User Tools

This is an old revision of the document!

Dynamic upstream routing

Linux has very powerful routing capabilities, and it would be a waste not to leverage them. If you also happen to have two ISPs, you can combine those routing capabilities to obtain an highly resilient and maybe even load-balanced home network.

Let's assume you have two upstream connections (for example, one could be a cell phone link, only for emergencies) it would be great to be able to:

  • Switch between the two ISPs when one goes down
  • Route access to specific servers trough ISP1 or ISP2
  • Route specific services trough ISP1 or ISP2
  • Load-balance your traffic

Having two ISPs is important for redundancy. When you start to rely on your home services for your everyday life you want them to be always accessible, so if ISP1 goes down switch to ISP2.

If your ISP1 is, for example, much faster but with a data-cap, while ISP2 is slower, but with unlimited data? It would be great to route all traffic trough ISP1, but some apps (like usenet or torrent) trough ISP2…

More over, you will want to set-up two SSH tunnels one trough ISP1 and one trough ISP2 so in any case you have remote access.

To achieve this you need to operate on two levels:

  • At NAT level to set specific rules for packet filtering & modification inside the kernel
  • At route level, because packets need to be properly routed outside

Automatic ISP handoff

TBD

select ISP based on destination

I will assume ISP1 is your default gateway, and you can have only one default route. The basic idea is that if i want to reach external-server1 via ISP2, i need to add one route rule and one nft rule.

select ISP based on service

https://access.redhat.com/sites/default/files/attachments/rh_ip_command_cheatsheet_1214_jcs_print.pdf

Make service 1 always go trough ISP2. https://datahacker.blog/industry/technology-menu/networking/routes-and-rules/iproute-and-routing-tables

./usr/lib/iproute2/rt_tables 

ip rule add from xxx lookup service1_table
ip rule add uidrange 100-200 lookup service1_table
ip route add default via 192.168.1.10 dev xxx table service1_table

ip rule list
<code>
ip netns add test

ip link set tun0 netns test

ip netns exec test <command to run against that namespace>
631  ip rule add uidrange 398-398 lookup downloaders
632  vi /etc/passwd
633  ip route add default via 192.168.1.254 dev enp59s0u2u4c2 table downloaders

Automation

routes setup script

All done?

Now you can access internet safely from the home network.

To learn how to reach the internal server from the internet, head to the SSH tunnel description

This website uses technical cookies only. No information is shared with anybody or used in any way but provide the website in your browser.

More information