Re: Problems with outgoing loadbalancing with pppoe(4)

Wed, 28 Dec 2011 11:08:35 -0800 

On 12/28/2011 07:35 PM, Michel Blais wrote:

You could bound those 2 but your ISP would have to bound them too with
the same protocol so I wouldn't count on that. I'm not even sure OpenBSD
support it since I can't really find anything fast on a google search.

You could do a pf rule to route paquets in round robin for each
connection but that would cause NAT persistance problem. Here a FAQ for
this : http://www.openbsd.org/faq/pf/pools.html
This is what i am trying to do (s. attached pf.conf). I found some threads on misc@ and tried to implement the mentioned parts into pf.conf (https should only going out on pppoe1, but it doesn't) but this didn't work out. I left out the outgoing parts, because we didn't provide any services to the internet on that net so outgoing routing to the right interface doesn't match here, i think. I had the corresponding NAT-rules in the pf.conf before, that didn't work out,too. 



You could do a pf rule to do a policy router for a part of your lan is
routed via pppoe1 instead but that also not the best solutions since if
only those routed via pppoe0 use the net, that would still meen pppoe1
unuse.

The best solution is BGP but that not a equal share between those 2.
http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8
http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd.conf&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html


Sorry, but that is not an option for these lines.




Why not contact your ISP to talk with them about possible solution ?
The support from this ISP is shitty at best (yes, these are 'business' lines), but it's cheap and so it's a business decision from the management...
I wonder, why it's not working for me but some subscribers seem to have a working setup for this. But noone mentiones, if it's the same ISP or not. 



Michel

Le 2011-12-28 12:41, Marc Peters a icrit :

Hi List,

i have a problem with multiple DSL Lines and loadbalancing outgoing
traffic. All traffic leaves only over the first interface pppoe0 and i
can't figure out why and how to change this. Maybe the problem is,
that both lines are connected to the same provider and therefore have
the same host as connecting point.


Routing Table:

~ # netstat -rn
Routing tables

Internet:
Destination Gateway Flags Refs Use Mtu Prio Iface
default XXX.YYY.133.6 UGS 0 12091 - 8 pppoe0
127/8 127.0.0.1 UGRS 0 0 33196 8 lo0
127.0.0.1 127.0.0.1 UH 1 258 33196 4 lo0
192.168.0/23 link#5 UC 18 0 - 4 sis0
192.168.0.82 00:19:99:8b:fb:be UHLc 0 4935 - 4 sis0
192.168.0.105 00:30:05:9e:24:1b UHLc 0 16 - 4 sis0
192.168.0.107 40:01:c6:77:b3:41 UHLc 0 0 - 4 sis0
192.168.0.232 00:19:99:a0:3e:65 UHLc 0 576 - 4 sis0
192.168.1.21 e4:1f:13:62:f2:88 UHLc 0 1387 - 4 sis0
192.168.1.22 00:15:17:1e:72:d8 UHLc 0 2816 - 4 sis0
192.168.1.23 78:e7:d1:e3:7f:9a UHLc 0 34 - 4 sis0
192.168.1.53 d8:d3:85:63:6e:86 UHLc 1 117 - 4 sis0
192.168.1.58 68:b5:99:c0:c0:d4 UHLc 0 98 - 4 sis0
192.168.1.59 d8:d3:85:96:15:d6 UHLc 1 614 - 4 sis0
192.168.1.98 00:19:99:8e:77:93 UHLc 0 550 - 4 sis0
192.168.1.111 00:19:99:0f:1b:d4 UHLc 0 10 - 4 sis0
192.168.1.127 00:30:05:a5:89:d2 UHLc 0 1598 - 4 sis0
192.168.1.172 00:23:df:fd:a3:ed UHLc 0 249 - 4 sis0
192.168.1.179 f0:de:f1:39:f6:8b UHLc 0 11 - 4 sis0
192.168.1.241 00:14:4f:d4:a1:84 UHLc 0 2 - 4 sis0
192.168.1.243 00:14:4f:d4:a1:8d UHLc 0 842 - 4 sis0
192.168.1.250 40:01:c6:40:ae:4f UHLc 0 0 - 4 sis0
192.168.2/24 link#8 UC 1 0 - 4 sis3
192.168.2.2 00:1f:12:46:80:80 UHLc 0 11608502 - 4 sis3
XXX.YYY.133.6 AAA.BBB.212.232 UH 0 0 - 4 pppoe1
224/4 127.0.0.1 URS 0 0 33196 8 lo0
[snip]

