> Hi, > > I need a help to configure an openBSD server to load balance and > failover internet connection. > I have 2 connections to the internet. > I followed http://www.openbsd.org/faq/pf/pools.html#outgoing but i > didn4t get it working. > I added both routes with: > route add -mpath default 200.162.41.33 > route add -mpath default 189.57.43.1 > > > > > My confs are: > > # cat sysctl.conf |grep inet > net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of > IPv4 packets > net.inet.ip.mforwarding=1 # 1=Permit forwarding (routing) of > IPv4 multicast packets > net.inet.ip.multipath=1 # 1=Enable IP multipath routing > #net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of > IPv6 packets > #net.inet6.ip6.mforwarding=1 # 1=Permit forwarding (routing) of > IPv6 multicast packets > #net.inet6.ip6.multipath=1 # 1=Enable IPv6 multipath routing > #net.inet6.ip6.accept_rtadv=1 # 1=Permit IPv6 autoconf (forwarding > must be 0) > #net.inet.tcp.rfc1323=0 # 0=Disable TCP RFC1323 extensions > (for if tcp is slow) > #net.inet.tcp.rfc3390=0 # 0=Disable RFC3390 for TCP window > increasing #net.inet.esp.enable=0 # 0=Disable the ESP IPsec > protocol #net.inet.ah.enable=0 # 0=Disable the AH IPsec > protocol #net.inet.esp.udpencap=0 # 0=Disable ESP-in-UDP > encapsulation #net.inet.ipcomp.enable=1 # 1=Enable the IPCOMP > protocol #net.inet.etherip.allow=1 # 1=Enable the > Ethernet-over-IP protocol #net.inet.tcp.ecn=1 # 1=Enable > the TCP ECN extension net.inet.carp.preempt=1 # 1=Enable carp(4) > preemption net.inet.carp.log=1 # 1=Enable logging of > carp(4) packets #net.inet.ip.mtudisc=0 # 0=Disable tcp mtu > discovery # > > # cat /etc/mygate > # > > # cat /etc/pf.conf > lan_net = "10.10.20.0/24" > int_if = "vic0" > ext_if1 = "vic2" > ext_if2 = "vic3" > ext_gw1 = "189.57.43.1" > ext_gw2 = "200.162.41.33" > > # nat outgoing connections on each internet interface > nat on $ext_if1 from $lan_net to any -> ($ext_if1) > nat on $ext_if2 from $lan_net to any -> ($ext_if2) > > # default deny > #block in from any to any > #block out from any to any > > # pass all outgoing packets on internal interface > pass out on $int_if from any to $lan_net > # pass in quick any packets destined for the gateway itself > pass in quick on $int_if from $lan_net to $int_if > # load balance outgoing tcp traffic from internal network. > pass in on $int_if route-to \ > { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ > proto tcp from $lan_net to any flags S/SA modulate state > # load balance outgoing udp and icmp traffic from internal network > pass in on $int_if route-to \ > { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ > proto { udp, icmp } from $lan_net to any keep state > > # general "pass out" rules for external interfaces > pass out on $ext_if1 proto tcp from any to any flags S/SA modulate > state pass out on $ext_if1 proto { udp, icmp } from any to any keep > state pass out on $ext_if2 proto tcp from any to any flags S/SA > modulate state pass out on $ext_if2 proto { udp, icmp } from any to > any keep state > > # route packets from any IPs on $ext_if1 to $ext_gw1 and the same for > # $ext_if2 and $ext_gw2 > pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any > pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any > # > > I am able to surf at internet from my 10.10.20.0/24 machines, but > when i turn off vic3 my users lost connection. > It seems it4s using as default route the route i added first. > > Help me plz.
Hi, as the FAQ http://www.openbsd.org/faq/faq6.html#Multipath states: "It's worth noting that if an interface used by a multipath route goes down (i.e., loses carrier), the kernel will still try to forward packets using the route that points to that interface. This traffic will of course be blackholed and end up going nowhere. It's highly recommended to use ifstated(8) to check for unavailable interfaces and adjust the routing table accordingly." So use ifstated to check the link of the interface and populate the routing table accordingly. Regards Uwe
