|
Титла: Loadbalancing s rutirane na realni IP-ta Публикувано от: nikec в Jul 20, 2009, 16:37 От 3 седмици се опитвам да подкарам един loadbalancing - изчетах доста форуми гооглета и др. инфо но не мога да се справя.
Положението е следното: Влизат два интернета на отделни лан карти и още една лан карта разделена на два интерфейса за вътрешните реални IP-та и за останалите PC-ta с нереални IP-ta. И проблема е в това че няколко от вътрешните PC-ta са с рални IP-ta Когато пусна loadbalancing-а вътрешните реални IP-ta ту имат нет за няколко минути ту нямат.. и така се редува на интервали от по няколко минути... Останалите които не са с реални IP-ta си имат нет и доколкото виждам балансинга за тях си бачка. Конфигурацията е следната: ------------------------------------------------ ## Local dev --> za vytre6nite realni IP-ta eth0 IP - 217.79.82.209/29 ----------------------------------------------- ## Local dev --> za obiknovennite PC-ta eth0:1 IP - 192.168.1.1/24 ----------------------------------------------- ## Public dev 1 -> Telecoms eth1 IP - 217.79.86.230/30 GW - 217.79.86.229 ------------------------------------------------ ## Public dev 2 -> BTC eth2 IP - 192.168.4.2/24 GW - 192.168.4.1 ----------------------------------------------- Още инфо: # OS --> CentOS release 5.2 (Final) # kernel --> 2.6.18-92.el5 ############################################## Скрипта който ползвам е : #!/bin/bash #------------------------------ #------------------------------ ### REALNITE IP-ta: REAL_LAN_NET=10.10.10.0/24 #------------------------------ ### LOCALNITE IP-ta: LAN_IF=eth2 LAN_IP=10.10.20.1 LAN_NET=10.10.20.0/24 #------------------------------ ### MAIN INTERNET: TELECOMS INET1_IF=eth0 INET1_IP=3.3.3.77 INET1_NET=3.3.3.0/24 INET1_GW=3.3.3.2 #------------------------------ ### SECOND INTERNET: BTC INET2_IF=eth1 INET2_IP=192.168.10.109 INET2_NET=192.168.10.0/24 INET2_GW=192.168.10.1 #------------------------------ echo "1" > /proc/sys/net/ipv4/ip_forward /sbin/modprobe ip_conntrack_ftp /sbin/modprobe ip_nat_ftp /sbin/modprobe ip_conntrack_irc /sbin/modprobe ip_nat_irc IPTABLES=/sbin/iptables $IPTABLES -t filter -P INPUT ACCEPT $IPTABLES -t filter -P OUTPUT ACCEPT $IPTABLES -t filter -P FORWARD ACCEPT $IPTABLES -t nat -P PREROUTING ACCEPT $IPTABLES -t nat -P POSTROUTING ACCEPT $IPTABLES -t nat -P OUTPUT ACCEPT $IPTABLES -t mangle -P PREROUTING ACCEPT $IPTABLES -t mangle -P INPUT ACCEPT $IPTABLES -t mangle -P OUTPUT ACCEPT $IPTABLES -t mangle -P FORWARD ACCEPT $IPTABLES -t mangle -P POSTROUTING ACCEPT $IPTABLES -t nat -F $IPTABLES -t mangle -F $IPTABLES -t filter -F $IPTABLES -t filter -X keep_state $IPTABLES -t nat -X keep_state $IPTABLES -t filter -N keep_state $IPTABLES -t filter -A keep_state -m state --state RELATED,ESTABLISHED -j ACCEPT $IPTABLES -t filter -A keep_state -j RETURN $IPTABLES -t nat -N keep_state $IPTABLES -t nat -A keep_state -m state --state RELATED,ESTABLISHED -j ACCEPT $IPTABLES -t nat -A keep_state -j RETURN $IPTABLES -t nat -A PREROUTING -j keep_state $IPTABLES -t nat -A POSTROUTING -j keep_state $IPTABLES -t nat -A OUTPUT -j keep_state $IPTABLES -t filter -A INPUT -j keep_state $IPTABLES -t filter -A FORWARD -j keep_state $IPTABLES -t filter -A OUTPUT -j keep_state /sbin/ip rule del prio 50 table main /sbin/ip rule add prio 50 table main /sbin/ip route del default table main /sbin/ip rule del prio 201 from $INET1_NET table 201 /sbin/ip rule add prio 201 from $INET1_NET table 201 /sbin/ip route add default via $INET1_GW dev $INET1_IF \ src $INET1_IP proto static table 201 /sbin/ip route append prohibit default table 201 metric 1 proto static /sbin/ip rule del prio 202 from $INET2_NET table 202 /sbin/ip rule add prio 202 from $INET2_NET table 202 /sbin/ip route add default via $INET2_GW dev $INET2_IF \ src $INET2_IP proto static table 202 /sbin/ip route append prohibit default table 202 metric 1 proto static /sbin/ip rule del prio 222 table 222 /sbin/ip rule add prio 222 table 222 /sbin/ip route add default table 222 proto static \ nexthop via $INET1_GW dev $INET1_IF \ nexthop via $INET2_GW dev $INET2_IF $IPTABLES -t nat -A POSTROUTING -o $INET1_IF -s $LAN_NET -j SNAT --to-source $INET1_IP $IPTABLES -t nat -A POSTROUTING -o $INET2_IF -s $LAN_NET -j SNAT --to-source $INET2_IP $IPTABLES -t nat -A POSTROUTING -o $INET1_IF -s $REAL_LAN_NET -j SNAT --to-source $INET1_IP ############################################################### Не мога да разбера къде е проблема .. Благодаря на всеки който отдели от времето си за да помогне Титла: Re: Loadbalancing s rutirane na realni IP-ta Публикувано от: plamen_f в Jul 20, 2009, 17:51 Винаги когато тръгна да усложнявам нещата попадам в каша. Струва ми се, че и ти си в такава :)
