Escolar Documentos
Profissional Documentos
Cultura Documentos
Tenho uma rede com aproximadamente 20 computadores, todos as estaes Windows XP, cada estao tem o Radmin 3 instalado para acesso remoto. Partirei do princpio que a instalao e configurao das ferramentas foram bem sucedidas, pois existe muita informao na internet de como proceder, ento no vejo por que explicar aqui. Vou apenas colocar as modificaes que achei necessrio para funcionar de acordo com as minhas necessidades. Para esta implementao foram usados:
Caracterstica da rede:
Link 1 = ETH1 = IP 192.168.1.10 GVT Link 2 = ETH2 = IP 192.168.2.10 BRT Link 3 = ETH0 = IP 192.168.0.1 (rede interna)
Cada estao possui ip fixo e dispe de uma porta para conexo remota, ex.: 192.168.0.3 porta de acesso do radmin 4893. O programa cliente Radmin 3 possibilita escanear todas as estaes cadastradas, necessrio apenas configurar o ip e porta da estao, no caso o acesso externo feito por meio do servio de DNS dinmico.
Ferramentas
Utilizei o mtodo de balanceamento retirado do site abaixo, que explica como instalar o balanceamento e redundncia.
How To: Load Balancing & Failover With Dual/ Multi WAN / ADSL / Cable Connections on Linux Script Gwping para redundncia Radmin 3 - Servidor e cliente para acesso remoto de estaes Windows.
Criei as tabelas no arquivo /etc/iproute2/rt_tables: # rt_tables 1 gvt 2 brt Adicionei as rotas padro para balancear a carga de sada do trfego, no meu caso utilizei os links da GVT e BRT, abaixo incluo as regras no arquivo rc.local: # rc.local # Variveis ROTABRT="192.168.2.1" ROTAGVT="192.168.1.1" IPBRT="192.168.2.10" IPGVT="192.168.1.10" ETHB="eth2" ETHG="eth1" ROTADEL="route del default gw" echo "Deleta rotas padro" $ROTADEL $ROTAGVT $ROTADEL $ROTABRT echo "OK" ip route flush table gvt #Limpa as rotas no cache da tabela gvt ip route flush table brt #Limpa as rotas no cache da tabela brt ip route add 192.168.1.0/24 dev eth1 src 192.168.1.10 table gvt ip route add default via 192.168.1.1 table gvt ip route add 192.168.2.0/24 dev eth2 src 192.168.2.10 table brt ip route add default via 192.168.2.1 table brt ip rule add from 192.168.1.10 table gvt ip rule add from 192.168.2.10 table brt #A regra abaixo responsvel pelo balanceamento com peso 2:1, porque a gvt 2x mais rpida que o link da brt ip route add default scope global nexthop via 192.168.1.1 dev eth1 weight 2 nexthop via 192.168.2.1 dev eth2 weight 1 ip route flush cache #Limpa as rotas no cache # Firewall # Fundamental estar desabilitado para funcionar o roteamento com 2 links echo "0" > /proc/sys/net/ipv4/conf/default/rp_filter
Agora vou criar a chamada do script "gwping", que responsvel pela redundncia. Optei em coloc-lo na pasta /etc/link e alterar as permisses do arquivo usando o comando: # chmod 755 /etc/link/gwping Adicione o comando no arquivo rc.local: nohup /etc/link/gwping & No script "gwping" fiz algumas alteraes conforme minha necessidade. # gwping #IP Address or domain name to ping. The script relies on the domain being #pingable and always available ##Modifique para um endereo mais perto, ou seja mais rpido, neste caso usei o IP da GVT TESTIP=200.139.127.26 # Relative weights of routes. Keep this to a low integer value. I am using 4 # for TATA connection because it is 4 times faster ## Peso das rotas, como o link da Gvt 2x mais rpido que a BRT, deixei a proporo 2:1 W1=2 W2=1 # Broadband providers name; use your own names here. ## Mudei para o nome das minhas tabelas NAME1=GVT NAME2=BRT # No of repeats of success or failure before changing status of connection. ## No meu caso se houver 4 tentativas sem resposta o link desabilitado, uma tentativa com sucesso ele reabilida o link. Assim o script no vai trocar a rota padro e achar que o link caiu quando houver sobrecarga. SUCCESSREPEATCOUNT=1 FAILUREREPEATCOUNT=4 # Abaixo acrescentei as regras para desmarcar os pacotes caso um link caia, # assim os pacotes marcados no retornaram sem resposta. echo Switching to $NAME2 ip route replace default scope global via $GW2 dev $EXTIF2 ip rule del fwmark 0x10 lookup gvt prio 3 ##Deleta a marcao de pacotes ip rule del fwmark 0x20 lookup brt prio 3 ##Deleta a marcao de pacotes ip route flush cache #Limpa as rotas no cache elif [[ $LLS1 -eq 0 && $LLS2 -eq 1 ]]; then echo Switching to $NAME1 ip route replace default scope global via $GW1 dev $EXTIF1 ip rule del fwmark 0x10 lookup gvt prio 3 ##Deleta a marcao de pacotes ip rule del fwmark 0x20 lookup brt prio 3 ##Deleta a marcao de pacotes ip route flush cache #Limpa as rotas no cache
elif [[ $LLS1 -eq 0 && $LLS2 -eq 0 ]]; then echo Restoring default load balancing ip rule add fwmark 0x10 lookup gvt prio 3 ##Adiciona a marcao de pacotes quando voltar o link que caiu ip rule add fwmark 0x20 lookup brt prio 3 ##Adiciona a marcao de pacotes quando voltar o link que caiu ip route replace default scope global nexthop via $GW1 dev $EXTIF1 weight $W1 nexthop via $GW2 dev $EXTIF2 weight $W2 ip route flush cache ##Limpa as rotas no cache
http://www.linux.org/docs/ldp/howto/Adv-Routing-HOWTO/lartc.rpdb.multiple-links.html
#!/bin/bash >> >> GW2=192.168.1.1 # gateway >> EXTIF2=eth1
Nothing spectacular, just build a route to the gateway and build a default route via that gateway, as you would do in the case of a single upstream provider, but put the routes in a separate table per provider. Note that the network route suffices, as it tells you how to find any host in that network, which includes the gateway, as specified above. Next you set up the main routing table. It is a good idea to route things to the direct neighbour through the interface connected to that neighbour. Note the `src' arguments, they make sure the right outgoing IP address is chosen.
ip route add $P1_NET dev $IF1 src $IP1 ip route add $P2_NET dev $IF2 src $IP2
Next, you set up the routing rules. These actually choose what routing table to route with. You want to make sure that you route out a given interface if you already have the corresponding source address:
ip rule add from $IP1 table T1 ip rule add from $IP2 table T2
This set of commands makes sure all answers to traffic coming in on a particular interface get answered from that interface. Now, this is just the very basic setup. It will work for all processes running on the router itself, and for the local network, if it is masqueraded. If it is not, then you either have IP space from both providers or you are going to want to masquerade to one of the two providers. In both cases you will want to add rules selecting which provider to route out from based on the IP address of the machine in the local network.
This will balance the routes over both providers. The weight parameters can be tweaked to favor one provider over the other.
Note that balancing will not be perfect, as it is route based, and routes are cached. This means that routes to often-used sites will always be over the same provider. Furthermore, if you really want to do this, you probably also want to look at Julian Anastasov's patches at http://www.linuxvirtualserver.org/~julian/#routes , Julian's route patch page. They will make things nicer to work with.