Re: Merging 2 ADSL lines
* Mitch Parker <[EMAIL PROTECTED]> [2007-12-27 19:27]: > If someone has 2 ADSL lines they're bonding, chances are they're not > going to want BGP set up (most people I know would have at least a /24, > 2 T1s, and a good ISP). Will most providers even let you set up BGP if > you're running less than a /24? My experience has been that most ADSL > providers don't provide these services, but the leased line providers > do. I'm not aware of any ADSL provider offering bgp... and yes, you need a /24 at least, everything else gets filtered out usually. (well. if both links go to the same ISP IP-wise, you could do bgp with a private AS and have your prefix only visible within his network and otherwise covered by his bigger, regularily announced prefix, but then I don't think anyone offers that with home/soho style lines like ADSL either) -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: Merging 2 ADSL lines
At 09:50 AM 12/27/2007 -0800, you wrote: > The issue would be reverse DNS - no way I know of to provide RDNS for the > same hostname on two different IPs (IF you could get the provide to do RDNS > at all!). It would be required for a mail server; it would also farkle a > web server for any s/w that is doing a RDNS check for security; certainly > no way to use an SSL cert. Eh? I don't understand what you are trying to say. $ORIGIN example.com. foo A 192.168.0.1 A 192.168.0.2 That takes care of forward DNS $ORIGIN 0.168.192.in-addr.arpa. 1 PTR foo.example.com. 2 PTR foo.example.com. That takes care of reverse DNS. 1) You don't have access to RDNS at almost all DSL home providers. 2) A 192.168 record cannot validate a server to a remote user, so you can't do the PTRs on your servers. 3) Having TWO reverse DNS records for a mail server is going to choke when you get the connection from one IP and the reverse uses the other connection, so that DNW either. What's the issue? If you're running a home service, OR 'outbound only', you're OK, but it doesn't work for any inbound services without bonding/bgp, as already mentioned. Lee
Re: Merging 2 ADSL lines
Henning, I agree with you on this. However, I was looking at this from the SMTP and outgoing angles (which IMHO is a bit better designed for this scenario than HTTP, SSH, or other services). Obviously you'd want BGP for the Web or other services (and if you've got 2 ADSL lines, you're probably hosting a good chunk of that at a web host that hopefully has it). If someone has 2 ADSL lines they're bonding, chances are they're not going to want BGP set up (most people I know would have at least a /24, 2 T1s, and a good ISP). Will most providers even let you set up BGP if you're running less than a /24? My experience has been that most ADSL providers don't provide these services, but the leased line providers do. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Henning Brauer Sent: Thursday, December 27, 2007 12:42 PM To: misc@openbsd.org Subject: Re: Merging 2 ADSL lines * Mitch Parker <[EMAIL PROTECTED]> [2007-12-27 18:34]: > You don't need bonding for incoming traffic :). > > PF will take care of the outbound load-balancing for you (and there's > an example pf.conf that addresses this in Absolute OpenBSD) if > configured correctly. > > If you have DNS set up right, you don't need bonding for incoming > traffic. That's what MX records and priorities are for WRT SMTP, and > PF and multiple A records are for WRT everything else. > > No provider you've seen will allow that because it's not necessary to > do so due to the fact that DNS can already handle it with a minimum of > work. that is a hobbyist solution that might work ok if you don't actually care for reliability etc - especially with the mutiple A records, when one line is down you won't be reachable for about half of of the people who would want to reach you. the real solution is of course bgp or two lines which go to the same provider IP-wise and he does his share in balancing and failover. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: Merging 2 ADSL lines
* Mitch Parker <[EMAIL PROTECTED]> [2007-12-27 18:34]: > You don't need bonding for incoming traffic :). > > PF will take care of the outbound load-balancing for you (and there's an > example pf.conf that addresses this in Absolute OpenBSD) if configured > correctly. > > If you have DNS set up right, you don't need bonding for incoming > traffic. That's what MX records and priorities are for WRT SMTP, and PF > and multiple A records are for WRT everything else. > > No provider you've seen will allow that because it's not necessary to do > so due to the fact that DNS can already handle it with a minimum of > work. that is a hobbyist solution that might work ok if you don't actually care for reliability etc - especially with the mutiple A records, when one line is down you won't be reachable for about half of of the people who would want to reach you. the real solution is of course bgp or two lines which go to the same provider IP-wise and he does his share in balancing and failover. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: Merging 2 ADSL lines
