From owner-freebsd-net@FreeBSD.ORG Wed Jan 21 03:21:53 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA17B16A4CE for ; Wed, 21 Jan 2004 03:21:53 -0800 (PST) Received: from softservecom.com (mail.softservecom.com [194.44.102.252]) by mx1.FreeBSD.org (Postfix) with ESMTP id 282CE43D2F for ; Wed, 21 Jan 2004 03:21:46 -0800 (PST) (envelope-from pam@polynet.lviv.ua) Received: from mail.softservecom.com (root@localhost) by softservecom.com (8.11.6/8.11.6) with SMTP id i0LBLdG25288 for ; Wed, 21 Jan 2004 13:21:39 +0200 Received: from polynet.lviv.ua (digger.softservecom.com [192.168.17.2]) by softservecom.com (8.11.6/8.11.6) with ESMTP id i0LBLZI25258; Wed, 21 Jan 2004 13:21:38 +0200 Message-ID: <400E614F.4060804@polynet.lviv.ua> Date: Wed, 21 Jan 2004 13:23:59 +0200 From: Adrian Pavlykevych User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4 X-Accept-Language: uk, en-us, en, pl, ru, de, de-at, de-de, de-li, de-lu, de-ch MIME-Version: 1.0 To: Dinesh Nair References: <20040121170911.Y532-100000@prophet.alphaque.com> In-Reply-To: <20040121170911.Y532-100000@prophet.alphaque.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: Two ISP lines X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jan 2004 11:21:53 -0000 Dinesh Nair wrote: > while this multipath patch does round robin the packets (according to > pathmetric) across the two gateways, it does not change the source ip > address of the packet to correspond with the interface it went out on. > > as such, the round robin works this way. the first 10 packets are sent > with a src ip of 192.168.0.5 (fxp0's address) out via fxp0. the next 10 > are sent still with a src ip of 192.168.0.5 out via aue0. then the cycle > repeats with 10 more being sent out via fxp0. this magic number 10 is > equivalent to the -pathmetric argument given when creating the route. the > default, obviously, is 10. but i digress. > > this obviously doesn't work for me, since higher upstream from aue0 (ip > address 10.1.105.26), the src address of 192.168.0.5 is address translated > to a public IP address. the router/natd which does that will obviously not > have any address translation maps for 192.168.0.5, and thus silently drop > the packet. packets going out fxp0 work the way they should. after all, > why shouldn't they ? :) > > it would however work if both the interfaces were assigned a public ip > address, though all this still would do is to round robin outgoing > packets, but incoming packets will still come down the same interface (due > to the src address not changing). i'm guessing the the picked source ip > address depends on the current active gateway for that route, as i've seen > the same happen in reverse with a source ip address of 10.1.105.26, the > address on aue0. which leads me to deduce that the src address is picked > on a per connection basis, depending on the current active gateway, and > held for the duration of the connection. thus this does not ensure proper > load balancing over both links, even if public ip addresses were used. > > this does not do what i want to do, i.e. multipath routing in a round > robin fashion over x number of interfaces with src ip address changed to > the address of the interface the packet goes out on. this would ensure > that the reply packets from the destination are routed back in correctly. Hmm, have you accounted for the fact, that if packets of same connection will be distributed in round-robin fashion between several outgoing interfaces and get their src IP "fixed", destination host won't see that as single connection and drop them? If you want to round-robin with two different src IPs on the gateway (host), you have to implement this as functionality of NAT service, which will keep track of connections and send each connection's traffic via _exactly_ one(same) interface. On routing level, IMHO, patch operation, you've described, is exactly following multipath functionality. Issue with return traffic could be resolved with both ISPs announcing route to your IP to the Internet. In this way, return packets will be routed from the destination according to routing decisions take by routers on the path. Regards, -- Adrian Pavlykevych