Re: Merging 2 ADSL lines
* Mitch Parker <[EMAIL PROTECTED]> [2007-12-27 19:27]: > If someone has 2 ADSL lines they're bonding, chances are they're not > going to want BGP set up (most people I know would have at least a /24, > 2 T1s, and a good ISP). Will most providers even let you set up BGP if > you're running less than a /24? My experience has been that most ADSL > providers don't provide these services, but the leased line providers > do. I'm not aware of any ADSL provider offering bgp... and yes, you need a /24 at least, everything else gets filtered out usually. (well. if both links go to the same ISP IP-wise, you could do bgp with a private AS and have your prefix only visible within his network and otherwise covered by his bigger, regularily announced prefix, but then I don't think anyone offers that with home/soho style lines like ADSL either) -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: Merging 2 ADSL lines
At 09:50 AM 12/27/2007 -0800, you wrote: > The issue would be reverse DNS - no way I know of to provide RDNS for the > same hostname on two different IPs (IF you could get the provide to do RDNS > at all!). It would be required for a mail server; it would also farkle a > web server for any s/w that is doing a RDNS check for security; certainly > no way to use an SSL cert. Eh? I don't understand what you are trying to say. $ORIGIN example.com. foo A 192.168.0.1 A 192.168.0.2 That takes care of forward DNS $ORIGIN 0.168.192.in-addr.arpa. 1 PTR foo.example.com. 2 PTR foo.example.com. That takes care of reverse DNS. 1) You don't have access to RDNS at almost all DSL home providers. 2) A 192.168 record cannot validate a server to a remote user, so you can't do the PTRs on your servers. 3) Having TWO reverse DNS records for a mail server is going to choke when you get the connection from one IP and the reverse uses the other connection, so that DNW either. What's the issue? If you're running a home service, OR 'outbound only', you're OK, but it doesn't work for any inbound services without bonding/bgp, as already mentioned. Lee
Re: Merging 2 ADSL lines
Henning, I agree with you on this. However, I was looking at this from the SMTP and outgoing angles (which IMHO is a bit better designed for this scenario than HTTP, SSH, or other services). Obviously you'd want BGP for the Web or other services (and if you've got 2 ADSL lines, you're probably hosting a good chunk of that at a web host that hopefully has it). If someone has 2 ADSL lines they're bonding, chances are they're not going to want BGP set up (most people I know would have at least a /24, 2 T1s, and a good ISP). Will most providers even let you set up BGP if you're running less than a /24? My experience has been that most ADSL providers don't provide these services, but the leased line providers do. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Henning Brauer Sent: Thursday, December 27, 2007 12:42 PM To: misc@openbsd.org Subject: Re: Merging 2 ADSL lines * Mitch Parker <[EMAIL PROTECTED]> [2007-12-27 18:34]: > You don't need bonding for incoming traffic :). > > PF will take care of the outbound load-balancing for you (and there's > an example pf.conf that addresses this in Absolute OpenBSD) if > configured correctly. > > If you have DNS set up right, you don't need bonding for incoming > traffic. That's what MX records and priorities are for WRT SMTP, and > PF and multiple A records are for WRT everything else. > > No provider you've seen will allow that because it's not necessary to > do so due to the fact that DNS can already handle it with a minimum of > work. that is a hobbyist solution that might work ok if you don't actually care for reliability etc - especially with the mutiple A records, when one line is down you won't be reachable for about half of of the people who would want to reach you. the real solution is of course bgp or two lines which go to the same provider IP-wise and he does his share in balancing and failover. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: Merging 2 ADSL lines
* Mitch Parker <[EMAIL PROTECTED]> [2007-12-27 18:34]: > You don't need bonding for incoming traffic :). > > PF will take care of the outbound load-balancing for you (and there's an > example pf.conf that addresses this in Absolute OpenBSD) if configured > correctly. > > If you have DNS set up right, you don't need bonding for incoming > traffic. That's what MX records and priorities are for WRT SMTP, and PF > and multiple A records are for WRT everything else. > > No provider you've seen will allow that because it's not necessary to do > so due to the fact that DNS can already handle it with a minimum of > work. that is a hobbyist solution that might work ok if you don't actually care for reliability etc - especially with the mutiple A records, when one line is down you won't be reachable for about half of of the people who would want to reach you. the real solution is of course bgp or two lines which go to the same provider IP-wise and he does his share in balancing and failover. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: Merging 2 ADSL lines
