Multiple gateways.

This topic contains 7 replies, has 0 voices, and was last updated by  houkouonchi 8 years, 10 months ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #42367

    houkouonchi
    Member

    Is there anywhere to setup the gateways when using multiple IPs on multiple interfaces other than the netbalancer? Also I noticed that when you setup a gateway in the net balancer it seems you either set an IP or an interface (you can’t set both?). So what happens when you have two IPs on two interfaces that are both on the subnet and use the same gateway?

    #50168

    ppalias
    Member

    Multiple IPs are set in Netbalancer.
    You set an IP for static interfaces, such as ETH0X and interface for dynamic interfaces, such as PPPX.
    Can you do an example drawing with IPs for your case?

    #50169

    houkouonchi
    Member

    I am not exactly sure how to do a drawing but here is an actual example situation.

    Say you have:

    ETH00:
    IP: 1.1.1.20/24

    and:

    ETH01:
    IP: 1.1.1.21/24

    Both of these interfaces use the gateway 1.1.1.1. What I am confused about is how would you setup the netbalancer to do this as it ignores setting the interface when you set an IP. IE: the entry would be the same for both so how would it know what interface to send the traffic to?

    Also what if you don’t necessarily want load balancing but just have two connections (not balanced). I don’t see anywhere you can do this on zeroshell as I don’t see anywhere to set gateway IP addresses other than the net balancer (there is no option to do this in the network setup). You can only set the default GW but what about gateways that you don’t want as the default IE: it only to work when a program binds to that specific IP on that interface?

    I am not currently doing this is currently I have it setup like this:

    And the net balancer looks like:

    The thing I am worried about is what happens if ETH00,ETH01,ETH02, etc.. were all on the same subnet and thus all shared the same gateway. How does the netbalancer associate the gateway IP address with an interface? If it doesn’t (as it just assumes they will all be different) this appears to be a flaw to me or am I just missing something here?

    Basically I can use everything on different subnets right now as I am still doing testing where I can use whatever IPs I want but I am worried about in the actual setup that the internet connections of the other office might have two interfaces that are on the same subnet and thus have the same gateway IP address which I believe will cause problems.

    #50170

    atheling
    Member

    @houkouonchi wrote:

    I am not exactly sure how to do a drawing but here is an actual example situation.

    Say you have:

    ETH00:
    IP: 1.1.1.20/24

    and:

    ETH01:
    IP: 1.1.1.21/24

    Both of these interfaces use the gateway 1.1.1.1. What I am confused about is how would you setup the netbalancer to do this as it ignores setting the interface when you set an IP. IE: the entry would be the same for both so how would it know what interface to send the traffic to?

    Also what if you don’t necessarily want load balancing but just have two connections (not balanced). I don’t see anywhere you can do this on zeroshell as I don’t see anywhere to set gateway IP addresses other than the net balancer (there is no option to do this in the network setup). You can only set the default GW but what about gateways that you don’t want as the default IE: it only to work when a program binds to that specific IP on that interface?

    From a networking point of view, it is unusual to have multiple discrete interfaces on the same subnet like that. If they are on the same subnet then the router (on any machine, not just ZS) doesn’t have a good way to determine which interface to use.

    If more than one interface is on the same subnet I would expect them to be for performance (load balancing) or reliability reasons (failover). The way that is typically done is to set up the bonding interface which has a bunch of options on how to handle the failover detection and load balance. Then the IP level routing only deals with interface presented by the bonding driver. I have done this on other Linux boxes but not on Zeroshell. I do see a “new bond” button on the network setup page, so I guess that is where I’d start.

    #50171

    ppalias
    Member

    If you have 2 network interfaces in the same subnet, then you MUST bridge them. In some routers, e.g cisco, it is not allowed on a router to have such a configuration. So bridge the interfaces and the on the BRIDGE interface assign as many IPs/Netmasks you want and the Gateway will only one.

    #50172

    houkouonchi
    Member

    @ppalias wrote:

    If you have 2 network interfaces in the same subnet, then you MUST bridge them. In some routers, e.g cisco, it is not allowed on a router to have such a configuration. So bridge the interfaces and the on the BRIDGE interface assign as many IPs/Netmasks you want and the Gateway will only one.

