|
Hi,
Actually I am able, with my current ISP, to send spoofed packets with
source IPs that resides inside or outside of their alloc.
When the second line with the other ISP will be installed, I'll have to
experiment with the LARTC approach. Alexandre Cassen had also proposed a
solution.
http://www.in-addr.de/pipermail/lvs-users/2001-August/002951.html
I had wished that I had the opportunity to design my network with the
ability to do some sort of crosstalk between both ISPs. Although that
could have been desirable, this is not absolutely necessary.
My actual provider's connection is not stable as it could be for a
normal aDSL "best effort" QoS. I subscribe With another ISP for this
particular reason.
My idea now is to point my domain name to my new/stable ISP at the LVS
level. The processed requests could be fowarded in a RR fasion trough my
actual network or return back on the other provider.
I would be able to realize that using LVS-DR since I am on ADSL. As
Horms have mentionned, some experiments could be realized with LVS-TUN,
but I fear for the TUN overhead and the bottleneck that could happen
with less than 640kbps upstream.
This solution is for an hosting projet so I would like setup the LVS and
get it fine tuned enough to load the lines to their maximum capacity.
Add more lines in the future, doing so forth, until my finance will
permit an SDSL connection or any other solution with, hopefully, a
better QoS.
For optimum performance, what solution is better ? LARTC approach and RR
DNS or LVS-DR and spoofing ?
Thanks,
Gaétan
On Wed, 2004-07-14 at 13:59, Peter Mueller wrote:
> What about http://lartc.org/howto/lartc.rpdb.multiple-links.html#AEN298? Be
> sure to use the dead-gateway patch from Julian at the bottom of this link.
>
> inbound (assuming you need it) = round robin DNS
> outbound = above solution.
>
> P
>
> ________________________________
>
> From: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx on behalf of Mog
> Sent: Tue 7/13/2004 8:46 PM
> To: LinuxVirtualServer.org users mailing list.
> Subject: Re: LVS-DR and IP Spoofing
>
>
>
> Hi Horms,
>
> I cannot afford BGP routing. I couldn't afford to violate any network
> policies for forwarding unwanted traffic across their upstream routers
> too...
>
> Thanks for your input.
>
> Obviously money solve a lot of things, but it's so much challenging to
> find a workaround ;)
> Gaétan
>
> On Tue, 2004-07-13 at 22:47, Horms wrote:
> > On Tue, Jul 13, 2004 at 07:23:01PM -0400, Mog wrote:
> > > hello to all,
> > >
> > > I have a question concerning LVS-DR and IP Spoofing. Let me briefly
> > > explain the situation.
> > >
> > > First, I am a DSL user and I wish to multiplex my traffic over two or
> > > tree DSL lines. I decided to accomplish a spoofing test with some
> > > hand-crafted forged packets on my actual ISP network and it succeeded
> > > for packets being sent with a different source address that my current
> > > static IP that where Inside or Outside of my ISP allocated range (Witch
> > > probably mean that I am on the good way).
> > >
> > > I decided to find another ISP willing to help in order to accomplish a
> > > crosstalk between both ISPs. Their response was their own providers
> > > (bell, sprint etc..) will not allow non sanctioned IP to be sent through
> > > there network. They say they (bell, sprint etc..) use filters to stop
> > > some range of IPs from passing trough. They would probably take an
> > > agreement for a whole class C adress but not for a single IP.
> > >
> > > According to my previous readings on this list and the LVS How-to (and
> > > from what I understand) it's only a question of my ISP router config,
> > > not their own upstream provider...
> > >
> > > What are your thoughts on this ?
> >
> > I think that the explanation of your ISP is quite plausible.
> > I would not be at all surprised if the backbone providers
> > have filtering in place for a variety of reasons. And if this
> > is the case, your packets can't travel over their networks,
> > and you have a problem.
> >
> > The real solution is to get your own IP addresses and advertise them
> > to all the providers that you are connected to. Unfortunately,
> > this tends to be a rather costly procedure.
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
|
