from:"Manpreet Nehra"

Re: Load balancing

2007-12-28 Thread Manpreet Nehra

I am still working on the same problem, I was able to get  2 ISPs load
balanced and even got the bandwidth aggregated. Now i am trying to
balance 3 ISPs and even with the multipath routing enabled and
cofigureed i am not able to even browse anything. Here is my pf.conf

lan_net = 10.15.0.0/16
int_if  = fxp0
ext_if1 = em0
ext_if2 = em1
ext_if1 = em1
ext_gw1 = 192.168.5.1
ext_gw2 = 192.168.6.1
ext_gw3 = 10.7.0.253

nat on $ext_if1 from $lan_net to any - ($ext_if1)
nat on $ext_if2 from $lan_net to any - ($ext_if2)
nat on $ext_if3 from $lan_net to any - ($ext_if3)

block in  from any to any
block out from any to any


pass out on $int_if from any to $lan_net

pass in quick on $int_if from $lan_net to $int_if

pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2)
, ($ext_if3 $ext_gw3) } round-robin proto tcp from $lan_net to any
flags S/SA modulate state
pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2
$ext_gw2), ($ext_if3 $ext_gw3) } round-robin proto { udp, icmp } from
$lan_net to any keep state


pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if1 proto { udp, icmp } from any to any keep state
pass out on $ext_if2 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if2 proto { udp, icmp } from any to any keep state
pass out on $ext_if3 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if3 proto { udp, icmp } from any to any keep state

pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $ext_if1 route-to ($ext_if3 $ext_gw3) from $ext_if3 to any

pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
pass out on $ext_if2 route-to ($ext_if3 $ext_gw3) from $ext_if3 to any

pass out on $ext_if3 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
pass out on $ext_if3 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any

This setup is not working and the odd thing is i am not even able to
ping the local interfaces with this configurting.

Thanks for the help

Manpreet

Ports Question

2007-11-27 Thread Manpreet Nehra

I have been compiling the ports and some of the ports fail flat. On
checking the ftp.openbsd.org, I found the ports.tar.gz was created on
Sep 1. Will there be a newer ports file, since a lot ports dont
compile some because of missing files to be downloaded, Others just
give error that kernel interface has changed and the downloaded source
is not compilable against the 4.2 kernel.


Manpreet

Re: Ports Question

2007-11-27 Thread Manpreet Nehra

i am using the 4.2 release and that's why wondering if the ports tree
is a little outdated, since  alot of stuff has changed over from
september 1 to Novemeber 1 when 4.2 actually released. Arent the
release base and ports in sync?

On Nov 27, 2007 7:59 PM, Stuart Henderson [EMAIL PROTECTED] wrote:
 On 2007/11/27 08:53, Juan Miscaro wrote:
  --- Stuart Henderson [EMAIL PROTECTED] wrote:
 
   On 2007/11/27 08:08, Juan Miscaro wrote:
--- Stuart Henderson [EMAIL PROTECTED] wrote:
   
 On 2007/11/27 13:55, Manpreet Nehra wrote:
  I have been compiling the ports and some of the ports fail
   flat. On
  checking the ftp.openbsd.org, I found the ports.tar.gz was
   created
 on
  Sep 1. Will there be a newer ports file

 ftp ls /pub/OpenBSD/snapshots/ports.tar.gz
 227 Entering Passive Mode (129,128,5,191,169,249)
 150 Have a Gorilla.
 -r--r--r--1 1114 1114 13733974 Nov 26 04:05
   ports.tar.gz
 226 There, everyone likes a Gorilla.
 ftp bye
 221 Goodbye.
   
   
Using a snapshot ports tree to use with RELEASE or STABLE is very
unintuitive.  Shouldn't we simply just replace the older ports
   tarball?
  
   You don't use it with release or stable, you use it with a snapshot.
 
 
  Right, but is he using a snapshot?  I don't think so.

 In that case, 4.2 release ports.tar.gz, dated Sept 1 2007, is the right one.

Load balancing

2007-10-25 Thread Manpreet Nehra

We have are planning to get for 2Mbps lines from the same ISP(their max).
The lines will have different routers in front of them so they can be
configuered
to be in different networks.

   |--
   |
   |--
   |
--Pix Box-Load Balancer|--
   |
   |--


This is a simplified diagram, I am trying to write the load balancing
rules in pf
This is what i have got so far


lan_net = 10.7.2.0/24
int_if  = fxp0
ext_if1 = rl0
ext_if2 = em0
ext_if1 = rl1
ext_if2 = rl2
ext_gw1 = 10.7.3.1
ext_gw2 = 10.7.4.1
ext_gw3 = 10.7.5.1
ext_gw4 = 10.7.6.1


#  nat outgoing connections on each internet interface
nat on $ext_if1 from $lan_net to any - ($ext_if1)
nat on $ext_if2 from $lan_net to any - ($ext_if2)
nat on $ext_if3 from $lan_net to any - ($ext_if3)
nat on $ext_if4 from $lan_net to any - ($ext_if4)

#  default deny
block in  from any to any
block out from any to any

#  pass all outgoing packets on internal interface
pass out on $int_if from any to $lan_net
#  pass in quick any packets destined for the gateway itself
pass in quick on $int_if from $lan_net to $int_if
#  load balance outgoing tcp traffic from internal network.
pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) \
, ($ext_if3 $ext_gw3), ($ext_if4 $ext_gw4i) } round-robin proto tcp from \
 $lan_net to any flags S/SA modulate state
#  load balance outgoing udp and icmp traffic from internal network
pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2), \
($ext_if3 $ext_gw3), ($ext_if4 $ext_gw4i) } round-robin proto { udp, icmp } \
from $lan_net to any keep state

#  general pass out rules for external interfaces
pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if1 proto { udp, icmp } from any to any keep state
pass out on $ext_if2 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if2 proto { udp, icmp } from any to any keep state
pass out on $ext_if3 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if3 proto { udp, icmp } from any to any keep state
pass out on $ext_if4 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if5 proto { udp, icmp } from any to any keep state

#  route packets from any IPs on $ext_if1 to $ext_gw1 and the same for
#  $ext_if2 and $ext_gw2
pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to an

As i see the rules are still incomplete after the last to rules.
1. do i need 3 rules for each interface in the end to the total of 12 more rules
2. Would I be better of using bgpd.

I had posted the same problem a couple of years ago with the similar setup.
Then I had to load balance 3 lines. That time i used iptables+iproute2
combination. That wont work in this case, as lartc mentions, iproute2 does
route caching, now if someone access youtube once and lots of users do the
same, the same connection is used by all. which does not suffice for a
solution here

So that is out completely. This time i have to drive this to completion, I dont
 want my senior Windows admin to out ISA there. Wish me luck too.

Manpreet

Re: Load balancing

Ports Question

Re: Ports Question

Load balancing

4 matches

Site Navigation

Mail list logo

Footer information