With tcpdump i see all traffic leaving over pppoe0 and nothing on
pppoe1. Is it even possible with the same provider to do outgoing
loadbalancing? Maybe someone more experienced than me can point into
the right direction.


ifconfig:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33196
priority: 0
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0xa
inet 127.0.0.1 netmask 0xff000000
sis0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:cc:02:00
priority: 0
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.1.2 netmask 0xfffffe00 broadcast 192.168.1.255
inet6 fe80::200:24ff:fecc:200%sis0 prefixlen 64 scopeid 0x5
sis1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:cc:02:01
priority: 0
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::200:24ff:fecc:201%sis1 prefixlen 64 scopeid 0x6
sis2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:cc:02:02
priority: 0
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::200:24ff:fecc:202%sis2 prefixlen 64 scopeid 0x7
sis3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:cc:02:03
priority: 0
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
inet6 fe80::200:24ff:fecc:203%sis3 prefixlen 64 scopeid 0x8
enc0: flags=0<>
priority: 0
groups: enc
status: active
pppoe0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1492
priority: 0
dev: sis1 state: session
sid: 0x4f50 PADI retries: 0 PADR retries: 0 time: 5d 00:14:11
sppp: phase network authproto pap authname "<username>"
groups: pppoe egress
status: active
inet6 fe80::200:24ff:fec9:2e84%pppoe0 -> prefixlen 64 scopeid 0xb
inet AAA.BBB.216.27 --> XXX.YYY.133.6 netmask 0xffffffff
pppoe1: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1492
priority: 0
dev: sis2 state: session
sid: 0x368b PADI retries: 0 PADR retries: 0 time: 5d 00:14:21
sppp: phase network authproto pap authname "<username>"
groups: pppoe
status: active
inet6 fe80::200:24ff:fec9:2e84%pppoe1 -> prefixlen 64 scopeid 0xc
inet AAA.BBB.212.232 --> XXX.YYY.133.6 netmask 0xffffffff
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33196
priority: 0
groups: pflog


pf.conf:
~ # grep -v -e '^\n' -e '^#' /etc/pf.conf

ext_if1="pppoe0"
ext_if2="pppoe1"
int_if1="sis0"
int_if2="sis3"
icmp_types=" echoreq "

set skip on lo

match in all scrub (random-id no-df)

match out on $ext_if1 from $int_if1:network nat-to ($ext_if1)
match out on $ext_if1 from $int_if2:network nat-to ($ext_if1)
match out on $ext_if2 from $int_if1:network nat-to ($ext_if2)
match out on $ext_if2 from $int_if2:network nat-to ($ext_if2)

anchor "ftp-proxy/*"
pass in quick inet proto tcp to port ftp divert-to 127.0.0.1 port 8021

block in all

pass out on $ext_if1 inet proto tcp from ($ext_if1) to any keep state
pass out on $ext_if2 inet proto tcp from ($ext_if2) to any keep state
pass out on $ext_if1 inet proto { udp icmp } from ($ext_if1) to any
pass out on $ext_if2 inet proto { udp icmp } from ($ext_if2) to any

pass in quick on { $int_if1, $int_if2 } proto tcp to { ($int_if1),
($int_if2) } port ssh
pass out on {$int_if1 $int_if2}

pass in on {$int_if1 $int_if2} proto tcp to port 443 route-to (pppoe1
0.0.0.1)

pass in on {$int_if1, $int_if2} from { $int_if1:network,
$int_if2:network } route-to {($ext_if1 0.0.0.1), ($ext_if2 0.0.0.1)}
round-robin

