Multi Homed Router 141115170345 Conversion Gate01
description
Transcript of Multi Homed Router 141115170345 Conversion Gate01
Company LOGO
www.getclouder.com
Run Two ISPs in Your Home (Multihomed Router)
Marian (HackMan) MarinovCEO of 1H Ltd.CTO of GetClouder Ltd.
www.getclouder.com
Why multihoming?
• Failover
• More capacity
• Faster connections
• Cheaper connections
• Why not both?
Chapter 1
Multihoming
www.getclouder.com
Assumptions
• You already know how routing is done on the Internet
• You know what are the iptables tables• filter
• mangle
• nat
• You already know what NAT is and how it works
• Forwarding is enabled and allowed in the router
Chapter 1
Multihoming
www.getclouder.com
Usual setup
main routing table10.0.0.0/24 dev eth2 src 10.0.0.177.70.33.0/24 dev eth0 src 77.70.33.12default via 77.70.33.1 dev eth0
iptables -t nat -A POSTROUTING -j SNAT \ -s 10.0.0.0/24 -o eth0 --to 77.70.33.12
Chapter 2
Setup
www.getclouder.com
Multiple routing tables
ISP1: 10.0.0.0/24 dev eth2 src 10.0.0.1 77.70.33.0/24 dev eth0 src 77.70.33.12 default via 77.70.33.1 dev eth0ISP2: 10.0.0.0/24 dev eth2 src 10.0.0.1 83.12.21.0/24 dev eth1 src 83.15.21.65 default via 83.15.21.254 dev eth1
Chapter 2
Setup
www.getclouder.com
How to create iproute2 routing tables
Chapter 2
Setup
$ cat /etc/iproute2/rt_tables# reserved values255 local254 main253 default10 isp120 isp20 unspec
www.getclouder.com
How to add routes into the new routing tables
Chapter 2
Setup
ip r a 10.0.0.0/24 dev eth2 t isp1ip r a 10.0.0.0/24 dev eth2 t isp2
ip r a 77.70.33.0/24 dev eth0 t isp1ip r a 0/0 via 77.70.33.1 t isp1
ip r a 83.12.21.0/24 dev eth0 t isp2ip r a 0/0 via 83.15.21.254 t isp2
ip r a == ip route add t == table
www.getclouder.com
How to guide the traffic to enter these tables
Chapter 2
Setup
ip ru a from 77.70.33.12 t isp1 ip ru a from 83.15.21.65 t isp2
ip ru a == ip rule add t == table
www.getclouder.com
Separating the clients from the home network
Chapter 2
Separation
• Manually• based on source IP
• based on destination IP
• based on protocols
• Automatic• statistic (random,nth)
• recent
• time based
• Route based
www.getclouder.com
Manually separating clients
Chapter 2
Separation
• based on source IPip rule add from 10.0.0.x table isp1
• based on destination IPip rule add to 192.168.0.x table isp1
• based on protocolsiptables marking per protocol
www.getclouder.com
CONNMARK
Chapter 2
Separation
iptables -A POSTROUTING -t mangle -j CONNMARK --restore-markiptables -A POSTROUTING -t mangle -m mark ! --mark 0 -j ACCEPTiptables -A POSTROUTING -p tcp --dport 21 -t mangle -j MARK --set-mark 1iptables -A POSTROUTING -p tcp --dport 80 -t mangle -j MARK --set-mark 2iptables -A POSTROUTING -t mangle -j CONNMARK --save-mark
Automatically separate clients between uplinks
● Statistic
iptables -t mangle -A PREROUTING -j MARK --set-mark 2 -o dev_ips2 -m statistic --mode random --probability 0.2
iptables -t mangle -A PREROUTING -j MARK --set-mark 1 -o dev_ips1 -m statistic --mode nth --every 2 --packet 0
iptables -t mangle -A PREROUTING -j MARK --set-mark 2 -o dev_ips2 -m statistic --mode nth --every 2 --packet 1
Automatically separate clients between uplinks
● Statistic
-j MARK --set-mark 1 -o dev_ips1 -m statistic --mode nth --every 4 --packet 0
-j MARK --set-mark 1 -o dev_ips1 -m statistic --mode nth --every 4 --packet 1
-j MARK --set-mark 1 -o dev_ips1 -m statistic --mode nth --every 4 --packet 2
-j MARK --set-mark 2 -o dev_ips2 -m statistic --mode nth --every 4 --packet 3
Automatically separate clients between uplinks
● recent
-m recent --name ballanced --rcheck --seconds 300 -j MARK --set-mark 2
-m recent --name ballanced --set -j MARK --set-mark 1● time based
-m time --timestart 09:30 --timestop 17:30 --days Mon,Tue,Wed,Thu,Fri
Automatically separate clients between uplinks
● route based
ip route add default scope global \
nexthop via $gw_isp1 dev $dev_isp1 weight 1 \
nexthop via $gw_isp2 dev $dev_isp2 weight 1
www.getclouder.com
Source NAT - Set the outgoing IPs
iptables -t nat -A POSTROUTING \ -o $dev_isp1 -j SNAT --to $ip_isp1iptables -t nat -A POSTROUTING \ -o $dev_isp2 -j SNAT --to $ip_isp2
SNAT
Chapter 3
www.getclouder.com
Additional documentation
http://lartc.org/howto/lartc.rpdb.multiple-links.htmlLink Status Monitor http://lsm.foobar.fi/If you are interested... Julian Anastasov's patches: http://www.ssi.bg/~ja/#routes
Chapter 4
Conclusion
www.getclouder.com
Q & A
Marian (HackMan) Marinovmm <> 1h.com
Jabber: [email protected] HackMan #iseca #softuni
Chapter 5
Questions