Опита ми ме е научил да не откривам топлата вода - много преди мен е открита. На няколко пъти във форума става дума за проблеми като твоя. Моята препоръка - погледни http://www.pfsense.com/ ($2) - уверявам те работи леко и безупречно. Титла: Re: Loadbalancing s rutirane na realni IP-ta Публикувано от: nikec в Jul 20, 2009, 23:48 Винаги когато тръгна да усложнявам нещата попадам в каша. Струва ми се, че и ти си в такава :) Благодаря за предложението, но предпочитам да не сменям ОС. На този етап имам по-добро предложение от един познат, който предложи просто да добавя следните редове: ip route add 217.79.82.208/29 via 217.79.86.229 ip route add 217.79.82.208/29 via 217.79.86.229 table 201 ip route add 217.79.82.208/29 via 217.79.86.229 table 202 ip route add 217.79.82.208/29 via 217.79.86.229 table 222 В момента тествам как се държи така рутера -- предполагам до утре ще стане ясно и ще пиша какво се е случило. Титла: Re: Loadbalancing s rutirane na realni IP-ta Публикувано от: nihat в Aug 04, 2009, 17:04 Винаги когато тръгна да .................. За сега нямам резултат - тестовете продължават ...! Ако има някой който да е постигнал или знае как да постигне това което целя, моля да помогне. Титла: Re: Loadbalancing s rutirane na realni IP-ta Публикувано от: ntrance в Aug 04, 2009, 17:14 Ако бяхте погленали ... по добре с този форум съм побликувал скрипт за load balancing потърсете го
Причината няколко минути да имат и няколко минути да нямат , че дефакто се сменят gateway .. имам в предид единия не ти работи както трябва , понеже той ги сменя ... ако ползваш нет 1.1.1.1 след 2 минути може да ползваш 2222 .... виж скрипта който съм постнал сега неми се тарси пак ... а реалните ип лесна работа прекарай ги през нат с iptables ... Титла: Re: Loadbalancing s rutirane na realni IP-ta Публикувано от: ntrance в Aug 04, 2009, 17:20 Намерих го
root@dalkia-server:/etc/network# cat routing # Mandatory variables TABLE1=1 # The TABLE ID associated to your 1st ISP IF1=eth1 # The NIC name connected to your 1st ISP GW1=192.168.121.1 # 1st or Default Internet Service Provider Gateway (Router IP Address) TABLE2=2 # The TABLE ID associated to your 2th ISP IF2=eth0 # The NIC name connected to your 2th ISP GW2=192.168.0.169 # 2th Internet Server Provider Gateway (Router IP Address) #TABLE2=n # The TABLE ID associated to your n.. ISP # This line is an example # IF2=ethn # The NIC name connected to your n... ISP # This line is an example # GW2=192.168.nnn.nnn # n... Internet Provider Gateway # This line is an example izbalancing() { # Command Syntax: $1 "InterfaceName" "TableID" "IPDefaultGateway" # Add a Command line for any external internet connection $1 $IF1 $TABLE1 $GW1 $1 $IF2 $TABLE2 $GW2 #$1 $IFn $TABLEn $GWn # This line is an example if [ "$1" = "start" ] then # Misc $IP route del default $IP route add default equalize nexthop via $GW1 nexthop via $GW2 #$IP route add default equalize nexthop via $GW1 nexthop via $GW2 nexthop via $GWn # ...so on... ## NOTE!! # You must execute the following iptables rules if you want act as Load Balanced/MultiHomed GNU/Linux Firewall # > mangle table < $IPTABLES -t mangle -A PREROUTING -p ALL -j CONNMARK --restore-mark $IPTABLES -t mangle -A PREROUTING -p ALL -i $IF1 -m mark --mark 0 -j MARK --set-mark $TABLE1 $IPTABLES -t mangle -A PREROUTING -p ALL -i $IF2 -m mark --mark 0 -j MARK --set-mark $TABLE2 # $IPTABLES -t mangle -A PREROUTING -p ALL -i $IFn -m mark --mark 0 -j MARK --set-mark $TABLEn # This line is an example $IPTABLES -t mangle -A POSTROUTING -p ALL -o $IF1 -m state --state NEW -j MARK --set-mark $TABLE1 $IPTABLES -t mangle -A POSTROUTING -p ALL -o $IF2 -m state --state NEW -j MARK --set-mark $TABLE2 # $IPTABLES -t mangle -A POSTROUTING -p ALL -o $IFn -m state --state NEW -j MARK --set-mark $TABLEn # This line is an example $IPTABLES -t mangle -A POSTROUTING -p ALL -m state --state NEW -j CONNMARK --save-mark # > nat table < $IPTABLES -t nat -A POSTROUTING -p ALL -o $IF1 -m mark --mark $TABLE1 -j SNAT --to-source $(find_primary_ip $IF1) $IPTABLES -t nat -A POSTROUTING -p ALL -o $IF2 -m mark --mark $TABLE2 -j SNAT --to-source $(find_primary_ip $IF2) # $IPTABLES -t nat -A POSTROUTING -p ALL -o $IFn -m mark --mark $TABLEn -j SNAT --to-source $(find_primary_ip $IFn) # This line is an example fi } # Default commands path IP=ip IPTABLES=iptables ############################################################################################### ############################################################################################### ## CONFIGURATION IS OVER, DON'T EDIT ANYTHING BELLOW ## ############################################################################################### ############################################################################################### ### $1 = Ethernet Interface Name ### $2 = Table Number ### $3 = Default Gateway # Init default policies and variables init() { # Enable fast failover of broken gateways links (this isn't a real failover) echo "10" > /proc/sys/net/ipv4/route/gc_timeout # Make this machine a Routing Machine(tm) :-) echo "1" > /proc/sys/net/ipv4/ip_forward # Variables IF=$1 TABLE=$2 FWIP=$(find_primary_ip $IF) GWIP=$3 #echo "Init: IF=$IF TABLE=$TABLE FWIP=$FWIP GWIP=$GWIP IP=$IP" } ## STOP # Stop izbalancing stop() { init $1 $2 $3 route_stop rule_stop } # Reset routing tables route_stop() { # Flush whole routing table of current table if [ ! -z "$($IP route show table $TABLE)" ] then $IP route flush table $TABLE fi # Reset to default Single Gateway if [ ! -z "$GW1" ] then $IP route del default $IP route add default via $GW1 fi # If you don't want to reset the routing cache every time you run this ******, comment the following line $IP route flush cache } # Reset rule tables rule_stop() { # Flush whole rule table of current table (except for fwmark rules) $IP rule list | grep "lookup $TABLE" | grep -v "from all fwmark" | awk '{print $2" "$3" "$4" "$5" "$6" "$7}' $1 | while read RULE do $IP rule del $RULE done # Flush whole fwmark rule table of current table $IP rule list | grep "lookup $TABLE" | grep "from all fwmark" | awk '{print $4" "$5" "$6" "$7}' $1 | while read RULE do $IP rule del $RULE done } ## START # Start izbalancing Subsystem start() { #echo "1 Before init ($1 $2 $3)" init $1 $2 $3 #echo "2 Before stop ($1 $2 $3)" stop $1 $2 $3 #echo "3 Before route_start ($1 $2 $3)" route_start #echo "4 Before rule_start ($1 $2 $3)" rule_start } route_start() { # Import from table 'default' to 'current table' the whole routing settings $IP route show table main | grep -Ev ^default | grep -Ev nexthop | while read ROUTE; do $IP route add table $TABLE $ROUTE; done # Add the default interface gateway to the current table $IP route add table $TABLE default via $GWIP } # Add iproute2 rules in current table rule_start() { $IP rule add from $FWIP lookup $TABLE $IP rule add fwmark $TABLE lookup $TABLE for IP_ALIAS in $(find_secondary_ip $IF) do $IP rule add from $IP_ALIAS lookup $TABLE done } ######################################################### # Autodetect IP number of specified network interface find_primary_ip() { if [ ! -z $1 ] then echo $($IP addr show $1 | grep 'inet' | grep -v ":" | awk '{print $2}' | sed -e 's/\/.*//') fi } find_secondary_ip() { if [ ! -z $1 ] then echo $($IP addr show $1 | grep 'inet' | grep "$1:" | awk '{print $2}' | sed -e 's/\/.*//') fi } ############################################################################################### ## Valid ****** input from command line case $1 in stop) izbalancing stop ;; start) izbalancing start ;; restart) izbalancing start ;; *) echo "InitZero GNU/Linux Firewall/Router Incoming/Outgoing MultiHomed/LoadBalanced Subsystem" echo " < vsichko e nared>" echo "Version $VERSION" echo echo "Usage: $0 [OPTIONS]" echo echo "Available Options:" echo " start, Start the izbalancing subsystem" echo " stop, Stop the izbalancing subsystem" echo " restart, ReStart the izbalancing subsystem" echo echo " example: $0 start" exit 0 esac ## The End ###############################################################################################. root@dalkia-server:/etc/network# |