Routing to two ISP's instead of one: what replaces default route?

Routing to two ISP's instead of one: what replaces default route?

Post by Kenneth Port » Sat, 12 May 2001 06:00:07



Until recently, I used a Red Hat Linux box (2.2 kernel) to masquerade and
firewall my LAN to the Internet. I just needed a static default route on
the Linux box to make everything work.

Now I've got an ADSL connection to PacBell (pbi.net) and a T1 to UUNET. The
ADSL connection uses a simple Alcatel modem, while the T1 uses a Cisco
2620. The Linux box has 3 interfaces, one to each provider and one to the
LAN.

I'd like traffic to use both interfaces, whichever makes most sense for a
given connection. For example, a connection to another UUNET customer
should go out the T1, and connections to PBI customers and servers should
go out the ADSL line.

What do I need to do to make this happen?

The Cisco isn't running any router protocol, and is just handing packets to
the router at "the other end".

I tried "ripquery" (a RIP utility that comes with the routed RPM) from my
Linux box to the ISP router at PacBell and to the Cisco and both attempts
resulted in "query refused". I've got routed running but I'm guessing it's
not accomplishing anything given the ripquery results.

I suppose I could use static routes for 64/8 and 65/8 and let all other
traffic take a specific interface, but it seems like I should be able to
dynamically assign a route based on cost to the destination.

--
Kenneth Porter
http://www.sewingwitch.com/ken/
Remove 'invalid' for correct email address

 
 
 

Routing to two ISP's instead of one: what replaces default route?

Post by Barry Margoli » Sat, 12 May 2001 06:16:02




>Until recently, I used a Red Hat Linux box (2.2 kernel) to masquerade and
>firewall my LAN to the Internet. I just needed a static default route on
>the Linux box to make everything work.

>Now I've got an ADSL connection to PacBell (pbi.net) and a T1 to UUNET. The
>ADSL connection uses a simple Alcatel modem, while the T1 uses a Cisco
>2620. The Linux box has 3 interfaces, one to each provider and one to the
>LAN.

>I'd like traffic to use both interfaces, whichever makes most sense for a
>given connection. For example, a connection to another UUNET customer
>should go out the T1, and connections to PBI customers and servers should
>go out the ADSL line.

>What do I need to do to make this happen?

You will need your ISPs to configure BGP routing with you.  Each ISP can
send you their full routing table, and then your Linux box will choose the
appropriate path for the destination.  Or you could have one ISP send you
just their customer routes, and you could default everything else to the
other ISP (I'd suggest using UUNET as the default, since they're a tier-1
ISP).

You should be able to run gated on the Linux box to implement BGP on your
end.

UUNET should be able to provide this, but I wouldn't be surprised if
PacBell doesn't offer it to ADSL customers.

The above handles outbound routing.  For inbound routing there are more
issues.  Unless you have at least a whole class C address block, you
shouldn't be advertising your addresses using BGP.  If you just have one IP
address from each ISP (which is what I suspect, since you're masquerading),
the path inbound traffic takes will depend just on which address it's going
to, not where it came from.  As a result, you'll have asymmetric routing if
a PacBell customer connects to your UUNET address or vice versa.  There's
nothing intrinsicly wrong with this, but many ISPs have RPF configured to
prevent address spoofing, so you'll need to ensure that both ISPs disable
this on your connection.

--

Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

 
 
 

Routing to two ISP's instead of one: what replaces default route?

Post by Dean Thompso » Sat, 12 May 2001 10:04:03


Hi!,


>>Now I've got an ADSL connection to PacBell (pbi.net) and a T1 to UUNET. The
>>ADSL connection uses a simple Alcatel modem, while the T1 uses a Cisco
>>2620. The Linux box has 3 interfaces, one to each provider and one to the
>>LAN.

>>I'd like traffic to use both interfaces, whichever makes most sense for a
>>given connection. For example, a connection to another UUNET customer
>>should go out the T1, and connections to PBI customers and servers should
>>go out the ADSL line.

> You will need your ISPs to configure BGP routing with you.  Each ISP can
> send you their full routing table, and then your Linux box will choose the
> appropriate path for the destination.  Or you could have one ISP send you
> just their customer routes, and you could default everything else to the
> other ISP (I'd suggest using UUNET as the default, since they're a tier-1
> ISP).

