Failover and load balancing using advanced NAT daemon

[Oleg Tarasov]

Hello,

I have an idea of implementation of this common task. Please tell me
if there is some alternative or use my idea to implement advanced NAT
daemon (this would be great). Maybe it would be good to upgrade
standart natd daemon.

The task:
We have several interfaces connected to internet and all having static
IPs and one (or more) interfaces to local network.
We must provide NATed internet access to local network users
load-balancing internet interfaces and providing failover. All session
have to "remember" their outgoing interface as one session will break
if packets start to come from different IPs.

A way to perform this:
- We need to monitor interface state (some simple like up/down) or more
complex like periodic gateway ping for example.
- We need to measure interface load
- We need NAT that aliases outgoing connections to one of these
interfaces
- We need to route outgoing packets based on source IP assigned by
NAT. This can be performed using ipfw forward mechanism.

First three functions would be great to be implemented inside one
daemon like standart natd. Packets should be diverted into it. This
daemon can easily perform all of the tasks listed above as all of the
packets are passed through it.

Using it in a combination with policy-routing would be a powerful
mechanism!

-- 
Best regards,
 Oleg Tarasov                          mailto:subscriber at osk.com.ua