From owner-freebsd-questions@FreeBSD.ORG Tue Dec 22 23:13:39 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C11421065670 for ; Tue, 22 Dec 2009 23:13:39 +0000 (UTC) (envelope-from mel.flynn+fbsd.questions@mailing.thruhere.net) Received: from mailhub.rachie.is-a-geek.net (rachie.is-a-geek.net [66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id 85C238FC1C for ; Tue, 22 Dec 2009 23:13:39 +0000 (UTC) Received: from smoochies.rachie.is-a-geek.net (mailhub.lan.rachie.is-a-geek.net [192.168.2.11]) by mailhub.rachie.is-a-geek.net (Postfix) with ESMTP id 594E67E818; Tue, 22 Dec 2009 14:13:38 -0900 (AKST) From: Mel Flynn To: freebsd-questions@freebsd.org Date: Tue, 22 Dec 2009 14:13:32 -0900 User-Agent: KMail/1.12.1 (FreeBSD/8.0-STABLE; KDE/4.3.1; i386; ; ) References: <200912201903.34873.mel.flynn+fbsd.questions@mailing.thruhere.net> <200912211546.05151.mel.flynn+fbsd.questions@mailing.thruhere.net> <4B30B22A.1010704@lerwick.hopto.org> In-Reply-To: <4B30B22A.1010704@lerwick.hopto.org> MIME-Version: 1.0 Content-Type: Text/Plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <200912221413.32825.mel.flynn+fbsd.questions@mailing.thruhere.net> Cc: Craig Butler , Nikos Vassiliadis Subject: Re: Loadbalance outgoing traffic over two cable modems in same network X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Dec 2009 23:13:39 -0000 On Tuesday 22 December 2009 02:48:58 Craig Butler wrote: > On 22/12/2009 00:46, Mel Flynn wrote: > > On Monday 21 December 2009 09:56:11 Nikos Vassiliadis wrote: > >> On 12/21/2009 6:03 AM, Mel Flynn wrote: > >>> Hi, > >>> > >>> I've looked over http://www.openbsd.org/faq/pf/pools.html but this > >>> assumes two different gateways for the two interfaces. > >>> I'm faced with two cable modems from the same ISP, with the same > >>> gateway. I can't lagg(4) the interfaces, since specific IP's are bound > >>> to specific modems. > >> > >> This can probably be fixed from the ISP side. It should probably be some > >> antispoofing rule that drops the packets you are sending via the "wrong" > >> interface. You could try communicating the problem to the ISP and hope > >> for the best... > > > > I'd rather not go that route. However, I might ask the ISP to move swap > > two IP's, so that I have two consecutive IPs on two modems and can use > > /31 notation for the pool. Source hash should then work better. > > > >>> So I'm wondering if using stick-address with a round-robin nat pool is > >>> really sufficient to do load balancing of outgoing traffic and not get > >>> into session problems with various protocols. Has anybody had similar > >>> experiences? > >> > >> I have no experience on this, but theoretically a state can expire while > >> the upper layers are still active... so, I *think* you may have > >> problems... Of course, you could increase the lifetime of states > > > > True, I'm mostly worried about DNS queries and other UDP protocols. TCP > > should theoretically be fine. > > Thanks for your feedback. > > Would ECMP (aka RADIX_MPATH) not be suitable for your requirements ?? 2 > default routes, one to each of the modems IP's ... that should start > bunting traffic down both pipes. > > Works for me here... > > ================================================= > Equal cost multipath routing > > Status: Committed to 8-CURRENT > Will appear in 8.0: sure > Authors: Qing Li > Web: commit message > > ECMP routing allows for multiple routes to be handled by the kernel, > including default routes. It potentially offers substantial increases in > bandwidth by load-balancing traffic over multiple paths. > ================================================= > http://en.wikipedia.org/wiki/Equal-cost_multi-path_routing > http://lists.freebsd.org/pipermail/cvs-src/2008-April/089956.html Thanks for the pointers, I'll look into this. It's a little more complicated, there's 16 total IP's. 2 of which are gonna be used for LAN translations. The other 14 are eventually going to be used by DMZ services, so I'm not sure if it's solvable at the routing level, as the incoming traffic needs to go out the same way, not through the 2 LAN IP's. -- Mel