lstein / net-isp-balance Goto Github PK
View Code? Open in Web Editor NEWSet of scripts to load-balance your Internet connection across two or more ISPs with auto failover
License: Artistic License 2.0
Set of scripts to load-balance your Internet connection across two or more ISPs with auto failover
License: Artistic License 2.0
When using a vpn and Net-ISP on balanced mode all traffic goes out a single interface. Tried removing the iptables entry that send packets to the same interface but they are added back automatically. Would be nice to have the option to remove this that way traffic going to the same host can be distributed over all interfaces. However I understand that this would only be plausible for situations where all traffic is going to a single endpoint such as a vpn/proxy
Hi, Great work!
In my configuration, I have two isp and one lan.
When second ISP fails then is back default getaway disappears in routing table
##syslog
Sep 7 17:01:34 worldway load_balance.pl[3543]: WAN2 (eth2) is now in state 'down'.
Sep 7 17:01:34 worldway load_balance.pl[3543]: ISP services currently marked up: WAN1
Sep 7 17:31:11 worldway load_balance.pl[3845]: WAN2 (eth2) is now in state 'long_down_to_up'.
Sep 7 17:31:11 worldway load_balance.pl[3845]: ISP services currently marked up: WAN1 WAN2
Sep 7 17:31:11 worldway load_balance.pl[3846]: WAN2 (eth2) is now in state 'up'.
Sep 7 17:31:11 worldway load_balance.pl[3846]: ISP services currently marked up: WAN1 WAN2
If I changed the weights on load balancing, when is then file re-read? when the connection changes?
First off, excellent software! I have Cable and DSL both routed through a Raspberry Pi3 with this setup. Took a little while to get the USB interfaces worked out correctly, but it is amazing how well it passes between interfaces (I had two kids on PS4s playing Fortnite, cable went down and seamlessly migrated to DSL without a hickup!). I have it set 5 to 1 Metrics favoring the faster 15MBit cable connection over the bonded 1MBit DSL and it seems to balance appropriately.
Ok so the problem is I'd like to bind certain requests to a single interface... specifically when I run CiscoVPN to run my corporate device remotely. It constantly logs me out whenever the underlying interface changes (making it impossible to work). So how might I route all traffic to a specific host (my corporate VPN) to DSL only for example, but let everything else balance over both interfaces?
Thanks again and keep up the good work!
Using ddclient on the host/router with Net-ISP-Balance, you can specify an interface in the configuration file to update DNS records. I use it for Cloudflare.
Maybe I can write a wiki article about this.
Hi,
i've got a warning message when building using Build.PL :
perl ./Build.PL
WARNING: the following files are missing in your kit:
META.json
META.yml
Please inform the author.
Created MYMETA.yml and MYMETA.json
Creating new 'Build' script for 'Net-ISP-Balance' version '1.18'``
Build essential and perl v5.20.2 are installed.
I'm working on a Raspberry PI with Raspbian Jessie if it can help.
it's only a warning and files are created but I was told to infomr the author :)
Hi, has anyone tried this website: http://www.bing.com/translator/?
When you use that website, you might have a error message in red:
We are experiencing some service problems. Refresh page or try again later
Other site that I have problems is: http://www.dailymotion.com/video/x24gmtq_l-arc-en-ciel-vivid-colors_music
The video loses the connection or it don't have the reply of the video getting the 403 error.
Have you the same problems with those sites?.
Lots of Linux distros are transitioning to nftables from iptables. It would be useful to include instructions supporting nftables.
These iptables rules that should have nftables counterparts:
# iptables -P FORWARD ACCEPT
# iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
Helo there! Thanks for this amazing tool.
I have Cable Internet (ISP1) and 3G modem (ISP2) routed through a Raspberry Pi3b with this setup.
When Cable Internet (ISP1) goes down, 3G modem (ISP2) gets active and it works well.
But when Cable Internet (ISP1) is back online, the active connection keeps using 3G modem (ISP2).
There is a setting to rapidly route internet back to ISP1 when its back online?
Thanks!
