From owner-freebsd-questions@FreeBSD.ORG Sat Aug 20 14:29:20 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C44F616A41F for ; Sat, 20 Aug 2005 14:29:20 +0000 (GMT) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from mail26.sea5.speakeasy.net (mail26.sea5.speakeasy.net [69.17.117.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1E89C43D53 for ; Sat, 20 Aug 2005 14:29:19 +0000 (GMT) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: (qmail 6226 invoked from network); 20 Aug 2005 14:29:19 -0000 Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org) ([66.92.78.145]) (envelope-sender ) by mail26.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 20 Aug 2005 14:29:19 -0000 Received: by be-well.ilk.org (Postfix, from userid 1147) id B1FD747; Sat, 20 Aug 2005 10:29:18 -0400 (EDT) Sender: lowell@be-well.ilk.org To: Ovidiu Ene References: <4305B5BB.90705@unixware.ro> From: Lowell Gilbert Date: 20 Aug 2005 10:29:18 -0400 In-Reply-To: <4305B5BB.90705@unixware.ro> Message-ID: <444q9k7kch.fsf@be-well.ilk.org> Lines: 50 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: freebsd-questions@freebsd.org Subject: Re: Load Balancing - Nice and Easy - no BGP, no isp help. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Aug 2005 14:29:20 -0000 Ovidiu Ene writes: > Hello friends > > I am trying for a while to make a load balancer under FreeBSD > > I would have: 3 nics, ISP1 nic, ISP2 nic and LAN nic. > What i've done until now, after reading lots of posts, googling for a while: > > - I've suceeded to setup an outgoing load balancer with pf, it works > perfectly but only for outgoing traffic; > - I've noticed that almost everybody thing that it cannot be done load > balancing with BSD of incoming and outgoing without help of that both > ISP (BGP) > - I find hardware with proprietary OS/firmware that can do load > balancing without support of ISP. Some are cheap (300$), but at review > does not know to load balance incoming traffic (break functionality of > some pages accessed, since some of load is on one interface, some of > other, works corectly only if i setup to come some type of traffic on > one interface, some of other (for example trafic via port 80 on one > nic, ftp traffic on the other), also are expensive hardware load > balancers (over 1000$) that... i am asking myself how it works, > without help of isp. > - I've found somewhere that it can be done load balancing but not with > one box with that 3 nics, but with 3 boxex, because (that article i am > "insipring" said that every box has just one routing table) because > can be created a virtual server that with handle routes from that 2 > boxes. > - People told me that in Linux load balancing cand be done, 3 nics, 2 > external, one to Lan, with iptables. Here is a short article: > http://linux.com.lb/wiki/index.pl?node=Load%20Balancing%20Across%20Multiple%20Links > > So, my question is, if some people made it (in expensive hardware that > did have the same OS, maybe even FreeBSD, and proprietary algorythms) > and in Linux it can be done (people told me, i've read articles and > also so it here, where i live) why it cannot be done under FreeBSD? > I guess it can be done, I want to do it with FreeBSD, and want to > obtain same performances as with Linux. The only specific example you gave was the Linux one. And that one *is* doing load balancing on the outgoing side. I doubt it's very different from what you did with pf. > What is your opinion about that? What should I do? Anybody suceed in > making load balancing work that way? I don't believe anyone has. Or can, for that matter. Aside from choosing addresses for outgoing connections, you have no control over what incoming link a peer outside your network will use to communicate with you. Unless the upstream providers are cooperating, of course.