[root@gfwns ~]# ip r s t balance
default
nexthop via 192.168.50.1 dev eth0 weight 1
nexthop via 192.168.0.1 dev eth1 weight 1
I made several tests using dual link and came to the conclusion that: the multi link does not work properly when one of the links falls. All routes that link are still in the cache. And it stays for a long time there.
I compared to Sonicwall and Shopos UTM and it does not.
It could apply the patch to the kernel http://ja.ssi.bg/. This should solve.
Obs .: The patch was written by Julian Anastasov without these corrections is unworkable balancing.
Note: I’m still trying to apply this patch to Centos kernel.
Another thing: just let the Shorewall to control the routes will be complicated in the long run. Undo_LINK1_routing that usually causes problems.
And in countries like Brazil, where the links do not work well will be a big problem.
Do the following: connect to an internal network using this layout to an external server using RDP or ping 8.8.8.8 -t. Make a traceroute to make sure which link these tests are leaving. Once you are sure the link to be leaving, disconnect the modem that link. They will be unable to change the gateway, and even if you close the test and try again they still try to go through that gateway.
This is a routing design problem, commonly accomplished done by loadbalancing default route at the routing level (netlink). You add 2 default gateway with the same weight to provide outbound loadbalancing. Since current linux kernel routing suffer lake of dead gateway detection, you will need to apply Julian’s “dead gateway detection” patch.
We use the conntrack method to avoid patching the kernel. An established connection needs to be broken (i.e. stop the ping in your example), but it’s a matter of timeout in real life examples.
We already discussed this topic in this forum and came to the conclusion that route cache clearing is often unnecessary and sometimes harmful.
Moreover, http is a connection-less protocol that works well with NethServer multi wan setup.
If you use specific protocols that need custom configurations, I’ll gladly help in fine tuning the setup.
DGD is done by lsm, pinging remore hosts (decision taken here before we re implemented multi wan from scratch).