FYI: To get IP Forwarding to work on Arch Linux see:
https://wiki.archlinux.org/index.php/Internet_sharing#Enable_packet_forwarding
Specifically you need to add the following:
IPForward=kernel
Now Net-ISP-Balance is not compatible with Network Manager.
Thus, it cannot be used on many operating systems where the network infrastructure works through NetworkManager
Hello. How is Net-ISP-Balance support for IPv6, including global prefix delegation?
Currently I have a Cisco RV340 load balancing 2 ISPs.
One modem I set as bridge and another I left in router mode. The bridged WAN is able to receive and pass global prefix using DHCP-PD to VLAN, whose DHCP server distributes. The other ISP (in route mode)'s WAN has DHCP-PD set, but VLAN's DHCP server says it's unaccessible.
Load balancing works nicely for IPv4 and even speedtest reports combined download speed. But for IPv6 my LAN devices receive only addresses from bridged ISP's global prefix and only use its bandwidth.
RV340 also seems to not support setting ULA together with DHCP-PD, as I've seen ppl using in other routers. This makes me unable to set fixed IPv6 addresses on LAN, as everytime ISP changes its global prefix I get all devices addresses changed too.
To sum things up, I use Pi-hole for local domains attribution, DNS server and DHCP server. I'm unable to make dnsmasq grab global prefix delegation from RV340 so it can distribute addresses for devices.
I'm then considering removing RV340 and setting up a Ubuntu or IPFire gateway, which would load balance both ISPs and handle DNS, DHCPv4 and DHCPv6 all together.
If anybody has done something like that or trying to, feel free to contact me and share configs and tools.
Hello @lstein,
I am trying to configure two wlan connections and run load_balance.pl
but failed. Below is my configuration:
eth0 Link encap:Ethernet HWaddr 4c:72:b9:31:f5:b3
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:20 Memory:fe200000-fe220000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:14654 errors:0 dropped:0 overruns:0 frame:0
TX packets:14654 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1873976 (1.8 MB) TX bytes:1873976 (1.8 MB)
wlan0 Link encap:Ethernet HWaddr 64:70:02:3b:90:43
inet addr:192.168.43.37 Bcast:192.168.43.255 Mask:255.255.255.0
inet6 addr: fe80::6670:2ff:fe3b:9043/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:185939 errors:0 dropped:0 overruns:0 frame:0
TX packets:131723 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:214728765 (214.7 MB) TX bytes:16991765 (16.9 MB)
wlan1 Link encap:Ethernet HWaddr c8:3a:35:ca:31:ad
inet addr:192.168.1.4 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::ca3a:35ff:feca:31ad/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:136 errors:0 dropped:0 overruns:0 frame:0
TX packets:177 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:14938 (14.9 KB) TX bytes:23897 (23.8 KB)
