# Load Balancing Aliases (Almost Solved) :)

## laplata

Hello, friends! My question might be easy for you, but I looked all over the net and got nothing...  :Sad: 

I've 3 IP's available for me:

10.10.10.3 (150/300kbit)

10.10.10.7 (150/300kbit)

10.10.10.60 (300/600kbit)

Gateway = 10.10.10.1

Each of IP's has assigned an amount of bandwidth. I've only one real wifi card (wlan0) and I created two aliases, so:

wlan0 has 10.10.10.3

wlan0:0 has 10.10.10.7

wlan0:1 has 10.10.10.60

My question is: How do I do load balancing with those 3 IP's so I can use them to download files, see websites, etc? I can't use nexthop (from "ip route") since the gateway and the interfaces are the same. I tried the "bonding" kernel module, but it won't accept to add my aliases (it says the aliases are already slaves). Someone told me about iptables SNAT, but I have no idea to set it up.

Could someone give me some help? Thank you!!!Last edited by laplata on Sat Nov 29, 2008 5:14 pm; edited 1 time in total

----------

## VinzC

Load balancing makes sense with distinct network cards. Why do you want to achieve this with aliases knowing that the same [physical or aerial] "wire" (or link) will hold the traffic? Or is it for testing purposes?

----------

## laplata

 *VinzC wrote:*   

> Load balancing makes sense with distinct network cards. Why do you want to achieve this with aliases knowing that the same [physical or aerial] "wire" (or link) will hold the traffic? Or is it for testing purposes?

 

I have only one antenna and one card, so If i can create aliases, it would save me a lot of other hardwares.

Those IP's are independant. I mean, if I use all the bandwidth of 10.10.10.3, it won't use anything from 10.10.10.{7,60}. That's why I would like to load balance or bond them.  :Smile: 

----------

## VinzC

As far as I know load balancing involves different MAC addresses and uses IP aliases won't help much I'm afraid...

----------

## laplata

 *VinzC wrote:*   

> As far as I know load balancing involves different MAC addresses and uses IP aliases won't help much I'm afraid...

 

So I would need a card with Atheros chipset so I could use that feature?

It seems its driver supports it, wlan0, wlan1, etc. :/

----------

## laplata

If I use wget --bind-address option for each download assigning one IP for each, I can load balance and it works flawless.

It must have a way to make it automatically so I don't have to use --bind-address...

And it would be awesome if I could BOND those IP's.  :Smile: 

----------

## VinzC

 *laplata wrote:*   

> And it would be awesome if I could BOND those IP's. 

 

You won't be able to. Bonding is called Ethernet bonding because it acts upon the Ethernet layer. It doesn't involve layer 3 protocols like TCP, IP and above. You really need two or more physical adapters if you want Ethernet bonding.

By the way bonding allows you to combine (i.e. sum) the bandwidth of Ethernet adapters, which are part of the virtual interface. Example: bonding with 2 adapters @ 100Mbits/sec gives a virtual interface @ 200Mbits/sec. Since you only have one adapter bonding is useless as far as the bandwidth is concerned.

Now you said  *Quote:*   

> Each of IP's has assigned an amount of bandwidth.

 

Does it mean you've setup QoS on the machine with these 3 IP addresses? So why are you limiting the maximum bandwidth to ~1.3Mbits/sec given your Wlan card can give you 40 times more?

----------

## laplata

 *VinzC wrote:*   

> Now you said  *Quote:*   Each of IP's has assigned an amount of bandwidth. 
> 
> Does it mean you've setup QoS on the machine with these 3 IP addresses? So why are you limiting the maximum bandwidth to ~1.3Mbits/sec given your Wlan card can give you 40 times more?

 

Not me... the provider is doing QoS for the IP's. I would never limite it if I could. lol

Thank you for the answer. I guess there's a solution with iptables so I can do round robin with the IP's, although I cannot bond them it seems.

I'm still looking for it...

----------

## asl.pavel

i think u may achieve this behavior combine traffic shaping with mark (iproute2 package) and iptables NAT target with mark.U set mark lets say to 1 if bandwidth on one way higher the another and otherwise to 0. And using iptables with match --mark -j SNAT it over one interface or another. It would be connection oriented. Or u can just round-robin over this ip with SNAT tareget by setting ip-range ( -j SNAT --to-source ip_one-ip_two ... or smth like this consult man for iptables ) .  The half of u connections would go over one ip and half through other ...

----------

## laplata

 *asl.pavel wrote:*   

> i think u may achieve this behavior combine traffic shaping with mark (iproute2 package) and iptables NAT target with mark.U set mark lets say to 1 if bandwidth on one way higher the another and otherwise to 0. And using iptables with match --mark -j SNAT it over one interface or another. It would be connection oriented. Or u can just round-robin over this ip with SNAT tareget by setting ip-range ( -j SNAT --to-source ip_one-ip_two ... or smth like this consult man for iptables ) .  The half of u connections would go over one ip and half through other ...

