Linux and Multiple Internet Uplinks: a New Tool

New submitter Alessandro Zarrilli writes: Linux has been able do multipath routing for a long time: it means being able to have routes with multiple gateways and to use them in a (weighted) round-robin fashion. But Linux is missing a tool to actively monitor the state of internet uplinks and change the routing accordingly. Without it, from a LAN perspective, it's like having a RAID-0: just one uplink goes down and all of your LAN-to-WAN traffic goes down too. Documentation and examples on the subject are lacking; existing solutions are few and deeply integrated in firewall/routing specific distributions. To address these issues, a new standalone tool was just released: Fault Tolerant Router. It also includes a complete (iptables + ip policy routing) configuration generator.

Strange

[ledow]

Strange.

I was using routing patches to Linux nearly 7 years ago to do this (admittedly it wasn't in the stock kernel, but the patches weren't huge)... you were able to specify multipath and multiple gateways and if one route went down, the others were prioritised and would take over, and also your upstream etc. were balanced properly and took account of failing routes automatically without any kind of daemon etc. running.

I ran a school off multiple ADSL and even 3G connections with it - the only manual maintenance I ever had to do was to put the ADSL modems onto a SMS-controlled relay (SMS came in on the same 3G stick!) because our ISP would often give us "dead" sessions if they'd had problems (where you'd get PPP and an IP and a remote gateway but couldn't do anything across them) and we were then able to manually reset if necessary. My bursar and I used the system for five years like that, only ever resetting it to enable VPN when all the upstream routes had got dead sessions, and that less than once or twice a year.

And, no, we didn't have to do much. It was a stock Slackware install with one set of patches to a (2.6?) kernel to enable the multipath routing etc. Pretty well advertised at the time, one plain page of simple patches (I remember porting them myself to a newer kernel version, just before the new diffs came out), I'll try and dig it up.

And "RAID-0 for upstream"? Bollocks. It "just worked" whatever interfaces were up (proven by it would even include the 3G PPP interface whenever it came up, and that only came up when we manually instructed it to connect as it cost money).

Not saying this isn't good software, but it's by far not the problem the summary purports it to be, not a first by any means, and certainly not "new".

Re:Strange

[ledow]

Think it was:

http://www.ssi.bg/~ja/

Seems to still be updated.

Re:Strange

[msauve]

Link aggregation works at layer 2 (e.g. Ethernet). Basically, make multiple cables between 2 devices look like a single one.

Multipath routing works at layer 3 (e.g. IP), you can send outbound packets to multiple routers for further forwarding. It works when there are "real" routes between the hosts (i.e. not behind NAT).

This is one step beyond that, since it also does connection tracking and will work with outbound port NAT, so you can have a private network connected to multiple ISPs.

Re:Strange

[hwk_br]

The site is now at http://ja.ssi.bg/ and it works very well, specially with dozens of users. The "nano.txt" file explains it all, with examples.

Ruby??

[Schlopper]

I do not want to install Ruby on my firewall/gateway along with all of its douchebaggy dependencies and gems/crystals/unicorns/whatever-the-fuck-they're-called. This is networking, not some hipster web 2.0 app.

Re:Ruby??

[John+Bokma]

Ruby is a scripting language like Perl or Python. Rails is the "hipster web 2.0 app", which is a library (framework) for Ruby.

Re:Ruby??

[Hulfs]

It's really a glorified bash script..and it doesn't actually require any ruby gems to run.

It's just pinging a configurable IP to test specific outbound connections and when an interface goes up or down it resets the routing table...nothing especially fancy.

Re:Ruby??

It's really a glorified bash script..and it doesn't actually require any ruby gems to run.

https://github.com/drsound/fault_tolerant_router/blob/master/fault_tolerant_router.gemspec

At this time it installs at least one gem, and it looks like it's for sending mail (notifications). And that gem might have dependencies of its own.

Given time, and enough feature creep, this project very wall may require more gems down the line.

OpenWRT with mwan3

[AlreadyStarted]

OpenWRT package mwan3 has similar functionality without the complication of multipath.

http://wiki.openwrt.org/doc/ho...

Not to lose my karma

[Yew2]

but as a network engineer, this snippet is painful to read. Inaccurate to say the very least.

Many other tools for multipath

[klapaucjusz]

There's a lot of multipath-related work being done right now, at the IETF, within OpenWRT, and independently.

We've been working on providing multiple routes automatically (disclaimer -- I'm a co-author). As to actually making use of the multiple routes, the solution that currently works best is MP-TCP, a set of kernel patches that allows TCP to use multiple routes simultaneously, with no modification to applications. Other solutions are SHIM6, which works below the transport layer, and Multipath Mosh, which works at the application layer.

I'm pretty confident we'll be able to have most of this stuff enabled by default in mainstream Linux distributions by the end of the year.

gwping

[ManiaX+Killerian]

There is a small shell script called gwping, which can be used to do the exactly same thing, easier and simpler. It's ~150 lines (with comments and everything) and takes 10-20 minutes to setup with the policy routing and everything, we don't need an overbloated runtime to do something so simple.