routing Archive

Hetzner’s ban, NAT leaking internal traffic on WAN interface and New Year’s

  As I mentioned few times, we have small cluster of servers located on Hetzner’s datacenters. We use Vyatta for our core router and we NAT all additional servers thru it, becouse Hetzner’s dedicated servers don’t support direct routing. Incident On new year’s eve, my phone started ringing insanely and I noticed one of our

Loadbalancing / failover with IPVS and keepalived

Introduction Correct failover and loadbalancing is crucial for high availablility environment. With proper setup we can eliminate single points of failure in case of server crash. I use linux kernel’s support for load balancing, since that seems as well documented and scalable method. What I want to achieve here, is actually fully redundant architecture, so

Vyatta / VyOS: site-to-site OpenVPN + Open Shortest Path First (OSPF) setup

When you scale your network from one location to another, sooner or later you may want to merge those networks and have only one. To merge networks, you need to setup 2 routers and site-to-site connection between them. One of open source solutions is OpenVPN and Vyatta/VyOS. This article will cover setting up site-to-site connection

Network Layers – Schema

Usually on Hetzner I want to make sure I get most of our web servers. One of limitations is that each server has it’s own 100Mbit connection and if you want to use it, you should use iptables to link all your virtual servers to public ip, so I often end up writting some special