Multiple internet connections routing.

I have two internet connections for my network. How can I setup
routing
such that if one of the internet connections is down, the other one is
used. I'm using a proxy server (squid on RH 9.0) through which all the
users in my network connect, and it has a static route (route -n).

Nirnimesh.


Nirnimesh

Nirnimesh wrote:

> I have two internet connections for my network. How can I setup
> routing
> such that if one of the internet connections is down, the other
> one is used. I'm using a proxy server (squid on RH 9.0) through
> which all the users in my network connect, and it has a static
> route (route -n).
>
> Nirnimesh.

A lot depends on specifics of your network.

- If you don't want load balancing, but just fail-over, then you
could devise a small script that establishes the second connection
and changes routing table accordingly (assuming both connections
end up on the same gateway machine) whenever first one fails. You
could even find packages out there on sourceforge to streamline
this.

- If you connect through a multi-port modem, it probably does load
balancing and fail-over in firmware.

- If you connect through different service providers, you could run
BGP to route to shortest-path, thus achieving a certain degree of
load balancing in addition to fail-over.

- There should be load balancing features in 2.4/2.6 kernel but I
can't talk about the details off the top of my head (I had skimmed
but not used them). You might want to investigate the relevant
kernel config options.

- If you primarily serve to internet, you could serve DNS on both
connections, each advertising its own public address, and then
register their addresses as your primary and secondary DNS servers
at the registrar. So, if one of the connections is broken, visitors
won't get DNS reply and try secondary, which will advertise its own
(working) public address. This would only achieve fail-over though.
If you also want load balancing, then your primary DNS server
should serve roun-robin between its own public address and the
other one, and you should again devise a script to disable
round-robin serving should the other connection breaks, and restore
roun-robin operation when other connection is reestablished.

- There is also multi-line ppp option but I guess it's not
applicable since it requires both connections terminating on the
same ISP and running PPP-ML on both sides (your control over both
PPP (leased line) and the ISP).

Without having your specifics, these are just a few ways I could
imagine right away. Others can suggest brighter ideas.

--
Abdullah | aramazan@ |
Ramazanoglu | myrealbox |
________________| D O T cöm |

Abdullah Ramazanoglu <(E-Mail Removed)öm> wrote in message news:<40eb3fc0$0$23869$(E-Mail Removed)>.. .
> Nirnimesh wrote:
>
> > I have two internet connections for my network. How can I setup
> > routing
> > such that if one of the internet connections is down, the other
> > one is used. I'm using a proxy server (squid on RH 9.0) through
> > which all the users in my network connect, and it has a static
> > route (route -n).
> >
> > Nirnimesh.
>
> A lot depends on specifics of your network.
>

My network is something like this:
A proxy server (P) with two ISP's (ISP1, ISP2) connected on its two
interface cards. I have two Nameservers (NS1 & NS2), one on each of
the ISPs.
I want that:
Let's say ISP1 is the default ISP (coz it's faster). So the static
route on my system (givne by route -n) routes all packets through
ISP1. Now, when ISP1 fails, the routing should now start through ISP2
(both incoming and outgoing). When ISP1 is active again, it should
return back to it's default state (ISP1).


> - If you don't want load balancing, but just fail-over, then you
> could devise a small script that establishes the second connection
> and changes routing table accordingly (assuming both connections
> end up on the same gateway machine) whenever first one fails. You
> could even find packages out there on sourceforge to streamline
> this.

No, I don't need any load balancing. I'll use only one ISP at a time.

