From owner-freebsd-isp@FreeBSD.ORG Mon Jun 7 19:30:26 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7ECA416A4D0 for ; Mon, 7 Jun 2004 19:30:26 +0000 (GMT) Received: from skywalker.rogness.net (skywalker.rogness.net [64.251.173.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1C76D43D1D for ; Mon, 7 Jun 2004 19:30:26 +0000 (GMT) (envelope-from nick@rogness.net) Received: from skywalker.rogness.net (localhost.localdomain [127.0.0.1]) by skywalker.rogness.net (8.12.8/8.12.5) with ESMTP id i57JOZGg021832; Mon, 7 Jun 2004 13:24:35 -0600 (envelope-from nick@rogness.net) Received: from localhost (nick@localhost)i57JOT4M021828; Mon, 7 Jun 2004 13:24:31 -0600 X-Authentication-Warning: skywalker.rogness.net: nick owned process doing -bs Date: Mon, 7 Jun 2004 13:24:29 -0600 (MDT) From: Nick Rogness To: gus- In-Reply-To: <20040607042216.GA86305@pbx.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@freebsd.org cc: Rene de Vries cc: "David J. Hughes" cc: "Mitch \(bitblock\)" cc: 'Joe Hamelin' Subject: Re: 2 adsl connections load balancing with natd/ipfw X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jun 2004 19:30:26 -0000 On Mon, 7 Jun 2004, gus- wrote: > doing this with ipfw is trivial: > isp ip localip local int > link1: 192.168.1.1 192.168.1.2 em1 > link2: 192.168.2.1 192.168.2.2 em2 > > route add 0.0.0.0 192.168.1.1 > ipfw add prob 0.5 allow ip from any to any out via em1 fwd 192.168.2.1 > > however, this would probabaly drop half of your packets if em1 went > down, should theoreticaly work if em2 drops (because you still have a > route to 192.168.2.1 via default route) NAT is involved which puts a wrench in this idea. Keep in mind that when packets "leave" an interface, their source address(es) change. So in this case, half the packets would have a source address of X.X.X.X (leaving interface em1) and the other half would have Y.Y.Y.Y (leaving interface em2). The 'only' approach that is realistic (without provider intervention) is to split traffic based on destination IP as suggested earlier: > route add -net 0.0.0.0 -netmask 128.0.0.0 192.168.1.1 > route add -net 128.0.0.0 -netmask 128.0.0.0 192.168.2.1 This splits the IP space exactly in half, sending all traffic starting with 0->127.X.X.X through em1 and sends all 128->256.X.X.X through em2. Run 2 instances of natd, one for each interface. You can adjust your 'load balancing' by using smaller routes and send certain traffic through different interfaces with route statements. You would need to monitor load on the interfaces to fine tune this approach. -- Nick Rogness - How many people here have telekenetic powers? Raise my hand. -Emo Philips