[ILUG] Routing.

Paul Jakma paulj at alphyra.ie
Thu Jan 17 18:34:34 GMT 2002 

On Wed, 16 Jan 2002, Thomas Bridge wrote:

> Thatss all very well, but that solution isn't resilient in a
> failure of the ISP2 connection.  Although ISP1 will let you send
> packets with an ISP2 source interface, if the ISP2 link goes down
> you've no way to get the packets with a destination address of
> ISP2.

in a way, yes, the nat on the routers solution'd be more resilient. or 
at least far easier to change your host routes if one link goes down.

still though, wouldnt you need to be running a routing protocol to 
transparently failover routes? eg, the linux host can do dead gateway 
detection, but if the problem is something other than the router being 
dead, that wont help.

ie, i think you'd need at least a routing protocol between the 2 
routers, to detect line failures. even better between the 2 routers 
/and/ their respective isp routers.

(i /think/..)

> I'm not sure about NAT on the Cisco routers - I mentioned it to
> Paul in an email a couple of days ago, but I think there are
> design issues around this.

it's amazing the way ILUG has this amazing tendency to always host
threads on subjects only days /after/ you've been looking at it. :)

i've still to setup nat on the routers, will post up the exact linux
and cisco details when done. (i've setup nat one one router, but i
cant yet verify that it is working, ie i wont know till someone
complains it doesnt work. but it /should/ be similar to what i posted
up before)

the linux side, in shell (i've edited what i used - which works - and
added a few bits that i had done manually, so consider it not
completely tested. :) ):

############setup the table and realm names
localrealm="mynet"

for H in isp1 isp2 ; do
	id=$(($id+50))
	echo "$id $H" >> /etc/iproute2/rt_tables
	echo "$id $H-pa" >> /etc/iproute2/rt_realms
done

echo "$(($id+1)) $localrealm" >> /etc/iproute2/rt_realms

############setup the isp specific routing tables
###########it's assumed that the 'main' table is already setup
isp1-gw=......
isp2-gw=......
ip ro add default via "$isp1-gw" table isp1
ip ro add default via "$isp2-gw" table isp2


#####setup the ip rules to point isp1 and isp2 sourced packets that 
#####are /not/ local to use the isp1 and isp2 routing tables 
#####respectively
pref=10000 
#my local networks
nets="10.0.0.0/8 172.16.0.0/12 192.168.0.0/16"
isp1-range=y.y.y.y/x
isp2-range=m.m.m.m/n

normalIFS="${IFS}"
customIFS=":"

#########setup local traffic to use the main routing table
for net in $nets ; do 
        IFS="$customIFS"
        rules="to $net:from $net:from $isp1-range to $net:from \
		$isp2-range to $net"
        for rule in $rules; do
                IFS="${normalIFS}"
                ip rule add $rule pref $pref lookup main realm 
                pref=$(($pref+100))
                IFS="${custIFS}"
        done
done

#########setup isp1/isp2 traffic that is not local to use isp specific 
#########tables
pref=$(($pref+100))
ip ru add $pref from $isp1-range lookup isp1 realm isp1-pa
pref=$(($pref+100))
ip ru add $pref from $isp2-range lookup isp2 realm isp2-pa

#########flush cached route lookups
ip ro flush cache

#########

and that's about it..

that gives you local traffic using table 'main', but with the realm 
set (rtacct should give stats on per realm traffic stats). non-local 
traffic will use a per-isp routing table.

NB: you still need nat on the routers if the ISPs wont allow traffic 
from anything but the address range they assigned to you. 

> T.

regards,

--paulj

More information about the ILUG mailing list