Download - Multihomed Linux router
![Page 1: Multihomed Linux router](https://reader030.vdocuments.net/reader030/viewer/2022020207/55942a151a28abb45a8b4645/html5/thumbnails/1.jpg)
Company LOGO
www.getclouder.com
Run Two ISPs in Your Home (Multihomed Router)
Marian (HackMan) MarinovCEO of 1H Ltd.CTO of GetClouder Ltd.
![Page 2: Multihomed Linux router](https://reader030.vdocuments.net/reader030/viewer/2022020207/55942a151a28abb45a8b4645/html5/thumbnails/2.jpg)
www.getclouder.com
What is a multi-homed router?
Chapter 1
Multihoming
![Page 3: Multihomed Linux router](https://reader030.vdocuments.net/reader030/viewer/2022020207/55942a151a28abb45a8b4645/html5/thumbnails/3.jpg)
www.getclouder.com
Why multihoming?
• Failover
• More capacity
• Faster connections
• Cheaper connections
• Why not both?
Chapter 1
Multihoming
![Page 4: Multihomed Linux router](https://reader030.vdocuments.net/reader030/viewer/2022020207/55942a151a28abb45a8b4645/html5/thumbnails/4.jpg)
www.getclouder.com
Assumptions
• You already know how routing is done on the Internet
• You know what are the iptables tables• filter
• mangle
• nat
• You already know what NAT is and how it works
• Forwarding is enabled and allowed in the router
Chapter 1
Multihoming
![Page 5: Multihomed Linux router](https://reader030.vdocuments.net/reader030/viewer/2022020207/55942a151a28abb45a8b4645/html5/thumbnails/5.jpg)
www.getclouder.com
Usual setup
main routing table10.0.0.0/24 dev eth2 src 10.0.0.177.70.33.0/24 dev eth0 src 77.70.33.12default via 77.70.33.1 dev eth0
iptables -t nat -A POSTROUTING -j SNAT \ -s 10.0.0.0/24 -o eth0 --to 77.70.33.12
Chapter 2
Setup
![Page 6: Multihomed Linux router](https://reader030.vdocuments.net/reader030/viewer/2022020207/55942a151a28abb45a8b4645/html5/thumbnails/6.jpg)
www.getclouder.com
Multiple routing tables
ISP1: 10.0.0.0/24 dev eth2 src 10.0.0.1 77.70.33.0/24 dev eth0 src 77.70.33.12 default via 77.70.33.1 dev eth0ISP2: 10.0.0.0/24 dev eth2 src 10.0.0.1 83.12.21.0/24 dev eth1 src 83.15.21.65 default via 83.15.21.254 dev eth1
Chapter 2
Setup
![Page 7: Multihomed Linux router](https://reader030.vdocuments.net/reader030/viewer/2022020207/55942a151a28abb45a8b4645/html5/thumbnails/7.jpg)
www.getclouder.com
Multiple routing tables
Chapter 2
Setup
routing table
![Page 8: Multihomed Linux router](https://reader030.vdocuments.net/reader030/viewer/2022020207/55942a151a28abb45a8b4645/html5/thumbnails/8.jpg)
www.getclouder.com
Multiple routing tables
Chapter 2
Setup
routing table ISP1
routing table ISP2
![Page 9: Multihomed Linux router](https://reader030.vdocuments.net/reader030/viewer/2022020207/55942a151a28abb45a8b4645/html5/thumbnails/9.jpg)
www.getclouder.com
How to create iproute2 routing tables
Chapter 2
Setup
$ cat /etc/iproute2/rt_tables# reserved values255 local254 main253 default10 isp120 isp20 unspec
![Page 10: Multihomed Linux router](https://reader030.vdocuments.net/reader030/viewer/2022020207/55942a151a28abb45a8b4645/html5/thumbnails/10.jpg)
www.getclouder.com
How to add routes into the new routing tables
Chapter 2
Setup
ip r a 10.0.0.0/24 dev eth2 t isp1ip r a 10.0.0.0/24 dev eth2 t isp2
ip r a 77.70.33.0/24 dev eth0 t isp1ip r a 0/0 via 77.70.33.1 t isp1
ip r a 83.12.21.0/24 dev eth0 t isp2ip r a 0/0 via 83.15.21.254 t isp2
ip r a == ip route add t == table
![Page 11: Multihomed Linux router](https://reader030.vdocuments.net/reader030/viewer/2022020207/55942a151a28abb45a8b4645/html5/thumbnails/11.jpg)
www.getclouder.com
How to guide the traffic to enter these tables
Chapter 2
Setup
ip ru a from 77.70.33.12 t isp1 ip ru a from 83.15.21.65 t isp2
ip ru a == ip rule add t == table
![Page 12: Multihomed Linux router](https://reader030.vdocuments.net/reader030/viewer/2022020207/55942a151a28abb45a8b4645/html5/thumbnails/12.jpg)
www.getclouder.com
Separating the clients from the home network
Chapter 2
Separation
