Date: Fri, 7 Dec 2001 12:07:45 -0600 (CST) From: Nick Rogness <nick@rogness.net> To: Lars Eggert <larse@ISI.EDU> Cc: Steve Ames <steve@virtual-voodoo.com>, Anders Hagman <anders.hagman@netplex.se>, freebsd-hackers@FreeBSD.ORG Subject: Re: Nat through two DSL Message-ID: <Pine.BSF.4.21.0112071159590.4544-100000@cody.jharris.com> In-Reply-To: <3C10F906.1020908@isi.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 7 Dec 2001, Lars Eggert wrote:
> Steve Ames wrote:
>
> >>>I want to load share between two ADSL modems using a NAT/Firewall.
> ...
>
>
> >>>The ADSL are 500k links and I want to load share on session by session.
> >>>Can I do NAT between an inside interface and two outside interfaces
> >>>acting in a round robin fashion?
> >>>
> >>This may not be the good idea you'd think on first glance. If one of the
> >>paths has a slightly different RTT (and they're pretty much guaranteed
> >>to), you'll see out-of-order delivery at the receiver. I remember seeing
> >>some study that showed that TCP doesn't react too nicely under such
> >>conditions (it works, but not at peak performance).
> >>
> >
> > Is it even possible to do use two upstream paths for redundancy? I tried
> > (very briefly while I had two broadband connections while switching from
> > one to the other) to get that to work and wasn't very successful.
>
> Redundancy is a different issue from load-sharing.
>
> If you want to switch between a primary and a backup link there are a
> number of ways to do this.
>
> However, Anders was trying to stripe packets over both links (not
> technically a problem) to increase throughtput. When running TCP over a
> striped link, you may not see the performance gain you'd expect.
>
Load sharing is not possible on a per packet basis when running
NAT on the outside interfaces. The source address for each packet
will be different.
Let's say in the most simple case the BSD machine is alternating
packets out each interface for a common destination, the source
address for the packets will be different, hence the destination
machine will be receiving packets from both nat address...which
are different.
On a per session basis, you may be able to work with ipfw fwd
(which does policy based forwarding) and the ipfw probability work
done by Luigi. man ipfw for more info.
As far as redundancy, there are a couple of options. BOth will
not be easy with your setup.
Nick Rogness <nick@rogness.net>
- Keep on Routing in a Free World...
"FreeBSD: The Power to Serve!"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0112071159590.4544-100000>