| View previous topic :: View next topic |
| Author |
Message |
doh_
n00b
Joined: 18 Mar 2004
Posts: 3
|
 Posted: Thu Mar 18, 2004 2:51 pm Post subject: Multiple interfaces and gateways |
 |
|
Hi there..
I have a system with two nics in.. eth0 and eth1.. They are connected to each their network and internet connection.. eth0 is connected to a cooperate network with a gateway at the ip 10.23.1.1.. eth0 have ip 10.23.4.190 and a netmask of 255.255.0.0.. The gateway is needed to gain internet access..
eth1 is connected directly to a ADSL router with the ip 192.168.1.1, the interface itself have 192.168.1.60 and netmask 255.255.255.0..
Now my problem is that i want to use both interfaces to get internet access at the same time (like bundling the connections to gain more speed). So far i tired adding two default routes (im not sure thats intended to work), one for eth0 and one for eth1 each pointing to their respective gateways.. This worked fine too, using both connections at the same time.. for a while.. then both connections died and they wouldnt come back until i closed one of the interfaces. Also /etc/conf.d/net doesnt support two gateways, so i guess im not supposed to add two default gateways? Anyway, any ideas how i could make this work?
Thanks! |
|
| Back to top |
|
 |
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Thu Mar 18, 2004 2:59 pm Post subject: |
|
|
Think about what you're doing for a bit:
Two default gateways.
That's an oxymoron, isn't it ?
No, a node (system, host) on a network can only ever have one default gateway - any other connectivity you need has to be defined as static routes.
You cannot use both these connections at once to increase your internet speed or connectivity - they're both completely different types of connections, and one isn't even connected directly to your box.
Okay, there are tricks like ARP spoofing and such - check these out if you like, but that's really not the way it's supposed to work, and it'll break in ways you never dreamed of.
It's hardly a problem, too - just go with the fatsest 'net connection.
If you control both these Internet connections, things are a little different - you might run a (squid) proxy server on one of them (the slowest) and do all your browsing through there.
Then you can dedicate the other (default) connection to heavy downloads and p2p nonsense and the like.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
doh_
n00b
Joined: 18 Mar 2004
Posts: 3
|
| Posted: Thu Mar 18, 2004 3:30 pm Post subject: |
|
|
| It just annoys me that i can get it working WITH two default gateways (no matter how absurd it sounds, but route did show two, one for eth0 and one for eth1), just not for very long... The reason i dont just go with one of them, is that the connection at eth0 is much faster (read 400KB/sec) then eth1 (32KB/sec). However the catch is that on eth0 everything have to go trough a http proxy, and that only supports http, which means i cant do rsync, ftp or anything else, which is why i need the ADSL connection on eth1. |
|
| Back to top |
|
|
kashani
Advocate
Joined: 02 Sep 2002
Posts: 2032
Location: San Francisco
|
| Posted: Thu Mar 18, 2004 8:02 pm Post subject: |
|
|
Two default gateways DOES work and is an acceptable solution. A default route is not special in any case other than it is the least specific route. It's actually in large ISP cases refered to as the gateway of last resort. I'd probably add one of them into rc.local and let the other be set out of /etc/conf.d/net.
As to why it might have broken, are the two networks sepereted logically or physically from each other? 10. network is on one switch and the 192. network on another. Sometimes if both are on the same vlan/switch/whatever strange things happen.
Anything odd in your logs? Next time it happens try pulling one of the routes and see if it goes away. That might point us in the right direction.
I do wonder how you're getting the rsync/ftp/etc to go one way and http to go the other. Or does it just fail enough times that it defaults to the correct gateway and relies on Linux keep the connection on the same interface which is default behavior.
kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape. |
|
| Back to top |
|
|
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Fri Mar 19, 2004 8:23 am Post subject: |
|
|
| kashani wrote: | | Two default gateways DOES work and is an acceptable solution. |
Are you sure you know what you're talking about ?
This solution may well work, yes, but only if the TCP/IP mechanisms just happen to choose one - either at random or according to some sort of logic.
This is not part of the TCP/IP protocol, so you cannot depend on it working anywhere else - at all.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
kashani
Advocate
Joined: 02 Sep 2002
Posts: 2032
Location: San Francisco
|
| Posted: Fri Mar 19, 2004 9:37 am Post subject: |
|
|
adaptr,
in this case it's you that is mistaken. You should not be so quick to empatically make claims about something you don't understand.
