From owner-freebsd-net@FreeBSD.ORG Mon Feb 18 22:54:35 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E501216A418 for ; Mon, 18 Feb 2008 22:54:35 +0000 (UTC) (envelope-from wmoran@collaborativefusion.com) Received: from mx00.pub.collaborativefusion.com (mx00.pub.collaborativefusion.com [206.210.89.199]) by mx1.freebsd.org (Postfix) with ESMTP id B95B413C461 for ; Mon, 18 Feb 2008 22:54:35 +0000 (UTC) (envelope-from wmoran@collaborativefusion.com) Received: from vanquish.ws.pitbpa0.priv.collaborativefusion.com (vanquish.ws.pitbpa0.priv.collaborativefusion.com [192.168.2.162]) (SSL: TLSv1/SSLv3,256bits,AES256-SHA) by wingspan with esmtp; Mon, 18 Feb 2008 17:54:33 -0500 id 00056412.47BA0CA9.00010DBD Date: Mon, 18 Feb 2008 17:54:33 -0500 From: Bill Moran To: Eygene Ryabinkin Message-Id: <20080218175433.4d2d4e21.wmoran@collaborativefusion.com> In-Reply-To: <7fVLvU+n7M2cgKK91Qkc92dxOZA@X/bj7yIvzuBvWMya3JMW3Pm7mBA> References: <38308.1203368454@thrush.ravenbrook.com> <20080218163618.5e6672d3.wmoran@collaborativefusion.com> <6xiZ7xvVdDqVhj0EdhE90pfdIcQ@S1JitD8kpKQ9sTxL7Qyzy/kv7rU> <20080218170642.e079540d.wmoran@collaborativefusion.com> <7fVLvU+n7M2cgKK91Qkc92dxOZA@X/bj7yIvzuBvWMya3JMW3Pm7mBA> Organization: Collaborative Fusion X-Mailer: Sylpheed 2.4.7 (GTK+ 2.12.8; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: Nick Barnes , freebsd-net@freebsd.org Subject: Re: Multiple default routes on multihome host X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Feb 2008 22:54:36 -0000 In response to Eygene Ryabinkin : > Mon, Feb 18, 2008 at 05:06:42PM -0500, Bill Moran wrote: > > > I had faced such situation once: I had multihomed host that was > > > running Apache daemon that was announced via two DNS names that > > > were corresponding to two different IPs, going via two different > > > providers. When the first provider's link goes down, the second > > > provider is still alive, and when both providers are alive, the > > > traffic is balanced via DNS round-robin alias. Do you see some > > > better way to do it via CARP, RIP, something different? I am still > > > interested in other possibilities. > > > > The canonical way to do this is with BGP. > > Yes, thus there will be only one IP, but it will be routed via > either provider, balanced across links and if one link will fail, > AS will be announced via the second one. Right? Correct. > And how would you say to your box: 'OK, this packet originates from > the IP1 that should go to the GW1, and the other originates from > IP2, so it should be forced to go via GW2'. I want symmetric routing > for both of these IPs. Tried to imagine how it can be done via > BGP, but was not able to figure out. Any practical examples? I'm not 100% sure in FreeBSD, as I've never set up BGP on FreeBSD. Our highly-available systems use Cisco routers for this, and the Ciscos have all the capabilities to handle this properly. I _do_ know that FreeBSD _can_ be set up to handle this properly, as I've spoken to people who've done it. Keep in mind that we have _2_ Cisco Routers and _2_ switches and everything is redundant via HSRP within our own data center. It'd be silly to pay for redundant links only to have a switch burn out and the whole thing be for naught. > > I can be done with CARP > > if both providers support it and are willing to work together. > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > Very, very unlikely for me ;)) Overall, Eygene, you're trying to haul freight with a Yugo. If you truly have a need for highly available system, you need to work with a provider who has the expertise and is willing to do it. Of course, that's going to cost you more money, just like an industrial- grade tractor-trailer will cost you more than a Yugo. Internet connections aren't just about speed like most PHBs think. There are a lot of other factors, and this is one of them. But again, if you have the need for all this network redundancy, shouldn't you have _2_ Apache servers in a failover (or load-balanced) configuration? To me, it sounds like you need to establish the real _business_ requirement here. If it's true HA, then you're far, far from it at this point. If it's rapid recovery from failure, you might consider something like heartbeat. If all you need is to balance bandwidth between two links, there are other hacks to make that happen. Possibly, you just need to describe the existing business requirement better in this discussion. You're _never_ going to have true HA if you're using two providers that aren't willing to cooperate. -- Bill Moran Collaborative Fusion Inc. http://people.collaborativefusion.com/~wmoran/ wmoran@collaborativefusion.com Phone: 412-422-3463x4023