TOS problem

Marcin Giedz marcin.giedz at eulerhermes.pl
Tue Jul 26 12:58:08 CEST 2005


Hello,

> Your providing too little information, so nobody can help you - even if
> he/she desired to do so.
Maybe your are right.. I will try once again.

In my office we have 2 gateways. One of them GATEWAY1 is connected to one ISP1 
and it is also default gateway for almost all of our servers. I said "almost" 
because there is one server "service" where default gateway is GATEWAY2 
connected to another ISP2.

All of our customers run Services situated on "service" server  via GATEWAY2. 
But if GATEWAY2 is down or connection to ISP2 is broken I would like that 
customers can still connect to Services via GATEWAY1. So I need some kind of 
redirection on GATEWAY1 because I don't want to switch default gateway on 
"service" manually. However if GATEWAY2 is running OK some part of our 
customers can still run Services via GATEWAY1. My problem is:
how to route connections to "service" server passed via GATEWAY1? 
Packets MARK'ing work within kernel so can be used. Another way is changing 
TOS on GATEWAY1 for "these" packets and route them to "service".  

According to TOS description:
"The TOS target is used to set the Type of Service field within the IP header. 
The TOS field consists of 8 bits which are used to help in routing packets. 
This is one of the fields that can be used directly within iproute2 and its 
subsystem for routing policies. Worth noting, is that that if you handle 
several separate firewalls and routers, this is the only way to propagate 
routing information within the actual packet between these routers and 
firewalls. As previously noted, the MARK target - which sets a MARK 
associated with a specific packet - is only available within the kernel, and 
can not be propagated with the packet. If you feel a need to propagate 
routing information for a specific packet or stream, you should therefore set 
the TOS field, which was developed for this. "

So I changed TOS on GATEWAY1 to 0x10 and used is as "mark". TOS changing work 
OK on GATEWAY1, even on outgoing interface but on "service" server TOS value 
is still 0x0. So I can't route packets on "service" server back to GATEWAY1.

Maybe I try to do something REALLY strange but can't imagine another solution.

Thanks,
Marcin



More information about the netfilter mailing list