## Net::ISP::Balance configuration file
## edit it as needed to describe your router setup
## This table defines the LAN and IP services.
## Uncomment by removing hash symbols (#) and then edit as needed
## service device role ping-ip weight
#CABLE eth0 isp 173.194.43.95 1
#DSL ppp0 isp 173.194.43.95 1
#LAN1 eth1 lan
#LAN2 eth2 lan
WLAN0 wlan0 isp 216.58.196.14 2
WLAN1 wlan1 isp 216.58.196.14 1
## These options are passed to lsm, among others.
## the defaults are shown. To change them, uncomment
## and edit.
#warn_email=root@localhost
#interval_ms=1000
#max_packet_loss=15
#max_successive_pkts_lost=7
#min_packet_loss=5
#min_successive_pkts_rcvd=10
#long_down_time=120
# :isp = all ISPs
# :lan = all LANs
# default routing_group = :lan :isp
#forwarding_group=LAN1 :isp
#forwrding_group=LAN2 :isp
## Including rules from /etc/network/balance/pre-run/pre-run-script.pl ##
## Finished /etc/network/balance/pre-run/pre-run-script.pl ##
echo 0 > /proc/sys/net/ipv4/ip_forward
ip route flush all
ip rule flush
ip rule add from all lookup main pref 32766
ip rule add from all lookup default pref 32767
ip route flush table 1
ip route flush table 2
ip route add 192.168.43.0/24 dev wlan0 src 192.168.43.37
ip route add 192.168.1.0/24 dev wlan1 src 192.168.1.4
ip route add default scope global nexthop via 192.168.43.1 dev wlan0 weight 2 nexthop via 192.168.43.1 dev wlan1 weight 1
ip route add table 1 default dev wlan0 via 192.168.43.1
ip route add table 1 192.168.43.0/24 dev wlan0 src 192.168.43.37
ip route add table 1 192.168.1.0/24 dev wlan1 src 192.168.1.4
ip rule add from 192.168.43.37 table 1
ip rule add fwmark 1 table 1
ip route add table 2 default dev wlan1 via 192.168.43.1
ip route add table 2 192.168.43.0/24 dev wlan0 src 192.168.43.37
ip route add table 2 192.168.1.0/24 dev wlan1 src 192.168.1.4
ip rule add from 192.168.1.4 table 2
ip rule add fwmark 2 table 2
## Including rules from /etc/network/balance/routes/01.local_routes ##
# enter any routing commands you might want to go in
# for example:
# ip route add 192.168.100.1 dev eth0 src 198.162.1.14
## Finished /etc/network/balance/routes/01.local_routes ##
## Including rules from /etc/network/balance/routes/02.local_routes.pl ##
## Finished /etc/network/balance/routes/02.local_routes.pl ##
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -N REJECTPERM
iptables -A REJECTPERM -j LOG -m limit --limit 1/minute --log-level 4 --log-prefix "REJECTED: "
iptables -A REJECTPERM -j REJECT --reject-with icmp-net-unreachable
iptables -N DROPGEN
iptables -A DROPGEN -j LOG -m limit --limit 1/minute --log-level 4 --log-prefix "GENERAL: "
iptables -A DROPGEN -j DROP
iptables -N DROPINVAL
iptables -A DROPINVAL -j LOG -m limit --limit 1/minute --log-level 4 --log-prefix "INVALID: "
iptables -A DROPINVAL -j DROP
iptables -N DROPPERM
iptables -A DROPPERM -j LOG -m limit --limit 1/minute --log-level 4 --log-prefix "ACCESS-DENIED: "
iptables -A DROPPERM -j DROP
iptables -N DROPSPOOF
iptables -A DROPSPOOF -j LOG -m limit --limit 1/minute --log-level 4 --log-prefix "DROP-SPOOF: "
iptables -A DROPSPOOF -j DROP
iptables -N DROPFLOOD
iptables -A DROPFLOOD -m limit --limit 1/minute -j LOG --log-level 4 --log-prefix "DROP-FLOOD: "
iptables -A DROPFLOOD -j DROP
iptables -N DEBUG
iptables -A DEBUG -j LOG --log-level 3 --log-prefix "DEBUG: "
iptables -t mangle -N MARK-WLAN0
iptables -t mangle -A MARK-WLAN0 -j MARK --set-mark 1
iptables -t mangle -A MARK-WLAN0 -j CONNMARK --save-mark
iptables -t mangle -N MARK-WLAN1
iptables -t mangle -A MARK-WLAN1 -j MARK --set-mark 2
iptables -t mangle -A MARK-WLAN1 -j CONNMARK --save-mark
iptables -t mangle -A PREROUTING -i wlan0 -s 192.168.43.0/24 -m conntrack --ctstate NEW -j MARK-WLAN0
iptables -t mangle -A PREROUTING -i wlan0 -s 192.168.43.0/24 -m conntrack --ctstate ESTABLISHED,RELATED -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -i wlan1 -s 192.168.1.0/24 -m conntrack --ctstate NEW -j MARK-WLAN1
iptables -t mangle -A PREROUTING -i wlan1 -s 192.168.1.0/24 -m conntrack --ctstate ESTABLISHED,RELATED -j CONNMARK --restore-mark
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -d 127.0.0.0/8 -j DROPPERM
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --tcp-flags SYN,ACK ACK -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK ACK -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j DROPFLOOD
iptables -A OUTPUT -o wlan0 -j ACCEPT
iptables -A OUTPUT -o wlan1 -j ACCEPT
iptables -A OUTPUT -j DROPSPOOF
## Including rules from /etc/network/balance/firewall/01.accept ##
## This file contains iptables statements that add additional firewall rules
# allow incoming domain packets -- needed for DNS resolution
iptables -A INPUT -p udp --source-port domain -j ACCEPT
# allow incoming NTP packets -- needed for net time protocol
iptables -A INPUT -p udp --source-port ntp -j ACCEPT
## Finished /etc/network/balance/firewall/01.accept ##
## Including rules from /etc/network/balance/firewall/01.accept.pl ##
## Finished /etc/network/balance/firewall/01.accept.pl ##
## Including rules from /etc/network/balance/firewall/02.forward.pl ##
## Finished /etc/network/balance/firewall/02.forward.pl ##
echo 1 > /proc/sys/net/ipv4/ip_forward
## Including rules from /etc/network/balance/post-run/post-run-script.pl ##
## Finished /etc/network/balance/post-run/post-run-script.pl ##
Is there anything missing in the configuration?
