From owner-freebsd-isp Wed Mar 19 23:26:45 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C96637B401; Wed, 19 Mar 2003 23:26:41 -0800 (PST) Received: from ns1.3tec.com (ns1.3tec.com [66.48.86.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2BBA043F93; Wed, 19 Mar 2003 23:26:40 -0800 (PST) (envelope-from domainadmin@3tec.com) Received: from ns1.3tec.com (localhost [127.0.0.1]) by ns1.3tec.com (8.12.6/8.12.6) with ESMTP id h2K7QdWG002709; Thu, 20 Mar 2003 02:26:39 -0500 (EST) (envelope-from domainadmin@3tec.com) Received: from localhost (domainadmin@localhost) by ns1.3tec.com (8.12.6/8.12.6/Submit) with ESMTP id h2K7Qcli002706; Thu, 20 Mar 2003 02:26:38 -0500 (EST) X-Authentication-Warning: ns1.3tec.com: domainadmin owned process doing -bs Date: Thu, 20 Mar 2003 02:26:38 -0500 (EST) From: Domain Administrator To: "Arie J. Gerszt" Cc: freebsd-isp@FreeBSD.ORG, Subject: Re: AW: Multiple Internet connection with failover/load-balancing In-Reply-To: Message-ID: <20030320020449.L2682-100000@ns1.3tec.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hellow Arie, I came across Nexland Turbo product and other packaged software solutions such as StoneGate (www.stonesoft.com) and ePipe ServerWare (www.ml-ip.com). The only downside about Nexland is that it only comes with 2 WAN ports, otherwise it's a pretty cost effective solution. The packages software solutions aren't limited to the number of NICs used for WAN, but they all come with VPN support built-in, something that adds extra dollars to the pricing, but not needed by clients (some already have VPN). I'm still evaluating and comparing which solution we want to go with, as well as time and costs. It would be nice if some insiders from Nexland or StoneGate post their HOW-TOs... Thanks for your valuable information Arie. Mike -- > Hi Mike > > I tried it, am still trying it (low priority task) and still did not achieve > it. > It is hard and very complex. I found some products which could do it. The > least > costly (don't know how well) is the Nexland Turbo Pro or so router, which is > meant to do just that. Search their website, you'll see. > > I was contacted by a company which sells a software doing that too. Price > with > a box is approx. 10k USD, so quite expensive. But they have a GUI, which > makes > life for administrators sometimes easier. > > The biggest problem seems to detect the failure of one link. Ie. if you have > your freebsd box with 3 NICs, nic1 -> isp1 via cable; nic2 -> isp2 via adsl; > nic3 -> to your lan or whatever. > > Both ISPs will have some CPE at your location, probably your adsl modem and > the > cable tv modem. > > If now one link fails, say the cable link, this will have in 99.9% of the > cases > no impact between your cable modem and your freebsd box, so the link between > the freebsd box and your CPE of the cable isp will stay up. That's the hard > trick now, to detect, that the cable link has failed. > > Some products, as Radware's Linkproof, have own algorithms to track such a > failure > down. > > A basic load sharing with no failover redundance can be made (to what I > under- > stand) by adding 2 default routes, with the same metric. But that is not all > you'd > want or need. > > Just technically speaking, I think you could do that: > > - box with 3 nics > - nat and 2 default routes > - cron job, which runs every 10secs which detects a link fail --> remove > the > appropriate route from the routing table. > > Ok, now you have a failover box. But you still have your single point of > failure, it's > the freebsd box itself. Ok, now you could come up with some heartbeat or > other HA > full clustered solution. > > In the end, you buy so much hardware and you'd use so much time, that it > might me simplier, > hassle-free and just cheaper, to buy a 10k USD box, even if you might find a > cheaper one > on ebay et al. > > Regards > Arie > > > > -----Ursprungliche Nachricht----- > Von: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]Im Auftrag von Domain > Administrator > Gesendet: Donnerstag, 20. Marz 2003 07:24 > An: freebsd-question@FreeBSD.ORG; freebsd-isp@FreeBSD.ORG > Betreff: Multiple Internet connection with failover/load-balancing > > > Hello all, > > We've been offering commercial Internet failover/load-balancing products > to our clients, but we occasionally receive requests by some clients > to provide less costly solution. While full redundancy for both > inbound and outbound traffic will require BGP or OSPF, these clients > simply wish to join multiple Internet connections (DSL, ISDN or T1) from > different providers to gain failover capability should one of their > links failed. Without ISPs' support, this type of redundancy only applies > to outbound traffic, but that will suffice the clients' requirements > already. > > I searched through the mailing lists and forums but found only very > limited resources on how to accomplish such gateway/firewall setup using > FreeBSD (or other BSD). It seeems for this type of setup requires > running of multiple NAT daemons. Has anyone done something like this? or > point me to any HOW-TOs? > > Thank you all for your input. > > Mike > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message