From owner-freebsd-questions@FreeBSD.ORG Tue Dec 27 18:38:59 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3672416A446 for ; Tue, 27 Dec 2005 18:38:59 +0000 (GMT) (envelope-from danial_thom@yahoo.com) Received: from web33315.mail.mud.yahoo.com (web33315.mail.mud.yahoo.com [68.142.206.130]) by mx1.FreeBSD.org (Postfix) with SMTP id 69F5743DD0 for ; Tue, 27 Dec 2005 18:38:37 +0000 (GMT) (envelope-from danial_thom@yahoo.com) Received: (qmail 44293 invoked by uid 60001); 27 Dec 2005 18:38:26 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=FutGnVLjNIh20Wr3CQkt19h21x8HV9UpWTCNew6sFh/IMSsjBDASLHdWZcxLeR0wkHgA5kX3kHAXND64pIfbmnUk03kFkzpSwpEmoubGbZhIvS+R2Teh3r/JcZR+Ie4cUCu7IdqipzmOxkYi51neuSouogjn4XlhkYmMsgs+pD8= ; Message-ID: <20051227183826.44291.qmail@web33315.mail.mud.yahoo.com> Received: from [24.46.186.215] by web33315.mail.mud.yahoo.com via HTTP; Tue, 27 Dec 2005 10:38:26 PST Date: Tue, 27 Dec 2005 10:38:26 -0800 (PST) From: Danial Thom To: Ted Mittelstaedt , "Winelfred G. Pasamba" In-Reply-To: <20051227160015.58584.qmail@web33308.mail.mud.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: "Loren M. Lang" , Yance Kowara , freebsd-questions@freebsd.org Subject: RE: FreeBSD router two DSL connections X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: danial_thom@yahoo.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Dec 2005 18:38:59 -0000 --- Danial Thom wrote: > > > --- Ted Mittelstaedt > wrote: > > > > > Does it meet the test I already outlined? > > > > Download the FreeBSD iso then upload it to a > > remote server, > > with both lines connected. Time it. > > > > Disconnect 1 line, then repeat the test. If > > the time to > > download and upload when both DSL lines are > > connected is > > half the time it takes when 1 DSL line is > > connected, then > > your load-balancing. > > > > If not, then you are not - although if it > makes > > you feel > > like you haven't wasted your money claim your > > "per session load balancing" then I suppose > it > > would be > > uncharitable to make you feel bad by pointing > > out that > > this is purely a marketing term with no > > networking > > significance. > > > > Oops. > > > > Ted > > > Ted seems incapable of grasping how things > work, > so I don't recommend wasting your time on > anything he says. > > As I stated, you cannot control how traffic > comes > into your network, so Ted's little download > test > is sure not to work. Traffic is routed to > whichever ISP has the best route. You can only > control how traffic goes OUT of your network. > So > load-balancing can only increase your upload > speeds, not your download speeds. If you are > hosting this is useful. If you have mostly > download traffic, then its probably not worth > is. > > I don't know if Ted is trying to boondoggle you > into thinking his view is correct, or he just > doesn't understand it. I suspect its a bit of > both. > > You should really try the freebsd-isp list, as > there are at least some people on there that > have > a clue. Although even Ted's resume looks good > on > paper, so you really can't tell. Incompetence > is > widespread. > > DT To sooth the nerves of the OP, the truth about this is that it might work and it might not. Ted's assertion that all ISPs do ingress address filtering is simply wrong. Not even close. My assumption that none do isn't right either. IF when one of your lines goes down you are still online then you can load-balance outbound. IF you are multi-homed or have a working backup scenario, then you can load balance outbound. There is much discussion on the trade-offs of ingress address filtering, and many believe its the old "cut off your nose to spite your face". It reduces the cpu power of your router by causing it to test every packet coming in, it makes multi-homing not work, and it makes changing addresses on a large network extremely more difficult, in order to thwart an unlikely event. I recommend that my customers isolate co-location customers so when worms hit they can find the problem easier. Few do because its easier to have everyone on the same wire. My cable company, for example, changes their networking scheme every few months, and if they had to change ingress filters on 100s of routers manually it would be ridiculously difficult to do. So they don't address filter. Ted is somehow in denial that 100s of people load balance to different destinations. Since he doesn't know the terms (such as round-robin, etc) you can be sure he's never done any of it. The simple truth is that you have to try things. You never know what your upstream is doing. DSL is a strange animal that requires muxes in often very complicated meshes. If you can move your default router to your "other" router then you are likely not filtered. There are many issues more important than address-spoofing, such as stability and performance. I have customers that are so disorganized that they can't isolate any known address group to any specific router, and others that require that you register your MAC address with them or nothing will work at all. You can't postulate what your situation is. You have to do testing and figure out what you can and can't do. The more you know about how things REALLY work, the more innovative you can be in your implementation. DT __________________________________________ Yahoo! DSL – Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com