>
> - If you connect through a multi-port modem, it probably does load
> balancing and fail-over in firmware.
>
> - If you connect through different service providers, you could run
> BGP to route to shortest-path, thus achieving a certain degree of
> load balancing in addition to fail-over.
>
> - There should be load balancing features in 2.4/2.6 kernel but I
> can't talk about the details off the top of my head (I had skimmed
> but not used them). You might want to investigate the relevant
> kernel config options.
>
> - If you primarily serve to internet, you could serve DNS on both
> connections, each advertising its own public address, and then
> register their addresses as your primary and secondary DNS servers
> at the registrar. So, if one of the connections is broken, visitors
> won't get DNS reply and try secondary, which will advertise its own
> (working) public address. This would only achieve fail-over though.
> If you also want load balancing, then your primary DNS server
> should serve roun-robin between its own public address and the
> other one, and you should again devise a script to disable
> round-robin serving should the other connection breaks, and restore
> roun-robin operation when other connection is reestablished.
>

This makes sense. Can you tell me (maybe in steps) what exactly I need
to do to achieve the above? I have the two DNS's, one on each ISP. How
do I dynamically change my proxy's routing table?

> - There is also multi-line ppp option but I guess it's not
> applicable since it requires both connections terminating on the
> same ISP and running PPP-ML on both sides (your control over both
> PPP (leased line) and the ISP).
>
> Without having your specifics, these are just a few ways I could
> imagine right away. Others can suggest brighter ideas.

Thanks,
Nirnimesh.

Nirnimesh wrote:

> Abdullah Ramazanoglu <(E-Mail Removed)öm> wrote in message
> news:<40eb3fc0$0$23869$(E-Mail Removed)>.. .
>> Nirnimesh wrote:
>>
>> > I have two internet connections for my network. How can I setup
>> > routing
>> > such that if one of the internet connections is down, the other
>> > one is used. I'm using a proxy server (squid on RH 9.0) through
>> > which all the users in my network connect, and it has a static
>> > route (route -n).
>> >
>> > Nirnimesh.
>>
>> A lot depends on specifics of your network.
>>
>
> My network is something like this:
> A proxy server (P) with two ISP's (ISP1, ISP2) connected on its
> two interface cards. I have two Nameservers (NS1 & NS2), one on
> each of the ISPs.
> I want that:
> Let's say ISP1 is the default ISP (coz it's faster). So the static
> route on my system (givne by route -n) routes all packets through
> ISP1. Now, when ISP1 fails, the routing should now start through
> ISP2 (both incoming and outgoing). When ISP1 is active again, it
> should return back to it's default state (ISP1).
>
>
>> - If you don't want load balancing, but just fail-over, then you
>> could devise a small script that establishes the second
>> connection and changes routing table accordingly (assuming both
>> connections end up on the same gateway machine) whenever first
>> one fails. You could even find packages out there on sourceforge
>> to streamline this.
>
> No, I don't need any load balancing. I'll use only one ISP at a
> time.
>
>>
>> - If you connect through a multi-port modem, it probably does
>> load balancing and fail-over in firmware.
>>
>> - If you connect through different service providers, you could
>> run BGP to route to shortest-path, thus achieving a certain
>> degree of load balancing in addition to fail-over.
>>
>> - There should be load balancing features in 2.4/2.6 kernel but I
>> can't talk about the details off the top of my head (I had
>> skimmed but not used them). You might want to investigate the
>> relevant kernel config options.
>>
>> - If you primarily serve to internet, you could serve DNS on both
>> connections, each advertising its own public address, and then
>> register their addresses as your primary and secondary DNS
>> servers at the registrar. So, if one of the connections is
>> broken, visitors won't get DNS reply and try secondary, which
>> will advertise its own (working) public address. This would only
>> achieve fail-over though. If you also want load balancing, then
>> your primary DNS server should serve roun-robin between its own
>> public address and the other one, and you should again devise a
>> script to disable round-robin serving should the other connection
>> breaks, and restore roun-robin operation when other connection is
>> reestablished.
>>
>
> This makes sense. Can you tell me (maybe in steps) what exactly I
> need to do to achieve the above? I have the two DNS's, one on each
> ISP. How do I dynamically change my proxy's routing table?

But this has two consequences. Firstly you must run DNS server on
your site (I gather you are currently using DNS services of the
ISPs). Secondly, you must disable (or severely shorten) DNS caching
time for the addresses you serve, increasing your DNS traffic and
average access time of visitors (they would have to resolve your
domain name each time they access your site). Otherwise, when
connection-1 breaks and your DNS-2 server start wringing hands for
queries, hardly anybody will query it: they will use the cached
connection-1 address.

