Re: Problems with outgoing loadbalancing with pppoe(4)
Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface default XXX.YYY.133.6 UGS012091 - 8 pppoe0 These two routes have different priorities. In Cisco-land, you can have two routes for 0.0.0.0 w/ mask 0.0.0.0, but twod ifferent metrics will result in an HA not a round-robin condition. Try avoiding the use of /etc/mygate and try to manuallly add two routes with equal-cost priority. XXX.YYY.133.6 AAA.BBB.212.232 UH 0 0 - 4 pppoe1 I've never done this type of application before; So I'm curious to see what results you get. However, first order of business: The man page lists a flag that youc an set: -priority -priority ~BAS
Problems with outgoing loadbalancing with pppoe(4)
Hi List, i have a problem with multiple DSL Lines and loadbalancing outgoing traffic. All traffic leaves only over the first interface pppoe0 and i can't figure out why and how to change this. Maybe the problem is, that both lines are connected to the same provider and therefore have the same host as connecting point. Routing Table: ~ # netstat -rn Routing tables Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface defaultXXX.YYY.133.6 UGS012091 - 8 pppoe0 127/8 127.0.0.1 UGRS 00 33196 8 lo0 127.0.0.1 127.0.0.1 UH 1 258 33196 4 lo0 192.168.0/23 link#5 UC180 - 4 sis0 192.168.0.82 00:19:99:8b:fb:be UHLc 0 4935 - 4 sis0 192.168.0.105 00:30:05:9e:24:1b UHLc 0 16 - 4 sis0 192.168.0.107 40:01:c6:77:b3:41 UHLc 00 - 4 sis0 192.168.0.232 00:19:99:a0:3e:65 UHLc 0 576 - 4 sis0 192.168.1.21 e4:1f:13:62:f2:88 UHLc 0 1387 - 4 sis0 192.168.1.22 00:15:17:1e:72:d8 UHLc 0 2816 - 4 sis0 192.168.1.23 78:e7:d1:e3:7f:9a UHLc 0 34 - 4 sis0 192.168.1.53 d8:d3:85:63:6e:86 UHLc 1 117 - 4 sis0 192.168.1.58 68:b5:99:c0:c0:d4 UHLc 0 98 - 4 sis0 192.168.1.59 d8:d3:85:96:15:d6 UHLc 1 614 - 4 sis0 192.168.1.98 00:19:99:8e:77:93 UHLc 0 550 - 4 sis0 192.168.1.111 00:19:99:0f:1b:d4 UHLc 0 10 - 4 sis0 192.168.1.127 00:30:05:a5:89:d2 UHLc 0 1598 - 4 sis0 192.168.1.172 00:23:df:fd:a3:ed UHLc 0 249 - 4 sis0 192.168.1.179 f0:de:f1:39:f6:8b UHLc 0 11 - 4 sis0 192.168.1.241 00:14:4f:d4:a1:84 UHLc 02 - 4 sis0 192.168.1.243 00:14:4f:d4:a1:8d UHLc 0 842 - 4 sis0 192.168.1.250 40:01:c6:40:ae:4f UHLc 00 - 4 sis0 192.168.2/24 link#8 UC 10 - 4 sis3 192.168.2.200:1f:12:46:80:80 UHLc 0 11608502 - 4 sis3 XXX.YYY.133.6 AAA.BBB.212.232 UH 00 - 4 pppoe1 224/4 127.0.0.1 URS00 33196 8 lo0 [snip] With tcpdump i see all traffic leaving over pppoe0 and nothing on pppoe1. Is it even possible with the same provider to do outgoing loadbalancing? Maybe someone more experienced than me can point into the right direction. ifconfig: lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33196 priority: 0 groups: lo inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0xa inet 127.0.0.1 netmask 0xff00 sis0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:24:cc:02:00 priority: 0 media: Ethernet autoselect (100baseTX full-duplex) status: active inet 192.168.1.2 netmask 0xfe00 broadcast 192.168.1.255 inet6 fe80::200:24ff:fecc:200%sis0 prefixlen 64 scopeid 0x5 sis1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:24:cc:02:01 priority: 0 media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::200:24ff:fecc:201%sis1 prefixlen 64 scopeid 0x6 sis2: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:24:cc:02:02 priority: 0 media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::200:24ff:fecc:202%sis2 prefixlen 64 scopeid 0x7 sis3: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:24:cc:02:03 priority: 0 media: Ethernet autoselect (100baseTX full-duplex) status: active inet 192.168.2.1 netmask 0xff00 broadcast 192.168.2.255 