Re: [pfSense] Triple WAN

2014-09-09 Thread Benjamin Swatek 

Chris Bagnall wrote:

I tend to work on the principle of sending your ‘I care about latency’ traffic 
down one connection: SIP, mail, SSH and various streaming protocols are the 
ones I normally separate - you may have others to consider. I then create a 
gateway group for the other two connections in a standard round robin load 
balance.

Would you mind giving a few examples how you do this exactly?
I have absolutely no control over the clients on one of my LANs (open 
hostel wifi), and people tend to saturate my 4 WANs

If you can easily separate your clients out on the LAN side, you can go a step 
further: in one of the offices we supply, floor 1 is balanced across WANs 1 and 
3; floor 2 is balanced across WANs 2 and 4.

These methods are all to prevent one single client saturating the connectivity 
into a building. You’ll have to do some experimentation to find out what works 
best in your environment.

One final word of advice: send HTTPS connections down a single WAN. Many 
‘secure’ sites will expire sessions if connections come from different IPs and 
your clients will get upset very quickly if they’re having to re-login to 
online services every few minutes.
That's the only part I figured out myself, all https is from 3 different 
LANs is going down one WAN connection.


Thanks a lot!

Ben

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] Triple WAN

2014-09-08 Thread Joe Laffey 

Hi,

Anyone using Load Balancing for a triple WAN setup? This work OK in 
pfSense? What about older 1.2.3 systems?


Thanks,

--
Joe Laffey
The Stable
Visual Effects
http://TheStable.tv/?e35644M/
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Triple WAN

2014-09-08 Thread Jason McClung 

On 9/8/2014 10:07 AM, Joe Laffey wrote:

Hi,

Anyone using Load Balancing for a triple WAN setup? This work OK in 
pfSense? What about older 1.2.3 systems?


Thanks,

Yes. I've used triple wan since 2.0, I had dual wan during 1.2.3 
versions. I would recommend using the latest version pfSense. It is much 
easier to setup load balancing/fail-over than 1.2.3.


https://doc.pfsense.org/index.php/Multi-WAN_2.0
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Triple WAN

2014-09-08 Thread Chris Bagnall 
On 8 Sep 2014, at 18:07, Joe Laffey j...@laffey.tv wrote:
 Anyone using Load Balancing for a triple WAN setup? This work OK in pfSense? 
 What about older 1.2.3 systems?

I have a triple WAN setup at home, which worked fine in 2.0 and likewise now in 
2.1. There are limitations in 1.2.3 that complicate things slightly - inability 
to choose which gateway a DNS server uses is the big one, especially if your 
WANs come from different service providers with DNS locked down to only allow 
access from their IP ranges.

I also have several quad WAN setups in managed office buildings where short 
tenancy agreements prevent the occupants from signing up to 3 year fibre leased 
line contracts.

As a general rule, you’re (in my experience) better off not doing simple round 
robin load balancing. RR is done on a connection basis, so it’s still possible 
for one client machine to saturate all 3 WANs, thus reducing quality of service 
for other users. This is especially problematic if you have clients you don’t 
control (i.e. where you don’t have administrative veto over the crap they 
install on them) - it’s quite easy for someone to install a P2P app, or simply 
have malware that tries to propagate itself by creating lots of outbound 
connections.

I tend to work on the principle of sending your ‘I care about latency’ traffic 
down one connection: SIP, mail, SSH and various streaming protocols are the 
ones I normally separate - you may have others to consider. I then create a 
gateway group for the other two connections in a standard round robin load 
balance.

If you can easily separate your clients out on the LAN side, you can go a step 
further: in one of the offices we supply, floor 1 is balanced across WANs 1 and 
3; floor 2 is balanced across WANs 2 and 4.

These methods are all to prevent one single client saturating the connectivity 
into a building. You’ll have to do some experimentation to find out what works 
best in your environment.

One final word of advice: send HTTPS connections down a single WAN. Many 
‘secure’ sites will expire sessions if connections come from different IPs and 
your clients will get upset very quickly if they’re having to re-login to 
online services every few minutes.

Kind regards,

Chris
-- 
C.M. Bagnall
This email is made from 100% recycled electrons

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list