 10.1.0.103  143 -R 192.168.1.3    143 ipmasqadm portfw -a -P tcp -L 10.1.0.103  110 -R 192.168.1.3    110 ipmasqadm portfw -a -P tcp -L 10.1.0.103   81 -R 192.168.1.3     81 ipmasqadm portfw -a -P tcp -L 10.1.0.103   80 -R 192.168.1.3     80 ipmasqadm portfw -a -P tcp -L 10.1.0.103   25 -R 192.168.1.3     25 ipmasqadm portfw -a -P tcp -L 10.1.0.99   443 -R 192.168.1.1    443 ipmasqadm portfw -a -P tcp -L 10.1.0.99   143 -R 192.168.1.1    143 ipmasqadm portfw -a -P tcp -L 10.1.0.99   110 -R 192.168.1.1    110 ipmasqadm portfw -a -P tcp -L 10.1.0.99    81 -R 192.168.1.1     81 ipmasqadm portfw -a -P tcp -L 10.1.0.99    80 -R 192.168.1.1     80 ipmasqadm portfw -a -P tcp -L 10.1.0.99    25 -R 192.168.1.1     25 ipmasqadm portfw -a -P tcp -L 10.1.0.99    22 -R 192.168.1.1     22 ipmasqadm portfw -a -P tcp -L 10.1.0.99    21 -R 192.168.1.1     21 ipmasqadm portfw -a -P udp -L 10.1.0.98    53 -R 192.168.1.222   53 ipmasqadm portfw -a -P tcp -L 10.1.0.98    53 -R 192.168.1.222   53 ipmasqadm portfw -a -P udp -L 10.1.0.97    53 -R 192.168.1.221   53 ipmasqadm portfw -a -P tcp -L 10.1.0.97    53 -R 192.168.1.221   53  ipmasqadm portfw -a -P tcp -L 10.2.0.62   443 -R 192.168.1.3    443 ipmasqadm portfw -a -P tcp -L 10.2.0.62   143 -R 192.168.1.3    143 ipmasqadm portfw -a -P tcp -L 10.2.0.62   110 -R 192.168.1.3    110 ipmasqadm portfw -a -P tcp -L 10.2.0.62    81 -R 192.168.1.3     81 ipmasqadm portfw -a -P tcp -L 10.2.0.62    80 -R 192.168.1.3     80 ipmasqadm portfw -a -P tcp -L 10.2.0.62    25 -R 192.168.1.3     25 ipmasqadm portfw -a -P tcp -L 10.2.0.59   443 -R 192.168.1.1    443 ipmasqadm portfw -a -P tcp -L 10.2.0.59   143 -R 192.168.1.1    143 ipmasqadm portfw -a -P tcp -L 10.2.0.59   110 -R 192.168.1.1    110 ipmasqadm portfw -a -P tcp -L 10.2.0.59    81 -R 192.168.1.1     81 ipmasqadm portfw -a -P tcp -L 10.2.0.59    80 -R 192.168.1.1     80 ipmasqadm portfw -a -P tcp -L 10.2.0.59    25 -R 192.168.1.1     25 ipmasqadm portfw -a -P tcp -L 10.2.0.59    22 -R 192.168.1.1     22 ipmasqadm portfw -a -P tcp -L 10.2.0.59    21 -R 192.168.1.1     21 ipmasqadm portfw -a -P udp -L 10.2.0.58    53 -R 192.168.1.222   53 ipmasqadm portfw -a -P tcp -L 10.2.0.58    53 -R 192.168.1.222   53 ipmasqadm portfw -a -P udp -L 10.2.0.57    53 -R 192.168.1.221   53 ipmasqadm portfw -a -P tcp -L 10.2.0.57    53 -R 192.168.1.221   53  ipchains -A forward -s 192.168.1.0/24 -j MASQ

Begin 2.4 NAT

iptables -t nat -A PREROUTING -i eth1 -d 10.1.0.99 -p tcp -m multiport --dport 443,143,110,81,80,25,22,21 -j DNAT --to 192.168.1.1 iptables -t nat -A PREROUTING -i eth1 -d 10.1.0.103 -p tcp -m multiport --dport 443,143,110,81,80,25 -j DNAT --to 192.168.1.3 iptables -t nat -A PREROUTING -i eth2 -d 10.1.0.97 -p udp --dport 53 -j DNAT --to 192.168.1.221 iptables -t nat -A PREROUTING -i eth2 -d 10.1.0.97 -p tcp --dport 53 -j DNAT --to 192.168.1.221 iptables -t nat -A PREROUTING -i eth2 -d 10.1.0.98 -p udp --dport 53 -j DNAT --to 192.168.1.222 iptables -t nat -A PREROUTING -i eth2 -d 10.1.0.98 -p tcp --dport 53 -j DNAT --to 192.168.1.222  iptables -t nat -A PREROUTING -i eth2 -d 10.2.0.59 -p tcp -m multiport --dport 443,143,110,81,80,25,22,21 -j DNAT --to 192.168.1.1 iptables -t nat -A PREROUTING -i eth1 -d 10.2.0.62 -p tcp -m multiport --dport 443,143,110,81,80,25 -j DNAT --to 192.168.1.3 iptables -t nat -A PREROUTING -i eth2 -d 10.2.0.57 -p udp --dport 53 -j DNAT --to 192.168.1.221 iptables -t nat -A PREROUTING -i eth2 -d 10.2.0.57 -p tcp --dport 53 -j DNAT --to 192.168.1.221 iptables -t nat -A PREROUTING -i eth2 -d 10.2.0.58 -p udp --dport 53 -j DNAT --to 192.168.1.222 iptables -t nat -A PREROUTING -i eth2 -d 10.2.0.58 -p tcp --dport 53 -j DNAT --to 192.168.1.222  iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
other things


Then before you are done make sure to
# Turn on ip forwarding echo 1 > /proc/sys/net/ipv4/ip_forward

Good luck, and hopefully the above can save others from having to ask questions, and others having to answer them.
stef.coene@docum.org


Diposkan oleh di