That said, you can run only one copy of DNS server (bind) and define
two "views" one for each interface, each serving different
addresses for the same domain name. See bind docs for this, and
also for disabling/shortening advertised caching time.
Since you don't want load balancing, and also want both incoming and
outgoing route to switch, this means you will need:
- No round-robin serving for bind. The two views will just serve
their relevant interface addresses,
- A connection surveillance mechanism, triggering a route switching
script,
- And the route switching script itself.

Switching script should be fairly simple as it won't interfere with
bind (otherwise, to enable/disable round-robin operation, it would
have to restart bind with alternative conf file). Incoming traffic
will reroute itself by definition, without your intervention. For
outgoing traffic, a couple of route commands would suffice. $1
being a parameter passed to "switchroute" script, and indicating
the alternative route,

route del default
route add default gw $1

Or to make it automagic, it could first check which default route is
currently up, and then switches to other one.

#!/bin/sh
ROUTE1=12.34.56.78
ROUTE2=87.65.43.21
GW=`route -n | grep 0.0.0.0 | expand | tr -s " " | cut -d " " -f 2`
if [ $GW = $ROUTE1 ] ; then
NEWGW=$ROUTE2
else
NEWGW=$ROUTE1
fi
route del default
route add default gw $NEWGW

This leaves us with the question of how to reliably and immediately
detect staus of connections. I remember having seen opensource
packages on this. You might want to search sourceforge a bit. They
basically work by periodically pinging other side of link. You can
also devise a solution for yourself. I imagine two ways, one with
cron, the other with daemon (so to speak :-).

With cron way I would have a script like below that is triggered
each minute:

#!/bin/sh
ROUTE1=12.34.56.78
ROUTE2=87.65.43.21
exec > /dev/null # Don't clutter logs
GW=`route -n | grep 0.0.0.0 | expand | tr -s " " | cut -d " " -f 2`
# Retry twice to prevent false alarm
ping -qc 1 $GW || ping -qc 1 $GW || ping -qc 1 $GW || {
if [ $GW = $ROUTE1 ] ; then
NEWGW=$ROUTE2
else
NEWGW=$ROUTE1
fi
route del default
route add default gw $NEWGW
}

Well, this rendered the "switchroute" superfluous.

Or, with daemon way, a script like below could be fired into
background:

#!/bin/sh
ROUTE1=12.34.56.78
ROUTE2=87.65.43.21
CHECK_INTERVAL=10
exec > /dev/null # Don't clutter logs
while true ; do
sleep $CHECK_INTERVAL
GW=`route -n |grep 0.0.0.0|expand| tr -s " " | cut -d " " -f 2`
# Retry twice to prevent false alarm
ping -qc 1 $GW || ping -qc 1 $GW || ping -qc 1 $GW || {
if [ $GW = $ROUTE1 ] ; then
NEWGW=$ROUTE2
else
NEWGW=$ROUTE1
fi
route del default
route add default gw $NEWGW
}
done

HTH
--
Abdullah | aramazan@ |
Ramazanoglu | myrealbox |
________________| D O T cöm |

Abdullah Ramazanoglu wrote:

> GW=`route -n | grep 0.0.0.0 | expand | tr -s " " | cut -d " " -f
> 2`

Oops, all the "grep 0.0.0.0" parts should be:

grep "^0\.0\.0\.0"

--
Abdullah | aramazan@ |
Ramazanoglu | myrealbox |
________________| D O T cöm |

On Thu, 08 Jul 2004 02:40:07 +0300
Abdullah Ramazanoglu <(E-Mail Removed)öm> wrote:

> Abdullah Ramazanoglu wrote:
>
> > GW=`route -n | grep 0.0.0.0 | expand | tr -s " " | cut -d " " -f
> > 2`
>
> Oops, all the "grep 0.0.0.0" parts should be:
>
> grep "^0\.0\.0\.0"

Or shorter:
GW=`route -n | awk '/^0\.0\.0\.0/ {print $2;}' -`

Greets
Chris