0

I have been wondering about the following scenario:

+-------+        +-------+
| ISP 1 |        | ISP 2 |
+-------+        +-------+
  |                    |
  |     +--------+     |
  --eth0| ROUTER |eth1--
        +--------+
           eth2
             |
             |
          +----+
          | PC |
          +----+

ROUTER is a Linux machine with three network interfaces:

Interface eth0 is connected to the primary Internet provider, and is configured to do source NAT.
Interface eth1 is connected to the backup Internet provider, and is configured to do source NAT.
Interface eth2 is connected to a regular PC.

The interface eth0 is configured as default route, so PC will reach the Internet through ISP 1.

Let's say a user started to download a big file from the Internet on PC, and then ISP 1 went offline. What would happen if the default route on ROUTER was changed to eth1? would the download simply continue?

Improve this question
3
  • Is your router performing NAT, and if so, do you configure rules on it separately for each WAN interface?
    – Frank Thomas
    Commented Jul 17, 2014 at 4:56
  • Yes, the router performs NAT. This is the NAT rules: iptables --table nat --append POSTROUTING --out-interface eth0 --jump SNAT --to-source x.x.x.x and iptables --table nat --append POSTROUTING --out-interface eth1 --jump SNAT --to-source y.y.y.y The default route on ROUTER is configured to be interface eth0
    – user347119
    Commented Jul 17, 2014 at 11:41
  • then there are multiple reasons this wont work for established connections. not only do you have multiple external addresses, you also have the nat table on each external inteface to contend with. this really will not be easy without some additional hardware and services.
    – Frank Thomas
    Commented Jul 17, 2014 at 11:58

1 Answer 1

Reset to default
1

Well, the download session established would be between ISP1's IP address, the outside NAT address on Eth0, and the remote host (lets say netflix), when ISP1 becomes unreachable, netflix will not know about ISP2, and will not send any data from the session it had established with ISP1's address through ISP2. If no ICMP error was created such as "HOST UNREACHABLE" or "NO ROUTE TO HOST" by a router on ISP1's path, the connection will time out after TCP timers expire when no ACK messages are received from your system with the ISP1 NAT address.

Your system may try to ACK its last received packets with ISP2's NAT address, but netflix will ignore these, as the session is between ISP1 and netflix.

If you were not using NAT, had your own portable IP allocation, and a BGP peering arrangement with both ISPs, then your transfer would continue on, with minimal interruption, unless a router issued an ICMP error as above, in the interim, as routing tables changed.

Improve this answer
2
  • Is it be possible to send out some kind of message from ROUTER that makes PC drop all established connections immediately, so one would not have to wait for TCP timers to expire?
    – user347119
    Commented Jul 17, 2014 at 11:48
  • Yes; there are several ICMP messages that, if honoured (or honourable) by the host, will close TCP sessions. These ICMP messages were once the source of DoS attacks, however, and so reliance upon them for session management has been deprecated.
    – Nevin Williams
    Commented Jul 18, 2014 at 5:21

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .