-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Feizhou Sent: Thursday, July 19, 2007 3:13 AM To: CentOS mailing list Subject: Re: [CentOS] Multiple WAN link -- CentOS Suitability
-- Is it possible/hard/easy/trivial to share the load
between the two
connections? Have either link fail and things still work correctly?
http://en.wikipedia.org/wiki/Autonomous_system_(Internet)
Two connections from two different ISPs? You need a ASN. (not for load sharing...this is primarily to handle link failures)
Well you don't really need to go as far as ASNs and BGP routing to make it work, but it is tricky. ASNs and BGP routing really plays into incoming connections during a link failure, but there are ways to work around that via DNS tricks. Think about running 2 instances of bind on the host, one for internal DNS/caching, the other for external DNS queries to your host.
The tricky part is to make a host entry appear and disappear when a link goes up/down, which will need to be verified somehow.
-- What are the implications of two pipes for incoming
connections such
as DynDNS based remote desktop or VNC, or web server, FTP, etc
Incoming connections will hit either IP and use that IP for the duration of the connection provided that you have a DNS entry that round robins...
Yes, here lies the tricks, you will need round-robin DNS for just about every site you publish via DNS. For records that take a weight (MX, SRV, etc) publish 2 entries with equal weights.
Like Feizhou said these will be per-connection load-balanced and not per-packet, which would be impossible in this scenario and load-balanced will not mean that the load will be evenly distributed either as DNS lookups are cached everywhere.
The basic hardware layout I see is 3 nics, 1 GB RAM, 60 GB
disk space.
1 NIC for each WAN port, 1 NIC for my local net, some recent CPU.
I have been browsing through the "Linux Advanced Routing & Traffic Control HOWTO," but am still not on top of how to get done what I'm looking for. I understand that there are probably products
that I could
buy to do this, but my preference is to do it myself.
I do have a box that has two connections from two different ips. I basically forget about load sharing. I setup multiple routing tables, some ip rules and basically assigned one link for vpn and server activity while the other link is used for office Internet connectivity and a few small things are shared like DNS. Nothing fancy...
I believe there may be a way with later kernels to put entries for 2 default routes of equal weight to each interface that will round-robin, but I haven't tried that, as when I have that kind of scenario I usually go to Cisco. I don't know what magic would be required though in ip tables to get this to work...
If not you will have to look into Squid and it's bag of tricks to help balance outbound web/ftp traffic and pick a primary/backup route for all non-proxied traffic.
-Ross
______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.