Date: Mon, 31 Mar 2003 18:02:53 -0700 (MST) From: Nick Rogness <nick@rogness.net> To: Domain Administrator <domainadmin@3tec.com> Cc: freebsd-question@FreeBSD.ORG Subject: Re: Multiple Internet connection with failover/load-balancing Message-ID: <20030331174400.B35284-100000@skywalker.rogness.net> In-Reply-To: <20030320010036.P2559-100000@ns1.3tec.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 20 Mar 2003, Domain Administrator wrote: > Hello all, > > We've been offering commercial Internet failover/load-balancing products > to our clients, but we occasionally receive requests by some clients to > provide less costly solution. While full redundancy for both inbound > and outbound traffic will require BGP or OSPF, these clients simply wish > to join multiple Internet connections (DSL, ISDN or T1) from different > providers to gain failover capability should one of their links failed. > Without ISPs' support, this type of redundancy only applies to outbound > traffic, but that will suffice the clients' requirements already. > > I searched through the mailing lists and forums but found only very > limited resources on how to accomplish such gateway/firewall setup using > FreeBSD (or other BSD). It seeems for this type of setup requires > running of multiple NAT daemons. Has anyone done something like this? > or point me to any HOW-TOs? > Load balancing "may" be done using some tricks with ipfw and natd, but for most practical and straight forward approaches it should be left up to route peering with ISPs. Without tremendous work, failover is very difficult to do with the basic routing tools supplied with BSD. You can do failover with different tools but be mindfull of routing as you may route IPs provided by ISP-A through your ISP-B connection. Search the archives for suggestions on how to do failover. Proper care and consideration needs to be made before failover can work. Nothing pisses off ISPs more than some jackass with misconfigured routing causing unnecessary traffic on their network. This would not be a problem if you only get one IP from your ISPs. So yes, failover can be accomplished with lots of work and for all practical purposes (no route peering) load balancing can not. (I'm making a blanket statement here because load balancing "may" be accomplished with some thought and use of ipfw/nat interworkings). My plain and simple answer is to buy a basic router and route peer to avoid the headache. You get failover and load balancing at the same time. Nick Rogness <nick@rogness.net> - How many people here have telekenetic powers? Raise my hand. -Emo Philips
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030331174400.B35284-100000>