ARTICLE

Ask Dr. UN*X Continued
Contributed by Brian Wilson in Network on 2006-03-13 16:04:08
Page 7 of 8

Making the new commands sticky

Once the new routing table and the new rule are in place, packets coming in on the new DSL line will be routed back out the same line and all is well. But a reboot now will reset things to the previous state. On Trustix, I put the commands in a script in /etc/sysconfig/iptables-ipv4.d/ called "routing.sh" and make it executable; any executable script in this directory is run at boot time. I think this will work on other relatives of Redhat including Fedora and SUSE. On Ubuntu and its Debian-based cousins, you can put networking scripts in the /etc/network/ifup.d directory, but you create a separate script in /etc/init.d that can set up routing and firewalling and set it to run after /etc/init.d/networking. I haven't done much work with complex routing setups on Debian, as I prefer to use Trustix on servers. Refer to the update-rc.d man page on Debian systems.

Load balancing

When I originally embarked on learning advanced routing, it was to balance traffic from a LAN with around 300 nodes over several DSL lines. I am still working on it. If you want more information on load balancing see the iproute manual, especially section 4.2. (See "resources" section below.)

If you are thinking you will get twice the bandwidth on your desktop system if you add a second line, think again. Load balancing won't work very well. You can do a form of round-robin load balancing; each new outbound connection is routed to the next available line. The problem with this approach is that the route for each connection becomes associated with that one line (because the routes are cached). If you start a download from a site, all traffic will come over that one line; your download speed will be exactly the same whether you have one connection or 50. If you start a second simultaneous download from the same site, it too will use the same DSL line.

The only way this form of balancing can help is if you have many users all accessing many different sites through a central router. This is the approach that I am working on now.

I hope this article helps you to better understand the relationship between the ip rules and the ip routing tables. It seems simple to me now but it took Dr. Un*x many hours to figure it out.



Article Index
Ask Dr. UN*X Continued
Just what is routing?
Where do the IP addresses come from?
Revealing your routing tables
Adding the second line
How can I have two default routes?
Making the new commands sticky
Further resources
 
Discussion(s)
Great intro - but I've having an annoyi
Written by brighton36 on 2006-03-18 00:52:00
I've been using a multipath routing setup for my office for a while now. SO far, its been largely ok. The problem is that with some types of traffic my connections that should be established, oddly cease to be . SSH and IM are the two biggies. Its very frustrating. My guess is that the route tables are cleaned up, and the existing , established connection is attempted to connect out the alternate line that it was previously set at. Does anyone have this problem? Any ideas as to how to fix this? I've seen a number of other people ask in different forums, but no great solutions have been forthcoming.
Discuss! Reply!

thanks!
Written by kris on 2006-04-07 18:16:47
I just want to thank you people for writing so comprehensive and knowledgeable. All the other guides have been great; will read this one in a bit.

thanks for the effort! :)
Discuss! Reply!

good, simple info
Written by richard on 2006-03-27 20:36:27
Good to see a simple exlanation of what's going on. I'm setting up two ADSL connections to service my network through a router running FC4. I've got the routes part working (i hope) but I'm wondering how I can firewall both connections. I get the second ADSL modem today so I can see if the routing is working but I would appreciate some help on what I need to do re the firewall. I'm currently using firewall=iptables which is working fine but only has settings for one external and one internal interface. Can I set up a second external interface in the one script and duplicate the rules as required or should I set up a second firewall script? Any tips welcome
Discuss! Reply!