You're right multiple default gateways isn't part of TCP/IP because TCP/IP doesn't give a flying fig. There is nothing special about a default gateway in TCP. Default gateway is just a fancy way of saying "route 0.0.0.0/0 that'a way." You can have mutiple routes to any destination. If this didn't work, then the Internet would be broken.
Linux will round robin between the gateways just like any other OS or router. Generally the default for almost all devices to is to use per connection round robin, ie once a connection picks a route it sticks with it. You can set per packet round robin, but that tends to funky in many cases.
kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape. |
|
| Back to top |
|
|
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Fri Mar 19, 2004 10:44 am Post subject: |
|
|
| kashani wrote: | adaptr,
in this case it's you that is mistaken. You should not be so quick to empatically make claims about something you don't understand. |
True, but hmmm...maybe.
| kashani wrote: | | You're right multiple default gateways isn't part of TCP/IP because TCP/IP doesn't give a flying fig. There is nothing special about a default gateway in TCP. Default gateway is just a fancy way of saying "route 0.0.0.0/0 that'a way." |
Again, very true.
| kashani wrote: | | You can have mutiple routes to any destination. If this didn't work, then the Internet would be broken. |
And here is where I beg to differ.
This is both true and false, in that it is true for a quirky implementation such as the Linux TCP/IP stack, which tries to combine functionality of hosts, routers and level 2 bridging.
Quite successfully too, as it happens - which is why we all love it 
But no, the Internet doesn't work this way; while it's true that most AS border routers have multiple routes to their destinations, these are in no way default routes - they're all deterministic, whether static or dynamic - they point to a defined set of subnets.
The round-robin (or other, better) algorithms these devices use to route packets are actually purposefully programmed in, and not in any way the result of blindly plugging in routes.
Note that that's what I'm talking about - the OP has two 'net connections, and wants to use both, so he plugs both in as defaults.
My comment was merely predicated on the fact that that's not the best way to do it, not on whether it works or not.
| kashani wrote: | | Linux will round robin between the gateways just like any other OS or router. |
Hardly.
This depends on the particular hardware, the routing protocols used, and a host of other possible factors one may or may not include.
All the more complex routing protocols support programmable route determination, using multiple criteria for whether or when to use another route in preference to the "default" one.
Round-robin is just one of many possible algorithms.
| kashani wrote: | Generally the default for almost all devices to is to use per connection round robin, ie once a connection picks a route it sticks with it. You can set per packet round robin, but that tends to funky in many cases.
kashani |
Ah - the default.
Possibly, but I don't think many multi-gigabit ATM clouds use default values.
Let's not get into a fight over this - the actual specs are a leetle too complicated to put into less than a book-sized post.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
kashani
Advocate
Joined: 02 Sep 2002
Posts: 2032
Location: San Francisco
|
| Posted: Fri Mar 19, 2004 11:43 am Post subject: |
|
|
Jeez where to start this this abomination.
| adaptr wrote: |
| kashani wrote: | | You're right multiple default gateways isn't part of TCP/IP because TCP/IP doesn't give a flying fig. There is nothing special about a default gateway in TCP. Default gateway is just a fancy way of saying "route 0.0.0.0/0 that'a way." |
Again, very true.
| kashani wrote: | | You can have mutiple routes to any destination. If this didn't work, then the Internet would be broken. |
And here is where I beg to differ.
This is both true and false, in that it is true for a quirky implementation such as the Linux TCP/IP stack, which tries to combine functionality of hosts, routers and level 2 bridging.
Quite successfully too, as it happens - which is why we all love it
|
I don't know where you get the idea that the Linux TCP/IP stack is any different from anything else. It can handle equal cost paths like any other modern OS.
| adaptr wrote: |
But no, the Internet doesn't work this way; while it's true that most AS border routers have multiple routes to their destinations, these are in no way default routes - they're all deterministic, whether static or dynamic - they point to a defined set of subnets.
|
Assuming you'd like your network to stay online during network outages by one of your providers you will have multiple paths to every subnet. If you don't then there isn't much point in running BGP. Might as well just static 0.0.0.0/0 to a single provider and be done with it. Also you'd want your providers to announce that 0.0.0.0/0 as well as their more specific routes to you in case the network you're trying to get to isn't in BGP. That happens more than anyone likes to admits.
| adaptr wrote: |
The round-robin (or other, better) algorithms these devices use to route packets are actually purposefully programmed in, and not in any way the result of blindly plugging in routes. |
When you set two default routes you are creating two routes to 0.0.0.0/0 via different gateways with the same cost. There is nothing special about this. You have two equal static routes and since your OS supports this it'll use both equally.
| adaptr wrote: |
Note that that's what I'm talking about - the OP has two 'net connections, and wants to use both, so he plugs both in as defaults.
