Dear Rubin,
While IPCop has no gui method of load balancing, I believe that what you
have proposed would work. I intend to test this in the lab here.
Thanks.
Flint
On Sun, 16 Aug 2009, Rubin Bennett wrote:
Date: Sun, 16 Aug 2009 22:25:01 -0400
From: Rubin Bennett <[email protected]>
Reply-To: Vermont Area Group of Unix Enthusiasts <[email protected]>
To: [email protected]
Subject: Re: IPcop -- load balancing?
On Sun, 2009-08-16 at 21:45 -0400, john bertelsen wrote:
Chris, I am also on the IPCop mailng list. This question has come up
on that list. Invariably folks say that IPCop is not designed to do
this and to try pfsense.
I have been using IPCop as our home router for about two years now.
There is discussion about a version 2.0 coming out this fall. However,
I don't think load balancing is part of it. I potentially have a need
for load balancing at work so am starting to look into pfsense.
John Bertelsen
Chris -
There are 2 parts to your question (and forgive me if I missed
something, I looked at your diagram for a total of about 10 seconds).
First part: Getting a linux box to perform outbound load balancing is
fairly simple to accomplish; it's really a single command:
ip rule add scope global nexthop {first default router IP} dev {ethx}
weight 1 nexthop {second default router IP} dev {ethx} weight 1
That command tells the system to add a dual default route for outbound
traffic, and assumes that the 2 connections have identical speeds (i.e.
both connections are weighted the same).
Take the following example - suppose you have a 768k/3mb DSL connection
with a default route of 10.0.1.1, and another Cable connection with
2mb/20mb (gateway of 24.48.1.1). The DSL is connected to eth0, and the
Cable is on eth1
WANIF1=eth0
WANGW1=10.0.1.1
WAN1Weight=3
WANIF2
WANGW2=24.48.1.1
WAN2Weight=20
ip route add scope global nexhop via $WANGW1 dev $WANIF1 weight \
$WAN1Weight nexthop via $WANGW2 dev $WANIF2 weight $WAN2Weight
And done!
I've done this many times and it works perfectly well as long as you're
only dealing with traffic generated from *behind* your firewall
(outbound)...
The problem is that most of us have stuff that's coming IN to our
networks as well (i.e. PAT) because we're running servers of some flavor
behind our routers. Then, in addition to the above command, you're on
the descent into hell known as Linux IP connection tracking, extra
routing tables, packet tagging etc.. In other words, it's down the
rabbit hole for you... LARTC is black arts, man...
Full in and out-bound load balancing is something I've done with some
success but it's a royal PIA to set up and get working, and is not
easily 'splained in an email. However, once it's set up, it works most
excellently!
Rubin
--
Rubin Bennett
rbTechnologies, LLC
80 Carleton Boulevard
East Montpelier, VT 05651
(802)223-4448
http://thatitguy.com
"Think for yourselves and let others enjoy the privilege to do so too."
Voltaire, Essay on Tolerance
French author, humanist, rationalist, & satirist (1694 - 1778)
Kindest Regards,
Paul Flint
(802) 479-2360
/************************************
Based upon email reliability concerns,
please send an acknowledgment in response to this note.
Paul Flint
Barre Open Systems Institute
17 Averill Street
Barre, VT
05641
http://www.bosivt.org
http://www.flint.com/home
skype: flintinfotech
Work: (202) 537-0480
Consilium _
gratuitum .~. ASCII ribbon campaign ( )
valet /V\ against HTML e-mail X
quanti /( )\ www.asciiribbon.org / \
numerantur ^^-^^