inet6 fe80::200:24ff:fecc:203%sis3 prefixlen 64 scopeid 0x8 enc0: flags=0 priority: 0 groups: enc status: active pppoe0: flags=8851UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST mtu 1492 priority: 0 dev: sis1 state: session sid: 0x4f50 PADI retries: 0 PADR retries: 0 time: 5d 00:14:11 sppp: phase network authproto pap authname username groups: pppoe egress status: active inet6 fe80::200:24ff:fec9:2e84%pppoe0 - prefixlen 64 scopeid 0xb inet AAA.BBB.216.27 -- XXX.YYY.133.6 netmask 0x pppoe1: flags=8851UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST mtu 1492 priority: 0 dev: sis2 state: session sid: 0x368b PADI retries: 0 PADR retries: 0 time: 5d 00:14:21 sppp: phase network authproto pap authname username groups: pppoe status: active inet6
Re: Problems with outgoing loadbalancing with pppoe(4)
You could bound those 2 but your ISP would have to bound them too with the same protocol so I wouldn't count on that. I'm not even sure OpenBSD support it since I can't really find anything fast on a google search. You could do a pf rule to route paquets in round robin for each connection but that would cause NAT persistance problem. Here a FAQ for this : http://www.openbsd.org/faq/pf/pools.html You could do a pf rule to do a policy router for a part of your lan is routed via pppoe1 instead but that also not the best solutions since if only those routed via pppoe0 use the net, that would still meen pppoe1 unuse. The best solution is BGP but that not a equal share between those 2. http://www.openbsd.org/cgi-bin/man.cgi?query=bgpdsektion=8 http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd.confapropos=0sektion=0manpath=OpenBSD+Currentarch=i386format=html Why not contact your ISP to talk with them about possible solution ? Michel Le 2011-12-28 12:41, Marc Peters a icrit : Hi List, i have a problem with multiple DSL Lines and loadbalancing outgoing traffic. All traffic leaves only over the first interface pppoe0 and i can't figure out why and how to change this. Maybe the problem is, that both lines are connected to the same provider and therefore have the same host as connecting point. Routing Table: ~ # netstat -rn Routing tables Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface defaultXXX.YYY.133.6 UGS012091 - 8 pppoe0 127/8 127.0.0.1 UGRS 00 33196 8 lo0 127.0.0.1 127.0.0.1 UH 1 258 33196 4 lo0 192.168.0/23 link#5 UC180 - 4 sis0 192.168.0.82 00:19:99:8b:fb:be UHLc 0 4935 - 4 sis0 192.168.0.105 00:30:05:9e:24:1b UHLc 0 16 - 4 sis0 192.168.0.107 40:01:c6:77:b3:41 UHLc 00 - 4 sis0 192.168.0.232 00:19:99:a0:3e:65 UHLc 0 576 - 4 sis0 192.168.1.21 e4:1f:13:62:f2:88 UHLc 0 1387 - 4 sis0 192.168.1.22 00:15:17:1e:72:d8 UHLc 0 2816 - 4 sis0 192.168.1.23 78:e7:d1:e3:7f:9a UHLc 0 34 - 4 sis0 192.168.1.53 d8:d3:85:63:6e:86 UHLc 1 117 - 4 sis0 192.168.1.58 68:b5:99:c0:c0:d4 UHLc 0 98 - 4 sis0 192.168.1.59 d8:d3:85:96:15:d6 UHLc 1 614 - 4 sis0 192.168.1.98 00:19:99:8e:77:93 UHLc 0 550 - 4 sis0 192.168.1.111 00:19:99:0f:1b:d4 UHLc 0 10 - 4 sis0 192.168.1.127 00:30:05:a5:89:d2 UHLc 0 1598 - 4 sis0 192.168.1.172 00:23:df:fd:a3:ed UHLc 0 249 - 4 sis0 192.168.1.179 f0:de:f1:39:f6:8b UHLc 0 11 - 4 sis0 192.168.1.241 00:14:4f:d4:a1:84 UHLc 02 - 4 sis0 192.168.1.243 00:14:4f:d4:a1:8d UHLc 0 842 - 4 sis0 192.168.1.250 40:01:c6:40:ae:4f UHLc 00 - 4 sis0 192.168.2/24 link#8 UC 10 - 4 sis3 192.168.2.200:1f:12:46:80:80 UHLc 0 11608502 - 4 sis3 XXX.YYY.133.6 AAA.BBB.212.232 UH 00 - 4 pppoe1 224/4 127.0.0.1 URS00 33196 8 lo0 [snip] With tcpdump i see all traffic leaving over pppoe0 and nothing on pppoe1. Is it even possible with the same provider to do outgoing loadbalancing? Maybe someone more experienced