Date: Wed, 25 Jan 2006 19:31:46 +0200 From: G Bryant <bsd@roamingsolutions.net> To: FreeBSD MailList <subscriber@osk.com.ua> Cc: FreeBSD <freebsd-net@freebsd.org> Subject: Re: Failover and load balancing using advanced NAT daemon Message-ID: <43D7B602.7000501@roamingsolutions.net> In-Reply-To: <831122596.20060125184424@osk.com.ua> References: <831122596.20060125184424@osk.com.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Hey there Oleg, I have done something similar with 2 internet interfaces, but I use very crude IPFW rules to "remember" sessions. I have a seperate natd running for each interface, but my setup includes mail, web and pptp servers on the LAN which complicates matters. I did not have load balancing but am using a ping script to monitor interfaces and re-route traffic using ipfw set's which get enabled and disabled. This ping script could be modified to calculate ping times and shift load by the same method - but that's _really_ rough. I am sure there are much more elegant ways of doing this though. Keep us posted! Graham Oleg Tarasov wrote: >Hello, > >I have an idea of implementation of this common task. Please tell me >if there is some alternative or use my idea to implement advanced NAT >daemon (this would be great). Maybe it would be good to upgrade >standart natd daemon. > >The task: >We have several interfaces connected to internet and all having static >IPs and one (or more) interfaces to local network. >We must provide NATed internet access to local network users >load-balancing internet interfaces and providing failover. All session >have to "remember" their outgoing interface as one session will break >if packets start to come from different IPs. > >A way to perform this: >- We need to monitor interface state (some simple like up/down) or more >complex like periodic gateway ping for example. >- We need to measure interface load >- We need NAT that aliases outgoing connections to one of these >interfaces >- We need to route outgoing packets based on source IP assigned by >NAT. This can be performed using ipfw forward mechanism. > >First three functions would be great to be implemented inside one >daemon like standart natd. Packets should be diverted into it. This >daemon can easily perform all of the tasks listed above as all of the >packets are passed through it. > >Using it in a combination with policy-routing would be a powerful >mechanism! > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43D7B602.7000501>