Studies with dual link in Nethserver

Francenildo_Pereira · July 24, 2016, 7:48pm

Studies with dual link in Nethserver.

[root@gfwns ~]# ip r s t balance
default
nexthop via 192.168.50.1 dev eth0 weight 1
nexthop via 192.168.0.1 dev eth1 weight 1

I made several tests using dual link and came to the conclusion that: the multi link does not work properly when one of the links falls. All routes that link are still in the cache. And it stays for a long time there.

I compared to Sonicwall and Shopos UTM and it does not.

It could apply the patch to the kernel http://ja.ssi.bg/. This should solve.

Obs .: The patch was written by Julian Anastasov without these corrections is unworkable balancing.

Note: I’m still trying to apply this patch to Centos kernel.

Another thing: just let the Shorewall to control the routes will be complicated in the long run. Undo_LINK1_routing that usually causes problems.
And in countries like Brazil, where the links do not work well will be a big problem.

I hope people return, we will solve it.

I appreciate everyone’s attention.

Sincerely,

Francenildo.

jgjimenezs · July 24, 2016, 9:25pm

Hi @Francenildo_Pereira

which version of NethServer, you’re doing tests?

Regards

Francenildo_Pereira · July 24, 2016, 9:35pm

With Nethserver 6.8.

jgjimenezs · July 24, 2016, 9:56pm

@Francenildo_Pereira applying changes here, your test fails?

until now I have not had this kind of problem

this is another client:

Regards

Francenildo_Pereira · July 24, 2016, 10:26pm

Do the following: connect to an internal network using this layout to an external server using RDP or ping 8.8.8.8 -t. Make a traceroute to make sure which link these tests are leaving. Once you are sure the link to be leaving, disconnect the modem that link. They will be unable to change the gateway, and even if you close the test and try again they still try to go through that gateway.

Look:

http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.dynamic_routing.html

This is a routing design problem, commonly accomplished done by loadbalancing default route at the routing level (netlink). You add 2 default gateway with the same weight to provide outbound loadbalancing. Since current linux kernel routing suffer lake of dead gateway detection, you will need to apply Julian’s “dead gateway detection” patch.

jgjimenezs · July 24, 2016, 10:38pm

Several of my clients have servers and stations off tomorrow’ll do some tests.

Regards.

Francenildo_Pereira · July 24, 2016, 10:40pm

@jgjimenezs

thanks in advance for your cooperation.

jgjimenezs · July 24, 2016, 11:12pm

@Francenildo_Pereira For that we are.

Thank you for providing this information

Regards from Venezuela Brother

filippo_carletti · July 25, 2016, 11:09am

We use the conntrack method to avoid patching the kernel. An established connection needs to be broken (i.e. stop the ping in your example), but it’s a matter of timeout in real life examples.
We already discussed this topic in this forum and came to the conclusion that route cache clearing is often unnecessary and sometimes harmful.
Moreover, http is a connection-less protocol that works well with NethServer multi wan setup.
If you use specific protocols that need custom configurations, I’ll gladly help in fine tuning the setup.

DGD is done by lsm, pinging remore hosts (decision taken here before we re implemented multi wan from scratch).

jgjimenezs · July 27, 2016, 2:21pm

Hi @Francenildo_Pereira Friend currently conducting tests and works perfectly, changing the modem is off almost immediately

Regards

Francenildo_Pereira · July 27, 2016, 2:26pm

Thank @jgjimezs, I will do more testing here and speak to you.