zuzu on 30 Oct 2007 20:55:18 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Redundant switch configurations

  • From: zuzu <sean.zuzu@gmail.com>
  • To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
  • Subject: Re: [PLUG] Redundant switch configurations
  • Date: Tue, 30 Oct 2007 16:55:12 -0400
  • Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=mfs8rqvsEA2mzTq/2cxoYyqqRT5pxD5Ua1oemgBsD4Q=; b=FK8gT4gA6b0ByZnJDfBCiQnKJQv9LmYpqBPCUBbxEt8FtR9ZFDk7QP2RyOURltAw4uMbAIUgVVyM74a7gebMXeygxI7xRTishjhT8Q5PgigQmNRK5YntfR6F2O016PHZ7l6P7L9LO0RfeVvn7/nyQhOTnZLINJa3zbiECSugscg=
  • Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
  • Sender: plug-bounces@lists.phillylinux.org

On 10/30/07, zuzu <sean.zuzu@gmail.com> wrote:
>
> I think this also falls under "trunking" and "link aggregation".  my
> investigation into this has been more about merging the bandwidth of
> two upstream providers (ISP) without requiring anything on their end,
> using a Linux server.  e.g. a friend of mine worked in India for a few
> years and the ISP service there was relatively slow but inexpensively
> priced, so he had to combine several ISP accounts into what looked
> inside his LAN as a single fat pipe.  or, I know that Verizon's
> current pricing scheme of $45 for 15/2 but $180 for 30/5 means that
> for the same $180 you could aggregate 4 15/2 lines for 60/8 Mbps
> total.

or if you're aggregating diverse services, such as fibre, cable, and
DSL, you provide redundancy against single-source failure.

hardware-wise, if you're looking for something mini-ITX sized and you
only have one PCI slot, the Sun X1034A 4-port 10/100 NIC is available
on ebay for ~$20 or less.

> the way to achieve this with a solid Linux router seems to be with
> Iproute2.  (I've often thought that a dedicated embedded Linux device
> to do this one task but do it so well that it "just works" ala DD-WRT
> would be a very marketable device for about $200.)
>
> HTH.
>
> http://www.linux-foundation.org/en/Net:Iproute2
> http://www.policyrouting.org/iproute2.doc.html
> http://www.linux-foundation.org/en/Net:Iproute2_examples
> http://ornellas.apanela.com/dokuwiki/pub:firewall_and_adv_routing
>

http://lartc.org/howto/lartc.rpdb.multiple-links.html
http://gentoo-wiki.com/TIP_Dual-Homed_Gentoo_Server

 Situation

For one reason or another, you have internet connections from 2
different providers, or 2 connections from a single provider but with
different gateways, coming in to a single machine. An example would be
when you have a primary IP which is part of a trusted network range
for NFS, etc. without an internal LAN, but would like to run a
secondary DNS server on a separate IP range.
[edit] Kernel Support

You need to have a couple of kernel options enabled:

    * CONFIG_IP_ADVANCED_ROUTER (Networking/IP: Advanced Router) and
    * CONFIG_IP_MULTIPLE_TABLES (Networking/IP: policy routing)

These enable filtering based on the source address, as opposed to
being restricted to only the destination address (default).

Verify they are enabled in your kernel:

$ grep -e CONFIG_IP_ADVANCED_ROUTER -e CONFIG_IP_MULTIPLE_TABLES
/usr/src/linux/.config
  CONFIG_IP_ADVANCED_ROUTER=y
  CONFIG_IP_MULTIPLE_TABLES=y

To enable the above 2 items in the kernel, run make menuconfig in the
/usr/src/linux directory. Navigate to Networking --> Networking
options and change "IP: Advanced router" and "IP: policy routing" to
[*]. Save your changes and run make && make modules_install. Double
check the items are enabled by running the grep command above again.
[edit] Software Support

You will need to emerge iproute2. ifconfig cannot handle multiple
routing tables, nor can it handle a number of other things that
iproute2 can, so using iproute2 instead is a good idea anyway.
[edit] Configuration

    * edit /etc/iproute2/rt_tables and add the following line. You may
call the table anything you liked, I chose dns for this example as
that was the purpose of the secondary IP:

100     dns

    * edit /etc/conf.d/local.start and add the following line. This is
necessary because Gentoo's net init scripts do not yet support ip
rules (AFAIK) (you can use "postup" function (see
/etc/conf.d/net.example):

ip rule add from <secondary ip> table dns

    * edit /etc/conf.d/net so it looks like this:

modules=( "iproute2" )
config_eth0=(
        "<primary ip>/<nm> brd <primary broadcast>"
)
config_eth1=(
        "<secondary ip>/<nm> brd <secondary broadcast>"
)
routes_eth0=(
        "default via <primary gateway>"
)
routes_eth1=(
        "127.0.0.0/8 dev lo table dns"
        "default via <secondary gateway> table dns"
)

For example "<primary ip>/<nm> brd <primary broadcast>" should look like :

123.124.125.3/24 brd 123.124.125.255

[edit] Notes

    * You can do this all on one interface, like so:

modules=( "iproute2" )
config_eth0=(
        "<primary ip>/<nm> broadcast <primary broadcast>"
        "<secondary ip>/<nm> broadcast <secondary broadcast>"
)
routes_eth0=(
        "default via <primary gateway>"
        "127.0.0.0/8 dev lo table dns"
        "default via <secondary gateway> table dns"
)

    * You will also want to add any other routes for internal LANs,
etc. to the dns table, i.e like so:

routes_eth3=(
        "10.0.0.0/8 table mx"
)

[edit] Credit and Links

This article was originally written by Casey Allen Shobe for
SeattleServer.com, based on information from the Linux Advanced
Routing and Traffic Control HOWTO, simplified and tailored to Gentoo.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug