On Sun, 2009-08-16 at 21:45 -0400, john bertelsen wrote:
> Chris, I am also on the IPCop mailng list. This question has come up
> on that list. Invariably folks say that IPCop is not designed to do
> this and to try pfsense.
>
> I have been using IPCop as our home router for about two years now.
> There is discussion about a version 2.0 coming out this fall. However,
> I don't think load balancing is part of it. I potentially have a need
> for load balancing at work so am starting to look into pfsense.
>
> John Bertelsen
Chris -
There are 2 parts to your question (and forgive me if I missed
something, I looked at your diagram for a total of about 10 seconds).
First part: Getting a linux box to perform outbound load balancing is
fairly simple to accomplish; it's really a single command:
ip rule add scope global nexthop {first default router IP} dev {ethx}
weight 1 nexthop {second default router IP} dev {ethx} weight 1
That command tells the system to add a dual default route for outbound
traffic, and assumes that the 2 connections have identical speeds (i.e.
both connections are weighted the same).
Take the following example - suppose you have a 768k/3mb DSL connection
with a default route of 10.0.1.1, and another Cable connection with
2mb/20mb (gateway of 24.48.1.1). The DSL is connected to eth0, and the
Cable is on eth1
WANIF1=eth0
WANGW1=10.0.1.1
WAN1Weight=3
WANIF2
WANGW2=24.48.1.1
WAN2Weight=20
ip route add scope global nexhop via $WANGW1 dev $WANIF1 weight \
$WAN1Weight nexthop via $WANGW2 dev $WANIF2 weight $WAN2Weight
And done!
I've done this many times and it works perfectly well as long as you're
only dealing with traffic generated from *behind* your firewall
(outbound)...
The problem is that most of us have stuff that's coming IN to our
networks as well (i.e. PAT) because we're running servers of some flavor
behind our routers. Then, in addition to the above command, you're on
the descent into hell known as Linux IP connection tracking, extra
routing tables, packet tagging etc.. In other words, it's down the
rabbit hole for you... LARTC is black arts, man...
Full in and out-bound load balancing is something I've done with some
success but it's a royal PIA to set up and get working, and is not
easily 'splained in an email. However, once it's set up, it works most
excellently!
Rubin
--
Rubin Bennett
rbTechnologies, LLC
80 Carleton Boulevard
East Montpelier, VT 05651
(802)223-4448
http://thatitguy.com
"Think for yourselves and let others enjoy the privilege to do so too."
Voltaire, Essay on Tolerance
French author, humanist, rationalist, & satirist (1694 - 1778)
