Multiple ADSL load balancing in Linux

Multiple ADSL load balancing in Linux

Preface:

Many tools can be used to implement the functions bundled with ADSL, such as RouteOS, vyatta, and panabit. However, my company usually uses many Linux systems. I was inspired by RouteOS and verified whether Linux can be implemented. After searching for information on the Internet, it is found feasible. Today, we finally have time to write this thing. Speak less and enable it.

The topology is as follows:

1. Set the trunk for the network port in RouteOS, and allow multiple VLANs to access the Internet.

# Set RouteOS etsp2 to trunk and simulate multiple interfaces

Vlan 10-vlan 15 is used in the experiment.

# Configure the PPPoE server to simulate a carrier

 

 

 

 

# Configuring RouteOS for Internet access

Set address:

Set route

Set NAT

IP -- Firewall -- NAT -- +

At this point, RouteOS configuration is complete.

Ii. Configure dialing in Linux

# Set the network adapter for Linux and RouteOS to trunk. The 8021q module supports vlan tags.

[Root @ LB-2 ~] # Modprobe 8021q

# Add vlan tags for interfaces,

Command for adding vlan10: vconfig add eth1 10. for convenience, use the for loop below;

[Root @ LB-2 ~] # For I in {10 .. 15}; do vconfig add eth1 $ I; done

# Install the pppoe client. The required software package is rp-pppoe. Insert the disc.

[Root @ LB-2 ~] # Mount-o loop/dev/cdrom/mnt

[Root @ LB-2 ~] # Cd/etc/yum. repos. d/

[Root @ The LB-2 yum. repos. d] # rm-f *

[Root @ LB-2 yum. repos. d] # vi local. repo

[Localcd]

Name = local cd

Baseurl = file: // mnt/

Enabled = 1

 

[Root @ LB-2 yum. repos. d] # yum clean all

[Root @ LB-2 yum. repos. d] # yum install rp-pppoe-y -- nogpgcheck

Set Dialing:

[Root @ LB-2 ~] # Adsl-setup

[Root @ LB-2 ~] # Adsl-setup

Welcome to the ADSL client setup. First, I will run some checks on

Your system to make sure the PPPoE client is installed properly...

The following DSL config was found on your system:

# I have already configured it again. Here are several configuration items.

Device: Name:

Ppp0 DSLppp0

Ppp1 DSLppp1

Ppp2 DSLppp2

Ppp3 DSLppp3

Ppp4 DSLppp4

Ppp5 DSLppp5

Please enter the device if you want to configure the present DSL config

(Default ppp0) or enter 'n' if you want to create a new one: n

LOGIN NAME

Enter your Login Name: ppp6 # Login Name is the account assigned by China Unicom/China Telecom

INTERFACE

Enter the Ethernet interface connected to the ADSL modem

For Solaris, this is likely to be something like/dev/hme0.

For Linux, it will be ethX, where 'x' is a number.

(Default eth0): eth1.16

Do you want the link to come up on demand, or stay up continuously?

If you want it to come up on demand, enter the idle time in seconds

After which the link shoshould be dropped. If you want the link

Stay up permanently, enter 'no' (two letters, lower-case .)

NOTE: Demand-activated links do not interact well with dynamic IP

Addresses. You may have some problems with demand-activated links.

Enter the demand value (default no): no # dial as needed, no

DNS

Please enter the IP address of your ISP's primary DNS server.

If your ISP claims that 'the server will provide dynamic DNS address ',

Enter 'server' (all lower-case) here.

If you just press enter, I will assume you know what you are

Doing and not modify your DNS setup.

Enter the DNS information here: # Leave DNS Blank

PASSWORD

Please enter your Password: # account Password

Please re-enter your Password:

USERCTRL

Please enter 'yes' (three letters, lower-case.) if you want to allow

Normal user to start or stop DSL connection (default yes): no # whether normal users are allowed to start or stop, no

FIREWALLING

Please choose the firewall rules to use. Note that these rules are

Very basic. You are strongly encouraged to use a more sophisticated

Firewall setup; however, these will provide basic security. If you

Are running any servers on your machine, you must choose 'none' and

Set up firewalling yourself. Otherwise, the firewall rules will deny

Access to all standard servers like Web, e-mail, ftp, etc. If you

Are using SSH, the rules will block outgoing SSH connections which

Allocate a privileged source port.

