We looked into how to get our IPCop to handle this type of setup a while ago, too. We ended up with the decision that if we wanted it to happen in our network, we were going to hire Rubin to do it - because while my Linux kung-fu *might* be strong enough, I lack the time to deal and troubleshoot it. BUT then we got into a budget crunch, and hiring Rubin got put on ice (sorry Rubin, we're still hoping to get you in here in the not too distant future).
While the $300 router might solve the problem, and looks nice, it is sort of a black-box. If it doesn't do what you need, or behaves oddly, you'd have to hack it to get inside and figure out what is going on, probably voiding warranty, and ending up with a firewall setup where far less paid and free support is available. We have been wary of this. Pick your poison, I 'spose. -Nick --- Nicholas Floersch (pr. Floor-sh) Stone Environmental, Inc. Desk: 802.229.1872 [email protected] > -----Original Message----- > From: Vermont Area Group of Unix Enthusiasts > [mailto:[email protected]] On Behalf Of Paul Flint > Sent: Monday, August 17, 2009 9:34 AM > To: [email protected] > Subject: Re: IPcop -- load balancing? > > Dear Rubin, > > While IPCop has no gui method of load balancing, I believe that what > you > have proposed would work. I intend to test this in the lab here. > > Thanks. > > Flint > > On Sun, 16 Aug 2009, Rubin Bennett wrote: > > > Date: Sun, 16 Aug 2009 22:25:01 -0400 > > From: Rubin Bennett <[email protected]> > > Reply-To: Vermont Area Group of Unix Enthusiasts <[email protected]> > > To: [email protected] > > Subject: Re: IPcop -- load balancing? > > > > On Sun, 2009-08-16 at 21:45 -0400, john bertelsen wrote: > >> Chris, I am also on the IPCop mailng list. This question has come up > >> on that list. Invariably folks say that IPCop is not designed to do > >> this and to try pfsense. > >> > >> I have been using IPCop as our home router for about two years now. > >> There is discussion about a version 2.0 coming out this fall. > However, > >> I don't think load balancing is part of it. I potentially have a > need > >> for load balancing at work so am starting to look into pfsense. > >> > >> John Bertelsen > > > > Chris - > > > > There are 2 parts to your question (and forgive me if I missed > > something, I looked at your diagram for a total of about 10 seconds). > > > > First part: Getting a linux box to perform outbound load balancing is > > fairly simple to accomplish; it's really a single command: > > > > ip rule add scope global nexthop {first default router IP} dev {ethx} > > weight 1 nexthop {second default router IP} dev {ethx} weight 1 > > > > That command tells the system to add a dual default route for > outbound > > traffic, and assumes that the 2 connections have identical speeds > (i.e. > > both connections are weighted the same). > > > > Take the following example - suppose you have a 768k/3mb DSL > connection > > with a default route of 10.0.1.1, and another Cable connection with > > 2mb/20mb (gateway of 24.48.1.1). The DSL is connected to eth0, and > the > > Cable is on eth1 > > > > WANIF1=eth0 > > WANGW1=10.0.1.1 > > WAN1Weight=3 > > > > WANIF2 > > WANGW2=24.48.1.1 > > WAN2Weight=20 > > > > ip route add scope global nexhop via $WANGW1 dev $WANIF1 weight \ > > $WAN1Weight nexthop via $WANGW2 dev $WANIF2 weight $WAN2Weight > > > > And done! > > > > I've done this many times and it works perfectly well as long as > you're > > only dealing with traffic generated from *behind* your firewall > > (outbound)... > > > > The problem is that most of us have stuff that's coming IN to our > > networks as well (i.e. PAT) because we're running servers of some > flavor > > behind our routers. Then, in addition to the above command, you're > on > > the descent into hell known as Linux IP connection tracking, extra > > routing tables, packet tagging etc.. In other words, it's down the > > rabbit hole for you... LARTC is black arts, man... > > > > Full in and out-bound load balancing is something I've done with some > > success but it's a royal PIA to set up and get working, and is not > > easily 'splained in an email. However, once it's set up, it works > most > > excellently! > > > > Rubin > > > > -- > > Rubin Bennett > > rbTechnologies, LLC > > 80 Carleton Boulevard > > East Montpelier, VT 05651 > > > > (802)223-4448 > > http://thatitguy.com > > > > "Think for yourselves and let others enjoy the privilege to do so > too." > > Voltaire, Essay on Tolerance > > French author, humanist, rationalist, & satirist (1694 - 1778) > > > > Kindest Regards, > > > > Paul Flint > (802) 479-2360 > > > /************************************ > Based upon email reliability concerns, > please send an acknowledgment in response to this note. > > Paul Flint > Barre Open Systems Institute > 17 Averill Street > Barre, VT > 05641 > > http://www.bosivt.org > http://www.flint.com/home > skype: flintinfotech > Work: (202) 537-0480 > > Consilium _ > gratuitum .~. ASCII ribbon campaign ( ) > valet /V\ against HTML e-mail X > quanti /( )\ www.asciiribbon.org / \ > numerantur ^^-^^ This communication, including any attachments, is solely for the confidential use of the person(s) named above. If you have received this communication in error, please notify the sender immediately and delete/destroy the original. Any reader other than the intended recipient is hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited.
