From owner-freebsd-questions@FreeBSD.ORG Tue Dec 22 00:46:12 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 26C2610656FB for ; Tue, 22 Dec 2009 00:46:12 +0000 (UTC) (envelope-from mel.flynn+fbsd.questions@mailing.thruhere.net) Received: from mailhub.rachie.is-a-geek.net (rachie.is-a-geek.net [66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id E71188FC1B for ; Tue, 22 Dec 2009 00:46:11 +0000 (UTC) Received: from smoochies.rachie.is-a-geek.net (mailhub.rachie.is-a-geek.net [192.168.2.11]) by mailhub.rachie.is-a-geek.net (Postfix) with ESMTP id A1D577E821; Mon, 21 Dec 2009 15:46:10 -0900 (AKST) From: Mel Flynn To: freebsd-questions@freebsd.org Date: Mon, 21 Dec 2009 15:46:05 -0900 User-Agent: KMail/1.12.1 (FreeBSD/8.0-STABLE; KDE/4.3.1; i386; ; ) References: <200912201903.34873.mel.flynn+fbsd.questions@mailing.thruhere.net> <4B2FC4CB.2040409@gmx.com> In-Reply-To: <4B2FC4CB.2040409@gmx.com> MIME-Version: 1.0 Content-Type: Text/Plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <200912211546.05151.mel.flynn+fbsd.questions@mailing.thruhere.net> Cc: Nikos Vassiliadis Subject: Re: Loadbalance outgoing traffic over two cable modems in same network X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Dec 2009 00:46:12 -0000 On Monday 21 December 2009 09:56:11 Nikos Vassiliadis wrote: > On 12/21/2009 6:03 AM, Mel Flynn wrote: > > Hi, > > > > I've looked over http://www.openbsd.org/faq/pf/pools.html but this > > assumes two different gateways for the two interfaces. > > I'm faced with two cable modems from the same ISP, with the same gateway. > > I can't lagg(4) the interfaces, since specific IP's are bound to specific > > modems. > > This can probably be fixed from the ISP side. It should probably be some > antispoofing rule that drops the packets you are sending via the "wrong" > interface. You could try communicating the problem to the ISP and hope for > the best... I'd rather not go that route. However, I might ask the ISP to move swap two IP's, so that I have two consecutive IPs on two modems and can use /31 notation for the pool. Source hash should then work better. > > So I'm wondering if using stick-address with a round-robin nat pool is > > really sufficient to do load balancing of outgoing traffic and not get > > into session problems with various protocols. Has anybody had similar > > experiences? > > I have no experience on this, but theoretically a state can expire while > the upper layers are still active... so, I *think* you may have > problems... Of course, you could increase the lifetime of states True, I'm mostly worried about DNS queries and other UDP protocols. TCP should theoretically be fine. Thanks for your feedback. -- Mel