From owner-freebsd-isp Wed Mar 19 22:34:37 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C94537B401 for ; Wed, 19 Mar 2003 22:34:34 -0800 (PST) Received: from swisseasy.net (dns1.swisseasy.net [195.134.144.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id EAEC843FBD for ; Wed, 19 Mar 2003 22:34:31 -0800 (PST) (envelope-from arie@gerszt.ch) Received: (qmail 79723 invoked by uid 85); 20 Mar 2003 05:50:14 -0000 Received: from arie@gerszt.ch by caramba.gerszt.ch by uid 82 with qmail-scanner-1.16 (sweep: 2.14/3.66 NSV. spamassassin: 2.44. Clear:. Processed in 1.530109 secs); 20 Mar 2003 05:50:14 -0000 Received: from unknown (HELO DELLARIE) (212.41.70.161) by mail.swisseasy.net with SMTP; 20 Mar 2003 05:50:13 -0000 From: "Arie J. Gerszt" To: "Domain Administrator" , , Subject: AW: Multiple Internet connection with failover/load-balancing Date: Thu, 20 Mar 2003 07:34:28 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 In-Reply-To: <20030320010036.P2559-100000@ns1.3tec.com> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Mike I tried it, am still trying it (low priority task) and still did not achieve it. It is hard and very complex. I found some products which could do it. The least costly (don't know how well) is the Nexland Turbo Pro or so router, which is meant to do just that. Search their website, you'll see. I was contacted by a company which sells a software doing that too. Price with a box is approx. 10k USD, so quite expensive. But they have a GUI, which makes life for administrators sometimes easier. The biggest problem seems to detect the failure of one link. Ie. if you have your freebsd box with 3 NICs, nic1 -> isp1 via cable; nic2 -> isp2 via adsl; nic3 -> to your lan or whatever. Both ISPs will have some CPE at your location, probably your adsl modem and the cable tv modem. If now one link fails, say the cable link, this will have in 99.9% of the cases no impact between your cable modem and your freebsd box, so the link between the freebsd box and your CPE of the cable isp will stay up. That's the hard trick now, to detect, that the cable link has failed. Some products, as Radware's Linkproof, have own algorithms to track such a failure down. A basic load sharing with no failover redundance can be made (to what I under- stand) by adding 2 default routes, with the same metric. But that is not all you'd want or need. Just technically speaking, I think you could do that: - box with 3 nics - nat and 2 default routes - cron job, which runs every 10secs which detects a link fail --> remove the appropriate route from the routing table. Ok, now you have a failover box. But you still have your single point of failure, it's the freebsd box itself. Ok, now you could come up with some heartbeat or other HA full clustered solution. In the end, you buy so much hardware and you'd use so much time, that it might me simplier, hassle-free and just cheaper, to buy a 10k USD box, even if you might find a cheaper one on ebay et al. Regards Arie -----Ursprungliche Nachricht----- Von: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]Im Auftrag von Domain Administrator Gesendet: Donnerstag, 20. Marz 2003 07:24 An: freebsd-question@FreeBSD.ORG; freebsd-isp@FreeBSD.ORG Betreff: Multiple Internet connection with failover/load-balancing Hello all, We've been offering commercial Internet failover/load-balancing products to our clients, but we occasionally receive requests by some clients to provide less costly solution. While full redundancy for both inbound and outbound traffic will require BGP or OSPF, these clients simply wish to join multiple Internet connections (DSL, ISDN or T1) from different providers to gain failover capability should one of their links failed. Without ISPs' support, this type of redundancy only applies to outbound traffic, but that will suffice the clients' requirements already. I searched through the mailing lists and forums but found only very limited resources on how to accomplish such gateway/firewall setup using FreeBSD (or other BSD). It seeems for this type of setup requires running of multiple NAT daemons. Has anyone done something like this? or point me to any HOW-TOs? Thank you all for your input. Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message