Hi,
First of all, great software... Its really boring task to setup ISP balancing and your NET-ISP-Balance make it damm easy
When re-running load_balance.pl the MARK chain is not being cleaned, and consequently being duplicated:
load_balance.pl -d > commands.sh
# add set -x to commands.sh
+ iptables -t mangle -N MARK-ISP1
iptables: Chain already exists.
+ iptables -t mangle -A MARK-ISP1 -j MARK --set-mark 2
+ iptables -t mangle -A MARK-ISP1 -j CONNMARK --save-mark
+ iptables -t mangle -N MARK-ISP2
iptables: Chain already exists.
And when running:
# iptables -t mangle -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
MARK-ISP2 all -- anywhere anywhere ctstate NEW statistic mode random probability 1.00000000000
MARK-ISP1 all -- anywhere anywhere ctstate NEW statistic mode random probability 0.50000000000
CONNMARK all -- anywhere anywhere ctstate RELATED,ESTABLISHED CONNMARK restore
MARK-ISP1 all -- anywhere anywhere ctstate NEW
CONNMARK all -- anywhere anywhere ctstate RELATED,ESTABLISHED CONNMARK restore
MARK-ISP2 all -- anywhere anywhere ctstate NEW
CONNMARK all -- anywhere anywhere ctstate RELATED,ESTABLISHED CONNMARK restore
Sorry not send a PR, but my Perl skill is zero :)
Thank you
Hoi!
I am setting up my dual-isp router, but still using only one of the internet connections while doing that.
For some reasons the --debug is not working. It acts like a verbose, meaning all the rules and routes are getting dumped to stdout, but they are still executed and the lsm is started.
While this is only a minor bug, it is still tremendously annoying, since I have to take down everything by hand and start my normal internet again.
blue skies
Jan
Hi,
I'm trying to run the load_balance.pl script after following the online guide. However, when I run "su -c load_balance.pl", I get the following error: "Couldn't open /var/lib/lsm/DSL.state mode >: no such file or directory at /usr/local/bin/load_balance.pl line 284.".
Any ideas?
Really excited to try this out with client setups!
I have a situation where it would be nice to have load balancing, but for one of the ISPs I'd like to just have failover for it in case all others are down, because it's charged differently and it's expensive.
Can I do that with Net-ISP-Balance?
Also, thanks for the project!
Hi guys!
I installed this soft in my debian distro but i don't know how uninstall this...
Please, help me because i use my PC for work.
Thanks in advance!
Regards
Is there a way to support dual PPPoE connections with this system? I've got it working using two VDSL modem/routers but then I'm doing dual NAT which isn't ideal!
I've got both individual PPPoE connections working with modems (both on separate interfaces) but as PPPoE doesn't have a default gateway as such I think something isn't setting the routes up for the ping check.
I've tried manually using 8.8.8.8
as one ping check, the other PPPoE connection using 8.8.4.4
and adding multiple routes for this like:
ip route add 8.8.8.8 dev ppp0
ip route add 8.8.4.4 dev ppp1
This means that a ping -I ppp0 8.8.8.8
works, as does a ping -I ppp1 8.8.4.4
works - and I see LSM thinking the connection is up briefly, but then I get a mail to root
that it's gone down and it appears to remove my custom route overrides for this.
