From owner-freebsd-net@FreeBSD.ORG Sat Apr 7 16:20:44 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2DBF716A400 for ; Sat, 7 Apr 2007 16:20:44 +0000 (UTC) (envelope-from rajkumars@gmail.com) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.239]) by mx1.freebsd.org (Postfix) with ESMTP id E29CB13C4AD for ; Sat, 7 Apr 2007 16:20:43 +0000 (UTC) (envelope-from rajkumars@gmail.com) Received: by wr-out-0506.google.com with SMTP id 50so723110wra for ; Sat, 07 Apr 2007 09:20:43 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=dk7TArGLiwQDtkuKoTGsWLeMgJIeKaSiQ5BvCGv3gqzIM8GYgKDHoVtGSfpwOcoiFiujNNFnJ8o8yDql1HmLqg04xxwX+x74R+nKiV8JQiR3z8NGB8Sp6g9sC39fr5PpYWMM2fElKoRJeUYclpD2M9SBMpmDZ3M1ZAVPyLWueHQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=oFHHXMVwKd7gZ1RgozhQE2A1kxMIPTszuyv5bYB0txWcBc0bb4SghEL14QLjBHQ45RbZT5eivHPi9P3s6SfYSC2rEGaVvBXeLrDg2+Huo6b6r+rRnwKD70xmKBIiwIeda5IJ/K7Pbj4KzUG8RQiOPVxEt1tINqSIS3FFtUPjO2g= Received: by 10.114.183.1 with SMTP id g1mr1652181waf.1175962842355; Sat, 07 Apr 2007 09:20:42 -0700 (PDT) Received: by 10.114.13.9 with HTTP; Sat, 7 Apr 2007 09:20:42 -0700 (PDT) Message-ID: <64de5c8b0704070920q986b5fat7523ac2b4e2b53d7@mail.gmail.com> Date: Sat, 7 Apr 2007 21:50:42 +0530 From: "Rajkumar S" To: freebsd-net@freebsd.org In-Reply-To: <4617B23D.1090502@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <64de5c8b0704060004s5d2f4416if88f32cc45c77aba@mail.gmail.com> <4617B23D.1090502@FreeBSD.org> Subject: Re: Spillover routing? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Apr 2007 16:20:44 -0000 On 4/7/07, Bruce M. Simpson wrote: > Rajkumar S wrote: > > I have a low cost 128kbps and a high cost 512 kbps link to internet. > > Is it possible to do a "spillover" routing > This feature is almost certainly not going to be present in the base > system. I was almost sure of this, but was just checking if I did miss some thing. To do spillover load balancing, I need to 1. Measure the current bandwidth. 2. If the current b/w is above certain limit, all new sessions should go via backup gateway, till the b/w in old gateway comes back to safe limit. I can measure the bandwidth using any userspace tools, and a simple approach would be to add the new gateway to the route-to rule when the b/w is above limit and remove it when the usage comes down. One problem with this approach is that when I add a new gateway, only round-robin [with sticky-address option] algorithm is available, though I would have liked to have all new sessions to be via new gateway and old sessions via old gateway. When it's strictly round robin, 50% of new sessions would have to go via existing gateway, causing some congestion. I prefer to have old sessions via old gateway because if some website expects all connections to be from same public ips they will not be disappointed. Another more ambitious and complex method would be to make use of tags support in pf, and use tags to select which gateway a session should use. Tagging can be done outside pf, and netgraph seems to be well suited for it. I can write a ng_tag, which can attach to upper and lower hook of lan interface, silently selecting which session should go to which gateway such that when a overload message is passed to it, all new sessions can be tagged to go via new gateway. This will also open up possibility of having ratios other than 1:1 when I have to use multiple gateways, some thing like 2:1 between two gateways. This is particularly useful when I have a 512 and 256 link, and want to use both of them together. ng_netflow already does most of the stuff, ie parsing the raw traffic flow into sessions good enough for load balancing, I am not sure if I want to take this route though. there is a big learning curve involved when I start coding. So before I plunge into it, I just want to check what other listers think about this. regards, raj