Date: Mon, 31 Oct 2011 03:01:53 +0100 From: =?iso-8859-1?q?R=E9my_Sanchez?= <remy.sanchez@hyperthese.net> To: freebsd-net@freebsd.org Subject: Re: multiple ISP Message-ID: <201110310301.59604.remy.sanchez@hyperthese.net> In-Reply-To: <CAJsxnXZW-N_R9XxzBg4kLFROQ5N8uTJq27x5auGFdtFN9tJ43Q@mail.gmail.com> References: <CAJsxnXZW-N_R9XxzBg4kLFROQ5N8uTJq27x5auGFdtFN9tJ43Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart11913474.car13WglQ2 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable On Friday 28 October 2011 16:22:25 nyoman.bogi@gmail.com wrote: > dear all, >=20 > I need to set up a router (using FreeBSD) > that connect to the Internet > to accomodate multiple ISP, > so users can be load balanced through > those several ISP lines. >=20 > how can I do that? >=20 > thanks in advance Well, let's suppose that your ISP interfaces have respectively $ispN_ip and= =20 $ispN_router as interface IP and ISP router IP. And that $natN is the diver= t=20 port corresponding to the NAT for the given ISP. Then you get something like # This treats incoming trafic ipfw add 1310 divert $nat1 ip from any to any in via $if1 ipfw add 1320 divert $nat2 ip from any to any in via $if2 =2E.. ipfw add 13N0 divert $natN ip from any to any in via $ifN # Check states ipfw add 3000 check-state # Load balance outgoing trafic # Note: change 1/N, 1/(N-1), etc by actual values for your N ipfw add 10100 prob 1/N skipto 20100 ip from $internal to any keep-state ipfw add 10200 prob 1/(N-1) skipto 20200 ip from $internal to any keep-state =2E.. ipfw add 10N00 skipto 20N00 ip from $internal to any keep-state # Do outgoing NAT ipfw add 20100 divert $nat1 from $internal to any out ipfw add 20110 fwd $isp1_router ip from $isp1_ip ipfw add 20200 divert $nat2 from $internal to any out ipfw add 20210 fwd $isp2_router ip from $isp2_ip =2E.. ipfw add 20N00 divert $natN from $internal to any out ipfw add 20N10 fwd $ispN_router ip from $ispN_ip And here is what the natd.conf would look like ### ISP 1 ### port 8868 dynamic yes interface re1 ### ISP 2 ### instance dsl2 port 8869 dynamic yes interface re2 ### ISP N ### instance dsl3 port 8870 dynamic yes interface re You'll notice that the load balancing rules are skipto to NAT rules instead= of=20 directly being NAT rules. This is because this way you can factorize your N= AT=20 rules with several sets of load-balancing rules (like having different=20 patterns for TCP and UDP, or depending on the users, etc). Also note that those lines are inspired by my actual configuration file, th= at=20 is much more complex than this, and I didn't test anything, so it might not= =20 work out-of-the-box, however this gives you a good preview of what it shoul= d=20 be. One last important thing : this kind of load-balancing can be relatively=20 complex to get correctly working if you do have different bitrates from you= r=20 ISPs. You might also want to try protocols like MLPPP (with mpd for example= ),=20 but this is more complex to setup and you need a server on "the other side"= to=20 get it working. Well, have fun :) =2D-=20 R=E9my Sanchez http://hyperthese.net/ --nextPart11913474.car13WglQ2 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEABECAAYFAk6uAZIACgkQpMMQ4XyIN1bgSQCg2N0HZikMBLLxo4LRMbgMQmZz uYkAoK8BLMDUG4bzVu1GPWZbmFBtjHxU =9yWk -----END PGP SIGNATURE----- --nextPart11913474.car13WglQ2--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201110310301.59604.remy.sanchez>