For now I'll go back to dual-NATting but it would be awesome if I can get this working with PPPoE instead!
Primarily using the brilliantly written program for failover between my primary wan and my backup.
Every time the primary wan goes down from loss of connectivity, which occurs fairly often due to geolocation, I receive the error that "The connection has been reset by the peer." Which is occurring often enough where it has become a real irritant. My previous router setup did not possess this problem, which was OPNsense. In order to mitigate this error from becoming to large of a problem, I have adjusted the setting to net.ipv4.tcp_keepalive_time
, but this has had little effect on the issue.
Anyone know of some way to tweak some settings to prevent this from happening?
Hi,
Is it possible to install a openvpn client on the router so that all traffic going-out-of/coming-to the LAN be sent through that client tunnel. If possible how could it be configured
Thanks
Sometime between July 26, 2021 and now (Oct 24, 2021), foolsm fails to start regardless of how it is executed, AND no debug information is generated to further understand and hint towards the issue. It simply dumps the help information and exits. To personify the new behavior, it acts like it wants to make life difficult. I suspect there is something either corrupting the foolsm flags when load_balance.pl executes the command, OR There is something buggy in my configuration file.
I checked the configuration file, and it seems to be good. For some reason the copy/paste functionality is not working. But, I was able to upload it: https://0x0.st/-dxH.conf
Version: CURRENT Master
OS: Debian Sid
Shell: Bash
Anything else needed, just let me know.
Proposal
We've designed a more complex perl framework for firewall rules. I've seen the custom scripts that you can add in Net::ISP::Balance. Yet, I've not noticed if we can connect a custom external script/tool instead of rules.
Proposal: adding hook.d/ folder in which you can
BTW - I really like the net isp balance. Congrats, cheers and thanks to all contributors!
Hello,
I have an issue with the balanced mode. I read in the balance. conf file that when we are in balanced mode and a link is down the other will still be able to forward the packets. But when I tried to simulate this, I can't ping anything anymore. I also reused load_balance. pl and the ping was going through again for a short period of time.
If you need further explanations about my configuration or the network we deployed I'm available.
Thanks in advance
Hi!
Impressive project! I've been trying to accomplish something similar with just iptabels and its not easy!
I have a bit of a special case that I'm trying to achieve and would love your input.
Basically I have just the one ISP connection reachable via my Pfsense router, but multiple OpenVPN connection i´d like to load balance over. I also need to run NAT/MASQUERADE on the IPs I receive on the OpenVPN interfaces. I know you have provisions for running multiple OpenVPN over multiple ISP connections but my first and admittedly sloppy testing couldn't get it up and running. I get:
load_balance.pl
No ISP services seem to be up. Restoring routing tables and firewall.
RTNETLINK answers: File exists
RTNETLINK answers: File exists
......
RTNETLINK answers: File exists
RTNETLINK answers: Network is unreachable
Starting lsm link status monitoring daemon
I can give the server (VM) running Net-ISP-Balance multiple virtual interfaces if needed but preferably they all need to be on the same subnet (my LAN).
As the subject says. All other parts of the installation seem to work -- but I saw this: (Every 5 minutes)
/var/log/messages:Mar 9 08:48:29 xxxxxxxxxxx foolsm[16215]: plugin_export.c: plugin_export_munin: failed to open file /var/lib/foolsm/config.rtt for write
With a bit of exploration, the reason was that the foolsm folder did not exist. I created the folder by hand and a few minutes later it was populated with a variety of data files.
Note: Load balancing works fine across three ISP interfaces with or without the existence of this folder.
Linux version 4.18.0-348.12.2.el8_5.x86_64 ([email protected]) (gcc version 8.5.0 20210514 (Red Hat 8.5.0-3) (GCC)) #1 SMP Wed Jan 19 17:53:40 UTC 2022
Is there a way to force outbound connection to use a certain link based on the destination host or IP?
Trying to get the multi-openvpn recipe working from the documentation - did commit 77af414 break this?
$self->_collect_interfaces_retry();
if ($self->isp_services) {
$self->pre_run_rules();
From what I can tell isp_services does not contain tun0/tun1 because they have not been brought up yet by the pre_run_rules script and collect_interfaces can't mark them as containing a valid device. So it always just exits with no isp interfaces and quits without trying to bring up the tun's.