My comment was merely predicated on the fact that that's not the best way to do it, not on whether it works or not. |
You said "No, a node (system, host) on a network can only ever have one default gateway." I pointed out this was less correct and then went on to say that while it would work I was concerned about how he was directly the traffic. You're flat out wrong here.
| adaptr wrote: |
| kashani wrote: | | Linux will round robin between the gateways just like any other OS or router. |
Hardly.
This depends on the particular hardware, the routing protocols used, and a host of other possible factors one may or may not include.
All the more complex routing protocols support programmable route determination, using multiple criteria for whether or when to use another route in preference to the "default" one.
Round-robin is just one of many possible algorithms. |
blah blah two static routes of equal cost. blah blah equal cost blah blah Linux will round robin. blah blah there is no routing protocol so we can ignore any fanciful complications anyone would like to imagine. Routing is only as complicated as you want to make it.
| adaptr wrote: |
| kashani wrote: | Generally the default for almost all devices to is to use per connection round robin, ie once a connection picks a route it sticks with it. You can set per packet round robin, but that tends to funky in many cases.
kashani |
Ah - the default.
Possibly, but I don't think many multi-gigabit ATM clouds use default values. |
Yes, because when you're pushing gigs of traffic I want my router sitting there and alternating the packets instead of alternating flows which is much simpler. That'd be a nice way to overload your router. So yes a muti-gigabit ATM cloud, now there's an oxymoron, would use per connection and not per packet.
If you want to continue this I suggest we take it offline and in the future that you verify any other routing gems before posting them.
kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape. |
|
| Back to top |
|
|
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Fri Mar 19, 2004 12:29 pm Post subject: |
|
|
Hmmm it'll probably take me some time to get my head around this.
There always seems to be a bigger truth around the corner.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
doh_
n00b
Joined: 18 Mar 2004
Posts: 3
|
| Posted: Mon Mar 22, 2004 7:29 am Post subject: |
|
|
heh, what a discussion this has lead to...
Anyway, if this shouldnt work, how come it does perfectly (for a while)?
kashani:
I bind rsync/ftp/http to the interface i want to use.. eg for wget: "--bind-address=10.23.4.190"
What logs should i be looking at? i dont see anything there.
Oh, and the networks are physically sepereted.
My routing table:
| Code: | Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
10.23.0.0 * 255.255.0.0 U 0 0 0 eth0
loopback localhost 255.0.0.0 UG 0 0 0 lo
default 10.23.1.1 0.0.0.0 UG 1 0 0 eth0
default 192.168.1.1 0.0.0.0 UG 1 0 0 eth1 |
i dont know what metric i should use, could it have anything to say? |
|
| Back to top |
|
|
kashani
Advocate
Joined: 02 Sep 2002
Posts: 2032
Location: San Francisco
|
| Posted: Wed Mar 24, 2004 7:38 am Post subject: |
|
|
Hmm I've been thinking about this for a bit and haven't come up with anything. I did set my box up with two default gateways to make sure it would work. No problem since Friday though they're both standard ether and the same card type.
Can you be a bit more specifc on how things break? Can you still ping bith gateways when it happens? Do nslookups or digs? Does taking down either interface fix the problem or just a particular one?
kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape. |
|
| Back to top |
|
|
Sir_Chancealot
n00b
Joined: 08 Jan 2004
Posts: 63
|
| Posted: Fri Mar 26, 2004 5:32 am Post subject: |
|
|
| Can linux (insert whatever they are calling their router/firewall filtering/forwarding this year) route based on port? If so, another linux box with two nics acting as the router would be ideal. You can route it based on the port number of the packet. I know how to do something like that in netware, but don't have enough knowledge to do it in Linux. If it does do that, you could possibly even set it up on the PC in question, though I can see where there might be some issues with that. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