than me can point into the right direction. ifconfig: lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33196 priority: 0 groups: lo inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0xa inet 127.0.0.1 netmask 0xff00 sis0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:24:cc:02:00 priority: 0 media: Ethernet autoselect (100baseTX full-duplex) status: active inet 192.168.1.2 netmask 0xfe00 broadcast 192.168.1.255 inet6 fe80::200:24ff:fecc:200%sis0 prefixlen 64 scopeid 0x5 sis1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:24:cc:02:01 priority: 0 media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::200:24ff:fecc:201%sis1 prefixlen 64 scopeid 0x6 sis2: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:24:cc:02:02 priority: 0 media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::200:24ff:fecc:202%sis2 prefixlen 64 scopeid 0x7 sis3: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:24:cc:02:03 priority: 0 media: Ethernet autoselect (100baseTX
Re: Problems with outgoing loadbalancing with pppoe(4)
On 12/28/2011 07:35 PM, Michel Blais wrote: You could bound those 2 but your ISP would have to bound them too with the same protocol so I wouldn't count on that. I'm not even sure OpenBSD support it since I can't really find anything fast on a google search. You could do a pf rule to route paquets in round robin for each connection but that would cause NAT persistance problem. Here a FAQ for this : http://www.openbsd.org/faq/pf/pools.html This is what i am trying to do (s. attached pf.conf). I found some threads on misc@ and tried to implement the mentioned parts into pf.conf (https should only going out on pppoe1, but it doesn't) but this didn't work out. I left out the outgoing parts, because we didn't provide any services to the internet on that net so outgoing routing to the right interface doesn't match here, i think. I had the corresponding NAT-rules in the pf.conf before, that didn't work out,too. You could do a pf rule to do a policy router for a part of your lan is routed via pppoe1 instead but that also not the best solutions since if only those routed via pppoe0 use the net, that would still meen pppoe1 unuse. The best solution is BGP but that not a equal share between those 2. http://www.openbsd.org/cgi-bin/man.cgi?query=bgpdsektion=8 http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd.confapropos=0sektion=0manpath=OpenBSD+Currentarch=i386format=html Sorry, but that is not an option for these lines. Why not contact your ISP to talk with them about possible solution ? The support from this ISP is shitty at best (yes, these are 'business' lines), but it's cheap and so it's a business decision from the management... I wonder, why it's not working for me but some subscribers seem to have a working setup for this. But noone mentiones, if it's the same ISP or not. Michel Le 2011-12-28 12:41, Marc Peters a icrit : Hi List, i have a problem with multiple DSL Lines and loadbalancing outgoing traffic. All traffic leaves only over the first interface pppoe0 and i can't figure out why and how to change this. Maybe the problem is, that both lines are connected to the same provider and therefore have the same host as connecting point. Routing Table: ~ # netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Mtu Prio Iface default XXX.YYY.133.6 UGS 0 12091 - 8 pppoe0 127/8 127.0.0.1 UGRS 0 0 33196 8 lo0 127.0.0.1 127.0.0.1 UH 1 258 33196 4 lo0 192.168.0/23 link#5 UC 18 0 - 4 sis0 192.168.0.82 00:19:99:8b:fb:be UHLc 0 4935 - 4 sis0 192.168.0.105 00:30:05:9e:24:1b UHLc 0 16 - 4 sis0 192.168.0.107 40:01:c6:77:b3:41 UHLc 0 0 - 4 sis0 192.168.0.232 00:19:99:a0:3e:65 