Routing control within one tinc network
Lee Essen
lee.essen at nowonline.co.uk
Thu May 16 05:31:54 CEST 2013
Hi Guus,
On 15 May 2013, at 20:09, Guus Sliepen <guus at tinc-vpn.org> wrote:
> On Wed, May 15, 2013 at 07:39:29PM +0400, Lee Essen wrote:
>
>> I have a question around whether there is any way to control tinc routing if you have multiple routes to the same destination.
>>
>> I have a three node configuration, let's call them:
>>
>> home -> connects to both other nodes
>> vps1 -> a VPS, providing connection to the internet
>> vps2 -> another VPS, also providing a connection to the internet
>>
>> Both vps nodes provide their own 192.168.x.0 subnet as well as 0.0.0.0/0 to allow any traffic to go that way and out to the internet (via SNAT.)
>>
>> My original plan was to have different weightings on the 0.0.0.0/0 networks so that I got a preferred vps node, but in the event of a problem it would effectively fail over to the other one. This config all works perfectly ... tinc is absolutely superb!
>>
>> BUT ... my preferred vps node has a slight issue from a geographic standpoint that means some services don't work as well as they should ... I'd still like it to be the primary since it has a much bigger bandwidth allowance, but I'd like to route specific services over the other vps (obviously should this second node fail, I'd lose those things that don't work well on the primary ... I'm ok with this.)
>>
>> So basically I have a single tinc VPN with two nodes providing 0.0.0.0/0 and I'd still like a way to force specific traffic over one or the other.
>>
>> I tried using the 192.168.x.x address in the routing table, but that seems to be ignored, traffic still goes down the primary route.
>
> In router mode, a gateway route does nothing, that only has effect on Ethernet
> networks. If you want traffic to specific IP addresses go via the normally
> unpreferred node, that is easy: just add Subnets for those IP addresses (or
> whole ranges if you want) to the host config file of the unpreferred node. You
> can have overlapping Subnets, and smaller Subnets always are preferred over
> larger ones (just like the Linux routing table works).
Thanks for the response ... unfortunately this option won't work since I don't know the subnet ranges in advance (it's related to the Akamai CDN.)
>
> If that is not enough, you could run tinc in switch mode, but then you'd have
> to use some other tool to handle failover between the two nodes. You can use
> host-up/down scripts to change your routing table depending on which one(s) are
> online, or run a routing daemon on top of your VPN.
I'll have a look at switch mode, I hadn't thought of that.
Thanks,
Lee.
More information about the tinc
mailing list