Load Balancing - Nice and Easy - no BGP, no isp help.

Sun Sep 11 02:57:20 PDT 2005

Marcin Jessa wrote:

>Hi.
>
>I am not sure what you're trying to accomplish.
>Sometimes it seems like you want redudant links and sometimes like you want a proxy server.
>Could you please describe your problem ?
>
>End a quick link for Eric Bates: http://www.openbsd.org/faq/pf/pools.html
>
>Cheers,
>Marcin
>
>On Tue, 06 Sep 2005 13:18:10 -0400
>"Eric W. Bates" <ericx at vineyard.net> wrote:
>
>  
>
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA1
>>
>>I've seen one commercial product control incoming load-balancing with DNS.
>>
>>Theoretically if you set the TTL for the RRs down low (I've never gone
>>shorter than 300 seconds; but I suppose you could go smaller); you could
>>then 'direct' incoming traffic by providing one IP or the other.  Tools
>>like bind9-dlz should make it easier to control the zone file dynamically.
>>
>>In the case of a web page that requires a consistent route during a
>>session, I don't know of an easy way to control bind response based on
>>request source.  You can put source configs in named.conf (we do this
>>for "split-horizon" DNS when you use the same name server to respond to
>>requests from both inside and outside a NAT). But I don't believe that
>>aspect is hooked for dynamic control inside the latest version (I could
>>be wrong).
>>
>>Can you share your pf config?
>>
>>Ovidiu Ene wrote:
>>    
>>
>>>Hello friends
>>>
>>>I am trying for a while to make a load balancer under FreeBSD. No BGP
>>>support from isps!
>>>
>>>I would have: 3 nics, ISP1 nic, ISP2 nic and LAN nic.
>>>What i've done until now, after reading lots of posts, googling for a
>>>while:
>>>
>>>- I've suceeded to setup an outgoing load balancer with pf, it works
>>>perfectly but only for outgoing traffic;
>>>- I've noticed that almost everybody thing that it cannot be done load
>>>balancing with BSD of incoming and outgoing without help of that both
>>>ISP (BGP)
>>>- I find hardware with proprietary OS/firmware that can do load
>>>balancing without support of ISP. Some are cheap (300$), but at review
>>>does not know to load balance incoming traffic (break functionality of
>>>some pages accessed, since some of load is on one interface, some of
>>>other, works corectly only if i setup to come some type of traffic on
>>>one interface, some of other (for example trafic via port 80 on one nic,
>>>ftp traffic on the other), also are expensive hardware load balancers
>>>(over 1000$) that... i am asking myself how it works, without help of isp.
>>>- I've found somewhere that it can be done load balancing but not with
>>>one box with that 3 nics, but with 3 boxex, because (that article i am
>>>"insipring" said that every box has just one routing table) because can
>>>be created a virtual server that with handle routes from that 2 boxes.
>>>- People told me that in Linux load balancing cand be done, 3 nics, 2
>>>external, one to Lan, with iptables. Here is a short article:
>>>http://linux.com.lb/wiki/index.pl?node=Load%20Balancing%20Across%20Multiple%20Links
>>>
>>>
>>>So, my question is, if some people made it (in expensive hardware that
>>>did have the same OS, maybe even FreeBSD, and proprietary algorythms)
>>>and in Linux it can be done (people told me, i've read articles and also
>>>so it here, where i live) why it cannot be done under FreeBSD?
>>>I guess it can be done, I want to do it with FreeBSD, and want to obtain
>>>same performances as with Linux.
>>>
>>>What is your opinion about that? What should I do? Anybody suceed in
>>>making load balancing work that way?
>>>
>>>Best Regards,
>>>Ovidiu
>>>
>>>ps. FreeBSD is the best!
>>>
>>>
>>>_______________________________________________
>>>freebsd-questions at freebsd.org mailing list
>>>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>>To unsubscribe, send any mail to
>>>"freebsd-questions-unsubscribe at freebsd.org"
>>>
>>>_______________________________________________
>>>freebsd-isp at freebsd.org mailing list
>>>http://lists.freebsd.org/mailman/listinfo/freebsd-isp
>>>To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
>>>      
>>>
>>- --
>>Eric W. Bates
>>ericx at vineyard.net
>>-----BEGIN PGP SIGNATURE-----
>>Version: GnuPG v1.4.1 (FreeBSD)
>>Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>>
>>iD8DBQFDHc9SD1roJTQ4LlERAnZHAJwKnNsC9xX7iCc5GM3CV7jEpDlJHgCgyZUX
>>9U5JcwBy4JVlTru/8WLn/hU=
>>=16h9
>>-----END PGP SIGNATURE-----
>>_______________________________________________
>>freebsd-isp at freebsd.org mailing list
>>http://lists.freebsd.org/mailman/listinfo/freebsd-isp
>>To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
>>    
>>
>_______________________________________________
>freebsd-isp at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-isp
>To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
>  
>

Hello

I have a LAN with 100 users and a router, I have 3 nics, one for lan and 
2 for ISP 1 and ISP 2.
I want that traffic from lan to be load balanced using both isps.
I've tried with pf, but i only have outgoing load balancing. I want to 
load balance incoming because most traffic is done by users from lan, 
downloading files / p2p programs.

The pf.conf file i've used is similar to the one on openbsd pf page.
( http://www.openbsd.org/faq/pf/pools.html )
Also I've tried different configs, none worked on incoming, only outgoing.

I've also tried with 2 nat, 2 divert on both isp interfaces.
The problem is that I only have one default route, so all traffic goes 
via default route. Can I acomplish my purpose with multipath routes? I 
do not have support from ISP.

I've succeed to make 2 route rules, half of 0.0.0.0/0 traffic to go on 
one isp gateway,  half on the other, but if people from lan access more 
addreses from one part, i do not have load balance.

The thing is that there are commercial routers (some of them using bsd, 
some linux) that can do load balancing without isp support. How they do 
that?

If is not possible to do, channel bound will help?

Best Regards,
Ovidiu