Something like
$self->pre_run_rules();
$self->_collect_interfaces_retry();
if ($self->isp_services) {
gets me closer but I have to admit to not understanding the code well enough yet to figure out what needs to be done to get the routing working after that. tun0 and tun1 don't have predictable addresses when they come up so I can't just add a custom route.
I get the following message trying to run perl ./Build.PL
:
WARNING: the following files are missing in your kit:
lsm/lsm.conf
META.json
META.yml
Please inform the author.
Designate one or more ISPs as failover-only. They are not used for load balancing.
i have a webserver within the LAN i used the perl command to forward to the webser's ip, but still can't access the webserver from outside
assume my network is as follows
192.168.0.0/24 -> LAN
192.168.1.0/24 -> ISP1
192.168.2.0/24 -> ISP2
I added the rule as follows in 02.forward.pl
$B->forward(80 => '192.168.0.23'); # Webserver IP on LAN is 192.168.0.23
Please advise
Hello,
In my configuration, I have two isp and one lan.
Both ISP have weight set to 1.
As I can see on the iptables generated:
iptables -t mangle -A PREROUTING -i br0 -m conntrack --ctstate NEW -m statistic --mode random --probability 1 -j MARK-ISP1
iptables -t mangle -A PREROUTING -i br0 -m conntrack --ctstate NEW -m statistic --mode random --probability 0.5 -j MARK-ISP2
Shouldn't they have the same probability ?
Another question: does CONNMARK work with udp ? (I guess not)
Or there is a possible configuration that make iptables select the same ISP automatically during udp communications (same source/destination) ?
Otherwise Great work and very easy to use !
Hello there, im trying to execute some custom scripts when the state of an ISP changes.
According to documentation, it says:
"...Run custom commands when an ISP goes up or down?
You will find a series of directories in $ETC_NETWORK/balance/lsm named "up.d", "down.d" and "long_down.d". "
But i cannot find those folders.
This is the output of the lsm folder:
pi@emp-raspib3:/ $ ls -lsa /etc/network/balance/lsm
total 16
4 drwxr-xr-x 2 root root 4096 Mar 22 02:58 .
4 drwxr-xr-x 7 root root 4096 Mar 22 03:19 ..
4 -r-xr-xr-x 1 root root 842 Mar 22 02:58 balancer_event_script
4 -r-xr-xr-x 1 root root 1386 Mar 22 02:58 default_script
pi@emp-raspib3:/ $
and if I search for those folders:
pi@emp-raspib3:/ $ sudo find / -type d | grep "long_down.d"
pi@emp-raspib3:/ $
Thank you! This is a very usefull tool :D
iptables v1.6.0: Couldn't load target `MARK-DSL':No such file or directory
This also happens when I bring up a different connection
iptables v1.6.0: Couldn't load target `MARK-DSL':No such file or directory
Nevertheless load balancing is working fine. What would cause this?
Hello,
I think that I saw a problem, when an ISP is come back Net-ISP-Balance still down
The reason seems logic, the default gateway for the "bad" ISP is gone so the ping still KO forever
OK:
0.0.0.0 192.168.8.1 0.0.0.0 UG 203 0 0 eth1
0.0.0.0 192.168.3.1 0.0.0.0 UG 204 0 0 usb0
The second KO:
0.0.0.0 192.168.8.1 0.0.0.0 UG 203 0 0 eth1
And If I restore the default route manually Net-ISP-Balance is happy and usb0 works again
Of course, I can use a local ping-ip (no gateway needed) but it's very limited ...
I am using raspberry pi 3B+ with Linux os
I will try to implement using the following website "http://lstein.github.io/Net-ISP-Balance/"
I use ppp0 device as Uc20G GSM module
I will follow the steps according to sites but in "perl ./Build.PL" it will generate error like
"root@raspberrypi:/home/pi/Net-ISP-Balance-master# perl ./Build.PL
Can't locate Module/Build.pm in @inc (you may need to install the Module::Build module) (@inc contains: /etc/perl /usr/local/lib/arm-linux-gnueabihf/perl/5.28.1 /usr/local/share/perl/5.28.1 /usr/lib/arm-linux-gnueabihf/perl5/5.28 /usr/share/perl5 /usr/lib/arm-linux-gnueabihf/perl/5.28 /usr/share/perl/5.28 /usr/local/lib/site_perl /usr/lib/arm-linux-gnueabihf/perl-base) at ./Build.PL line 5.