UHLc 0 576 - 4 sis0 192.168.1.21 e4:1f:13:62:f2:88 UHLc 0 1387 - 4 sis0 192.168.1.22 00:15:17:1e:72:d8 UHLc 0 2816 - 4 sis0 192.168.1.23 78:e7:d1:e3:7f:9a UHLc 0 34 - 4 sis0 192.168.1.53 d8:d3:85:63:6e:86 UHLc 1 117 - 4 sis0 192.168.1.58 68:b5:99:c0:c0:d4 UHLc 0 98 - 4 sis0 192.168.1.59 d8:d3:85:96:15:d6 UHLc 1 614 - 4 sis0 192.168.1.98 00:19:99:8e:77:93 UHLc 0 550 - 4 sis0 192.168.1.111 00:19:99:0f:1b:d4 UHLc 0 10 - 4 sis0 192.168.1.127 00:30:05:a5:89:d2 UHLc 0 1598 - 4 sis0 192.168.1.172 00:23:df:fd:a3:ed UHLc 0 249 - 4 sis0 192.168.1.179 f0:de:f1:39:f6:8b UHLc 0 11 - 4 sis0 192.168.1.241 00:14:4f:d4:a1:84 UHLc 0 2 - 4 sis0 192.168.1.243 00:14:4f:d4:a1:8d UHLc 0 842 - 4 sis0 192.168.1.250 40:01:c6:40:ae:4f UHLc 0 0 - 4 sis0 192.168.2/24 link#8 UC 1 0 - 4 sis3 192.168.2.2 00:1f:12:46:80:80 UHLc 0 11608502 - 4 sis3 XXX.YYY.133.6 AAA.BBB.212.232 UH 0 0 - 4 pppoe1 224/4 127.0.0.1 URS 0 0 33196 8 lo0 [snip] With tcpdump i see all traffic leaving over pppoe0 and nothing on pppoe1. Is it even possible with the same provider to do outgoing loadbalancing? Maybe someone more experienced than me can point into the right direction. ifconfig: lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33196 priority: 0 groups: lo inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0xa inet 127.0.0.1 netmask 0xff00 sis0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:24:cc:02:00 priority: 0 media: Ethernet autoselect (100baseTX full-duplex) status: active inet 192.168.1.2 netmask 0xfe00 broadcast 192.168.1.255 inet6 fe80::200:24ff:fecc:200%sis0 prefixlen 64 scopeid 0x5 sis1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:24:cc:02:01 priority: 0 media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::200:24ff:fecc:201%sis1 prefixlen 64 scopeid 0x6 sis2: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:24:cc:02:02 priority: 0 media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::200:24ff:fecc:202%sis2 prefixlen 64 scopeid 0x7 sis3: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:24:cc:02:03 priority: 0 media: Ethernet autoselect (100baseTX full-duplex) status: active inet 192.168.2.1 netmask 0xff00 broadcast 192.168.2.255 inet6 fe80::200:24ff:fecc:203%sis3
Re: Problems with outgoing loadbalancing with pppoe(4)
On 2011-12-28, Marc Peters m...@sanity.de wrote: i have a problem with multiple DSL Lines and loadbalancing outgoing traffic. All traffic leaves only over the first interface pppoe0 and i can't figure out why and how to change this. Maybe the problem is, that both lines are connected to the same provider and therefore have the same host as connecting point. No, that's not the problem, I had a setup like this using route-to for someone with 5 lines with the same provider which worked fine. (I now changed that setup to using multipath routes as they are now with an ISP which has good controls on directing inbound traffic between the lines, but it won't be much help with most ISPs). I'm not looking at your rules in detail, but this is possible to setup, just a question of getting the right config. Some basic things to check: - make sure the right rules are matching the packets (use log rules and tcpdump -nei pflog0) - make sure you are sourcing your test traffic from a machine which is affected by route-to rules (traffic generated on the PF box itself won't hit an in rule) - when you do manage to get traffic out of both interfaces, if you still have problems with all or some packets, make sure the correct source address matches up with the correct pppoe interface, otherwise if your ISP does certain types of ingress filtering they may drop packets with a mismatching source address.
