www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

Net Balancer feature in 3.6

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
francozamp



Joined: 13 Jul 2016
Posts: 4

PostPosted: Wed Jul 13, 2016 4:42 pm    Post subject: Net Balancer feature in 3.6 Reply with quote

Hi,
I recently installed and tested ZeroShell for Net Balancing to two WANs. It appears that, contrary to its initial implementation (probably up to ZS3.3) where consecutive TCP connections (also from the same host and to the same server) went through alternation of WANs - according to their wheights -, now in ZS3.6 the host is stick to a WAN.

The firewall rule I see is something like:

Routing table

Code:
root@zeroshell ~> ip route show
default
        nexthop via 10.1.1.1  dev ETH00 weight 50
        nexthop via 10.2.2.1  dev ETH01 weight 40
10.1.1.0/24 dev ETH00  proto kernel  scope link  src 10.1.1.10
10.2.2.0/24 dev ETH01  proto kernel  scope link  src 10.2.2.20
10.10.10.0/24 dev ETH02  proto kernel  scope link  src 10.10.10.1
192.168.137.0/24 dev ETH03  proto kernel  scope link  src 192.168.137.30
192.168.250.0/24 dev VPN99  proto kernel  scope link  src 192.168.250.254



iptables

Code:
root@zeroshell ~> iptables -L -nv -t mangle
[....]
Chain NB_CT_POST (2 references)
 pkts bytes target     prot opt in     out     source               destination
   87  6323 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            realm 0x66 MARK set 0x66
  108  7853 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            realm 0x65 MARK set 0x65
  483 37017 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0            CONNMARK save
[...]


I also checked the script /root/kerbynet.cgi/scripts/nb_setautomarking but without a particular understanding of its internal working.

After several testing, I confirmed that from the same client all connections went just throught the same WAN: this prevents to achieve the aggregate throughput on a single host/client e.g., using 2 TCP connections.

I understand there was a route persistence needed for stateful services (such as ecommerce carts or banking over HTTPS) for which different connections must come from the same IP, but having this now fixed is too limiting.

Maybe something like change WAN in alternation but according to the server? Like if I connect to google.com with WAN1, and my browser create 3-4 further TCP connections still to google.com they must go through the same WAN1, but if then on a new tab I go mns.com (or same address but different port), I must go through another WAN2.

What do you think about that? Did I get something wrong, or misconfigured? Thanks,

F.[/code]
Back to top
View user's profile Send private message
francozamp



Joined: 13 Jul 2016
Posts: 4

PostPosted: Thu Jul 14, 2016 9:42 am    Post subject: Re: Net Balancer feature in 3.6 Reply with quote

Hi,
after further testing, I realized balancing is working if either client IP and/or destination IP change.

It means that, if from the same client behind the LAN I access to the same server IP, I always traverse the same WAN. If from that very client I access to another server IP, the WAN alternates.

Different clients to the same server IP also alternates.

This shall fix the HTTPS/cookies problem, but I'd like to know if this algorithm can be customized and where the logic lays.

In fact, I'd like to specify rules based on bandwidth in use on the channel instead that only relative wheights (I'd like to use WAN2 only if capacity on WAN1 exceeds 80% of its limit that is specified in the QoS "Global Bandwidth" settings), and then also alternate WAN on the same client-server if necessary.

Thanks,

F.
Back to top
View user's profile Send private message
iulyb



Joined: 02 Jun 2016
Posts: 79

PostPosted: Thu Jul 14, 2016 4:23 pm    Post subject: Re: Net Balancer feature in 3.6 Reply with quote

francozamp wrote:

In fact, I'd like to specify rules based on bandwidth in use on the channel instead that only relative wheights (I'd like to use WAN2 only if capacity on WAN1 exceeds 80% of its limit that is specified in the QoS "Global Bandwidth" settings), and then also alternate WAN on the same client-server if necessary.


Basically this would require a new mode let's name it 'Overflow and fail-over'
I think the script you need to look at is nb_setnexthop.
You may need to change the script that once the bandwidth hit 80% then all new traffic will use next gateway. The next question you should answer is about logic used if you have 3 or more GW and how to deal after all GW are in overflow mode.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group