FreeBSD router two DSL connections

[Steve Bertrand]

> If you have read this thread you will have already seen that 
> you cannot get increased throughput this way.
> 
> As I asked before, explain how a DSL line to SpiritOne 
> running at 1MBit/sec and a Comcast cable connection running 
> at 1MBit/sec will allow you to download the FreeBSD release 
> iso file at 2MBit/sec.  This will be interesting.
> 
> If you can't do it, which I will tell you that you can't, you 
> have not increased throughput.

I agree with this whole-heartedly.

> And as for redundancy, I already explained that while this 
> setup increases redundancy, the redundancy must be manually 
> done - monitored by a human, and switched over when needed - 
> or it will not react to the most common redundancy problems.

Well, technically, it could be scripted:

- load balancer pings primary upstream gateway
- primary upstream gateway does not respond
- run script that reconfigures routing tables, NAT etc accordingly

Which I wouldn't trust in a critical uptime environment. Plus, this
would NOT have the effect of increasing throughput.

> 
> > The primary problem is that you
> >need to make sure outgoing data for a connection is using 
> the same line 
> >as the incoming connection.
> 
> No, not at all.  The primary problem is that the incoming 
> data that is in response to the outgoing connection will come 
> in on the same line that the outgoing connection used.

Yes indeed. Unless you mask or 'spoof' your IP in the packet header as
it's going out, the traffic will always come back via the same pipe.
Unless of course your upstream allows this, which I doubt very much.

> >If the majority to all connections are
> >outgoing and both lines use NAT and have unique IP addresses, it's 
> >simpler to setup.
> >If you have incoming connections as well, either only one of the two 
> >lines will be used or you'll need BGP
> 
> Explain how to run BGP with a DSL line to Spirit One and a 
> cable line to Comcast.

BGP with two separate Internet providers such as those you speak of is
nearly impossible. Realistically, to run BGP, you have to have utmost
co-ordination between yourself, and BOTH providers. As soon as either
one disagrees (which they will), this will not work.

BGP is typically used in Point-to-Point connections. Generally, it's
used by ISP's to THEIR upstream providers. For instance, at the ISP at
which I work, part of the feed consists of three T-1's. Two of the T-1's
are bound together as a single channel (effectively doubling the
throughput), and the third is for load-balancing and redundancy. BGP is
used for this, but if I want to make a change, I have to get on the
phone with my upstream provider, and do the BGP changes together at both
ends.

Trying to do BGP with a single $40 to $80 DSL customer would not only be
financially wasteful because of wasted time and resources, most networks
are not set up to do this easily. As a matter of fact, just thinking
about it makes my head hurt.

If you really want this type of redundancy, and reliable throughput,
especially for a business, go the proper way and get your connection(s)
from an ISP's upstream provider. (Allstream, MCI, Sprint etc).

> >or some kind of
> >static route setup by the two ISPs.

We are a small ISP (<10,000 clients), and I wouldn't even do this. This
is easily something that could be forgotten it was done, slip through
the cracks, and cause all sorts of havoc down the road once the client
has up and left. Especially if the second provider mucks up their end.

Again, personally, the way I look at it is if you want to pay $40-$80
for your Internet connection, you technically get what you pay for.

If you REALLY wanted this done, you would have to personally know
someone inside the ISP who actually has direct and full access to the
infrastructure. I assure you, calling Comcast support desk and asking
them to 'please apply this routing structure for me' will get you no
where. You would have lost them at 'apply' :)

> >I have done this with a Linux router and using Comcast Cable and 
> >SpiritOne DSL.  We had all incoming connections use DSL and outgoing 
> >connections use either line.
> 
> You used the dual-NAT package that was detailed earlier which 
> is the only one that can do that - is specific to Linux - and 
> as I explained before, also will not permit you to take a 1MB 
> DSL line from one provider and a 1MB cable line from the 
> cable company and download a freebsd iso at 2MB.  Thus it is 
> not load-balancing because it does not actually use both 
> lines for a connection.
> 
> > We balanced them by internal IP addresses,
> 
> You did not balance them, you had some of the inside IP 
> numbers use one line, and others use the other line.  This 
> isn't load balancing.

Which, AFAICT, if the device sent data out one of the lines, it would
have come back in the same. Essentially, you are 'preserving' throughput
simply by dividing your network in half. This is not balancing.
Balancing is 'least-used'. In this configuration, you could have one
pipe maxed out, while the other at 2%. It would depend on which network
device was doing what.

This situation also provides no redundancy (each half will go down in
the event one of the connections goes down), nor increased throughput
(each half of the network still only utilizes one connection).

> 
> >but there might be more sophisticated methods.  I do not know what 
> >support FreeBSD has for this kind of routing though.  At the very 
> >minimum, you could get redundancy for outgoing connections 
> by switching 
> >the route to use the other line when the first one fails.
> >
> 
> Which is not redundant.

I've always classified redundancy as 'automatic failover'. If something
breaks, it can fix itself and I don't have to come into work to fix
anything, and I can read about it in my morning notifications.

Steve