 

With this command line it works perfectly:

iptables -t nat -A POSTROUTING -o wlan0 -j SNAT --to 10.10.10.x-10.10.10.y

The problem is that I don't know how to use those 3 IPs with this command. It doesn't accept multiple --to-source it says me.  :Sad: 

----------

## asl.pavel

```

SNAT

       This target is only valid in the nat table, in the  POSTROUTING  chain.

       It  specifies  that the source address of the packet should be modified

       (and all future packets in this connection will also be  mangled),  and

       rules should cease being examined.  It takes one type of option:

       --to-source ipaddr[-ipaddr][:port[-port]]

              which  can  specify a single new source IP address, an inclusive

              range of IP addresses, and optionally, a port  range  (which  is

              only  valid if the rule also specifies -p tcp or -p udp).  If no

              port range is specified, then source ports  below  512  will  be

              mapped  to  other  ports  below  512: those between 512 and 1023

              inclusive will be mapped to ports below 1024,  and  other  ports

              will  be mapped to 1024 or above. Where possible, no port alter‐

              ation will

              In Kernels  up  to  2.6.10,  you  can  add  several  --to-source

              options.  For those kernels, if you specify more than one source

              address, either via an address  range  or  multiple  --to-source

              options, a simple round-robin (one after another in cycle) takes

              place between these addresses.  Later  Kernels  (>=  2.6.11-rc1)

              don’t have the ability to NAT to multiple ranges anymore.

       --random

              If  option --random is used then port mapping will be randomized

              (kernel >= 2.6.21).

```

but iptables manual says u can ... try to use several --to-source options.

----------

## laplata

I tried it for each IP, but doesn't seem to work this way.  :Sad: 

----------

## laplata

Ok, just to let you know, I got it working by doing this:

```
iptables -t nat -A POSTROUTING -o wlan0 -m statistic --mode nth --every 3 --packet 0 -j SNAT --to-source 10.10.10.3

iptables -t nat -A POSTROUTING -o wlan0 -m statistic --mode nth --every 3 --packet 1 -j SNAT --to-source 10.10.10.7

iptables -t nat -A POSTROUTING -o wlan0 -m statistic --mode nth --every 3 --packet 2 -j SNAT --to-source 10.10.10.60
```

Now I've got just one problem...

It's very fast to see websites and to using axel to download, as it does balancing between the source IP's. But, for instance, if I'm using wget, it will use only one IP, of course, but, when I'm using one IP, new requests (for website, for example) get slow, I cannot even ping...

Does anyone have any idea to fix it up? I know it's something to do with QoS...

Thanks.

----------

## VinzC

I don't know how to fix that problem but all I can tell is that web sites are very sensitive to source IP's as to maintain sessions. I discovered that reading pound's manual see chapter «Sessions» at http://www.apsis.ch/pound/ . Maybe a proxy that does load balancing is more appropriate for web traffic in your case.

----------

## laplata

 *VinzC wrote:*   

> I don't know how to fix that problem but all I can tell is that web sites are very sensitive to source IP's as to maintain sessions. I discovered that reading pound's manual see chapter «Sessions» at http://www.apsis.ch/pound/ . Maybe a proxy that does load balancing is more appropriate for web traffic in your case.

 

Yes, but those IP's I'm using are private and nating to only one public, that the websites see...

I'll take a look at it. Thank you!

----------

## laplata

I'm messing up with Shorewall and trying to traffic shape those IP's.

I'm trying to limit the bandwidth of the 3 IP's but I don't see an option in "tcdevices", so I thought about setting the maximum (the sum of the IP's, which is 1200kbit for IN and 600kbit for OUT) bandwidth in "tcdevices" and tried to set marks 1, 2 and 3 in "tcclasses" and assign those marks to the source IP's I have (from the aliases) in "tcrules".

But it doesnt seem to work. Where am I missing? Those are my config files:

```
linux shorewall # cat tcdevices

#NUMBER:        IN-BANDWITH     OUT-BANDWIDTH   OPTIONS         REDIRECTED

#INTERFACE                                                      INTERFACES

wlan0           1200kbit         600kbit

#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
```

```
linux shorewall # cat tcclasses

#INTERFACE:CLASS        MARK    RATE            CEIL            PRIORITY        OPTIONS

wlan0                   1       2*full/5        full/2          1               tcp-ack,tos-minimize-delay

wlan0                   2       5*full/20       9*full/20       2

wlan0                   3       5*full/20       9*full/20       2

wlan0                   4       5*full/20       9*full/20       2

#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
```

```
linux shorewall # cat tcrules

#MARK   SOURCE          DEST            PROTO   DEST            SOURCE  USER    TEST    LENGTH  TOS   CONNBYTES         HELPER

#                                               PORT(S)         PORT(S)

1:F     0.0.0.0/0       0.0.0.0/0       icmp    echo-request

1:F     0.0.0.0/0       0.0.0.0/0       icmp    echo-reply

2:F     10.10.10.3      0.0.0.0/0       all

2:F     0.0.0.0/0       10.10.10.3      all

3:F     10.10.10.7      0.0.0.0/0       all

3:F     0.0.0.0/0       10.10.10.7      all

4:F     10.10.10.60     0.0.0.0/0       all

4:F     0.0.0.0/0       10.10.10.60     all

#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
```

Thanks!

----------

