From owner-freebsd-net@FreeBSD.ORG Mon Jan 10 13:56:42 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 27F27106564A for ; Mon, 10 Jan 2011 13:56:42 +0000 (UTC) (envelope-from thomas@gibfest.dk) Received: from mail.tyknet.dk (mail.tyknet.dk [IPv6:2002:d596:2a92:2:155::]) by mx1.freebsd.org (Postfix) with ESMTP id D745B8FC08 for ; Mon, 10 Jan 2011 13:56:41 +0000 (UTC) Received: from [10.20.90.16] (out8.hq.siminn.dk [195.184.109.8]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail.tyknet.dk (Postfix) with ESMTPSA id 20983638DAC; Mon, 10 Jan 2011 14:56:41 +0100 (CET) X-DKIM: OpenDKIM Filter v2.1.3 mail.tyknet.dk 20983638DAC DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gibfest.dk; s=default; t=1294667801; bh=YNNfep7sQhxUDobhpKFaSrCKn2aoWrpihOjwOH+qks0=; h=Message-ID:Date:From:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=XsZwvs/xECxSbQO2ZhDY/rXQCwsfM3Y37ykUqQzVn9EL56PV7u1ebAD8/XUr6i/Ep kyhx9dsRwHn/HCD+MPbqiXjI7WuVh36fxJ58j/kvPjXo7ap+7efPtvMiklOot97DRj mf0JWx5o95UyR/iI1G4r3LWgLDHBDiE16RXmVYT8= Message-ID: <4D2B1018.4020500@gibfest.dk> Date: Mon, 10 Jan 2011 14:56:40 +0100 From: Thomas Steen Rasmussen User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7 MIME-Version: 1.0 To: Francisco Reyes , freebsd-net@freebsd.org References: <4D2ADCED.8060809@gibfest.dk> In-Reply-To: X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Subject: Re: Lagg questions X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Jan 2011 13:56:42 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10-01-2011 14:21, Francisco Reyes wrote: > Thomas Steen Rasmussen writes: > >> Using lagg to bundle two uplinks to two different providers will >> not work as you intend. You need to look into using pf or >> something similar to balance layer 3 traffic across two uplinks. >> I have had this running at home for years with pf, and it works >> great. > > Is this along the lines of what I need? > http://www.openbsd.org/faq/pf/pools.html > > Address pools can be used in combination with the route-to filter > option to load balance two or more Internet connections when a > proper multi-path routing protocol (like BGP4) is unavailable. By > using route-to with a round-robin address pool, outbound > connections can be evenly distributed among multiple outbound > paths Hello, Yes, my setup is based on "route-to" and reply-to, although my setup is less "automatic" since there is a considerable speed difference between my two uplinks (DSL and 50meg fiber). I manually pick the DSL uplink using SSH or a webinterface, if I need to do something from the DSL. If you go with fully automated load balancing across the two uplinks: Be aware that the lack of "proper multipath routing" will be a problem when accessing some sites/applications/systems - like websites with load balancing across different IP addresses. Example: - - Client 1 connects to service X, uplink A is chosen (for the full session due to the state). - - At some point service X redirects client 1 to another mirror, and uplink B is chosen. - - If service X for security reasons checks the client IP address, client 1 will receive an error saying something like "session ip mismatch" or whatever. I've been able to work around these problems when they popped up, not too often fortunately. The solutions are not pretty, though. Good luck with it, Thomas Steen Rasmussen ps. Additional pf questions may be more suitable to post on the freebsd-pf list :) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk0rEBgACgkQGjEBQafC9MBWZgCggM+82VQPg+ATDO+raTt7dwVa Qq0An3aL/TPfZV/v5ctsptKVypHHps4F =XVBc -----END PGP SIGNATURE-----