Issue in network routing when load balancing a network system

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












Trying to Bypass a load Balancer



Our system directs network traffic across a three way load balancer serving three cellular modems in normal operation. We use a program called speedtest_cli that measures the traffic. The idea is that the test packets will all use the same modem we specify, but it appears this is not so as
I can see traffic on all modems during the test on a more or less idle system. So with the balancing measurements off, our traffic balancing is subpar.



The speed test program allows you to specify an address to generate packets from, but this does not avoid the balancing of its packets which is done by marking network traffic using packet marking according to the load we want, then directing each bundle of marked packets to a particular modem.



To bypass this marking, I wanted to make a fourth style of marking and then direct the speedtest_cli to source its packet from a particular IP address that would be marked differently from the others. Then presumably this bundle could be directed to the modem I want depending on which modem I want to speed test.



Setmark4 is the fourth marking group which I intend to route to a particular modem during the test but when I added this marking i got errors starting the test.



Chain PREROUTING (policy ACCEPT)
target prot opt source destination
CONNMARK all -- anywhere anywhere ctstate RELATED,ESTABLISHED CONNMARK restore
SETMARK4 all -- anywhere 10.7.1.0 ctstate NEW
SETMARK1 all -- anywhere anywhere ctstate NEW
SETMARK2 all -- anywhere anywhere ctstate NEW
SETMARK3 all -- anywhere anywhere ctstate NEW
PREBALANCE all -- 10.0.0.0/16 anywhere ctstate NEW

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
CONNMARK all -- anywhere anywhere ctstate RELATED,ESTABLISHED CONNMARK restore
SETMARK4 all -- 10.7.1.0 anywhere ctstate NEW
SETMARK1 all -- anywhere anywhere ctstate NEW
SETMARK2 all -- anywhere anywhere ctstate NEW
SETMARK3 all -- anywhere anywhere ctstate NEW
PREBALANCE all -- anywhere anywhere ctstate NEW

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS set 1300
CONNMARK all -- anywhere anywhere CONNMARK save

Chain BALANCE (1 references)
target prot opt source destination
SETMARK4 all -- 10.7.1.0 anywhere
SETMARK1 all -- anywhere anywhere statistic mode random probability 0.31999999983 connmark match 0x0
SETMARK2 all -- anywhere anywhere statistic mode random probability 0.45999999996 connmark match 0x0
SETMARK3 all -- anywhere anywhere statistic mode random probability 1.00000000000 connmark match 0x0

Chain PREBALANCE (2 references)
target prot opt source destination
RETURN all -- anywhere 10.0.0.0/16
RETURN all -- anywhere anywhere connmark match ! 0x0
RETURN all -- anywhere anywhere ctstate RELATED,ESTABLISHED
BALANCE all -- anywhere anywhere

Chain SETMARK1 (3 references)
target prot opt source destination
CONNMARK all -- anywhere anywhere CONNMARK set 0x1
MARK all -- anywhere anywhere MARK set 0x1

Chain SETMARK2 (3 references)
target prot opt source destination
CONNMARK all -- anywhere anywhere CONNMARK set 0x2
MARK all -- anywhere anywhere MARK set 0x2

Chain SETMARK3 (3 references)
target prot opt source destination
CONNMARK all -- anywhere anywhere CONNMARK set 0x3
MARK all -- anywhere anywhere MARK set 0x3

Chain SETMARK4 (3 references)
target prot opt source destination
CONNMARK all -- anywhere anywhere CONNMARK set 0x4
MARK all -- anywhere anywhere MARK set 0x4
[root@localhost ~]#


I had been creating the address to source from by hooking it to a dummy interface using ip addr add. This worked before
I added the fourth packet marking group, but afterward I get an error saying that the IP cannot access the outside world. Pinging the new IP address also
does not work.



Is there something off with the marking table change that causes this? Or is there a better way to allow a particular set up
source address to bypass the BALANCE and be directed to a particular outgoing interface?










share|improve this question







New contributor




Chris Smith is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.























    up vote
    0
    down vote

    favorite












    Trying to Bypass a load Balancer



    Our system directs network traffic across a three way load balancer serving three cellular modems in normal operation. We use a program called speedtest_cli that measures the traffic. The idea is that the test packets will all use the same modem we specify, but it appears this is not so as
    I can see traffic on all modems during the test on a more or less idle system. So with the balancing measurements off, our traffic balancing is subpar.



    The speed test program allows you to specify an address to generate packets from, but this does not avoid the balancing of its packets which is done by marking network traffic using packet marking according to the load we want, then directing each bundle of marked packets to a particular modem.