The firewall choices are:

0-NONE: This script will not set any firewall rules. You are responsible

For ensuring the security of your machine. You are STRONGLY

Recommended to use some kind of firewall rules.

1-STANDALONE: Appropriate for a basic stand-alone web-surfing workstation

2-MASQUERADE: Appropriate for a machine acting as an Internet gateway

For a LAN

Choose a type of firewall (0-2): 0 # firewall settings, 0

Start this connection at boot time

Do you want to start this connection at boot time?

Please enter no or yes (default no): yes # Whether to enable dialing, yes

** Summary of what you entered **

Ethernet Interface: eth1.16

User name: ppp6

Activate-on-demand: No

DNS: Do not adjust

Firewalling: NONE

User Control: no

Accept these settings and adjust configuration files (y/n )? Y

Adjusting/etc/sysconfig/network-scripts/ifcfg-ppp6

Adjusting/etc/ppp/chap-secrets and/etc/ppp/pap-secrets

(But first backing it up to/etc/ppp/chap-secrets.bak)

(But first backing it up to/etc/ppp/pap-secrets.bak)

Congratulations, it shocould be all set up!

Type '/sbin/ifup ppp6' to bring up your xDSL link and '/sbin/ifdown ppp6'

To bring it down.

Type '/sbin/adsl-status/etc/sysconfig/network-scripts/TS'

To see the link status.

[Root @ LB-2 ~] # Cd/etc/sysconfig/network-scripts/

[Root @ LB-2 network-scripts] # vi ifcfg-ppp6

USERCTL = no

BOOTPROTO = dialup

NAME = DSLppp6

DEVICE = ppp6

TYPE = xDSL

ONBOOT = yes

PIDFILE =/var/run/pppoe-adsl.pid # note that this place should be changed, otherwise multiple ADSL pid will not start

PIDFILE =/var/run/pppoe-adsl6.pid

FIREWALL = NONE

PING =.

PPPOE_TIMEOUT = 80

LCP_FAILURE = 3

LCP_INTERVAL = 20

Clampm Ss = 1412

CONNECT_POLL = 6

CONNECT_TIMEOUT = 60

DEFROUTE = no # no default route to be issued,

SYNCHRONOUS = no

ETH = eth1.16

PROVIDER = DSLppp6

USER = ppp6

PEERDNS = no

DEMAND = no

~

Now you can dial

[Root @ LB-2 network-scripts] # ifup ppp6

If there is no accident, you can dial the number.

# Ifdown ppp0 disconnect dialing

# Ifup ppp0 dialing

Set up multiple dial-up connections.

According to the NTH mechanism (PS: What is NTH, please make up your brain), run the following command:

iptables-tmangle-APREROUTING-ieth0-mconntrack--ctstateNEW-mstatistic--modenth--every6--packet5-jCONNMARK--set-mark1iptables-tmangle-APREROUTING-ieth0-mconntrack--ctstateNEW-mstatistic--modenth--every6--packet4-jCONNMARK--set-mark2iptables-tmangle-APREROUTING-ieth0-mconntrack--ctstateNEW-mstatistic--modenth--every6--packet3-jCONNMARK--set-mark3iptables-tmangle-APREROUTING-ieth0-mconntrack--ctstateNEW-mstatistic--modenth--every6--packet2-jCONNMARK--set-mark4iptables-tmangle-APREROUTING-ieth0-mconntrack--ctstateNEW-mstatistic--modenth--every6--packet1-jCONNMARK--set-mark5iptables-tmangle-APREROUTING-ieth0-mconntrack--ctstateNEW-mstatistic--modenth--every6--packet0-jCONNMARK--set-mark6iptables-tmangle-APREROUTING-ieth0-mconnmark--mark1-jMARK--set-mark1iptables-tmangle-APREROUTING-ieth0-mconnmark--mark2-jMARK--set-mark2iptables-tmangle-APREROUTING-ieth0-mconnmark--mark3-jMARK--set-mark3iptables-tmangle-APREROUTING-ieth0-mconnmark--mark4-jMARK--set-mark4iptables-tmangle-APREROUTING-ieth0-mconnmark--mark5-jMARK--set-mark5iptables-tmangle-APREROUTING-ieth0-mconnmark--mark6-jMARK--set-mark6

 

You can understand this: this mechanism adds connection mark 1 to 1st new connections, 2 to the second new connection, and several write records;

Then add the firewall tag to the connection tag.