> You should be able to run gated on the Linux box to implement BGP on your
> end.  UUNET should be able to provide this, but I wouldn't be surprised if
> PacBell doesn't offer it to ADSL customers.

> The above handles outbound routing.  For inbound routing there are more
> issues.  Unless you have at least a whole class C address block, you
> shouldn't be advertising your addresses using BGP.  If you just have one IP
> address from each ISP (which is what I suspect, since you're masquerading),
> the path inbound traffic takes will depend just on which address it's going
> to, not where it came from.  As a result, you'll have asymmetric routing if
> a PacBell customer connects to your UUNET address or vice versa.  There's
> nothing intrinsicly wrong with this, but many ISPs have RPF configured to
> prevent address spoofing, so you'll need to ensure that both ISPs disable
> this on your connection.

I'll just point out here, that there is a little bit more to the process than
this including getting a Autonomous System Number (ASN) and the handing over
of a significant amount of money to get both the ASN number and BGP packet
routing going.

If this is for home use, then I wouldn't even think about it, because the
costs are just so high.  However, if you belong to a company which has a lot
of cash (and I mean quite a lot) then BGP might be the answer for you,
however, I would really recommend that the BGP handling goes on at a higher
level than your Linux box, perhaps investing in some of the routers that CISCO
has which include BGP support.

See ya

Dean Thompson

--
+____________________________+____________________________________________+

| Bach. Computing (Hons)     | ICQ     - 45191180                         |
| PhD Student                | Office  - <Off-Campus>                     |
| School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
| MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
| Melbourne, Australia       |                                            |
+----------------------------+--------------------------------------------+

 
 
 

Routing to two ISP's instead of one: what replaces default route?

Post by Peter E. Fr » Sat, 12 May 2001 11:00:01


[...]
Quote:> UUNET should be able to provide this, but I wouldn't be surprised if
> PacBell doesn't offer it to ADSL customers.

[...]

  That's a fact.  Would *anyone* here be surprised at that?  And don't
forget he'd need an AS, too (hey, it could happen when yours is "1").
  For the original poster:  No, no RIP or any other routing protocol.
10,000 neighbors would put any box down (wouldn't it?).
  "NAT through two providers" would take care of him, but I've never
taken a close enough look at Netfilter to see if it could be done...
cleanly.  I'd fire up 802.1q on the 2620, plug it and the Alcatel into a
switch, and get it done.  10 minutes versus a few (i.e. 10) hours with
Netfilter.  But that's just my personal experience levels talking.  (I'd
probably try BSD/IPFilter first anyway... same reason.)
  I've found few providers use RPF or filtering on other than
consumer-level services, where they won't disable it in any case.
  Oh, a nitpick regarding:

Quote:> [...] (I'd suggest using UUNET as the default, since they're a tier-1 ISP). [...]

Good for him, but I don't often see someone with a larger pipe to a
(numerically) lower-tier ISP, due to the (expected) cost differences.
I'd just tell him to route out the bigger pipe, since in his case
there's a 12:1 (likely) or 4:1 (less likely) difference in upstream
speed (can't tell offhand -- he posted from his T1).  Funny thing is,
the high-speed (that's a service offering, not a description) SBC DSL
will crush a T1 in downstream.

Peter E. Fry

 
 
 

Routing to two ISP's instead of one: what replaces default route?

Post by Christopher Jaros » Sat, 12 May 2001 14:09:18


Hi Kenneth,

If you could get rip turned on, you could allow rip to have the primary route
to one ISP and use a "floating" static when the primary went away..... Just a
thought outside of a BGP implementation.....

chrisj


> Until recently, I used a Red Hat Linux box (2.2 kernel) to masquerade and
> firewall my LAN to the Internet. I just needed a static default route on
> the Linux box to make everything work.

> Now I've got an ADSL connection to PacBell (pbi.net) and a T1 to UUNET. The
> ADSL connection uses a simple Alcatel modem, while the T1 uses a Cisco
> 2620. The Linux box has 3 interfaces, one to each provider and one to the
> LAN.

