How to have multiple upstream gateways

This page will outline how to support multiple upstream gateways.

There are times when you want to have multiple upstream pipes. This is difficult to do, in general, because networking in its simplest form only supports a single default gateway.

I'll outline what I'm using for my server hosting as it is relevant.

I have two upstream routers with different internet connections. The first connection we'll call router A with WAN IP 12.34.56.78 and LAN IP 192.168.0.1 . The second connection we'll call router B with WAN IP 34.56.78.90 and LAN IP 192.168.1.1 .

I have a web server set up with IP addresses 192.168.0.50 and 192.168.1.50 .

I have the iproute2 package installed.

I then edit /etc/iproute2/rt_tables as follows:

#

# reserved values

#

255     local

254     main

253     default

#

102     WAN2

101     WAN1

#

0       unspec

#

# local

#

#1      inr.ruhep

My /etc/network/interfaces then looks like the following:

# This file describes the network interfaces available on your system

# and how to activate them. For more information, see interfaces(5).

# The loopback network interface

auto lo

iface lo inet loopback

# The primary network interface

auto eth0

iface eth0 inet static

        address 192.168.0.50

        netmask 255.255.255.0

        broadcast 192.168.0.255

        gateway 192.168.0.1

        post-up /sbin/ip route add 192.168.0.0/24 dev eth0 src 192.168.0.50 table WAN1

        post-up /sbin/ip route add default via 192.168.0.1 table WAN1

        post-up /sbin/ip route add 192.168.0.0/24 dev eth0 src 192.168.0.50

        post-up /sbin/ip rule add from 192.168.0.50 table WAN1

auto eth0:0

iface eth0:0 inet static

        address 192.168.1.50

        netmask 255.255.255.0

        broadcast 192.168.1.255

        post-up /sbin/ip route add 192.168.1.0/24 dev eth0:0 src 192.168.1.50 table WAN2

        post-up /sbin/ip route add default via 192.168.1.1 table WAN2

        post-up /sbin/ip route add 192.168.1.0/24 dev eth0:0 src 192.168.1.50

        post-up /sbin/ip rule add from 192.168.1.50 table WAN2

The key bits are as follows:

   1. By having a "gateway 192.168.0.1" line, I set the default gateway of the system out the WAN1 pipe.

   2. "/sbin/ip route add 192.168.0.0/24 dev eth0 src 192.168.0.50" adds the normal routing for a LAN interface to the system; nothing unusual

   3. "/sbin/ip route add 192.168.0.0/24 dev eth0 src 192.168.0.50 table WAN1" adds the normal routing for a LAN interface to the "WAN1" table

   4. "/sbin/ip route add default via 192.168.0.1 table WAN1" sets the default route for the "WAN1" table

   5. "/sbin/ip rule add from 192.168.0.50 table WAN1" sets a rule that forces any routing that involves 192.168.0.50 to be forced through table "WAN1"

Net result is that you can have your normal system level routing, then set up tables with their own routing independent of the system defaults, and set rules to control when those tables will be run.

For what it's worth, I originally implemented all this using the mangle table in iptables/netfilter along with fwmark and had no joy.

A good command to have handy is "ip route flush cache" which will cause routing changes to take effect immediately. Otherwise there can be a delay between putting the rules in place and having the routing take effect (i.e. 30-60 seconds).