From owner-freebsd-net@FreeBSD.ORG Wed Jan 25 17:29:37 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A25C416A41F for ; Wed, 25 Jan 2006 17:29:37 +0000 (GMT) (envelope-from bsd@roamingsolutions.net) Received: from basillia.speedxs.net (basillia.speedxs.net [83.98.255.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5171443D72 for ; Wed, 25 Jan 2006 17:29:33 +0000 (GMT) (envelope-from bsd@roamingsolutions.net) Received: from ongers.net (ongers.speedxs.nl [83.98.237.210]) by basillia.speedxs.net (Postfix) with ESMTP id 17357B5B4; Wed, 25 Jan 2006 18:10:19 +0100 (CET) Received: from (165.146.241.117 [165.146.241.117]) by MailEnable Inbound Mail Agent with ESMTP; Wed, 25 Jan 2006 18:38:01 +0100 Message-ID: <43D7B602.7000501@roamingsolutions.net> Date: Wed, 25 Jan 2006 19:31:46 +0200 From: G Bryant User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: FreeBSD MailList References: <831122596.20060125184424@osk.com.ua> In-Reply-To: <831122596.20060125184424@osk.com.ua> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Antivirus: avast! (VPS 0604-2, 2006/01/25), Outbound message X-Antivirus-Status: Clean Cc: FreeBSD Subject: Re: Failover and load balancing using advanced NAT daemon X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jan 2006 17:29:37 -0000 Hey there Oleg, I have done something similar with 2 internet interfaces, but I use very crude IPFW rules to "remember" sessions. I have a seperate natd running for each interface, but my setup includes mail, web and pptp servers on the LAN which complicates matters. I did not have load balancing but am using a ping script to monitor interfaces and re-route traffic using ipfw set's which get enabled and disabled. This ping script could be modified to calculate ping times and shift load by the same method - but that's _really_ rough. I am sure there are much more elegant ways of doing this though. Keep us posted! Graham Oleg Tarasov wrote: >Hello, > >I have an idea of implementation of this common task. Please tell me >if there is some alternative or use my idea to implement advanced NAT >daemon (this would be great). Maybe it would be good to upgrade >standart natd daemon. > >The task: >We have several interfaces connected to internet and all having static >IPs and one (or more) interfaces to local network. >We must provide NATed internet access to local network users >load-balancing internet interfaces and providing failover. All session >have to "remember" their outgoing interface as one session will break >if packets start to come from different IPs. > >A way to perform this: >- We need to monitor interface state (some simple like up/down) or more >complex like periodic gateway ping for example. >- We need to measure interface load >- We need NAT that aliases outgoing connections to one of these >interfaces >- We need to route outgoing packets based on source IP assigned by >NAT. This can be performed using ipfw forward mechanism. > >First three functions would be great to be implemented inside one >daemon like standart natd. Packets should be diverted into it. This >daemon can easily perform all of the tasks listed above as all of the >packets are passed through it. > >Using it in a combination with policy-routing would be a powerful >mechanism! > > >