    To bypass this marking, I wanted to make a fourth style of marking and then direct the speedtest_cli to source its packet from a particular IP address that would be marked differently from the others. Then presumably this bundle could be directed to the modem I want depending on which modem I want to speed test.



    Setmark4 is the fourth marking group which I intend to route to a particular modem during the test but when I added this marking i got errors starting the test.



    Chain PREROUTING (policy ACCEPT)
    target prot opt source destination
    CONNMARK all -- anywhere anywhere ctstate RELATED,ESTABLISHED CONNMARK restore
    SETMARK4 all -- anywhere 10.7.1.0 ctstate NEW
    SETMARK1 all -- anywhere anywhere ctstate NEW
    SETMARK2 all -- anywhere anywhere ctstate NEW
    SETMARK3 all -- anywhere anywhere ctstate NEW
    PREBALANCE all -- 10.0.0.0/16 anywhere ctstate NEW

    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    CONNMARK all -- anywhere anywhere ctstate RELATED,ESTABLISHED CONNMARK restore
    SETMARK4 all -- 10.7.1.0 anywhere ctstate NEW
    SETMARK1 all -- anywhere anywhere ctstate NEW
    SETMARK2 all -- anywhere anywhere ctstate NEW
    SETMARK3 all -- anywhere anywhere ctstate NEW
    PREBALANCE all -- anywhere anywhere ctstate NEW

    Chain POSTROUTING (policy ACCEPT)
    target prot opt source destination
    TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS set 1300
    CONNMARK all -- anywhere anywhere CONNMARK save

    Chain BALANCE (1 references)
    target prot opt source destination
    SETMARK4 all -- 10.7.1.0 anywhere
    SETMARK1 all -- anywhere anywhere statistic mode random probability 0.31999999983 connmark match 0x0
    SETMARK2 all -- anywhere anywhere statistic mode random probability 0.45999999996 connmark match 0x0
    SETMARK3 all -- anywhere anywhere statistic mode random probability 1.00000000000 connmark match 0x0

    Chain PREBALANCE (2 references)
    target prot opt source destination
    RETURN all -- anywhere 10.0.0.0/16
    RETURN all -- anywhere anywhere connmark match ! 0x0
    RETURN all -- anywhere anywhere ctstate RELATED,ESTABLISHED
    BALANCE all -- anywhere anywhere

    Chain SETMARK1 (3 references)
    target prot opt source destination
    CONNMARK all -- anywhere anywhere CONNMARK set 0x1
    MARK all -- anywhere anywhere MARK set 0x1

    Chain SETMARK2 (3 references)
    target prot opt source destination
    CONNMARK all -- anywhere anywhere CONNMARK set 0x2
    MARK all -- anywhere anywhere MARK set 0x2

    Chain SETMARK3 (3 references)
    target prot opt source destination
    CONNMARK all -- anywhere anywhere CONNMARK set 0x3
    MARK all -- anywhere anywhere MARK set 0x3

    Chain SETMARK4 (3 references)
    target prot opt source destination
    CONNMARK all -- anywhere anywhere CONNMARK set 0x4
    MARK all -- anywhere anywhere MARK set 0x4
    [root@localhost ~]#


    I had been creating the address to source from by hooking it to a dummy interface using ip addr add. This worked before
    I added the fourth packet marking group, but afterward I get an error saying that the IP cannot access the outside world. Pinging the new IP address also
    does not work.



    Is there something off with the marking table change that causes this? Or is there a better way to allow a particular set up
    source address to bypass the BALANCE and be directed to a particular outgoing interface?










    share|improve this question







    New contributor




    Chris Smith is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.





















      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      Trying to Bypass a load Balancer



      Our system directs network traffic across a three way load balancer serving three cellular modems in normal operation. We use a program called speedtest_cli that measures the traffic. The idea is that the test packets will all use the same modem we specify, but it appears this is not so as
      I can see traffic on all modems during the test on a more or less idle system. So with the balancing measurements off, our traffic balancing is subpar.



      The speed test program allows you to specify an address to generate packets from, but this does not avoid the balancing of its packets which is done by marking network traffic using packet marking according to the load we want, then directing each bundle of marked packets to a particular modem.



      To bypass this marking, I wanted to make a fourth style of marking and then direct the speedtest_cli to source its packet from a particular IP address that would be marked differently from the others. Then presumably this bundle could be directed to the modem I want depending on which modem I want to speed test.



      Setmark4 is the fourth marking group which I intend to route to a particular modem during the test but when I added this marking i got errors starting the test.



