From owner-freebsd-net@FreeBSD.ORG Sun Aug 24 22:14:24 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4789D2A4; Sun, 24 Aug 2014 22:14:24 +0000 (UTC) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 1AAEB3A39; Sun, 24 Aug 2014 22:14:23 +0000 (UTC) Received: from Julian-MBP3.local ([12.157.112.125]) (authenticated bits=0) by vps1.elischer.org (8.14.9/8.14.9) with ESMTP id s7OLvKWc083725 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Sun, 24 Aug 2014 14:57:21 -0700 (PDT) (envelope-from julian@freebsd.org) Message-ID: <53FA5FBF.1010907@freebsd.org> Date: Sun, 24 Aug 2014 14:57:19 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: lev@FreeBSD.org, freebsd-net@freebsd.org Subject: Re: Does anybody have set of scripts to support two uplink connections (with two ISPs) without AS and BGP? References: <754783310.20140824233738@serebryakov.spb.ru> In-Reply-To: <754783310.20140824233738@serebryakov.spb.ru> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Aug 2014 22:14:24 -0000 On 8/24/14, 12:37 PM, Lev Serebryakov wrote: > Hello, Freebsd-net. > > Typical task: two "home-grade" ISPs, one router. Need to monitor both > channels, switch default route, balance outgoing traffic, manage ipfw > firewall, etc. > > For Linux here is Net::ISP::Balance > (http://lstein.github.io/Net-ISP-Balance/) and LSM as part of it > (http://lsm.foobar.fi/download/), but they are very Linux-specific. > > Maybe, somebody have good set of such scripts? > > Looks like /sbin/dhclient-script should be rewritten too, for example, > because standard one uses "default interface" detection which fails in race > condition of two ISPs (both uses DHCP!), for example. > I don't have scripts any more but I have done this. The single biggest step is to realise that both links need separate NAT, or if one ISP gives you real routable subnet, then the other link needs to be NAT'd. (unless you are willing to dual-home every machine you have). If you had a commercial ISP they might use BGP or something but with a home-grade ISP conenction you can't do that. Once you have two connections set up then you can use either multiple FIBS, or packet redirection in ipfw to decide what connectins go to what ISP connection. Incoming sessions must return to the same link that they came in from but how you do that really depends on how you setup your systems.