关于双网卡,多路平衡的问题解答

由 shihao 在 08-29-2003 00:17 发表:

关于双网卡,多路平衡的问题解答

源文在 http://www.samag.com/documents/s=18...0201h/0201h.htm

摘录相关如下:

=======================================

Redundant Internet Connections Using Linux

Seann Herdejurgen

With the advent of high-speed Internet links from Internet Service Providers (ISPs), it’s easier for users to host services on their home computers. But what happens when your ISP connection goes down? An obvious solution is to have a redundant Internet connection from another ISP. To help set up a Linux host with redundant Internet connections, this article covers the following essentials:

1. Configuring the host to properly handle inbound network connections from multiple ISPs

2. Load-balancing outbound network connections

3. Configuring various services to enable redundancy

4. Configuring firewall protection using ipchains or iptables

Figure 1 depicts the home computer network configuration that is referred to throughout this article. The Linux host in Figure 1 acts as a firewall between two separate connections to the Internet and an internal LAN. In this case, Ethernet interface eth1 uses DSL and Ethernet interface eth2 uses a cable modem. The Linux host load balances outbound network connections across the two ISPs. The ability to load balance between two ISPs is not restricted to high-speed network links. These same techniques can also be used to load balance between two dial-up connections.

The host used for testing the configuration in Figure 1 was a dual-processor Intel Celeron, 533-MHz computer running Red Hat 6.2 with Linux kernel 2.2.18. It has also been tested under Red Hat 7.1 with Linux kernel 2.4.13. The configuration in this article does not require a dual-processor system, nor does it require a 533-MHz CPU. You can recycle your old Pentium 100 system with 32 MB of RAM to be your firewall. Some examples presented throughout this article are specific to Red Hat, but they can be easily modified to work with other Linux distributions.

The scope of this article precludes providing the step-by-step details on configuring Ethernet cards, compiling Linux kernels, or configuring DNS. Information on performing these tasks is readily available on the Internet and in numerous books. http://www.linuxdoc.org/ is a good starting point for information.

Kernel Configuration

Linux kernels 2.2 and above support advanced routing techniques that are required to provide load balancing and multiple default routes on a Linux host. The following kernel networking options must be compiled into the kernel to support multiple connections to the Internet:

CONFIG_IP_ADVANCED_ROUTER=y

CONFIG_IP_MULTIPLE_TABLES=y

CONFIG_IP_ROUTE_MULTIPATH=y

To access the advanced routing features of the new kernel, the iproute toolset must be installed. (It is now distributed with Red Hat 7.1) The iproute toolset is available from:

ftp://ftp.inr.ac.ru/ip-routing/

The iproute toolset provides two special commands for accessing advanced routing features — ip and tc. Documentation for the ip command is available at:

http://snafu.freedom.org/linux2.2/d...ef/ip-cref.html

Source IP Routing

By default, TCP/IP packets are routed by examining the destination IP address and checking for a route to the destination network in the routing table. The routing table can be viewed with the netstat -r command. If a route is found, the packet is sent to that network interface, otherwise the packet is sent to the default gateway. For most systems directly on the Internet, the default gateway is an ISP. In our case, this means that all outbound Internet connections go out of the DSL interface. This is not the desired behavior in an environment with redundant Internet connections. When you add a cable modem to the system, you don’t want your cable modem connections to respond using your DSL connection.

To solve this issue, we create multiple routing tables using the ip command. A routing table is selected based on the source IP address of the outbound packet. This is configured using the following commands:

Setup source IP routing rules for DSL

ip rule add from 63.89.102.157 lookup 1

ip route add 10.0.0.0/24 via 10.0.0.1 table 1

ip route add 0/0 via 63.89.102.1 table 1

Setup source IP routing rules for cable modem

ip rule add from 65.3.17.133 lookup 2

ip route add 10.0.0.0/24 via 10.0.0.1 table 2

ip route add 0/0 via 65.3.17.1 table 2

If an outbound packet is from source address 63.89.102.157 (DSL), then it looks at Routing Table 1, which has two entries:

> ip route list table 1

10.0.0.0/24 via 10.0.0.1 dev eth0

default via 63.89.102.1 dev eth1

The first line routes local traffic to the internal network, and the second line catches all remaining packets and sends them to the ISP over the DSL interface. Routing Table 2 for the cable modem interface behaves in the same fashion.

Load Balancing

To load balance outbound network connections from the internal network, the CONFIG_IP_ROUTE_MULTIPATH kernel option is used, which allows you to have multiple default gateways. It is set up by removing the default gateway from the /etc/sysconfig/network file and setting up the default gateway using advanced routing features with the following command:

ip route add default equalize

nexthop via 63.89.102.1 dev eth1

nexthop via 65.3.17.1 dev eth2

To view the advanced routing table, use the following command:

> ip route list

255.255.2

Published At
Categories with 服务器类
Tagged with
comments powered by Disqus