Company LOGO

www.getclouder.com

Run Two ISPs in Your Home (Multihomed Router)

Marian (HackMan) MarinovCEO of 1H Ltd.CTO of GetClouder Ltd.

www.getclouder.com

What is a multi-homed router?

Chapter 1

Multihoming

www.getclouder.com

Why multihoming?

• Failover

• More capacity

• Faster connections

• Cheaper connections

• Why not both?

Chapter 1

Multihoming

www.getclouder.com

Assumptions

• You already know how routing is done on the Internet

• You know what are the iptables tables• filter

• mangle

• nat

• You already know what NAT is and how it works

• Forwarding is enabled and allowed in the router

Chapter 1

Multihoming

www.getclouder.com

Usual setup

main routing table10.0.0.0/24 dev eth2 src 10.0.0.177.70.33.0/24 dev eth0 src 77.70.33.12default via 77.70.33.1 dev eth0

iptables -t nat -A POSTROUTING -j SNAT \ -s 10.0.0.0/24 -o eth0 --to 77.70.33.12

Chapter 2

Setup

www.getclouder.com

Multiple routing tables

ISP1: 10.0.0.0/24 dev eth2 src 10.0.0.1 77.70.33.0/24 dev eth0 src 77.70.33.12 default via 77.70.33.1 dev eth0ISP2: 10.0.0.0/24 dev eth2 src 10.0.0.1 83.12.21.0/24 dev eth1 src 83.15.21.65 default via 83.15.21.254 dev eth1

Chapter 2

Setup

www.getclouder.com

Multiple routing tables

Chapter 2

Setup

routing table

www.getclouder.com

Multiple routing tables

Chapter 2

Setup

routing table ISP1

routing table ISP2

www.getclouder.com

How to create iproute2 routing tables

Chapter 2

Setup

$ cat /etc/iproute2/rt_tables# reserved values255 local254 main253 default10 isp120 isp20 unspec

www.getclouder.com

How to add routes into the new routing tables

Chapter 2

Setup

ip r a 10.0.0.0/24 dev eth2 t isp1ip r a 10.0.0.0/24 dev eth2 t isp2

ip r a 77.70.33.0/24 dev eth0 t isp1ip r a 0/0 via 77.70.33.1 t isp1

ip r a 83.12.21.0/24 dev eth0 t isp2ip r a 0/0 via 83.15.21.254 t isp2

ip r a == ip route add t == table

www.getclouder.com

How to guide the traffic to enter these tables

Chapter 2

Setup

ip ru a from 77.70.33.12 t isp1 ip ru a from 83.15.21.65 t isp2

ip ru a == ip rule add t == table

www.getclouder.com

Separating the clients from the home network

Chapter 2

Separation

• Manually• based on source IP

• based on destination IP

• based on protocols

• Automatic• statistic (random,nth)

• recent

• time based

• Route based

www.getclouder.com

Manually separating clients

Chapter 2

Separation

• based on source IPip rule add from 10.0.0.x table isp1

• based on destination IPip rule add to 192.168.0.x table isp1

• based on protocolsiptables marking per protocol

www.getclouder.com

CONNMARK

Chapter 2

Separation

iptables -A POSTROUTING -t mangle -j CONNMARK --restore-markiptables -A POSTROUTING -t mangle -m mark ! --mark 0 -j ACCEPTiptables -A POSTROUTING -p tcp --dport 21 -t mangle -j MARK --set-mark 1iptables -A POSTROUTING -p tcp --dport 80 -t mangle -j MARK --set-mark 2iptables -A POSTROUTING -t mangle -j CONNMARK --save-mark

Automatically separate clients between uplinks

● Statistic

iptables -t mangle -A PREROUTING -j MARK --set-mark 2 -o dev_ips2 -m statistic --mode random --probability 0.2

iptables -t mangle -A PREROUTING -j MARK --set-mark 1 -o dev_ips1 -m statistic --mode nth --every 2 --packet 0

iptables -t mangle -A PREROUTING -j MARK --set-mark 2 -o dev_ips2 -m statistic --mode nth --every 2 --packet 1

Automatically separate clients between uplinks

● Statistic

-j MARK --set-mark 1 -o dev_ips1 -m statistic --mode nth --every 4 --packet 0

-j MARK --set-mark 1 -o dev_ips1 -m statistic --mode nth --every 4 --packet 1

-j MARK --set-mark 1 -o dev_ips1 -m statistic --mode nth --every 4 --packet 2

-j MARK --set-mark 2 -o dev_ips2 -m statistic --mode nth --every 4 --packet 3

Automatically separate clients between uplinks

● recent

-m recent --name ballanced --rcheck --seconds 300 -j MARK --set-mark 2

-m recent --name ballanced --set -j MARK --set-mark 1● time based

-m time --timestart 09:30 --timestop 17:30 --days Mon,Tue,Wed,Thu,Fri

Automatically separate clients between uplinks

● route based

ip route add default scope global \

nexthop via $gw_isp1 dev $dev_isp1 weight 1 \

nexthop via $gw_isp2 dev $dev_isp2 weight 1

www.getclouder.com

Source NAT - Set the outgoing IPs

iptables -t nat -A POSTROUTING \ -o $dev_isp1 -j SNAT --to $ip_isp1iptables -t nat -A POSTROUTING \ -o $dev_isp2 -j SNAT --to $ip_isp2

SNAT

Chapter 3

www.getclouder.com

Additional documentation

http://lartc.org/howto/lartc.rpdb.multiple-links.htmlLink Status Monitor http://lsm.foobar.fi/If you are interested... Julian Anastasov's patches: http://www.ssi.bg/~ja/#routes

Chapter 4

Conclusion

www.getclouder.com

Q & A

Marian (HackMan) Marinovmm <> 1h.com

Jabber: hackman@jabber.orgirc.freenode.net HackMan #iseca #softuni

Chapter 5

Questions