Jussi Peltola wrote: On Thu, Dec 27, 2007 at 10:13:11AM -0600, L. V. Lammert wrote: It is possible to share ADSL lines for oubound traffic, .. but no provider I have seen will allow bonding for incoming traffic (e.g. a mail server). Isn't that easily solved with DNS round robin in the case of mail and web servers? I have seen this with sdsl, here is a link from a UK guy that did it. http://www.automatedhome.co.uk/Internet/ADSL-Bonding-How-To-and-Review.html Brian
Re: Merging 2 ADSL lines
L.V., You don't need bonding for incoming traffic :). PF will take care of the outbound load-balancing for you (and there's an example pf.conf that addresses this in Absolute OpenBSD) if configured correctly. If you have DNS set up right, you don't need bonding for incoming traffic. That's what MX records and priorities are for WRT SMTP, and PF and multiple A records are for WRT everything else. No provider you've seen will allow that because it's not necessary to do so due to the fact that DNS can already handle it with a minimum of work. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of L. V. Lammert Sent: Thursday, December 27, 2007 11:13 AM To: Sajith Cc: misc@openbsd.org Subject: Re: Merging 2 ADSL lines On Thu, 27 Dec 2007, Sajith wrote: > Hi its Sajith > > Is it possible for Merging 2 ADSL lines > > Regards > > Sajith > It is possible to share ADSL lines for oubound traffic, .. but no provider I have seen will allow bonding for incoming traffic (e.g. a mail server). Lee
Re: Merging 2 ADSL lines
At 07:09 PM 12/27/2007 +0200, you wrote: On Thu, Dec 27, 2007 at 10:13:11AM -0600, L. V. Lammert wrote: > It is possible to share ADSL lines for oubound traffic, .. but no provider > I have seen will allow bonding for incoming traffic (e.g. a mail server). Isn't that easily solved with DNS round robin in the case of mail and web servers? The issue would be reverse DNS - no way I know of to provide RDNS for the same hostname on two different IPs (IF you could get the provide to do RDNS at all!). It would be required for a mail server; it would also farkle a web server for any s/w that is doing a RDNS check for security; certainly no way to use an SSL cert. Lee
Re: Merging 2 ADSL lines
On Thu, Dec 27, 2007 at 10:13:11AM -0600, L. V. Lammert wrote: > It is possible to share ADSL lines for oubound traffic, .. but no provider > I have seen will allow bonding for incoming traffic (e.g. a mail server). Isn't that easily solved with DNS round robin in the case of mail and web servers?
Re: Merging 2 ADSL lines
On Thu, 27 Dec 2007, Sajith wrote: > Hi its Sajith > > Is it possible for Merging 2 ADSL lines > > Regards > > Sajith > It is possible to share ADSL lines for oubound traffic, .. but no provider I have seen will allow bonding for incoming traffic (e.g. a mail server). Lee
Re: Merging 2 ADSL lines
Sajith a icrit : Hi its Sajith Is it possible for Merging 2 ADSL lines yep i do this for my company with 2 ADSL line in load balancing it is working like a charm : pf.conf ( a part of ...) # load balance outgoing tcp traffic from internal network. pass in on $int_if route-to \ { ($ext_if0 $ext_gw), ($ext_if1 $ext_gw) } round-robin \ proto tcp from to any flags S/SA modulate state # load balance outgoing udp and icmp traffic from internal network pass in on $int_if route-to \ { ($ext_if0 $ext_gw), ($ext_if1 $ext_gw) } round-robin \ proto { udp, icmp } from to any keep state # general "pass out" rules for external interfaces pass out on $ext_if0 proto tcp from any to any flags S/SA modulate state pass out on $ext_if0 proto { udp, icmp } from any to any keep state pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state pass out on $ext_if1 proto { udp, icmp } from any to any keep state # route packets from any IPs on $ext_if1 to $ext_gw1 and the same for # $ext_if2 and $ext_gw2 pass out on $ext_if0 route-to ($ext_if1 $ext_gw) from $ext_if1 to any pass out on $ext_if1 route-to ($ext_if0 $ext_gw) from $ext_if0 to any and ppp.conf default: set log Phase Chat IPCP CCP tun command set redial 15 0 set reconnect 15 1 disable acfcomp protocomp deny acfcomp set mtu max 1492 set mru max 1492 set speed sync enable lqr set lqrperiod 5 set dial set login set timeout 0 enable mssfixup disable ipv6cp pppoe-0: set device "!/usr/sbin/pppoe -i re0" set authname xx set authkey xxx add! default HISADDR pppoe-1: set device "!/usr/sbin/pppoe -i re1" set authname set authkey add! default HISADDR hope it's help jc -- - * ~ Jean-christophe ROIRON ~ * * Conseil Giniral Haute-Loire * * ~~ * * Service Informatique * * Responsable Technique * * * * Tel : 04-71-07-42-24 * * Mail : [EMAIL PROTECTED]* -