> I'd like traffic to use both interfaces, whichever makes most sense for a
> given connection. For example, a connection to another UUNET customer
> should go out the T1, and connections to PBI customers and servers should
> go out the ADSL line.

> What do I need to do to make this happen?

> The Cisco isn't running any router protocol, and is just handing packets to
> the router at "the other end".

> I tried "ripquery" (a RIP utility that comes with the routed RPM) from my
> Linux box to the ISP router at PacBell and to the Cisco and both attempts
> resulted in "query refused". I've got routed running but I'm guessing it's
> not accomplishing anything given the ripquery results.

> I suppose I could use static routes for 64/8 and 65/8 and let all other
> traffic take a specific interface, but it seems like I should be able to
> dynamically assign a route based on cost to the destination.

> --
> Kenneth Porter
> http://www.sewingwitch.com/ken/
> Remove 'invalid' for correct email address

 
 
 

Routing to two ISP's instead of one: what replaces default route?

Post by Barry Margoli » Sat, 12 May 2001 23:00:26




Quote:>If this is for home use, then I wouldn't even think about it, because the
>costs are just so high.

I was going to include a caveat like this, but then I realized that he said
he has a T1 connection to UUNET.  That's not typically used for personal
ISP connections, so I figured it's a business use.

--

Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

 
 
 

Routing to two ISP's instead of one: what replaces default route?

Post by Dean Thompso » Sat, 12 May 2001 23:43:29


Hi!,




> >If this is for home use, then I wouldn't even think about it, because the
> >costs are just so high.

> I was going to include a caveat like this, but then I realized that he said
> he has a T1 connection to UUNET.  That's not typically used for personal
> ISP connections, so I figured it's a business use.

This is true, but you will still have to find the "money tree" out the back,
because BGP setups don't come cheap and the battle is always convincing
management to hand over the money.

See ya

Dean Thompson

--
+____________________________+____________________________________________+

| Bach. Computing (Hons)     | ICQ     - 45191180                         |
| PhD Student                | Office  - <Off-Campus>                     |
| School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
| MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
| Melbourne, Australia       |                                            |
+----------------------------+--------------------------------------------+

 
 
 

Routing to two ISP's instead of one: what replaces default route?

Post by Barry Margoli » Sun, 13 May 2001 00:43:25







>> >If this is for home use, then I wouldn't even think about it, because the
>> >costs are just so high.

>> I was going to include a caveat like this, but then I realized that he said
>> he has a T1 connection to UUNET.  That's not typically used for personal
>> ISP connections, so I figured it's a business use.

>This is true, but you will still have to find the "money tree" out the back,
>because BGP setups don't come cheap and the battle is always convincing
>management to hand over the money.

We charge a $1,000 one-time fee for BGP setup, and I imagine other tier-1's
are in the same ballpark.  This is usually small change for any
organization that can afford to purchase redundant high-speed ISP
connections (I don't really know our rates, but I think it's less than a
typical month's bill for these types of customers).  And I think our sales
reps often waive the fee (paradoxically, they probably do it for our
biggest customers, who are best able to afford it, in order to curry their
favor).

--

Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

 
 
 

Routing to two ISP's instead of one: what replaces default route?

Post by Kenneth Port » Sun, 13 May 2001 01:44:36




>[...]
>> UUNET should be able to provide this, but I wouldn't be surprised if
>> PacBell doesn't offer it to ADSL customers.
>[...]

>  That's a fact.  Would *anyone* here be surprised at that?  And don't
>forget he'd need an AS, too (hey, it could happen when yours is "1").

Yeah, I figured from reading earlier routing-related posts that BGP was
over my head. (I understand routing from the "10,000 foot" perspective, but
have no real practical experience.) I expect UUNET would enable it without
too much grief, but PacBell might be harder. The ADSL account is "Enhanced"
and provides a /29, though, so maybe they're setup to handle customers who
want routing features, too.

Quote:>  For the original poster:  No, no RIP or any other routing protocol.
>10,000 neighbors would put any box down (wouldn't it?).

Is that because RIP is host-oriented and not network-oriented? (I'm
guessing here.)

My current approach is to scatter a few obvious static routes for "nearby"
neighbors on the ADSL link, and use the T1 for all else. The static routes
have a small netmask (like 200/5, 208/5) to make the table small and easy
to manage.

