Router - Linux upload bonding using policy routing: Difference between revisions

Back up to the Bonding Page
From AAISP Support Site
(Created page with "I'm using PPP on the Linux box - in my case via a Solos ADSL card, but this will also work using PPPoE. First, for convenience, name your extra routing tables by editing <tt>...")
 
(syntaxhighlight)
 
(7 intermediate revisions by 2 users not shown)
Line 1: Line 1:
<indicator name="Front">[[File:Menu-bonding.svg|link=:Category:Bonding|30px|Back up to the Bonding Page]]</indicator>

I'm using PPP on the Linux box - in my case via a Solos ADSL card, but this will also work using PPPoE.
I'm using PPP on the Linux box - in my case via a Solos ADSL card, but this will also work using PPPoE.


Line 8: Line 10:


Add a script in <tt>/etc/ppp/ip-up.d</tt> and in <tt>/etc/ppp/ipv6-up.d</tt> to put the routes in the per-interface tables:
Add a script in <tt>/etc/ppp/ip-up.d</tt> and in <tt>/etc/ppp/ipv6-up.d</tt> to put the routes in the per-interface tables:
<syntaxhighlight lang=bash>
<pre>
#!/bin/bash
#!/bin/bash
# ip-up.d/set-routes

ip route replace default dev ${PPP_IFACE} table ${PPP_IFACE}
</syntaxhighlight>

<syntaxhighlight lang=bash>
#!/bin/bash
# ipv6-up.d/set-routes


ip -6 route replace default dev ${PPP_IFACE} table ${PPP_IFACE}
ip -6 route replace default dev ${PPP_IFACE} table ${PPP_IFACE}
</syntaxhighlight>
</pre>

Add a script in <tt>/etc/ppp/ip-down.d</tt> and in <tt>/etc/ppp/ipv6-down.d</tt> to remove the per-interface routes when the PPP link goes down:
<syntaxhighlight lang=bash>
#!/bin/bash
# ip-down.d/remove-routes

ip route flush table ${PPP_IFACE}
</syntaxhighlight>

<syntaxhighlight lang=bash>
#!/bin/bash
# ipv6-down.d/remove-routes

ip -6 route flush table ${PPP_IFACE}
</syntaxhighlight>


Run the following script on boot:
Run the following script on boot:


<syntaxhighlight lang=bash>
<pre>
#!/bin/bash
#!/bin/bash


Line 32: Line 57:
ip rule add from all table ppp1 prio 50001
ip rule add from all table ppp1 prio 50001
ip -6 rule add from all table ppp1 prio 50001
ip -6 rule add from all table ppp1 prio 50001
</syntaxhighlight>
</pre>


This uses iproute2's ip command to set up policy routing rules; the first set give you a firewall mark per line. (rules at prio 40000 and 40001). The last block (rules at 50000 and 50001) ensure that even if you fail to set firewall marks for upstream line choice, your packets will still get out - it will just be non-optimal.
This uses iproute2's ip command to set up policy routing rules; the first set give you a firewall mark per line. (rules at prio 40000 and 40001). The last block (rules at 50000 and 50001) serves two purposes:
# It ensures that packets that are marked for routing via a dead line are passed onto the other line
# It provides a fallback if you forget to add firewall marks in PREROUTING for some packets.


Finally, apply firewall marks in PREROUTING to choose your load balancing policy. For example:
Finally, apply firewall marks in PREROUTING to choose your load balancing policy. For example, to simply load balances by alternating packets on each line:


<syntaxhighlight lang=bash>
<pre>
for IPT in iptables ip6tables
for IPT in iptables ip6tables
do
do
Line 44: Line 71:
$IPT -A PREROUTING ! -i ppp+ -m statistic --mode nth --every 2 --packet 1 -j MARK --set-mark 2
$IPT -A PREROUTING ! -i ppp+ -m statistic --mode nth --every 2 --packet 1 -j MARK --set-mark 2
done
done
</syntaxhighlight>
</pre>


[[Category:3rd Party Routers|Linux]]
simply load balances by alternating packets on each line.
[[Category:Bonding Configuration|Linux]]

Latest revision as of 22:52, 26 March 2022


I'm using PPP on the Linux box - in my case via a Solos ADSL card, but this will also work using PPPoE.

First, for convenience, name your extra routing tables by editing /etc/iproute2/rt_tables:

1       ppp0
2       ppp1

Add a script in /etc/ppp/ip-up.d and in /etc/ppp/ipv6-up.d to put the routes in the per-interface tables:

#!/bin/bash
# ip-up.d/set-routes

ip route replace default dev ${PPP_IFACE} table ${PPP_IFACE}
#!/bin/bash
# ipv6-up.d/set-routes

ip -6 route replace default dev ${PPP_IFACE} table ${PPP_IFACE}

Add a script in /etc/ppp/ip-down.d and in /etc/ppp/ipv6-down.d to remove the per-interface routes when the PPP link goes down:

#!/bin/bash
# ip-down.d/remove-routes

ip route flush table ${PPP_IFACE}
#!/bin/bash
# ipv6-down.d/remove-routes

ip -6 route flush table ${PPP_IFACE}

Run the following script on boot:

#!/bin/bash

# fwmark 1 is line 1
ip rule add fwmark 1 table ppp0 prio 40000
ip -6 rule add fwmark 1 table ppp0 prio 40000

# fwmark 2 is line 2
ip rule add fwmark 2 table ppp1 prio 40001
ip -6 rule add fwmark 2 table ppp1 prio 40001

# unmarked prefers line 1, then does line 2 if line 1 is not possible
ip rule add from all table ppp0 prio 50000
ip -6 rule add from all table ppp0 prio 50000
ip rule add from all table ppp1 prio 50001
ip -6 rule add from all table ppp1 prio 50001

This uses iproute2's ip command to set up policy routing rules; the first set give you a firewall mark per line. (rules at prio 40000 and 40001). The last block (rules at 50000 and 50001) serves two purposes:

  1. It ensures that packets that are marked for routing via a dead line are passed onto the other line
  2. It provides a fallback if you forget to add firewall marks in PREROUTING for some packets.

Finally, apply firewall marks in PREROUTING to choose your load balancing policy. For example, to simply load balances by alternating packets on each line:

for IPT in iptables ip6tables
do
    $IPT -A PREROUTING ! -i ppp+ -m statistic --mode nth --every 2 --packet 0 -j MARK --set-mark 1
    $IPT -A PREROUTING ! -i ppp+ -m statistic --mode nth --every 2 --packet 1 -j MARK --set-mark 2
done