Date: Tue, 22 Dec 2009 14:13:32 -0900 From: Mel Flynn <mel.flynn+fbsd.questions@mailing.thruhere.net> To: freebsd-questions@freebsd.org Cc: Craig Butler <craig001@lerwick.hopto.org>, Nikos Vassiliadis <nvass9573@gmx.com> Subject: Re: Loadbalance outgoing traffic over two cable modems in same network Message-ID: <200912221413.32825.mel.flynn%2Bfbsd.questions@mailing.thruhere.net> In-Reply-To: <4B30B22A.1010704@lerwick.hopto.org> References: <200912201903.34873.mel.flynn%2Bfbsd.questions@mailing.thruhere.net> <200912211546.05151.mel.flynn%2Bfbsd.questions@mailing.thruhere.net> <4B30B22A.1010704@lerwick.hopto.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 22 December 2009 02:48:58 Craig Butler wrote: > On 22/12/2009 00:46, Mel Flynn wrote: > > On Monday 21 December 2009 09:56:11 Nikos Vassiliadis wrote: > >> On 12/21/2009 6:03 AM, Mel Flynn wrote: > >>> Hi, > >>> > >>> I've looked over http://www.openbsd.org/faq/pf/pools.html but this > >>> assumes two different gateways for the two interfaces. > >>> I'm faced with two cable modems from the same ISP, with the same > >>> gateway. I can't lagg(4) the interfaces, since specific IP's are bound > >>> to specific modems. > >> > >> This can probably be fixed from the ISP side. It should probably be some > >> antispoofing rule that drops the packets you are sending via the "wrong" > >> interface. You could try communicating the problem to the ISP and hope > >> for the best... > > > > I'd rather not go that route. However, I might ask the ISP to move swap > > two IP's, so that I have two consecutive IPs on two modems and can use > > /31 notation for the pool. Source hash should then work better. > > > >>> So I'm wondering if using stick-address with a round-robin nat pool is > >>> really sufficient to do load balancing of outgoing traffic and not get > >>> into session problems with various protocols. Has anybody had similar > >>> experiences? > >> > >> I have no experience on this, but theoretically a state can expire while > >> the upper layers are still active... so, I *think* you may have > >> problems... Of course, you could increase the lifetime of states > > > > True, I'm mostly worried about DNS queries and other UDP protocols. TCP > > should theoretically be fine. > > Thanks for your feedback. > > Would ECMP (aka RADIX_MPATH) not be suitable for your requirements ?? 2 > default routes, one to each of the modems IP's ... that should start > bunting traffic down both pipes. > > Works for me here... > > ================================================= > Equal cost multipath routing > > Status: Committed to 8-CURRENT > Will appear in 8.0: sure > Authors: Qing Li > Web: commit message > > ECMP routing allows for multiple routes to be handled by the kernel, > including default routes. It potentially offers substantial increases in > bandwidth by load-balancing traffic over multiple paths. > ================================================= > http://en.wikipedia.org/wiki/Equal-cost_multi-path_routing > http://lists.freebsd.org/pipermail/cvs-src/2008-April/089956.html Thanks for the pointers, I'll look into this. It's a little more complicated, there's 16 total IP's. 2 of which are gonna be used for LAN translations. The other 14 are eventually going to be used by DMZ services, so I'm not sure if it's solvable at the routing level, as the incoming traffic needs to go out the same way, not through the 2 LAN IP's. -- Mel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912221413.32825.mel.flynn%2Bfbsd.questions>