      Chain PREROUTING (policy ACCEPT)
      target prot opt source destination
      CONNMARK all -- anywhere anywhere ctstate RELATED,ESTABLISHED CONNMARK restore
      SETMARK4 all -- anywhere 10.7.1.0 ctstate NEW
      SETMARK1 all -- anywhere anywhere ctstate NEW
      SETMARK2 all -- anywhere anywhere ctstate NEW
      SETMARK3 all -- anywhere anywhere ctstate NEW
      PREBALANCE all -- 10.0.0.0/16 anywhere ctstate NEW

      Chain INPUT (policy ACCEPT)
      target prot opt source destination

      Chain FORWARD (policy ACCEPT)
      target prot opt source destination

      Chain OUTPUT (policy ACCEPT)
      target prot opt source destination
      CONNMARK all -- anywhere anywhere ctstate RELATED,ESTABLISHED CONNMARK restore
      SETMARK4 all -- 10.7.1.0 anywhere ctstate NEW
      SETMARK1 all -- anywhere anywhere ctstate NEW
      SETMARK2 all -- anywhere anywhere ctstate NEW
      SETMARK3 all -- anywhere anywhere ctstate NEW
      PREBALANCE all -- anywhere anywhere ctstate NEW

      Chain POSTROUTING (policy ACCEPT)
      target prot opt source destination
      TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS set 1300
      CONNMARK all -- anywhere anywhere CONNMARK save

      Chain BALANCE (1 references)
      target prot opt source destination
      SETMARK4 all -- 10.7.1.0 anywhere
      SETMARK1 all -- anywhere anywhere statistic mode random probability 0.31999999983 connmark match 0x0
      SETMARK2 all -- anywhere anywhere statistic mode random probability 0.45999999996 connmark match 0x0
      SETMARK3 all -- anywhere anywhere statistic mode random probability 1.00000000000 connmark match 0x0

      Chain PREBALANCE (2 references)
      target prot opt source destination
      RETURN all -- anywhere 10.0.0.0/16
      RETURN all -- anywhere anywhere connmark match ! 0x0
      RETURN all -- anywhere anywhere ctstate RELATED,ESTABLISHED
      BALANCE all -- anywhere anywhere

      Chain SETMARK1 (3 references)
      target prot opt source destination
      CONNMARK all -- anywhere anywhere CONNMARK set 0x1
      MARK all -- anywhere anywhere MARK set 0x1

      Chain SETMARK2 (3 references)
      target prot opt source destination
      CONNMARK all -- anywhere anywhere CONNMARK set 0x2
      MARK all -- anywhere anywhere MARK set 0x2

      Chain SETMARK3 (3 references)
      target prot opt source destination
      CONNMARK all -- anywhere anywhere CONNMARK set 0x3
      MARK all -- anywhere anywhere MARK set 0x3

      Chain SETMARK4 (3 references)
      target prot opt source destination
      CONNMARK all -- anywhere anywhere CONNMARK set 0x4
      MARK all -- anywhere anywhere MARK set 0x4
      [root@localhost ~]#


      I had been creating the address to source from by hooking it to a dummy interface using ip addr add. This worked before
      I added the fourth packet marking group, but afterward I get an error saying that the IP cannot access the outside world. Pinging the new IP address also
      does not work.



      Is there something off with the marking table change that causes this? Or is there a better way to allow a particular set up
      source address to bypass the BALANCE and be directed to a particular outgoing interface?










      share|improve this question







      New contributor




      Chris Smith is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      Trying to Bypass a load Balancer



      Our system directs network traffic across a three way load balancer serving three cellular modems in normal operation. We use a program called speedtest_cli that measures the traffic. The idea is that the test packets will all use the same modem we specify, but it appears this is not so as
      I can see traffic on all modems during the test on a more or less idle system. So with the balancing measurements off, our traffic balancing is subpar.



      The speed test program allows you to specify an address to generate packets from, but this does not avoid the balancing of its packets which is done by marking network traffic using packet marking according to the load we want, then directing each bundle of marked packets to a particular modem.



      To bypass this marking, I wanted to make a fourth style of marking and then direct the speedtest_cli to source its packet from a particular IP address that would be marked differently from the others. Then presumably this bundle could be directed to the modem I want depending on which modem I want to speed test.



      Setmark4 is the fourth marking group which I intend to route to a particular modem during the test but when I added this marking i got errors starting the test.