Jussi Peltola wrote: On Thu, Dec 27, 2007 at 10:13:11AM -0600, L. V. Lammert wrote: It is possible to share ADSL lines for oubound traffic, .. but no provider I have seen will allow bonding for incoming traffic (e.g. a mail server). Isn't that easily solved with DNS round robin in the case of mail and web servers? I have seen this with sdsl, here is a link from a UK guy that did it. http://www.automatedhome.co.uk/Internet/ADSL-Bonding-How-To-and-Review.html Brian
Re: Merging 2 ADSL lines
L.V., You don't need bonding for incoming traffic :). PF will take care of the outbound load-balancing for you (and there's an example pf.conf that addresses this in Absolute OpenBSD) if configured correctly. If you have DNS set up right, you don't need bonding for incoming traffic. That's what MX records and priorities are for WRT SMTP, and PF and multiple A records are for WRT everything else. No provider you've seen will allow that because it's not necessary to do so due to the fact that DNS can already handle it with a minimum of work. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of L. V. Lammert Sent: Thursday, December 27, 2007 11:13 AM To: Sajith Cc: misc@openbsd.org Subject: Re: Merging 2 ADSL lines On Thu, 27 Dec 2007, Sajith wrote: > Hi its Sajith > > Is it possible for Merging 2 ADSL lines > > Regards > > Sajith > It is possible to share ADSL lines for oubound traffic, .. but no provider I have seen will allow bonding for incoming traffic (e.g. a mail server). Lee
Re: Merging 2 ADSL lines
At 07:09 PM 12/27/2007 +0200, you wrote: On Thu, Dec 27, 2007 at 10:13:11AM -0600, L. V. Lammert wrote: > It is possible to share ADSL lines for oubound traffic, .. but no provider > I have seen will allow bonding for incoming traffic (e.g. a mail server). Isn't that easily solved with DNS round robin in the case of mail and web servers? The issue would be reverse DNS - no way I know of to provide RDNS for the same hostname on two different IPs (IF you could get the provide to do RDNS at all!). It would be required for a mail server; it would also farkle a web server for any s/w that is doing a RDNS check for security; certainly no way to use an SSL cert. Lee
Re: Merging 2 ADSL lines
On Thu, Dec 27, 2007 at 10:13:11AM -0600, L. V. Lammert wrote: > It is possible to share ADSL lines for oubound traffic, .. but no provider > I have seen will allow bonding for incoming traffic (e.g. a mail server). Isn't that easily solved with DNS round robin in the case of mail and web servers?
Re: Merging 2 ADSL lines
On Thu, 27 Dec 2007, Sajith wrote: > Hi its Sajith > > Is it possible for Merging 2 ADSL lines > > Regards > > Sajith > It is possible to share ADSL lines for oubound traffic, .. but no provider I have seen will allow bonding for incoming traffic (e.g. a mail server). Lee
Re: Merging 2 ADSL lines
Sajith a icrit :
Hi its Sajith
Is it possible for Merging 2 ADSL lines
yep i do this for my company with 2 ADSL line in load balancing
it is working like a charm :
pf.conf ( a part of ...)
# load balance outgoing tcp traffic from internal network.
pass in on $int_if route-to \
{ ($ext_if0 $ext_gw), ($ext_if1 $ext_gw) } round-robin \
proto tcp from to any flags S/SA modulate state
# load balance outgoing udp and icmp traffic from internal network
pass in on $int_if route-to \
{ ($ext_if0 $ext_gw), ($ext_if1 $ext_gw) } round-robin \
proto { udp, icmp } from to any keep state
# general "pass out" rules for external interfaces
pass out on $ext_if0 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if0 proto { udp, icmp } from any to any keep state
pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if1 proto { udp, icmp } from any to any keep state
# route packets from any IPs on $ext_if1 to $ext_gw1 and the same for
# $ext_if2 and $ext_gw2
pass out on $ext_if0 route-to ($ext_if1 $ext_gw) from $ext_if1 to any
pass out on $ext_if1 route-to ($ext_if0 $ext_gw) from $ext_if0 to any
and ppp.conf
default:
set log Phase Chat IPCP CCP tun command
set redial 15 0
set reconnect 15 1
disable acfcomp protocomp
deny acfcomp
set mtu max 1492
set mru max 1492
set speed sync
enable lqr
set lqrperiod 5
set dial
set login
set timeout 0
enable mssfixup
disable ipv6cp
pppoe-0:
set device "!/usr/sbin/pppoe -i re0"
set authname xx
set authkey xxx
add! default HISADDR
pppoe-1:
set device "!/usr/sbin/pppoe -i re1"
set authname
set authkey
add! default HISADDR
hope it's help
jc
--
-
* ~ Jean-christophe ROIRON ~ *
* Conseil Giniral Haute-Loire *
* ~~ *
* Service Informatique *
* Responsable Technique *
* *
* Tel : 04-71-07-42-24 *
* Mail : [EMAIL PROTECTED]*
-
