multiple gateways

All posts tagged multiple gateways

If you ever had machine with two lan cards that needs to have failover with for example each lan card connected to it`s own router with internet connection, then this article is for you.

While working in one company I had a request that two Cisco routers each needs to be connected to one lan card on the same machine and on the other side they are connected to one mobile operator using IPSec over GRE tunnel. I made the setup on Cisco routers and configure parameters for IPSec and GRE, but the problem starts when I want to access the machine from both sides. If you configure gateway in the normal way you will get only one router as default gateway and all the traffic form the machine will go through that gateway. But in this case you need the traffic that comes from router1 to send using router1 and from router2 to router2. This is done using policy routing. Following commands will configure routing table to route traffic to corresponding gateway:

ip rule add from table uplink1
ip route add default via dev eth0 table uplink1

ip rule add from table uplink2
ip route add default via dev eth1 table uplink2

ip route add default scope global nexthop via dev eth1 weight 1 nexthop via dev eth0 weight 1

First line defines policy that all traffic that comes from ip (eth0) will use routing table uplink1, and second line adds default gateway (router1) to table uplink1 using eth0. Same commands are for eth1 with corresponding IPs. Last line is important because we still don`t have default gateway in the main routing table. Using nexthop we can add several gateways and give them weight if we want to prioritize them or in this case give them the same weight tu use them equally. You can put this commands into /etc/rc.local if you want them to be executed everytime on start up.

In the end we forgot to edit /etc/iproute2/rt_tables and define tables. It should look something like this:

# reserved values
255 local
254 main
253 default
0 unspec
# local
32767 uplink1
32766 uplink2
#1 inr.ruhep

You can use commands like ip rule show, ip route show table uplink1, ip route and route to debug.