BEGIN failed--compilation aborted at ./Build.PL line 5."
I do not understand what is the problem
any suggests ??
Hello,
Related to http://git.kernel.org/cgit/linux/kernel/git/davem/net-next.git/commit/?id=89aef8921bfbac22f00e04f8450f6e447db13e42 there is no route cache with recent kernels, unfortunately http://lartc.org/howto/lartc.rpdb.multiple-links.html is based on route cache method
This will balance the routes over both providers. The weight parameters can be tweaked to favor one provider over the other.
Note that balancing will not be perfect, as it is route based, and routes are cached. This means that routes to often-used sites will always be over the same provider.
So my question is, there is an impact for Net-ISP-Balance ? There are broken TCP sessions, no ?
Eg: I mean, a cnx to HTTPS website with ISP1 suddenly moved to ISP2
I have an internal LAN configuration that's slightly more complicated than either a simple device/ip/netmask with no gateway or a device/ip/netmask/gateway for all traffic. Specifically, the LAN is divided into part that requires no gateway and a part that does require a gateway because the latter is on a separate subnet and goes through a second router device to get there. Net-ISP-Balance
is incorrectly concluding that all traffic has to go through that gateway and that results in it computing and using ip/netmask combinations that are broken.
On the LAN, the directly accessible segment is on 192.168.11.x
. The secondary subnet segment is on 192.168.10.x
. The internet gateway device sitting between the ISP nodes and the main LAN is IP 192.168.11.20
. And the secondary subnet router on the internal LAN is at 192.168.11.23
. I have things configured such that the LAN itself is configured as 192.168.10.0/23
, which includes both subnets. And there is a static gateway route for 192.168.10.0/24
to that 192.168.11.23
device for that subnet. This allows all computers on either subnet to see and communicate with all devices on either subnet as if they were all on the same subnet, making the secondary gateway transparent (this is all needed because the secondary subnet is connected via a WiFi access point instead of a wired Ethernet cable and so can't just be bridged, as only traffic bound for the WiFi negotiating client gets correctly routed there -- i.e. the other gateway itself).
Dumping the route tables for when things are correctly configured and working:
$ ip route show all
default via 10.161.170.65 dev enp3s0 proto static metric 101
169.254.0.0/16 dev enp3s0 scope link metric 1000
10.161.170.64/26 dev enp3s0 proto kernel scope link src 10.161.170.112 metric 101
192.168.10.0/24 via 192.168.11.23 dev enp1s0 proto static metric 102
192.168.10.0/23 dev enp1s0 proto kernel scope link src 192.168.11.20 metric 102
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.161.170.65 0.0.0.0 UG 101 0 0 enp3s0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 enp3s0
10.161.170.64 0.0.0.0 255.255.255.192 U 101 0 0 enp3s0
192.168.10.0 192.168.11.23 255.255.255.0 UG 102 0 0 enp1s0
192.168.10.0 0.0.0.0 255.255.254.0 U 102 0 0 enp1s0
enp1s0
is the LAN. enp3s0
is one of the ISP WAN connections. The other ISP WAN is currently down in this output, as I am mainly trying to sort out the routing on the LAN side.