Quote:>  "NAT through two providers" would take care of him, but I've never
>taken a close enough look at Netfilter to see if it could be done...
>cleanly.  I'd fire up 802.1q on the 2620, plug it and the Alcatel into a
>switch, and get it done.  10 minutes versus a few (i.e. 10) hours with
>Netfilter.  But that's just my personal experience levels talking.  (I'd
>probably try BSD/IPFilter first anyway... same reason.)

Can you explain a little more about what you're proposing? I know what NAT
is but don't see how it can be used for this. Where can I learn more about
this?

Quote:>Good for him, but I don't often see someone with a larger pipe to a
>(numerically) lower-tier ISP, due to the (expected) cost differences.
>I'd just tell him to route out the bigger pipe, since in his case
>there's a 12:1 (likely) or 4:1 (less likely) difference in upstream
>speed (can't tell offhand -- he posted from his T1).  Funny thing is,
>the high-speed (that's a service offering, not a description) SBC DSL
>will crush a T1 in downstream.

My most important traffic, to other corporate offices, is going to go
through the T1 via a separate VPN box. The Linux box is handling mail and
web surfing. Mostly inbound traffic, so the tiny outbound ADSL path isn't
crippling.

The ADSL was initially acquired because PacBell had the closest
installation time after Northpoint shut our lights off. Now that the T1 is
in place, the ADSL is primarily a backup access system, but I hate to just
throw away half my potential pipe, so I'd like to divert some regular
traffic to it.

 
 
 

Routing to two ISP's instead of one: what replaces default route?

Post by Kenneth Port » Sun, 13 May 2001 02:00:37




Quote:>You should be able to run gated on the Linux box to implement BGP on
>your end.

Time to go hunt down a HOWTO....

Quote:>The above handles outbound routing.  For inbound routing there are more
>issues.  Unless you have at least a whole class C address block, you
>shouldn't be advertising your addresses using BGP.

I don't want to be an inbound router at my size.

Quote:>If you just have one IP address from each ISP (which is what I suspect,
>since you're masquerading),

/28 from UUNET, /29 from PacBell. Needed another address for a separate VPN
box.

Quote:>the path inbound traffic takes will depend just on which address it's
>going to, not where it came from.

That's what I figured. Not really a problem, as the only externally-
initiated traffic should be ssh for selected employees and SMTP
connections. I'm expecting to give both pipes equal MX weights, as the
inbound bandwidth is comparable.

Quote:>As a result, you'll have asymmetric routing if a PacBell customer
>connects to your UUNET address or vice versa.  There's nothing
>intrinsicly wrong with this, but many ISPs have RPF configured to
>prevent address spoofing, so you'll need to ensure that both ISPs
>disable this on your connection.

Hadn't really thought about the filtering aspect of it. I don't want to
advertise routes *through* my host. I just want to know the relative costs
of the ISP's routes. Does that make a BGP setup any easier?

--
Kenneth Porter
http://www.sewingwitch.com/ken/
Remove 'invalid' for correct email address

 
 
 

Routing to two ISP's instead of one: what replaces default route?

Post by Barry Margoli » Sun, 13 May 2001 02:55:05




>>  For the original poster:  No, no RIP or any other routing protocol.
>>10,000 neighbors would put any box down (wouldn't it?).

>Is that because RIP is host-oriented and not network-oriented? (I'm
>guessing here.)

No, it's because RIP sends out the full routing table every 30 seconds.
This is fine for up to a few dozen networks, but it's not a good way to
advertise 10's of thousands of routes.  BGP only sends changes.

Quote:>My current approach is to scatter a few obvious static routes for "nearby"
>neighbors on the ADSL link, and use the T1 for all else. The static routes
>have a small netmask (like 200/5, 208/5) to make the table small and easy
>to manage.

>>  "NAT through two providers" would take care of him, but I've never
>>taken a close enough look at Netfilter to see if it could be done...
>>cleanly.  I'd fire up 802.1q on the 2620, plug it and the Alcatel into a
>>switch, and get it done.  10 minutes versus a few (i.e. 10) hours with
>>Netfilter.  But that's just my personal experience levels talking.  (I'd
>>probably try BSD/IPFilter first anyway... same reason.)

