Date: Mon, 10 Oct 2011 08:29:40 -0700 From: Devin Teske <devin.teske@fisglobal.com> To: "'krad'" <kraduk@gmail.com>, "'Matthew Seaman'" <m.seaman@infracaninophile.co.uk> Cc: 'pepe' <plaine@gmail.com>, freebsd-questions@freebsd.org Subject: RE: two networks in one server? Message-ID: <0d7701cc8761$7132e4c0$5398ae40$@fisglobal.com> In-Reply-To: <CALfReycipV9YWF=buJjvVTa3zXZcztu0acv5no9uPRBkL0f0Uw@mail.gmail.com> References: <CANNwXraKe6mQuhJic6F=XOJt3SsBfhM9Ft9dNzE98OLCWXgV2Q@mail.gmail.com> <4E9187AC.6000006@infracaninophile.co.uk> <CALfReycipV9YWF=buJjvVTa3zXZcztu0acv5no9uPRBkL0f0Uw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd- > questions@freebsd.org] On Behalf Of krad > Sent: Monday, October 10, 2011 1:00 AM > To: Matthew Seaman > Cc: pepe; freebsd-questions@freebsd.org > Subject: Re: two networks in one server? > > On 9 October 2011 12:38, Matthew Seaman > <m.seaman@infracaninophile.co.uk>wrote: > > > On 09/10/2011 10:36, pepe wrote: > > > I'm just asking before trying if it possible to use two network > > > uplinks > > in > > > one server so other would be just backup way in? > > > I have currently connection from two ISPs and server is up with one > > > connection. Is it possible to add another nic and wire that to > > > connection from another isp? So isp 1 would be in normal use in/out, > > > but isp 2 could > > be > > > used connecting in? > > > > This is a very commonly asked question around the Internet. > > > > The answer is -- it's a lot harder to do properly than you might think. > > Requires understanding Internet routing protocols like BGP and you > > will need the cooperation of both ISPs to make it all work. > > > > However there is a "light" version which might work for you. Keywords > > here are "policy based routing." In this case you can use firewall > > software to forward packets by an alternate gateway. This only > > affects the outward path from your system: no good at all if all the > > incoming traffic is using an uplink that fails, but you can use it to > > load balance across multiple links. > > > > Cheers, > > > > Matthew > > > > -- > > Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard > > Flat 3 > > PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate > > JID: matthew@infracaninophile.co.uk Kent, CT11 9PW > > > > > > There is a simpler version now in freebsd. You could spawn an additional version > of sshd with the setfib command, and have a different default route in the > relevant fib table. If you have a bunch of services you need to run like that maybe > you could wrap them up in a jail and use the fib on the jail. Have a look at setfib. Yet-another solution would be to use VIMAGE + NETGRAPH. I have a nice rc.d boot script for vimages on the web at: FreeBSD package (installable via pkg_add(8)): http://druidbsd.sourceforge.net/download/vimage-1.2.tbz Read more about my vimage script at: http://druidbsd.sourceforge.net/vimage.html http://druidbsd.sourceforge.net/ NOTE: Requires custom kernel with VIMAGE option enabled (recommended FreeBSD-8.1 or higher). We are successfully running routers as vimage jails on FreeBSD. Each with their own routing. It's a veritable zoo over here with the menagerie of FreeBSD animalia that we're mixing: 1. Running FreeBSD-4.11 i386 vimage on: 1.a. FreeBSD-8.1 i386 host w/ 4GB of RAM 1.b. FreeBSD-8.1 i386 PAE host w/ 12GB of RAM 1.c. FreeBSD-8.1 amd64 host w/ 48GB of RAM 2. Running FreeBSD-8.1 i386 vimage on: 2.a. FreeBSD-8.1 i386 host w/ 4GB of RAM 2.b. FreeBSd-8.1 i386 PAE host w/ 12GB of RAM 2.c. FreeBSD-8.1 amd64 host w/ 48GB of RAM 3. Running FreeBSD-8.1 amd64 vimage on: 3.a. FreeBSD-8.1 amd64 host w/ 48 GB of RAM All vimages run well and all [underlying] hosts can be rebooted cleanly (w/ vimages coming back to-life as-expected). Nearly all vimages are configured with different routing. Multiple vimages running on multiply-separate subnets are also running over the same physical wire on the underlying host (through the power of netgraph). -- Devin _____________ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you. _____________
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0d7701cc8761$7132e4c0$5398ae40$>