From owner-freebsd-net Thu Apr 5 17: 2:42 2001 Delivered-To: freebsd-net@freebsd.org Received: from web9602.mail.yahoo.com (web9602.mail.yahoo.com [216.136.129.181]) by hub.freebsd.org (Postfix) with SMTP id 2644E37B505 for ; Thu, 5 Apr 2001 17:02:39 -0700 (PDT) (envelope-from virtual_olympus@yahoo.com) Message-ID: <20010406000239.43749.qmail@web9602.mail.yahoo.com> Received: from [24.164.241.21] by web9602.mail.yahoo.com; Thu, 05 Apr 2001 17:02:39 PDT Date: Thu, 5 Apr 2001 17:02:39 -0700 (PDT) From: Benjamin Gavin Subject: Multi-provider load balancing To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi all, I've got a problem. I have two providers (cable modem/DSL) and I need to load-balance the connection between them. I don't want to do BGP, and would prefer something that is marginally easy to maintain. I don't care about balancing based on load, simple round-robin style balancing would be fine. Here's a "picture": Internal Network (192.168.x.x) | v FreeBSD 4.2-RC firewall | | V V cable DSL Each external side is currently DHCP, but could be static if necessary. What I need is when a request goes out through the firewall for the machine to basically "choose a side". Then once the connection is established it could stay on that pipe, or flip back and forth (whichever is easier). Here's what I've tried: 1. ipfw + 2xnatd, doesn't seem to work, since ipfw rules can't randomly choose on of two rules (AFAIK) 2. ipnat + ipfilter: load-balancing rdr rules don't seem to want to load-balance prior to mapping, and map rules don't accept multiple destination choices. 3. Combinations of ipnat/natd + ipfilter/ipfw: I don't even know if this is possible, but I tried it anyway. Couldn't get anything to happen, not even standard single-mapping nat. Conceptually this is a very easy task. Connection comes in, we choose an exit path randomly (or an existing one if it's in the table already) and do the NAT and forget about it. The return packet handles itself through the normal NAT mechanisms. Has anyone done this? I don't have the skills nor time to actually do any of the coding on this myself. I've looked through the mailing list repositories and there are tons of questions, but no answers. I've looked through the ipf mailing lists, and again, lots of questions, but no answers... I'm at a loss. Is this just not possible? Am I going to be forced to purchase an off-the-shelf hardware product to do this? Thanks much, Ben Gavin ben@virtual-olympus.com __________________________________________________ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message