Filter IP to use two ISP and make it failsafe

Filter IP to use two ISP and make it failsafe

[Juan Araya Bravo]

Hi, this is my first message to the list and first of all i apologise
for my very bad English.

The thing is i have one machine with three NIC cards acting as a
gateway. One of the NIC (eth0) is connected to LAN and the others are
connected to two different ISP (eth1 = ISP A and eth2= ISP B).

I was looking for a rule that let me determine specifically which IP
can use the ISP A and let all the others to use the ISP B connection.

Also i need that when one of the connections fails all the traffic
will be directed by the one which works.

Please help me with a link or something i can read to learn how to do it.

Thanks in advance.

---
Saludos, Juan Araya Bravo.
juan.araya@gmail.com

Re: Filter IP to use two ISP and make it failsafe

[Optimum Wireless Services]

Hola Juan.

Buscan en google un script que alguien creo, no recuerdo el nombre de la
persona, que se llama gwping. Lo use por un tiempo y funciona pero, si
tienes usuarios que usan el msn messenger entonces tendras problemas. El
messenger se desconecta frecuentemente cuando usas ese script. Debes
optar por un load balancer.

English:

Search google for a script named gwping. I've used it in the past and it
works ok except that the msn messenger tend to disconnect frequently
when the script is used. I had to buy a load balancer in order to avoid
that.

On Sun, 2011-02-06 at 20:40 -0300, Juan Araya Bravo wrote:
> Hi, this is my first message to the list and first of all i apologise
> for my very bad English.
> 
> The thing is i have one machine with three NIC cards acting as a
> gateway. One of the NIC (eth0) is connected to LAN and the others are
> connected to two different ISP (eth1 = ISP A and eth2= ISP B).
> 
> I was looking for a rule that let me determine specifically which IP
> can use the ISP A and let all the others to use the ISP B connection.
> 
> Also i need that when one of the connections fails all the traffic
> will be directed by the one which works.
> 
> Please help me with a link or something i can read to learn how to do it.
> 
> Thanks in advance.
> 
> ---
> Saludos, Juan Araya Bravo.
> juan.araya@gmail.com
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Filter IP to use two ISP and make it failsafe

[Steven Kath]

----- "Juan Araya Bravo" <juan.araya@gmail.com> wrote:
> Hi, this is my first message to the list and first of all i apologise
> for my very bad English.
> 
> The thing is i have one machine with three NIC cards acting as a
> gateway. One of the NIC (eth0) is connected to LAN and the others are
> connected to two different ISP (eth1 = ISP A and eth2= ISP B).
> 
> I was looking for a rule that let me determine specifically which IP
> can use the ISP A and let all the others to use the ISP B connection.
> 
> Also i need that when one of the connections fails all the traffic
> will be directed by the one which works.
> 
> Please help me with a link or something i can read to learn how to do
> it.

What you're essentially describing is called Source Policy-Based 
Routing (PBR).

Here is a good place to start reading, 

http://lartc.org/howto/lartc.rpdb.html
http://lartc.org/howto/lartc.rpdb.multiple-links.html

Those pages will help you get the big picture, and the "ip rule" section 
of "man ip" can help fill in a lot of the details. 

The 'gwping' script mentioned elsewhere in this thread is a good example 
of how to continuously monitor the responsiveness of the two uplinks and 
stop routing traffic out a failed link.  That's where the fail-safe part 
comes in. However, that script seems to use stateless, per-packet 
load-balancing which is going to come with its own set of problems.  

When you understand both PBR and the gwping script, you can probably put
together a script using ping tests and failover like gwping with a true 
source PBR implementation.