pass inet proto icmp from $int_if1:network to any icmp-type $icmp_types
pass inet proto icmp from $int_if2:network to any icmp-type $icmp_types
pass inet proto icmp from any to ($ext_if1) icmp-type $icmp_types
pass inet proto icmp from any to ($ext_if2) icmp-type $icmp_types
pass inet proto icmp all icmp-type unreach code needfrag

block in on ! lo0 proto tcp to port 6000:6010
antispoof for { lo $int_if1 $int_if2 $ext_if1 $ext_if2 }


dmesg:
OpenBSD 5.0-stable (GENERIC) #2: Wed Dec 14 09:56:26 CET 2011

r...@obsd-build-i386.home:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD"
586-class) 500 MHz
cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX
real mem = 536408064 (511MB)
avail mem = 517582848 (493MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 20/80/26, BIOS32 rev. 0 @ 0xfac40
pcibios0 at bios0: rev 2.0 @ 0xf0000/0x10000
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc8000/0xa800
cpu0 at mainbus0: (uniprocessor)
amdmsr0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
io address conflict 0x6100/0x100
io address conflict 0x6200/0x200
pchb0 at pci0 dev 1 function 0 "AMD Geode LX" rev 0x30
glxsb0 at pci0 dev 1 function 2 "AMD Geode LX Crypto" rev 0x00: RNG AES
vr0 at pci0 dev 6 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 11,
address 00:00:24:c9:2e:84
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
vr1 at pci0 dev 7 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 5,
address 00:00:24:c9:2e:85
ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
vr2 at pci0 dev 8 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 9,
address 00:00:24:c9:2e:86
ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
vr3 at pci0 dev 9 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 12,
address 00:00:24:c9:2e:87
ukphy3 at vr3 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
ppb0 at pci0 dev 14 function 0 "TI PCI2250 PCI-PCI" rev 0x02
pci1 at ppb0 bus 1
sis0 at pci1 dev 0 function 0 "NS DP83815 10/100" rev 0x00, DP83816A:
irq 10, address 00:00:24:cc:02:00
nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1
sis1 at pci1 dev 1 function 0 "NS DP83815 10/100" rev 0x00, DP83816A:
irq 7, address 00:00:24:cc:02:01
nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1
sis2 at pci1 dev 2 function 0 "NS DP83815 10/100" rev 0x00, DP83816A:
irq 10, address 00:00:24:cc:02:02
nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1
sis3 at pci1 dev 3 function 0 "NS DP83815 10/100" rev 0x00, DP83816A:
irq 7, address 00:00:24:cc:02:03
nsphyter3 at sis3 phy 0: DP83815 10/100 PHY, rev. 1
glxpcib0 at pci0 dev 20 function 0 "AMD CS5536 ISA" rev 0x03: rev 3,
32-bit 3579545Hz timer, watchdog, gpio
gpio0 at glxpcib0: 32 pins
pciide0 at pci0 dev 20 function 2 "AMD CS5536 IDE" rev 0x01: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 1: <PIO>
wd0: 1-sector PIO, LBA, 971MB, 1989792 sectors
wd0(pciide0:0:1): using PIO mode 4
pciide0: channel 1 ignored (disabled)
ohci0 at pci0 dev 21 function 0 "AMD CS5536 USB" rev 0x02: irq 15,
version 1.0, legacy support
ehci0 at pci0 dev 21 function 1 "AMD CS5536 USB" rev 0x02: irq 15
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
isa0 at glxpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)

--
Michel Blais
Administrateur riseau / Network administrator
Targo Communications
www.targo.ca
514-448-0773

pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
nsclpcsio0 at isa0 port 0x2e/2: NSC PC87366 rev 9: GPIO VLM TMS
gpio1 at nsclpcsio0: 29 pins
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 "AMD OHCI root hub" rev 1.00/1.00 addr 1
mtrr: K6-family MTRR support (2 registers)
vscsi0 at root
scsibus0 at vscsi0: 256 targets
softraid0 at root
scsibus1 at softraid0: 256 targets
root on wd0a (9db70978ca267360.a) swap on wd0b dump on wd0b

If more info is needed, i will provide it.

marc

Reply via email to