If you ever had machine with two lan cards that needs to have failover with for example each lan card connected to it`s own router with internet connection, then this article is for you.
While working in one company I had a request that two Cisco routers each needs to be connected to one lan card on the same machine and on the other side they are connected to one mobile operator using IPSec over GRE tunnel. I made the setup on Cisco routers and configure parameters for IPSec and GRE, but the problem starts when I want to access the machine from both sides. If you configure gateway in the normal way you will get only one router as default gateway and all the traffic form the machine will go through that gateway. But in this case you need the traffic that comes from router1 to send using router1 and from router2 to router2. This is done using policy routing. Following commands will configure routing table to route traffic to corresponding gateway:
ip rule add from 192.168.0.10 table uplink1 ip route add default via 192.168.0.1 dev eth0 table uplink1 ip rule add from 192.168.0.20 table uplink2 ip route add default via 192.168.0.2 dev eth1 table uplink2 ip route add default scope global nexthop via 192.168.0.2 dev eth1 weight 1 nexthop via 192.168.0.1 dev eth0 weight 1
First line defines policy that all traffic that comes from ip 192.168.0.10 (eth0) will use routing table uplink1, and second line adds default gateway 192.168.0.1 (router1) to table uplink1 using eth0. Same commands are for eth1 with corresponding IPs. Last line is important because we still don`t have default gateway in the main routing table. Using nexthop we can add several gateways and give them weight if we want to prioritize them or in this case give them the same weight tu use them equally. You can put this commands into /etc/rc.local if you want them to be executed everytime on start up.
In the end we forgot to edit /etc/iproute2/rt_tables and define tables. It should look something like this:
# # reserved values # 255 local 254 main 253 default 0 unspec # # local # 32767 uplink1 32766 uplink2 #1 inr.ruhep
You can use commands like ip rule show, ip route show table uplink1, ip route and route to debug.
Hi
I have 2 adsl broadband connections. Its like 5 pcs, connected to a switch and 2 routers connected to the same switch.
Both routers are connected to their own respective ISPs.
Is it possible to use both the internet connections from the pcs ? Like if one broadband is slow use the other one.
The pcs are running ubuntu.
You can use this routing to accomplish this, but using one machine as a router where each ADSL router is connected to one Ethernet card, and this router you can connect to the switch (basically you will need 3 eth cards).
Then all the other PCs can use that router as a gateway. For load balancing you will need to configure it a little bit more, I would use this configuration for servers that are accessed from two or more different links.
I would suggest you to try some Linux router distributions (Zentyal, DD-WRT, Zeroshell etc.) and check if they already have load balancing feature, it will be much easier.
You mean I have to setup like this
1 PC acts as router connected to both adsl routers.
Other pcs use this PC as the router ?
Is it not possible without using an additonal pc as a router ?
Yes. That is the right setup.
Now that I think of it little bit, you could setup every machine with the policy routing for multiple gateways. If you have 5 PCs and there will be no more on the network than you can do the setup like this also. But I would suggest to do it otherwise.
For example if you change something you will need to do it on every machine, instead in the above setup you have to do the configuration on one point only!
Yeah, I am fine with doing the settings on all machines.
May be its a bunch of commands put together in a bash script.
I dont have a spare pc to use an additional router.
And all pcs have only 1 nic (eth0).
So need to setup with these restrictions.
Adsl routers are 192.168.1.1 and 192.168.1.11
Even a simple thing like this will do, if 1 gateway goes down or becomes very slow, switch to the other one.
I think it will work, but for better failover you will need some monitoring tool that will switch preferred gateway to the other one, so that you don`t have attempts to the one that is down.
So finally, how to do it ? 😀
Sorry for late reply. I will have to try it, I don`t know the setup by heart. The tricky part is that this setup was meant for two Ethernet cards, not for one.
First part of the config is meant for routing traffic on different Ethernet cards and the last line is defining multiple gateways. I would try something in this direction, for exmaple:
ip route add default scope global nexthop via 192.168.1.1 dev eth0 weight 1 nexthop via 192.168.1.11 dev eth0 weight 1
If this works, you can play with weight factor of the gateway to favor one of them.