As you can see in that last entry, anything for 192.168.10.0/23
(i.e. both subnets) goes to interface enp1s0
. But things for 192.168.10.0/24
(i.e. the secondary subnet) goes to the gateway at 192.168.11.23
. But that is ONLY traffic bound to that secondary subnet. Net-ISP-Balance
is incorrectly deciding that all traffic on enp1s0
should go to gateway 192.168.11.23
. Here's the commands it's trying if you run it in debug mode:
ip route add 192.168.10.0/24 dev enp1s0 src 192.168.11.20
ip route add 10.161.170.64/26 dev enp3s0 src 10.161.170.112
ip route add default via 10.161.170.65 dev enp3s0
ip route flush table 1
ip route add table 1 default dev enp3s0 via 10.161.170.65
ip route add table 1 192.168.10.0/24 dev enp1s0 src 192.168.11.20
ip route add table 1 10.161.170.64/26 dev enp3s0 src 10.161.170.112
ip rule add from 10.161.170.112 table 1
ip rule add oif enp3s0 table 1
ip rule add fwmark 1 table 1
As you can see, the netmask ranges it is computing are incorrect and not consistent even with the IP address of the interface. That first line should be: ip route add 192.168.10.0/23 dev enp1s0 src 192.168.11.20
, using the 255.255.254.0
netmask instead of 255.255.255.0
, as the IP 192.168.11.20
is otherwise not consistent with the mask it's trying to use.
I've been putting some debug print statements in the script to get a better idea of what it's seeing and to figure out what is happening. Here's the output through the stages of interface_info
:
Find virtual interfaces:
vdev: lo block: 127.0.0.0/8 addr: 127.0.0.1
vdev: enp1s0 block: 192.168.10.0/23 addr: 192.168.11.20
vdev: enp3s0 block: 10.161.170.64/26 addr: 10.161.170.112
Find existing routes:
vdev: enp3s0 nets: (default) gws: 10.161.170.65
vdev: enp1s0 nets: 192.168.10.0/24 gws: 192.168.11.23
Interfaces:
dev: lo
vdev: lo
running: 1
gw: 127.0.0.1
net: 127.0.0.0/8
ip: 127.0.0.1
dev: enp1s0
vdev: enp1s0
running: 1
gw: 192.168.11.23
net: 192.168.10.0/24
ip: 192.168.11.20
dev: enp3s0
vdev: enp3s0
running: 1
gw: 10.161.170.65
net: 10.161.170.64/26
ip: 10.161.170.112
The problem seems to be that it's confused by the extra static route that routes the 192.168.10.0/24
traffic to the extra 192.168.11.23
gateway. It found the correct block when it was enumerating the virtual interfaces, but then incorrectly picked the netmask and gateway of the static route when computing the overall interface, as that net for enp1s0
should be 192.168.10.0/23
instead of /24
and there shouldn't be a gateway (or the gateway should be showing as 192.168.11.20
, or the interface itself).
At the moment, I haven't found the best solution for this. It seems it needs to clue in on the static
keyword in the route table and perhaps compare the netmasks of each gateway on each interface to the IP for the interface itself. But that's not totally trivial in the current code.
Since this is somewhat fixed network topology for my setup and isn't dynamically changing, my current workaround is to just manually set up these LAN routes and interface configurations rather than having it automagically figure it out. But it is a shortcoming that needs to be fixed in Net-ISP-Balance
, since as it is it's broken and results in a nonworking configuration -- hence my filing this issue.
After executing load_balancer.py gateway (no internet acces from lan) not works but load balancing works from router host.
I have no idea what i'm missing.
System: Linux home-server 4.13.0-1-amd64 #1 SMP Debian 4.13.4-1 (2017-10-01) x86_64 GNU/Linux
Hello and thank you for your work!
The documentation at point
...Allow machines on the LAN to access the control interface of a cable and/or DSL modem attached to the router?
states:
Create the file /etc/network/balance/routes/01.modem_route.pl containing the following:
$B->add_route('192.168.1.1/32'=>'eth2',1);
Unfortunately doing this add rules for both ip route and iptables before iptables initialization, so rules are cleared out with the result of working routing but broken firewall rules.
This also applies to local routes.
I've managed to circumvent the problem by manually run a script on post-run.
I think it could be great to move both ip route and iptables initialization just after pre-run as it could solve all these problems imo. What do you think?
Have a nice day,
Eduard Roccatello
When running 'dmesg' command, I get a few lines with the following output:
[ 106.188537] DROP-SPOOF: IN= OUT=eth0 SRC=10.0.0.5 DST=23.235.44.133 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=14189 DF PROTO=TCP SPT=41842 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
Should the system be dropping IP spoof? eth0 is LAN interface.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.