• Manually• based on source IP
• based on destination IP
• based on protocols
• Automatic• statistic (random,nth)
• recent
• time based
• Route based
![Page 13: Multihomed Linux router](https://reader030.vdocuments.net/reader030/viewer/2022020207/55942a151a28abb45a8b4645/html5/thumbnails/13.jpg)
www.getclouder.com
Manually separating clients
Chapter 2
Separation
• based on source IPip rule add from 10.0.0.x table isp1
• based on destination IPip rule add to 192.168.0.x table isp1
• based on protocolsiptables marking per protocol
![Page 14: Multihomed Linux router](https://reader030.vdocuments.net/reader030/viewer/2022020207/55942a151a28abb45a8b4645/html5/thumbnails/14.jpg)
www.getclouder.com
CONNMARK
Chapter 2
Separation
iptables -A POSTROUTING -t mangle -j CONNMARK --restore-markiptables -A POSTROUTING -t mangle -m mark ! --mark 0 -j ACCEPTiptables -A POSTROUTING -p tcp --dport 21 -t mangle -j MARK --set-mark 1iptables -A POSTROUTING -p tcp --dport 80 -t mangle -j MARK --set-mark 2iptables -A POSTROUTING -t mangle -j CONNMARK --save-mark
![Page 15: Multihomed Linux router](https://reader030.vdocuments.net/reader030/viewer/2022020207/55942a151a28abb45a8b4645/html5/thumbnails/15.jpg)
Automatically separate clients between uplinks
● Statistic
iptables -t mangle -A PREROUTING -j MARK --set-mark 2 -o dev_ips2 -m statistic --mode random --probability 0.2
iptables -t mangle -A PREROUTING -j MARK --set-mark 1 -o dev_ips1 -m statistic --mode nth --every 2 --packet 0
iptables -t mangle -A PREROUTING -j MARK --set-mark 2 -o dev_ips2 -m statistic --mode nth --every 2 --packet 1
![Page 16: Multihomed Linux router](https://reader030.vdocuments.net/reader030/viewer/2022020207/55942a151a28abb45a8b4645/html5/thumbnails/16.jpg)
Automatically separate clients between uplinks
● Statistic
-j MARK --set-mark 1 -o dev_ips1 -m statistic --mode nth --every 4 --packet 0
-j MARK --set-mark 1 -o dev_ips1 -m statistic --mode nth --every 4 --packet 1
-j MARK --set-mark 1 -o dev_ips1 -m statistic --mode nth --every 4 --packet 2
-j MARK --set-mark 2 -o dev_ips2 -m statistic --mode nth --every 4 --packet 3
![Page 17: Multihomed Linux router](https://reader030.vdocuments.net/reader030/viewer/2022020207/55942a151a28abb45a8b4645/html5/thumbnails/17.jpg)
Automatically separate clients between uplinks
● recent
-m recent --name ballanced --rcheck --seconds 300 -j MARK --set-mark 2
-m recent --name ballanced --set -j MARK --set-mark 1● time based
-m time --timestart 09:30 --timestop 17:30 --days Mon,Tue,Wed,Thu,Fri
![Page 18: Multihomed Linux router](https://reader030.vdocuments.net/reader030/viewer/2022020207/55942a151a28abb45a8b4645/html5/thumbnails/18.jpg)
Automatically separate clients between uplinks
● route based
ip route add default scope global \
nexthop via $gw_isp1 dev $dev_isp1 weight 1 \
nexthop via $gw_isp2 dev $dev_isp2 weight 1
![Page 19: Multihomed Linux router](https://reader030.vdocuments.net/reader030/viewer/2022020207/55942a151a28abb45a8b4645/html5/thumbnails/19.jpg)
www.getclouder.com
Source NAT - Set the outgoing IPs
iptables -t nat -A POSTROUTING \ -o $dev_isp1 -j SNAT --to $ip_isp1iptables -t nat -A POSTROUTING \ -o $dev_isp2 -j SNAT --to $ip_isp2
SNAT
Chapter 3
![Page 20: Multihomed Linux router](https://reader030.vdocuments.net/reader030/viewer/2022020207/55942a151a28abb45a8b4645/html5/thumbnails/20.jpg)
www.getclouder.com
Additional documentation
http://lartc.org/howto/lartc.rpdb.multiple-links.htmlLink Status Monitor http://lsm.foobar.fi/If you are interested... Julian Anastasov's patches: http://www.ssi.bg/~ja/#routes
Chapter 4
Conclusion
![Page 21: Multihomed Linux router](https://reader030.vdocuments.net/reader030/viewer/2022020207/55942a151a28abb45a8b4645/html5/thumbnails/21.jpg)
www.getclouder.com
Q & A
Marian (HackMan) Marinovmm <> 1h.com
Jabber: [email protected] HackMan #iseca #softuni
Chapter 5
Questions