Help with link Load Balancing scenario
Just recently I´ve installed a second link in my Debian 4.0 border firewall.
Now, I have the following design:
eth1 ------------------ ISP1 Router ---------------- Internet
eth2 ------------------ ISP2 Router ---------------- Internet
Both links are operational. Here´s how I configured this:
ip route add <ISP1_network> dev eth1 src <eth1_IP> table 1
ip route add <ISP2_network> dev eth2 src <eth2_IP> table 2
# Here I´ve created the local route for communication between interfaces and routers
ip route add default via <ISP1_Router_IP> table 1
ip route add default via <ISP2_Router_IP> table 2
# Here I´ve created the default routes for both routing tables
ip rule add from <eth1_IP> table 1
ip rule add from <eth2_IP> table 2
# Here I´ve created a set rules so everything goes it´s correct routing table
ip route add default scope global nexthop via 220.127.116.11 dev eth1 weight 1 nexthop via 18.104.22.168 dev eth2 weight 1
# Here I´ve created a default global route so both paths are used equally
And that´s it. I´ve also created some rules for marked packets, but since that´s a very specific need, and it works, I don´t see why to put it here.
This config actually works pretty well, but with two problems.
1. Using tcpdump in both eth1 and eth2, I sometimes (actually, more frequently than I´d prefer) I get some connections trying to go out through eth1 using eth2´s IP and going through eth2 using eth1´s IP. I thought my rules to be correct, but it seens I´m wrong.
2. Did some tests (shutting down one of the routers, stuff like that) to check the failsafe. When I do that, all connections become veeeery slow, and mostly stop working. I´ve noticed some connections still going out through the link I´ve just dropped. One solution was killing the multipath route and just setting a default one through the other ISP. Altough I believe I can try and turn it into an automatic process, I´d prefer to try something more dynamic. Any suggestions?
Thanks everyone for the attention.