Re: Multiple internet connections routing.
From: Abdullah Ramazanoglu (ar018_at_yahoo.cöm)
Date: 07/08/04
- Next message: Abdullah Ramazanoglu: "Re: Multiple internet connections routing."
- Previous message: Al Hayes: "Re: "pon" fails and gives "ttyS overrun" in syslog"
- In reply to: Nirnimesh: "Re: Multiple internet connections routing."
- Next in thread: Abdullah Ramazanoglu: "Re: Multiple internet connections routing."
- Reply: Abdullah Ramazanoglu: "Re: Multiple internet connections routing."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 08 Jul 2004 02:29:53 +0300
Nirnimesh wrote:
> Abdullah Ramazanoglu <ar018@yahoo.cöm> wrote in message
> news:<40eb3fc0$0$23869$14726298@news.sunsite.dk>...
>> Nirnimesh wrote:
>>
>> > I have two internet connections for my network. How can I setup
>> > routing
>> > such that if one of the internet connections is down, the other
>> > one is used. I'm using a proxy server (squid on RH 9.0) through
>> > which all the users in my network connect, and it has a static
>> > route (route -n).
>> >
>> > Nirnimesh.
>>
>> A lot depends on specifics of your network.
>>
>
> My network is something like this:
> A proxy server (P) with two ISP's (ISP1, ISP2) connected on its
> two interface cards. I have two Nameservers (NS1 & NS2), one on
> each of the ISPs.
> I want that:
> Let's say ISP1 is the default ISP (coz it's faster). So the static
> route on my system (givne by route -n) routes all packets through
> ISP1. Now, when ISP1 fails, the routing should now start through
> ISP2 (both incoming and outgoing). When ISP1 is active again, it
> should return back to it's default state (ISP1).
>
>
>> - If you don't want load balancing, but just fail-over, then you
>> could devise a small script that establishes the second
>> connection and changes routing table accordingly (assuming both
>> connections end up on the same gateway machine) whenever first
>> one fails. You could even find packages out there on sourceforge
>> to streamline this.
>
> No, I don't need any load balancing. I'll use only one ISP at a
> time.
>
>>
>> - If you connect through a multi-port modem, it probably does
>> load balancing and fail-over in firmware.
>>
>> - If you connect through different service providers, you could
>> run BGP to route to shortest-path, thus achieving a certain
>> degree of load balancing in addition to fail-over.
>>
>> - There should be load balancing features in 2.4/2.6 kernel but I
>> can't talk about the details off the top of my head (I had
>> skimmed but not used them). You might want to investigate the
>> relevant kernel config options.
>>
>> - If you primarily serve to internet, you could serve DNS on both
>> connections, each advertising its own public address, and then
>> register their addresses as your primary and secondary DNS
>> servers at the registrar. So, if one of the connections is
>> broken, visitors won't get DNS reply and try secondary, which
>> will advertise its own (working) public address. This would only
>> achieve fail-over though. If you also want load balancing, then
>> your primary DNS server should serve roun-robin between its own
>> public address and the other one, and you should again devise a
>> script to disable round-robin serving should the other connection
>> breaks, and restore roun-robin operation when other connection is
>> reestablished.
>>
>
> This makes sense. Can you tell me (maybe in steps) what exactly I
> need to do to achieve the above? I have the two DNS's, one on each
> ISP. How do I dynamically change my proxy's routing table?
But this has two consequences. Firstly you must run DNS server on
your site (I gather you are currently using DNS services of the
ISPs). Secondly, you must disable (or severely shorten) DNS caching
time for the addresses you serve, increasing your DNS traffic and
average access time of visitors (they would have to resolve your
domain name each time they access your site). Otherwise, when
connection-1 breaks and your DNS-2 server start wringing hands for
queries, hardly anybody will query it: they will use the cached
connection-1 address.
That said, you can run only one copy of DNS server (bind) and define
two "views" one for each interface, each serving different
addresses for the same domain name. See bind docs for this, and
also for disabling/shortening advertised caching time.
Since you don't want load balancing, and also want both incoming and
outgoing route to switch, this means you will need:
- No round-robin serving for bind. The two views will just serve
their relevant interface addresses,
- A connection surveillance mechanism, triggering a route switching
script,
- And the route switching script itself.
Switching script should be fairly simple as it won't interfere with
bind (otherwise, to enable/disable round-robin operation, it would
have to restart bind with alternative conf file). Incoming traffic
will reroute itself by definition, without your intervention. For
outgoing traffic, a couple of route commands would suffice. $1
being a parameter passed to "switchroute" script, and indicating
the alternative route,
route del default
route add default gw $1
Or to make it automagic, it could first check which default route is
currently up, and then switches to other one.
#!/bin/sh
ROUTE1=12.34.56.78
ROUTE2=87.65.43.21
GW=`route -n | grep 0.0.0.0 | expand | tr -s " " | cut -d " " -f 2`
if [ $GW = $ROUTE1 ] ; then
NEWGW=$ROUTE2
else
NEWGW=$ROUTE1
fi
route del default
route add default gw $NEWGW
This leaves us with the question of how to reliably and immediately
detect staus of connections. I remember having seen opensource
packages on this. You might want to search sourceforge a bit. They
basically work by periodically pinging other side of link. You can
also devise a solution for yourself. I imagine two ways, one with
cron, the other with daemon (so to speak :-).
With cron way I would have a script like below that is triggered
each minute:
#!/bin/sh
ROUTE1=12.34.56.78
ROUTE2=87.65.43.21
exec > /dev/null # Don't clutter logs
GW=`route -n | grep 0.0.0.0 | expand | tr -s " " | cut -d " " -f 2`
# Retry twice to prevent false alarm
ping -qc 1 $GW || ping -qc 1 $GW || ping -qc 1 $GW || {
if [ $GW = $ROUTE1 ] ; then
NEWGW=$ROUTE2
else
NEWGW=$ROUTE1
fi
route del default
route add default gw $NEWGW
}
Well, this rendered the "switchroute" superfluous.
Or, with daemon way, a script like below could be fired into
background:
#!/bin/sh
ROUTE1=12.34.56.78
ROUTE2=87.65.43.21
CHECK_INTERVAL=10
exec > /dev/null # Don't clutter logs
while true ; do
sleep $CHECK_INTERVAL
GW=`route -n |grep 0.0.0.0|expand| tr -s " " | cut -d " " -f 2`
# Retry twice to prevent false alarm
ping -qc 1 $GW || ping -qc 1 $GW || ping -qc 1 $GW || {
if [ $GW = $ROUTE1 ] ; then
NEWGW=$ROUTE2
else
NEWGW=$ROUTE1
fi
route del default
route add default gw $NEWGW
}
done
HTH
-- Abdullah | aramazan@ | Ramazanoglu | myrealbox | ________________| D O T cöm |
- Next message: Abdullah Ramazanoglu: "Re: Multiple internet connections routing."
- Previous message: Al Hayes: "Re: "pon" fails and gives "ttyS overrun" in syslog"
- In reply to: Nirnimesh: "Re: Multiple internet connections routing."
- Next in thread: Abdullah Ramazanoglu: "Re: Multiple internet connections routing."
- Reply: Abdullah Ramazanoglu: "Re: Multiple internet connections routing."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
