Server using 3 routers to connect to the internet

[Smig]

Hi, I wanted to make a service available over 3 routers but now I don't know if it's at all possible.

This is the scenario: There's one server and 3 routers on the same network. They're all connected to each other through a switch. Over the internet I have some client pcs that connect to those routers using a specific port, the routers are configured to redirect traffic on those ports to the server. There are no vpns in the process.

The problem: Everything works fine, the clients comunicate with the routers, the routers redirect the traffic, the server replies and the connection is done... but only if the client connects to the router that is defined as the server's default gateway.

My guess is that, since the client can one any of the 3 routers but the server will only use one (the gateway), then the reply will be sent using a potentially different ip so the client will discard that reply and the connection is not made unless it has connected to the server's default gateway.

Am I right to assume that? And if I am, is there any workaround I can use? I guess that, for this to work, I'd need the server to route the traffic exactly through where it came from and not through the default gateway.

[NeilF]

I may be missing the mark here, But every time i here the description " RouterS" my immediate thought is "are they all running DHCP"

[djaburg]

Perhaps I'm missing something also, but why would you be running 3 routers?

[Smig]

Only one is running dhcp but the server's not using that.

About the reasons, well, we're at a remote industrial area where no ISP is able to get a reasonable speed to the internet. Therefore, to have several services available to the outside and acomodate all comunications from the insite, we started to have several connections with low speeds (1-2 Mb) to distribute traffic.

We have more than 3 routers, I've just thrown that number as an example because that was how I tested this scenario. Now we're just studying new ways to serve remote client requests at better speeds.

What I intended to do is this, we have many apps in java, I wanted them to try to connect to each router, record the latency and connect to the one that's most "available" while providing the option to manually choose another connection. Everything is fine until I found that the only router the apps can establish a connection is whatever is configured as the default gateway of the server.

Is there any workaround? any way to tell the server it should reply through the same route the request came through or something... I'm out of ideas... :(


EDIT: just to clarify, the routers are directly connected to a switch and so is the server, there's no "sequence" of routers in the route to the internet, the server can choose any router as a gateway.

[NeilF]

using multiple gateways is no problem, but i dont think there is a "out of the box Solution" for what you have in mind. If you Leaving the metric setting of the gateway ip on automatic , the fastest available Gateway route will be chosen. hope this helps

[lazareth1]

I have an idea. Connect a 4th router in between the switch and the 3 routers. Now create a new network between the new router and the exsisting ones. Refer to my crappy drawing to see what I mean.

PS I'm assuming that 192.168.1.0 is your current network address scheme. Please replace this assumption with whatever network scheme you have just now.

For example:

Network 1 (Existing network)= 192.168.1.0
Network 2 (New network)= 192.168.2.0

Router 1 IP = 192.168.2.1
Router 2 IP = 192.168.2.2
Router 3 IP = 192.168.2.3
Router 4 IP = 192.168.2.4

Keep the configuration to forward the traffic to the server address. Now your gonna have to configure a static route on routers 1-3 so they know where to send the forwarded traffic.

Static routes:

Router 1: Destination network = 192.168.1.0 next hop = 192.168.2.4
Router 2: Destination network = 192.168.1.0 next hop = 192.168.2.4
Router 3: Destination network = 192.168.1.0 next hop = 192.168.2.4

That should do it. Any questions please ask.

[Smig]

Wouldn't that just shift my problem from the server to the 4th router? It would still need to make the same decision and it will still be based on the quickest route to the destination and not on the route the source took to get there.

I can't have static routes to the destination because I don't know what the destination is. I probably didn't specefy this but I'm not talking about vpns, I'm talking about remote connections from anywhere on the internet, even with gprs/umts wireless connections so they're completly umpredictable.

I guess the only way I could get away with this would be to force my server to use source-based routing instead of destination based routing that is standard everywhere. I've heard very little about that but I know it is used in some cases where a pc has more than one connection to the internet. It would need to choose the route back to the remote pc based on the route it took to get here and not based on the fastest way to get there.

[lazareth1]

In theory my idea shouldn't have the same problem. This is because in your current setup your server has a choice of 3 default gateways and you can only configure the server for 1 default gateway. ie router 1. So if you get remote traffic comming into router 2 say, then it would reach your server, but the server couldn't respond because it's default gateway is router 1.

Going with the idea I've suggested means that the server will only have 1 default gateway and the remote traffic can come in on router 1,2, or 3 and will have to go through router 4 to reach the server ensuring 2 way communication is always achieved.

PS the static routes are going to your server network. Not towards the internet and remote traffic.

I summery what i've suggested is to take the 3 routes you have going to your server and aggragated them into 1 route to your server.

[NeilF]

hmm seen LSRR been used years ago on linux. never on windows though

[Smig]

I might be wrong but I still think your solution will suffer from the same problem, just not at the server but at the 4th router. When the 4th router routes the reply from the server back to one router, it won't have any static route to the remote destination (remember that for the 4th router, the destination would be the external client that began the connection, which is on a public and dynamic ip address) so it will choose the default gateway or the fastest default gateway to the destination. There's no way to make him choose the right one.

I've been thinking about this problem and I found a solution, even though it involves more hardware.

All routers do DNAT when redirecting ports to the internal network, they change the destination ip from their external ip address to the internal ip address of the server that the source couldn't know about. However, the source ip remains unchanged and that's what causes all the trouble for the traffic going back to that remote ip when you have multiple gateways to the internet. Now, if the routers were also to do SNAT, changing the source ip on the packets by it's own internal ip, the server would know where to forward the packets.

So I've been following this lead and realised that none of the routers I could find would do that but I knew both ISA server and Linux would so I just prepared a new linux box on our internal network then I changed the redirection rule on one router to use the linux box instead of the actual server, and then I've made sure the linux box was doing SNAT and DNAT while redirecting those packets to the server and that the router was the only gateway of the linux box.

And there, works like a charm. The default gateway and routes on the server are no longer relevant since the only connection the server makes is with the linux box that's sitting on the same internal network. The only problem with this solution is the fact that I need an intermidiate machine like this for each connection I intend to use remotely.

[lazareth1]

Hmm now that I think about it, Think your right lol. One thing though, When a client connects, there has to be settings for the IP address it connects to along with the port. So why not setup the clients to use one of the public IP addresses and setup the server gateway as the router connected to that IP address?