Hi all,

I've spend some time and wrote yet another multi WAN HowTo. I've tried to present 2 scenarios for routing via multiple WAN, static and dynamic. Although staitic is used in the examples.

All interested look at: http://lukav.com/wordpress/2007/03/12/o … an-how-to/

Just wonder, with no negative intention, have you ever tested your multipath weighted routing using a SSH connection ?

One of the useful tests when implementing multiple WAN is to test your inbound or outbound connection using SSH. If you get frequent disconnection, it means the implementation is faulty.

I would imagine that your implementation will have problem with regards to keeping a sustainable SSH session. But that's just my speculation at this moment. Feel free to tell me that I am wrong.

Cheers.

mctiew,

To be absolutely honest I haven't fully tested the multipath weighted approach, because I use the static one. But I see no reason for it not to work, since the inbound ssh connections will get processed by the interface that they game in.
As for the outbound the http://lartc.org/howto/lartc.rpdb.multi … tml#AEN298 states, that this is not a perfect solution because of the caching. The decision which route to take is made on initial request to the host. Consequential request go over the same interface as the initial. As this is disadvantage in load balancing it is the opposite of the problem you are suggesting (assuming I got it right:) ).

Can you give more info on where do you see a problem?

In the meanwhile, I'll setup a weight multipath tonight and leave several ssh session opened for the night. I'll let you know the result in the morning.

mctiew,

The result from my last night test are: 6 hours later all opened ssh sessions are still alive and working.
I've left for the night 2 inbound and 2 outbound connection.

Cheers

Cool, good to know that it works.

I would like to know more about your tests, just for information gathering, specifically the outbound SSH connection only :-

1. Do you outbound from OpenWRT machine or from the LAN machine ( ie where is the SSH client ) ?

2. The target machine ( ie the SSH server ) is it still within your WAN1/2 network or it's somewhere beyond the WAN1/2 network ?

3. Are you doing NAT on both of your WANs ?

Reason for asking this is because you have 'ip rule WAN1/2 .....' therefore certain connections will never be subjected to weighted multipath route. If a connection is not subjected to multipath routes, then it will not have any problem.

Cheers.

The outbound connections ware made from a machine behind the NAT. I first tasted with traceroute to make sure the 2 hosts go out diffrent interfaces

Both ware beyond the WAN1/2 networks

Yes

I understand This could be an additional feature to my setup ... For example I've used the 3th routing table (BG_ROUTES from the howto) to make sure the request to the DNS servers of my both providers goes via the proper interface (I don't have access to those machines, so they are not in the test;) ).
So you can have weighted multipath and still static routes for some hosts.

Understand fully.

However, as far as I know, cached routes will expire periodically. When cache expires, the packets will be subjected to weighted multipath routes, and therefore it is possible that a SSH session might change public IP somewhere in the middle of a session, that's when SSH will think that security has been breached, and then drops the established connection.

So I wonder why this has not happened to your setup.

Regards.

Well probably because the connection is already established, so it doesn't need to make another inquire for the route to this host.
Or may be the cache expires when there is no activity to the host at all, which means that as long as the connection is established the cache would not expire.
afcourse it is possible that the caches have expired, but the new ware over the same interface, so the problem never arized, but i doubt it.

I honestly don't know, but I've got this setup from: http://lartc.org/howto/lartc.rpdb.multiple-links.html which seams to be the most famouse reading on the mather as well as: http://www.ssi.bg/~ja/nano.txt
So I guess this is widely used, and I haven't sean anywhere a post for such a problem.

I suggest we wait and see if someone has this problem and then debug

BTW do you have more than 1 WAN on your setup? If so please share your setup.

Actually quite to the contrary. If you search google or something, yes lots of people have implemented things according to that documentation, but at the same time lots of people have experienced the problem I mentioned. This has almost become a FAQ.

As far as I know two types of implementation have been successul in dealing with this problem :-

1. Apply patches supplied by Julian and follow http://www.ssi.bg/~ja/nano.txt.
2. Use iptables CONNMARK.

MC.

Maybe, just maybe, it's because for a openwrt platform, both the WAN1 and WAN2 share the same mac address. Anyway, it's just my wild guess.

Anyway, keep up with the good work, I believe that your implemention has been tested working.

Cheers.

Sorry I'm new to openwrt but this is exactly what I need:

I tried to implement this, and immediately hit a problem that there is no "ip" command on my box - running WhiteRussian 0.9 on a buffalo whr-hp-g54-1.

