21 November 2005

Telstra up to their usual tricks

Remember my previous T rant? Well, they’re at it again. This time, instead of fixing the customer’s DNS to reflect the new fixed IP address they inflicted upon them, they broke the ADSL authentication.

Just in case anyone needs to multihome a Linux box in a hurry, here is a 30 second recipe. Call 1.1.1.1 the gateway for the first link, 1.1.1.5 the interface address for it; 2.2.2.2 the gateway and 2.2.2.6 the interface for the additional link.

  1. Define two (or more) new table names in /etc/iproute2/rt_tables, this example will call them oldlink and newlink; this step is optional but adds much clarity to the rest of the process
  2. ip route add default via 1.1.1.1 table oldlink
  3. ip rule add from 1.1.1.5 table oldlink
  4. ip route add default via 2.2.2.2 table newlink
  5. ip rule add from 2.2.2.6 table newlink

Now set your default route to the link you want outbound traffic to flow through. Inbound traffic will return via the interface it arrived on. If you want simple but crude load-balancing over the links, add something like this:

  1. ip route add default scope global nexthop via 1.1.1.1 weight 1 nexthop via 2.2.2.2 weight 1

“Crude” means that it’s route-based, so if 90% of your traffic is to one site, that 90% will all flow through one link; also the choice of links for new routes is somewhat arbitrary (IOW, actual balancing is far from guaranteed even in ideal circumstances).

No comments: