From owner-freebsd-hackers Fri Dec 7 10: 8: 1 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from cody.jharris.com (cody.jharris.com [205.238.128.83]) by hub.freebsd.org (Postfix) with ESMTP id 53F6837B405 for ; Fri, 7 Dec 2001 10:07:55 -0800 (PST) Received: from localhost (nick@localhost) by cody.jharris.com (8.11.1/8.9.3) with ESMTP id fB7I7jn04987; Fri, 7 Dec 2001 12:07:45 -0600 (CST) (envelope-from nick@rogness.net) Date: Fri, 7 Dec 2001 12:07:45 -0600 (CST) From: Nick Rogness X-Sender: nick@cody.jharris.com To: Lars Eggert Cc: Steve Ames , Anders Hagman , freebsd-hackers@FreeBSD.ORG Subject: Re: Nat through two DSL In-Reply-To: <3C10F906.1020908@isi.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, 7 Dec 2001, Lars Eggert wrote: > Steve Ames wrote: > > >>>I want to load share between two ADSL modems using a NAT/Firewall. > ... > > > >>>The ADSL are 500k links and I want to load share on session by session. > >>>Can I do NAT between an inside interface and two outside interfaces > >>>acting in a round robin fashion? > >>> > >>This may not be the good idea you'd think on first glance. If one of the > >>paths has a slightly different RTT (and they're pretty much guaranteed > >>to), you'll see out-of-order delivery at the receiver. I remember seeing > >>some study that showed that TCP doesn't react too nicely under such > >>conditions (it works, but not at peak performance). > >> > > > > Is it even possible to do use two upstream paths for redundancy? I tried > > (very briefly while I had two broadband connections while switching from > > one to the other) to get that to work and wasn't very successful. > > Redundancy is a different issue from load-sharing. > > If you want to switch between a primary and a backup link there are a > number of ways to do this. > > However, Anders was trying to stripe packets over both links (not > technically a problem) to increase throughtput. When running TCP over a > striped link, you may not see the performance gain you'd expect. > Load sharing is not possible on a per packet basis when running NAT on the outside interfaces. The source address for each packet will be different. Let's say in the most simple case the BSD machine is alternating packets out each interface for a common destination, the source address for the packets will be different, hence the destination machine will be receiving packets from both nat address...which are different. On a per session basis, you may be able to work with ipfw fwd (which does policy based forwarding) and the ipfw probability work done by Luigi. man ipfw for more info. As far as redundancy, there are a couple of options. BOth will not be easy with your setup. Nick Rogness - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message