Scribd
Upload
105 views21 pages

Run Two Isps in Your Home (Multihomed Router) : Company Logo

This document discusses how to configure a multi-homed router to connect to two different ISPs simultaneously. It describes using multiple routing tables and rules to direct traffic over each connection, and Network Address Translation (NAT) to assign separate source IP addresses. Specific steps are provided to create routing tables, add routes, guide traffic, separate client networks, and configure source NAT for outgoing traffic on each uplink. Additional documentation links are included for further reading on multi-homing and link monitoring techniques.

Uploaded by

vishytk
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
105 views21 pages

Run Two Isps in Your Home (Multihomed Router) : Company Logo

This document discusses how to configure a multi-homed router to connect to two different ISPs simultaneously. It describes using multiple routing tables and rules to direct traffic over each connection, and Network Address Translation (NAT) to assign separate source IP addresses. Specific steps are provided to create routing tables, add routes, guide traffic, separate client networks, and configure source NAT for outgoing traffic on each uplink. Additional documentation links are included for further reading on multi-homing and link monitoring techniques.

Uploaded by

vishytk
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

Company

LOGO

Run Two ISPs in Your Home


(Multihomed Router)

Marian (HackMan) Marinov


CEO of 1H Ltd.
CTO of GetClouder Ltd.

www.getclouder.com

What is a multi-homed router?

Chapter

Multihoming

www.getclouder.com

Why multihoming?

Chapter

Multihoming

www.getclouder.com

Failover
More capacity
Faster connections
Cheaper connections
Why not both?

Assumptions

Chapter

Multihoming

www.getclouder.com

You already know how routing is done on


the Internet
You know what are the iptables tables

filter
mangle
nat

You already know what NAT is and how it


works
Forwarding is enabled and allowed in the
router

Usual setup

Chapter

main routing table


10.0.0.0/24
dev eth2 src 10.0.0.1
77.70.33.0/24
dev eth0 src 77.70.33.12
default via 77.70.33.1 dev eth0

Setup
iptables -t nat -A POSTROUTING -j SNAT \
-s 10.0.0.0/24 -o eth0 --to 77.70.33.12

www.getclouder.com

Multiple routing tables

Chapter

Setup

ISP1:
10.0.0.0/24
dev eth2 src 10.0.0.1
77.70.33.0/24
dev eth0 src 77.70.33.12
default via 77.70.33.1 dev eth0
ISP2:
10.0.0.0/24
dev eth2 src 10.0.0.1
83.12.21.0/24
dev eth1 src 83.15.21.65
default via 83.15.21.254 dev eth1

www.getclouder.com

Multiple routing tables

Chapter

Setup
routing
table

www.getclouder.com

Multiple routing tables

Chapter

Setup

routing
table ISP1

www.getclouder.com

routing
table ISP2

How to create iproute2 routing tables

Chapter

Setup

www.getclouder.com

$ cat /etc/iproute2/rt_tables
# reserved values
255 local
254 main
253 default
10 isp1
20 isp2
0
unspec

How to add routes into the new routing


tables
ip r a 10.0.0.0/24 dev eth2 t isp1
ip r a 10.0.0.0/24 dev eth2 t isp2
Chapter

Setup

ip r a 77.70.33.0/24 dev eth0 t isp1


ip r a 0/0 via 77.70.33.1 t isp1
ip r a 83.12.21.0/24 dev eth0 t isp2
ip r a 0/0 via 83.15.21.254 t isp2
ip r a == ip route add
t == table

www.getclouder.com

How to guide the traffic to enter these


tables
ip ru a from 77.70.33.12 t isp1
ip ru a from 83.15.21.65 t isp2
Chapter

2
ip ru a == ip rule add
t == table

Setup

www.getclouder.com

Separating the clients from the home


network

Chapter

Separation

www.getclouder.com

Manually

Automatic

Route based

based on source IP
based on destination IP
based on protocols
statistic (random,nth)
recent
time based

Manually separating clients

Chapter

Separation

www.getclouder.com

based on source IP
ip rule add from 10.0.0.x table isp1
based on destination IP
ip rule add to 192.168.0.x table isp1
based on protocols
iptables marking per protocol

CONNMARK

Chapter

Separation

www.getclouder.com

iptables -A POSTROUTING -t mangle


-j CONNMARK --restore-mark
iptables -A POSTROUTING -t mangle
-m mark ! --mark 0 -j ACCEPT
iptables -A POSTROUTING -p tcp
--dport 21 -t mangle -j MARK --set-mark 1
iptables -A POSTROUTING -p tcp
--dport 80 -t mangle -j MARK --set-mark 2
iptables -A POSTROUTING -t mangle
-j CONNMARK --save-mark

Automatically separate clients


between uplinks

Statistic

iptables -t mangle -A PREROUTING -j MARK


--set-mark 2 -o dev_ips2 -m statistic --mode
random --probability 0.2
iptables -t mangle -A PREROUTING -j MARK
--set-mark 1 -o dev_ips1 -m statistic --mode nth
--every 2 --packet 0
iptables -t mangle -A PREROUTING -j MARK
--set-mark 2 -o dev_ips2 -m statistic --mode nth
--every 2 --packet 1

Automatically separate clients


between uplinks

Statistic

-j MARK --set-mark 1 -o dev_ips1 -m statistic


--mode nth --every 4 --packet 0
-j MARK --set-mark 1 -o dev_ips1 -m statistic
--mode nth --every 4 --packet 1
-j MARK --set-mark 1 -o dev_ips1 -m statistic
--mode nth --every 4 --packet 2
-j MARK --set-mark 2 -o dev_ips2 -m statistic
--mode nth --every 4 --packet 3

Automatically separate clients


between uplinks

recent

-m recent --name ballanced --rcheck


--seconds 300 -j MARK --set-mark 2
-m recent --name ballanced --set -j MARK
--set-mark 1

time based

-m time --timestart 09:30 --timestop 17:30


--days Mon,Tue,Wed,Thu,Fri

Automatically separate clients


between uplinks

route based

ip route add default scope global \


nexthop via $gw_isp1 dev $dev_isp1 weight 1 \
nexthop via $gw_isp2 dev $dev_isp2 weight 1

Source NAT - Set the outgoing IPs

Chapter

SNAT

www.getclouder.com

iptables -t nat -A POSTROUTING \


-o $dev_isp1 -j SNAT --to $ip_isp1
iptables -t nat -A POSTROUTING \
-o $dev_isp2 -j SNAT --to $ip_isp2

Additional documentation
http://lartc.org/howto/lartc.rpdb.multiple-links.html
Link Status Monitor http://lsm.foobar.fi/
Chapter 4
If you are interested...
Conclusion Julian Anastasov's patches:
http://www.ssi.bg/~ja/#routes

www.getclouder.com

Q&A

Chapter

Questions

www.getclouder.com

Marian (HackMan) Marinov


mm <> 1h.com
Jabber: [email protected]
irc.freenode.net HackMan #iseca #softuni

You might also like