Need some help about static routing tables on two hosts.
Eliezer Croitoru
eliezer at ngtech.co.il
Thu Jul 26 03:05:11 CEST 2012
On 7/26/2012 1:54 AM, Ondrej Zajicek wrote:
> On Wed, Jul 25, 2012 at 11:46:10PM +0300, Eliezer Croitoru wrote:
>> i' kind of new in some of this stuff so i need basically directions.
>>
>> i am working on a lab for a real implementation.
>> the way things works now is like that:
>>
>> 10 proxies behind 2 LB that works based o linux route policies.
>> the policies are "from ip/mask use routing table 10" will take all
>> traffic from these sources through proxy 10 route that is store in linux
>> routing table 10 that contains "default via proxy_ip".
>>
>> there is a "master" server that gets live extended status of each proxy.
>> it can be up\down load = 80% etc...
>> and if a change of a route on the LB should be changed it is being
>> committed using a script over ssh almost manually.
> ..
>> so i want the master to monitor the proxy servers and in a case of
>> change in the network status of a proxy for any reason to let say down i
>> would change the routes in specific table and then send bird "configure
>> soft" to update the settings.
>>
>> so if there is a nice method of combining all bird capabilities and some
>> routing protocol for the process i will be very happy to hear about it.
>
> Hello
>
> That is interesting setup. If you want just to synchronize tables
> between master and LB, you could do that for one table on master and
> one table on LB by using e.g. BGP (see comment below), but it is
> problematic to synchronize several such tables. I guess that you could
> have several parallel BGP sessions, one for each table, but you would
> probably have to use different pair of IP addresses for each BGP
> session. Note that if 'master' crashes, BGP sessions would go down and
> default routes in LBs would disappear.
>
Thanks Ondrej for the notice.
i have seen before this effect while using BGP.
it's a known issue about BGP session.
since they are all connected to one segment\switch if something fails
it's bad for the whole setup.
i think i have heard that there are ways to hold the routing tables
after a disconnection for some amount of time.
if you have knowledge about this or other option i will be happy to hear
about it.
>> i have tried to use bgp in a local as between the master and the LB but
>> it seems that on the LB when he gets the static route it states the
>> route:
>> 0.0.0.0 .... unreachable.
>
> This is probably caused by 'gateway recursive' mode on BGP (default for IBGP).
> See 'gateway direct' option and then question 'IBGP does not work ...' in FAQ:
>
> https://git.nic.cz/redmine/projects/bird/wiki/FAQ
>
nice.
I must say that since bird has a very unique syntax for config(i do like
it though) it took me awhile to get some of it.
while reading this faq i got a bit confused on where i should put the
"gateway direct;".
it's obviates that some work on more examples in the wiki would make
it's much easier to understand the syntax.
also from a reason unknown i registered to the wiki but unable to
login\reset or whatever i want to do with my account.
the only thing is that i can get a email with a link that dosnt do
anything to my eyes.
> Another, completely different way how to implement this would be that
> 'master' would just announce which proxies are 'usable' (through one BGP
> session) and LBs would fill all tables from this information. That could
> be done using static recursive routes. For example for proxy 10.100.1.10
> we will use auxiliary pseudo-IP 10.100.2.10 and if 10.100.1.10 is
> usable, master will propagate pseudo-route:
>
> 10.100.2.10/32 via 10.100.1.10
>
> to LB. On LB, there will be static recusive route:
>
> route default recursive 10.100.2.10
>
> If master propagated that pseudo-route, this recursive route will appear as:
>
> route default via 10.100.1.10
>
> otherwise it will appear as
>
> route default unreachable
this is a great idea.
well the truth is that the scenario is the old setup which makes the
whole thing more complicated to coordinate couple systems together such
as filtering cache routing etc..
The LB is actually a routing server and the basic setup is
client-->gw\LNS-->LB-->proxy-->EDGE....
and back:
...EDGE-->LB-->proxy-->LNS\gw-->client
this setup is nice and works well but i actually can remove the LB and
to use the EDGE as a LB to the proxy server.
the edge is a very strong machine that can take all the stress of the
network doubles**** so if i can make the setup less one point of failure
this is a very nice way to do so.
>
> You could have such recursive route for each proxy so you will get a
> table with a set of default routes that are either corrrect or
> unreachable. Unfortunately being unreachable does not lower route
> priority, so you would have to use another table connected with pipe and
> in pipe filter you do something like 'if dest = RTD_UNREACHABLE then
> prio = 1'. this will move all unreachable routes to the bottom, so the
> reachable route with highest configured priority will be used. This have
> to be replicated for each table on LB (probably with different priority
> for each static routes so that different one will be used as best one),
> only the table with pseudo-routes received from master will be shared.
adding pipes and filters will be very simple and really not such a huge
thing for this small routing table.
>
> It is pretty complex and i don't know if it does what you really need,
> but it should work.
>
it's a bit complex but it seems like a pretty strait forward
since the current setup is based on a routing table per prefix.
in the current setup it can be very nasty.
I have tested using one table with weighted default routes something
like that:
ip route append default scope global nexthop via 192.168.10.200 dev eth1
weight 1 nexthop via 192.168.10.201 dev eth1 weight 1
my design compared to the current one should be more user friendly.
it uses iptables marking and then by the mark use specific routing table.
this way i can redirect only web traffic port 80\8080\8000.
all the other packets will flow straight from the edge to the Internet.
so removing the LB machine and use only the edge router to perform the
whole thing.
so specific table with:
route prefix multipath via proxy1 weight 100 via proxy2 weight proxy2.
should do the job.
Thanks,
Eliezer
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il
More information about the Bird-users
mailing list