(I managed to brick it, in fact.. but got it back eventually after re-flashing to original, dd-wrt then back to openwrt..)

Where do I get this from?

Cheers,

Rob

Ah.. found ip, in packages .. (doh!)   However, are there likely to be any other things I am going to need over and above a default openwrt & x-wrt installs?

Cheers,

Rob.

Hi Rob,

I actually don't recall installing the ip package additionally, but since I've played with lots of stuff I can be certain. I've used the Default firmware image from X-Wrt for my installation.

Also thanks for the updated script you have send me. I'll update the post accordingly.

Regards.

lukav: Your blog seem to be down. Did you move the howto to somewhere else ?

Nope. I've run .ipkg upgrade
This reset some of the files/settings and now I'm tring to recover.
It should be accesable now

Are you running wordpress ON your WL-500G Premium ?

:):) No, but my server is behind it.

Ok - I was quite impressed about the performance you got on wordpress if it was running off the Asus ;-)

....while PHP runs great in lighttpd in OpenWrt, it is NOT excately fast.

this is highly confusing to me, I read Lukav's weblog but still kinda fuzzy.
i got a Wrt54GS i guess all the ports are the same right? 0=WAN 1234=LAN and 5 is wifi?

from what i gathered is lukav is using the wan port and lan port 1 as 2nd wan bridge em both together?

well agian im confused as heck maybe some1 could dumb this down for me i was wondering about using the wifi interface as a 2ndWAN with the default wan port and sorta load balancing em, gotta admit this is heavy routing tables if you ask me, I've been running on a linux machine for a few yrs now but this lil device with all its network devices and vlans etc makes my head spin, i maybe im too "fresh" to delving into such endeavorers all these nvram variables omg!

Hi DeL3e7,

NO. You should read http://wiki.openwrt.org/OpenWrtDocs/NetworkInterfaces as there is explained in much details. I'm no expert, but this is how I see it:
Those device actually have one 5 port switch. To see them as diffrent interfaces in linux env we are using vlans. So by default:
vlan0 = LAN = ports 1 - 4
vlan1 = WAN = port 0
What I'm doing is changing this to:
vlan0 = LAN = ports 2 - 4
vlan1 = WAN = port 0
vlan2 = WAN2 = port 1

*5 port is some internal port, but I'm not sure what exacly it represents. However it is a part of all vlans

The wifi is a hole diffrent interface (eth1 in my case), where you combine it with vlan0 using a bridge.
At first it was confucing to me also, but I've played with 'nvram show | grep ?' where ? = lan,wan,vlan,wifi,wlan to get the picture. And did some reading in the openwrt wiki.

Now the ordering of the ports may differ in devices. For example a few days ago I've made my configuration to a WRT54GL v1.1 where I've discovered that the settings ware:
vlan0 = LAN = ports 0 - 2
vlan1 = WAN = port 4 (the port that reads WAN in the back of the device)
vlan2 = WAN2 = port 3 (the port that reads 1 in the back of the device)

nvram settings ware:
vlan0ports="0 1 2 5*"
vlan1ports="4 5"
vlan2ports="3 5"

NO, I don't bridge them togather, what I do is separate lan port 1 as a diffrent interface and then use this as WAN2.

Well, I did linux routing with ethX for a few years like you also. But I wanted to use this machine for other stuff and each time I rebooted the internet was stopping. That is why I've invested in this small (I don't have much space at home) cheap device and had it do the job of the linux server. My linux configuration was the same except instead of vlans I've had eths and each represented a network card (much clearer).

If you want to use the Wifi as WAN you'll have to separate it from the LAN bridge, - there is option for this in the WEB interface. Then you have to set wan2_ifname to the wifi device (may be eth1).
If you are not up for it, you can wait for the release of Kamikaze and then X-wrt to catch up with it, because I've read somewhere that Kamikaze will support multiple WAN by default.

so how the heck can i make eth1 <wifi> another wan with the current wan
thought i understood earlier but ended up screwing up reflashed back to factory defaults

DeL3e7, I can not give a step by step on this, since I've never done it. And I don't have a second device to test nor I'm planing to use my current one, because I use it too much and can not affort to brick it.

So, you could either give me access to your device or try to do this by forums or other type of communication (ICQ, GoogleTalk, MSN, Skype ).

Lets start by giving some more information:
Which dist did you installed X-Wrt or plain OpenWRT?
Did you managed to separate the Wifi from the LAN and use it as client?

If so can you post the results from ifconfig,  nvram show and anything other you consider relevant?
(Beware to mask any passwords when you post;) )

Regards