Net Balancer feature in 3.6

Home Page Forums Network Management ZeroShell Net Balancer feature in 3.6

This topic contains 1 reply, has 0 voices, and was last updated by  francozamp 2 years, 4 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #44602

    francozamp
    Member

    Hi,
    I recently installed and tested ZeroShell for Net Balancing to two WANs. It appears that, contrary to its initial implementation (probably up to ZS3.3) where consecutive TCP connections (also from the same host and to the same server) went through alternation of WANs – according to their wheights -, now in ZS3.6 the host is stick to a WAN.

    The firewall rule I see is something like:

    Routing table

    root@zeroshell ~> ip route show
    default
    nexthop via 10.1.1.1 dev ETH00 weight 50
    nexthop via 10.2.2.1 dev ETH01 weight 40
    10.1.1.0/24 dev ETH00 proto kernel scope link src 10.1.1.10
    10.2.2.0/24 dev ETH01 proto kernel scope link src 10.2.2.20
    10.10.10.0/24 dev ETH02 proto kernel scope link src 10.10.10.1
    192.168.137.0/24 dev ETH03 proto kernel scope link src 192.168.137.30
    192.168.250.0/24 dev VPN99 proto kernel scope link src 192.168.250.254

    iptables

    root@zeroshell ~> iptables -L -nv -t mangle
    [....]
    Chain NB_CT_POST (2 references)
    pkts bytes target prot opt in out source destination
    87 6323 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 realm 0x66 MARK set 0x66
    108 7853 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 realm 0x65 MARK set 0x65
    483 37017 CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK save
    [...]

    I also checked the script /root/kerbynet.cgi/scripts/nb_setautomarking but without a particular understanding of its internal working.

    After several testing, I confirmed that from the same client all connections went just throught the same WAN: this prevents to achieve the aggregate throughput on a single host/client e.g., using 2 TCP connections.

    I understand there was a route persistence needed for stateful services (such as ecommerce carts or banking over HTTPS) for which different connections must come from the same IP, but having this now fixed is too limiting.

    Maybe something like change WAN in alternation but according to the server? Like if I connect to google.com with WAN1, and my browser create 3-4 further TCP connections still to google.com they must go through the same WAN1, but if then on a new tab I go mns.com (or same address but different port), I must go through another WAN2.

    What do you think about that? Did I get something wrong, or misconfigured? Thanks,

    F.[/code]

    #54188

    francozamp
    Member

    Hi,
    after further testing, I realized balancing is working if either client IP and/or destination IP change.

    It means that, if from the same client behind the LAN I access to the same server IP, I always traverse the same WAN. If from that very client I access to another server IP, the WAN alternates.

    Different clients to the same server IP also alternates.

    This shall fix the HTTPS/cookies problem, but I’d like to know if this algorithm can be customized and where the logic lays.

    In fact, I’d like to specify rules based on bandwidth in use on the channel instead that only relative wheights (I’d like to use WAN2 only if capacity on WAN1 exceeds 80% of its limit that is specified in the QoS “Global Bandwidth” settings), and then also alternate WAN on the same client-server if necessary.

    Thanks,

    F.

    #54189

    iulyb
    Member

    @francozamp wrote:

    In fact, I’d like to specify rules based on bandwidth in use on the channel instead that only relative wheights (I’d like to use WAN2 only if capacity on WAN1 exceeds 80% of its limit that is specified in the QoS “Global Bandwidth” settings), and then also alternate WAN on the same client-server if necessary.

    Basically this would require a new mode let’s name it ‘Overflow and fail-over’
    I think the script you need to look at is nb_setnexthop.
    You may need to change the script that once the bandwidth hit 80% then all new traffic will use next gateway. The next question you should answer is about logic used if you have 3 or more GW and how to deal after all GW are in overflow mode.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.