Then, the firewall is marked with a policy route. When it comes to a policy route, there is a route table.

[Root @ LB-2 ~] # Vi/etc/iproute2/rt_tables

#

# Reserved values

#

255 local

254 main

253 default

0 unspec

#

# Local

#

#1 inr. ruhu

10 v10

11. v11

12 v12

13 v13

14 v14

15 v15

After the route table is defined, there must be a route entry.

[Root @ LB-2 ~] # Ip route add default dev ppp0 table v10

[Root @ LB-2 ~] # Ip route add default dev ppp1 table v11

[Root @ LB-2 ~] # Ip route add default dev ppp2 table v12

[Root @ LB-2 ~] # Ip route add default dev ppp3 table v13

[Root @ LB-2 ~] # Ip route add default dev ppp4 table v14

[Root @ LB-2 ~] # Ip route add default dev ppp5 table v15

Quick Method: for I in {0 .. 5}; do ip route add default dev ppp $ I table v1 $ I; done

Set policy:

[Root @ LB-2 ~] # Ip rule add fwmark 1 table v10 pref 10000

[Root @ LB-2 ~] # Ip rule add fwmark 2 table v11 pref 10000

[Root @ LB-2 ~] # Ip rule add fwmark 3 table v12 pref 10000

[Root @ LB-2 ~] # Ip rule add fwmark 4 table v13 pref10000

[Root @ LB-2 ~] # Ip rule add fwmark 5 table v14 pref 10000

# Quick Method: for I in {0 .. 5}; do ip rule add fwmark $ (I + 1) table v1 $ I pref 10000; done

By the way, you can set a detection address to detect the disconnections at each exit. If one of them is disconnected, it is easier to send emails to Shenma.

# For I in {0 .. 5}; do ip addr add 1.1.1. $ I/32 dev lo; done

# Ip addr show | grep lo

# For I in {0 .. 5}; do ip rule add from 1.1.1. $ I table v1 $ I pref 10000; done

Set NAT to obtain a non-fixed IP address.

iptables-tnat-APOSTROUTING-oppp0-jMASQUERADEiptables-tnat-APOSTROUTING-oppp1-jMASQUERADEiptables-tnat-APOSTROUTING-oppp2-jMASQUERADEiptables-tnat-APOSTROUTING-oppp3-jMASQUERADEiptables-tnat-APOSTROUTING-oppp4-jMASQUERADEiptables-tnat-APOSTROUTING-oppp5-jMASQUERADE

At the beginning, I set-o to eth1.10 -- eth1.15. The nat policy does not take effect.

The test results are as follows:

[Root @ LB-2 ~] # Ping 202.97.0.1-I 1.1.1.0

[Root @ LB-2 ~] # Ping 202.97.0.1-I 1.1.1.1

[Root @ LB-2 ~] # Ping 202.97.0.1-I 1.1.1.2

[Root @ LB-2 ~] # Ping 202.97.0.1-I 1.1.1.3

[Root @ LB-2 ~] # Ping 202.97.0.1-I 1.1.1.4

[Root @ LB-2 ~] # Ping 202.97.0.1-I 1.1.1.5

Last two images:

1. Experiment: I used my computer to test thunder. Not ideal, because some connections are fast and some are slow, but the effect is good in the actual production environment.

2. In the production environment, the effect is quite good. Multiple Interfaces here use a fixed IP address, but use the same load balancing mechanism as above. This connection-based load balancing is much better than packet-based load balancing, there will be no online banking login. (Online banking prompts frequent IP changes)