Load balancer acts as second router

Greetings,
I posted this question before in slightly different terms but got no
replies.

I have a server with dual nics, one with an static internet IP through
the main ISP router and the other with a local IP. We will be
installing a load balancer which acts as a NAT router (and adding
additional servers). I want to preserve the internet access directly
to the individual node servers, so I am planning to configure the load
balancers to NAT on the local IP address.

My issue is the servers will have two routes to the internet -- one
with the internet IP and one NAT'ed through the load balancer. I
always thought this was against the rules, and required some sort of
static routing to prevent confusion.

Thanx

On Sat, 01 Sep 2007, in the Usenet newsgroup comp.os.linux.networking, in
article <(E-Mail Removed). com>,
(E-Mail Removed) wrote:

>I posted this question before in slightly different terms but got no
>replies.

Posting from groups.google.com (or some web-forums) dramatically reduces
the chance of your post being seen. You seem to be posting from comcast
IP space, and they do provide a news server - I'd strongly recommend
using that in preference to google.

>I have a server with dual nics, one with an static internet IP through
>the main ISP router and the other with a local IP. We will be
>installing a load balancer which acts as a NAT router (and adding
>additional servers). I want to preserve the internet access directly
>to the individual node servers, so I am planning to configure the load
>balancers to NAT on the local IP address.

That may get confusing, as the server would be accessible by two names
from the Internet (my.server.isp_a.com and my.server.isp_b.net or some
similar), and this is going to get interesting when trying to establish
a TCP connection (the three-way-handshake) when the client tries to
connect to my.server.isp_a.com (192.0.2.22) and gets a SYNACK from
my.server.isp_b.net (198.18.29.104). That ain't gonna work. (Remember,
we're talking TCP, not some wonky web protocol.)

>My issue is the servers will have two routes to the internet -- one
>with the internet IP and one NAT'ed through the load balancer. I
>always thought this was against the rules, and required some sort of
>static routing to prevent confusion.

It's not against the rules - it just may not work. You'll want to be
reading the Adv-Routing-HOWTO that should be on your system. If it's
not, you can find it using any search engine.

-rw-rw-r-- 1 gferg ldp 297491 Sep 4 2003 Adv-Routing-HOWTO

Old guy

Hello,

(E-Mail Removed) a écrit :
>
> I have a server with dual nics, one with an static internet IP through
> the main ISP router and the other with a local IP. We will be
> installing a load balancer which acts as a NAT router (and adding
> additional servers). I want to preserve the internet access directly
> to the individual node servers, so I am planning to configure the load
> balancers to NAT on the local IP address.

This is a good idea, it will make things simpler.

> My issue is the servers will have two routes to the internet -- one
> with the internet IP and one NAT'ed through the load balancer. I
> always thought this was against the rules, and required some sort of
> static routing to prevent confusion.

Linux allows multiple conflicting rules, i.e. routes with the same
destination range and metric but different interface and/or gateway. But
it will actually use only one, depending on the order of their
creation, and it won't do any kind of load balancing or failover with
such setup. Linux supports "multipath" routes, i.e. _one single_ route
with multiple interfaces and/or gateways, for load-balancing purpose.
But this is not what you need.

The most obvious solution is to use source address based routing : an
outgoing packet is routed according to its source address. Packets with
the local source address will go to the load balancer and packets with
the global source address will go to the main ISP router. You need the
'ip' tool from the iproute or iproute2 package, and a kernel with
advanced routing and multiple routing tables enabled.
Cf. "4.1. Simple source policy routing" chapter of Linux Advanced
Routing and Traffic Control (LARTC) HOWTO which is available at
<http://lartc.org/howto/lartc.rpdb.html> (among other places).

Thank you both -- searching for "dual nic load balancing" did not give
me the right terms. you both gave me the info I needed.

On Sep 3, 2:03 am, Pascal Hambourg <boite-a-s...@plouf.fr.eu.org>
wrote:
> Hello,
>
> christop...@dailycrossword.com a écrit :
>
>
>
> > I have a server with dual nics, one with an static internet IP through
> > the main ISP router and the other with a local IP. We will be
> > installing a load balancer which acts as a NAT router (and adding
> > additional servers). I want to preserve the internet access directly
> > to the individual node servers, so I am planning to configure the load
> > balancers to NAT on the local IP address.
>
> This is a good idea, it will make things simpler.
>
> > My issue is the servers will have two routes to the internet -- one
> > with the internet IP and one NAT'ed through the load balancer. I
> > always thought this was against the rules, and required some sort of
> > static routing to prevent confusion.
>
> Linux allows multiple conflicting rules, i.e. routes with the same
> destination range and metric but different interface and/or gateway. But
> it will actually use only one, depending on the order of their
> creation, and it won't do any kind of load balancing or failover with
> such setup. Linux supports "multipath" routes, i.e. _one single_ route
> with multiple interfaces and/or gateways, for load-balancing purpose.
> But this is not what you need.
>
> The most obvious solution is to use source address based routing : an
> outgoing packet is routed according to its source address. Packets with
> the local source address will go to the load balancer and packets with
> the global source address will go to the main ISP router. You need the
> 'ip' tool from the iproute or iproute2 package, and a kernel with
> advanced routing and multiple routing tables enabled.
> Cf. "4.1. Simple source policy routing" chapter of Linux Advanced
> Routing and Traffic Control (LARTC) HOWTO which is available at
> <http://lartc.org/howto/lartc.rpdb.html> (among other places).

(E-Mail Removed) a écrit :
> Thank you both -- searching for "dual nic load balancing" did not give
> me the right terms.

Your servers are not doing load balancing themselves. And it does not
matter that the second router is a load balancer.