    I don’t see how this would work in the case of a net balancer situation as you can’t really set the source IP (or source interface) so what would make it not always go out one interface? I would think you could do this with something like say you have:

    ETH00: 1.1.1.30/24
    ETH01: 1.1.1.40/24

    You could run something like:

    ip route add table line1 to default via 1.1.1.1 dev ETH00
    ip route add table line2 to default via 1.1.1.1 dev ETH01
    ip rule add from 1.1.1.30 table line1
    ip rule add from 1.1.1.40 table line2
    ip route add default scope global nexthop via 1.1.1.1 dev ETH00 weight 1 nexthop via 1.1.1.1 dev ETH01 weight 1

    Which would be load balanced but I see absolutely no way to get this behavior in zeroshell (load balance two connections that are on the same subnet).

    Am I missing something or are you just saying its not possible? I can easily see this situation arising if you wanted to load balance multiple connections all from the same ISP. It seems like this would be possible if when setting up the net balancer you chose both the gateway IP address *AND* the interface but not when you just chose one or the other.

    #50173

    atheling
    Member

    As I posted earlier in this thread the normal way to setup load balancing and/or failover on multiple ethernet interfaces on the same subnet is to use the bonding driver. You will end up with one IP address for the bond interface and it will accept traffic from any of the bonded interfaces. Traffic out depends on how you set up bonding but it can be load balanced and/or failover.

    A product that I developed code for commercially I used just that setup with CentOS (open source Linux equivalent to RedHat). We allowed the operator to group as many interfaces as they desired into one logical (bonded) interface for the purposes of reliability and greater throughput. It works well.

    I haven’t done bonding with ZS but I do see a bond interface option under the network setup. You might want to give that a try.

    Edit: Some of the bonding options require both ends of the connection be configured appropriately. You may need a commercial grade switch to properly support all bonding modes. But simple failover and at least one load balance mode are, if I recall correctly, compatible with consumer grade Ethernet switches.

    #50174

    houkouonchi
    Member

    @atheling wrote:

    As I posted earlier in this thread the normal way to setup load balancing and/or failover on multiple ethernet interfaces on the same subnet is to use the bonding driver. You will end up with one IP address for the bond interface and it will accept traffic from any of the bonded interfaces. Traffic out depends on how you set up bonding but it can be load balanced and/or failover.

    A product that I developed code for commercially I used just that setup with CentOS (open source Linux equivalent to RedHat). We allowed the operator to group as many interfaces as they desired into one logical (bonded) interface for the purposes of reliability and greater throughput. It works well.

    I haven’t done bonding with ZS but I do see a bond interface option under the network setup. You might want to give that a try.

    Edit: Some of the bonding options require both ends of the connection be configured appropriately. You may need a commercial grade switch to properly support all bonding modes. But simple failover and at least one load balance mode are, if I recall correctly, compatible with consumer grade Ethernet switches.

    Bonding will *not* work for what I am trying to do. I am talking about dealing with residential (cable) connections that go through a cable modem that could end up on the same subnet and use the same gateway. There is no way bonding will work in that situation as packets to/from say 1.1.1.30 always have to go out ETH00 and packets to/from 1.1.1.40 would always have to go out ETH01 for it to work (using my above examples).

    This would work if both interfaces could use each others IP (it didn’t matter which IP was assigned to which interface) but this would not be the case with broadband via a two cable modems. This is the same reason that bridging won’t work either (as far as I can tell).

    I don’t see any reason the netbalancers current implementation wouldn’t work if along with the gateway IP it also specified the interface instead of one or the other.

    #50175

    atheling
    Member

    So, each interface is directly connected to a cable modem and each cable modem is configured to NAT a routable IP address to the same subnet range even though they are totally separate. TCP sessions that start on one interface must remain on that interface even though they may seem to be on the same subnet.

    I think I now see your problem. You definitely need to have each interface specified as a different possible route for load balancing and failover.

    First question, can you change the LAN settings on one or the other of your cable modems? One of my two ISPs is a cable provider and they gave me a customer log in where I can change those settings on the modem. (I have a business class service and I don’t know if this is allowed on a residential account nor do I know if other cable providers allow this.)

    I’ll take a look at the back end scripts that set up the ip rules and see what it might take to have the back end support both device and address. Right now there are a number of places that deal with either a device or address. Those will have to be changed. However that is only part of the change needed, so I think Fulvio might have to take a look at the user interface end of things for this type of change.

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.