>Can you explain a little more about what you're proposing? I know what NAT
>is but don't see how it can be used for this. Where can I learn more about
>this?

Vincent Jones's "High Availability Networking" book has examples of using
NAT when routing through two providers.

--

Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

 
 
 

Routing to two ISP's instead of one: what replaces default route?

Post by Barry Margoli » Sun, 13 May 2001 02:58:06




>Hadn't really thought about the filtering aspect of it. I don't want to
>advertise routes *through* my host. I just want to know the relative costs
>of the ISP's routes. Does that make a BGP setup any easier?

Yes.  If you won't be advertising routes to the ISPs, you don't need a
public ASN from ARIN.  You can use a private ASN and just have the ISPs
send you their routes, but they can continue to route inbound traffic
statically as they have been (or you can advertise your address blocks to
them using BGP, but they don't need to export them to other ISPs).

--

Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

 
 
 

Routing to two ISP's instead of one: what replaces default route?

Post by Kenneth Port » Sun, 13 May 2001 05:32:56



snr2>:

Quote:> Yes.  If you won't be advertising routes to the ISPs, you don't need a
> public ASN from ARIN.  You can use a private ASN and just have the ISPs
> send you their routes, but they can continue to route inbound traffic
> statically as they have been (or you can advertise your address blocks to
> them using BGP, but they don't need to export them to other ISPs).

Thanks. This begins to sound promising. Off to read more on BGP....

--
Kenneth Porter
http://www.sewingwitch.com/ken/
Remove 'invalid' for correct email address

 
 
 

Routing to two ISP's instead of one: what replaces default route?

Post by Barry Margoli » Sun, 13 May 2001 05:50:43




>Thanks. This begins to sound promising. Off to read more on BGP....

The most commonly recommended reference is Halabi's "Internet Routing
Architectures."  But for your needs, you can probably get away without that
huge tome, and get John Stewart's "BGP4: Inter-Domain Routing in the
Internet".  It's a small paperback that covers most of the basics of the
protocol, but doesn't have all the case studies and configuration examples
that Halabi has (which are all oriented towards Cisco routers, but you'll
be using gated).

--

Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

 
 
 

Routing to two ISP's instead of one: what replaces default route?

Post by Dean Thompso » Sun, 13 May 2001 13:14:52


Hi Kenneth,



>>You should be able to run gated on the Linux box to implement BGP on
>>your end.

> Time to go hunt down a HOWTO....

Hey, let me know if you find a BGP routing HOWTO guide.  I am interested in
finding out any information which is available for BGP and Linux.  I know that
Linux is able to support BGP, but it just doesn't seem to get done.  Normally
it is handled at a higher level like a CISCO router, but I wouldn't mind
investigating it in detail.

See ya

Dean Thompson

--
+____________________________+____________________________________________+

| Bach. Computing (Hons)     | ICQ     - 45191180                         |
| PhD Student                | Office  - <Off-Campus>                     |
| School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
| MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
| Melbourne, Australia       |                                            |
+----------------------------+--------------------------------------------+

 
 
 

1. routed is trashing my 'default' route

Hi folks,

Hopefully this simple problem has a simple solution :) ..

Like many of us I connect to the internet through a
dialup ppp link. The link works great provided 'routed'
is *not* running. If routed is running, invariably it
deletes my default route :o(

So, my questions are:

1. How do I tell routed to leave my default route alone? Is
   it with a command option, or perhaps something in a
   conf file?

2. Why do I need routed? ( Currently I'm running without it. )

3. If I *do* need some kind of routing daemon, is gated a
   better choice?

Thanks in advance,

Please reply via email if possible

Cheers,

Andrew

( Opinions are my own... not those any employer past or present. )

2. Does Code Decay

3. ipnat/routing question: Two default routes?

4. Statistics on Web page

5. two ppp connetions, one routes, one doesn't

6. X-Server for Miro Video 40SV ergo?

7. transition from isp 'A' to isp 'B' routing problem

8. memalign

9. How do you route two ISP into one ehternet segment?

10. How automatic route trafic from default gateway to second gateway then connect to default will broken

11. Two interfaces: Set default default route?

12. Advanced routing, two ISP's

13. Two NIC cards => Possible to Configure Two Default Routes?