      Chain PREROUTING (policy ACCEPT)
      target prot opt source destination
      CONNMARK all -- anywhere anywhere ctstate RELATED,ESTABLISHED CONNMARK restore
      SETMARK4 all -- anywhere 10.7.1.0 ctstate NEW
      SETMARK1 all -- anywhere anywhere ctstate NEW
      SETMARK2 all -- anywhere anywhere ctstate NEW
      SETMARK3 all -- anywhere anywhere ctstate NEW
      PREBALANCE all -- 10.0.0.0/16 anywhere ctstate NEW

      Chain INPUT (policy ACCEPT)
      target prot opt source destination

      Chain FORWARD (policy ACCEPT)
      target prot opt source destination

      Chain OUTPUT (policy ACCEPT)
      target prot opt source destination
      CONNMARK all -- anywhere anywhere ctstate RELATED,ESTABLISHED CONNMARK restore
      SETMARK4 all -- 10.7.1.0 anywhere ctstate NEW
      SETMARK1 all -- anywhere anywhere ctstate NEW
      SETMARK2 all -- anywhere anywhere ctstate NEW
      SETMARK3 all -- anywhere anywhere ctstate NEW
      PREBALANCE all -- anywhere anywhere ctstate NEW

      Chain POSTROUTING (policy ACCEPT)
      target prot opt source destination
      TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS set 1300
      CONNMARK all -- anywhere anywhere CONNMARK save

      Chain BALANCE (1 references)
      target prot opt source destination
      SETMARK4 all -- 10.7.1.0 anywhere
      SETMARK1 all -- anywhere anywhere statistic mode random probability 0.31999999983 connmark match 0x0
      SETMARK2 all -- anywhere anywhere statistic mode random probability 0.45999999996 connmark match 0x0
      SETMARK3 all -- anywhere anywhere statistic mode random probability 1.00000000000 connmark match 0x0

      Chain PREBALANCE (2 references)
      target prot opt source destination
      RETURN all -- anywhere 10.0.0.0/16
      RETURN all -- anywhere anywhere connmark match ! 0x0
      RETURN all -- anywhere anywhere ctstate RELATED,ESTABLISHED
      BALANCE all -- anywhere anywhere

      Chain SETMARK1 (3 references)
      target prot opt source destination
      CONNMARK all -- anywhere anywhere CONNMARK set 0x1
      MARK all -- anywhere anywhere MARK set 0x1

      Chain SETMARK2 (3 references)
      target prot opt source destination
      CONNMARK all -- anywhere anywhere CONNMARK set 0x2
      MARK all -- anywhere anywhere MARK set 0x2

      Chain SETMARK3 (3 references)
      target prot opt source destination
      CONNMARK all -- anywhere anywhere CONNMARK set 0x3
      MARK all -- anywhere anywhere MARK set 0x3

      Chain SETMARK4 (3 references)
      target prot opt source destination
      CONNMARK all -- anywhere anywhere CONNMARK set 0x4
      MARK all -- anywhere anywhere MARK set 0x4
      [root@localhost ~]#


      I had been creating the address to source from by hooking it to a dummy interface using ip addr add. This worked before
      I added the fourth packet marking group, but afterward I get an error saying that the IP cannot access the outside world. Pinging the new IP address also
      does not work.



      Is there something off with the marking table change that causes this? Or is there a better way to allow a particular set up
      source address to bypass the BALANCE and be directed to a particular outgoing interface?







      linux networking iptables






      share|improve this question







      New contributor




      Chris Smith is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question







      New contributor




      Chris Smith is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question






      New contributor




      Chris Smith is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked 6 hours ago









      Chris Smith

      11




      11




      New contributor




      Chris Smith is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      Chris Smith is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      Chris Smith is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.

























          active

          oldest

          votes











          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );






          Chris Smith is a new contributor. Be nice, and check out our Code of Conduct.









           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f474374%2fissue-in-network-routing-when-load-balancing-a-network-system%23new-answer', 'question_page');

          );

          Post as a guest



































          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          Chris Smith is a new contributor. Be nice, and check out our Code of Conduct.









           

          draft saved


          draft discarded


















          Chris Smith is a new contributor. Be nice, and check out our Code of Conduct.












          Chris Smith is a new contributor. Be nice, and check out our Code of Conduct.











          Chris Smith is a new contributor. Be nice, and check out our Code of Conduct.













           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f474374%2fissue-in-network-routing-when-load-balancing-a-network-system%23new-answer', 'question_page');

          );

          Post as a guest













































































          Popular posts from this blog

          How to check contact read email or not when send email to Individual?

          Displaying single band from multi-band raster using QGIS

          How many registers does an x86_64 CPU actually have?