A local network 192.168.2.0 divided into two physically separated subnets (upper half, lower half)
One ADSL router 192.168.2.1 with some ports redirected to a server 192.168.2.2
One fiber router 192.168.4.1
The goal:
-Incomming connections must reach 192.168.2.2 through adsl router
-Outgoing connections must be balances through adsl and fiber routers
-Bandwith control so each of the subnets must have half bandwith reserved.
I’m thinking on two different solutions:
A hardware solution with a broadband router, something like TL-ER5120 or similar
software solution using LVS in the 192.168.2.2, this case I think should be something like this:
Change ADSL IP to something like 192.168.3.1
Add two network cards to server, for instance 192.168.3.2, 192.168.4.2 (plus the actual 192.168.2.2, with an alias 192.168.2.1)
-Connect this way
If you want to “roll your own” AFAIK this is “the” reference for many, many years http://lartc.org/lartc.html
On the other hand, if you’d rather just buy a device that’s easy to set up, there are many devices, a few years ago you could get them as cheaply as maybe $60 (but of course, that was relatively slow, maybe 100mbit). I haven’t looked around recently to see what is available at what price.
The setup to avoid which everyone experiments with (even I experimented years ago) is to simply set up the two Internet Gateways connected to your network with no special configuration. I even experimented with setting different router priority values.
The problem of course with these simple setups is that TCP/IP is a 2-way communication protocol, so every session has to use only one Gateway, you can’t for example receive a packet through Gateway 1 and respond through Gateway 2 (The packet will be dropped when it reaches its destination).
At least setting an extremely different router priority forces all traffic through one router and only when there is enough latency (router down?) then traffic is routed through the second Gateway. But, if the cause is intermittent but heavy congestion or for some reason the main router isn’t entirely down, then you will have problems. This scenario only works somewhat using the second Gateway as an ordinarily unused backup, you can’t use both simultaneously for load balancing or partial backup.
I have done something similar to what I was thinking at first. It’s a temporary solution.
I have not changed my network so it continues to be 192.168.2.0 network, my gateway 192.168.2.1, a ADSL router with ports redirected to 192.168.2.2 server using NAT
I have a connection to a fiber router 192.168.4.1.
Then I put a new ethernet on the server. 192.168.2.2 is eth0 and the new card 192.168.4.2 is enp3s6
Then I edited /etc/iproute2/rt_tables adding the two last lines, creating two new routing tables called adsl and** fiber**
root@tutatis:/imagenes/scripts> cat /etc/iproute2/rt_tables
#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
#1 inr.ruhep
#two routing tables added for load balancing
1 adsl
2 fiber
Then I created a script called routing.sh
#!/bin/bash
# NET 192.168.2.2 and default route through localnet and ADSL
ip route add 192.168.2.0/24 dev eth0 src 192.168.2.2 table adsl
ip route add default via 192.168.2.1 table adsl
# NET 192.168.4.2 and default route through fiber
ip route add 192.168.4.0/24 dev enp3s6 src 192.168.4.2 table fiber
ip route add default via 192.168.4.1 table fiber
ip rule add from 192.168.2.2 table adsl
ip rule add from 192.168.4.2 table fiber
#I delete the previous default route
ip route del default
#and I create the new default route with load balance
ip route add default scope global nexthop via 192.168.2.1 dev eth0 weight 1 nexthop via 192.168.4.1 dev enp3s6 weight 10
Then I give the script executions rights
chmod +x routing.sh
And I run it.
Previously as I was testing it remotely I did
shutdown -r +15
just in case
When it worked I added it to the boot script /etc/rc.d/after.local
Then I installed squid listening at port 3128.
As it is now, incomming connections come to the server through ADSL router as it was before, outgoing connections go out through adsl too, but server outgoing is balanced between the two connections and anyone who configures his cokmputer to use 192.168.2.2 as a proxy will be balanced too.
Just make sure you adhere to the principles I described earlier…
Any session requires the 2-way TCP/IP connection to use the same Internet Gateway.
Client and Server must resolve the other machine’s name consistently the same way (eg the remote client can’t resolve your local machine using the non-fibre connection, then later resolve your machine’s name using the fibre connection in the same session)
A hint might be that you can’t think only of your connection from the perspective of your local machine with the 2 Internet gateways, you also have to think about the perspective how the remote machine is looking at your local machine, is it consistent or not?