Re: [pfSense Support] OT: Re: Tricky infrastructure question
Depending on budget I can mention a number of alternatives. Check out the Motorola Canopy - or perhaps a Tranzeo unit. Low cost - and you can push 110mb plus over these units depending on what one you get. I like the Moto units because they are not the normal 802.11..x stuff On Dec 1, 2008, at 2:52 AM, Chris Bagnall wrote: We are currently using vlans because we have VoIP services going through this and different kind of users. Everything is working OK as of now. However, the max bandwidth of one WiFi link like that is about 10 mbps. To increase the total bandwidth, we want to add another antenna in Building 1. I don't know the layout of the buildings, but have you considered using point-to-point laser links between the buildings? I was involved in a project at a site earlier this year that was happily getting 100mbps between buildings using roof-mounted lasers. Much lower latency than 802.11a/b/g as well (assuming that's what you're using). If you do stick with WiFi, I'd not worry too much about the downtime - a) it should only be a few minutes, and b) it can probably be managed such that it's done during off peak hours. Can you give us any more information about the WiFi hardware at each end? I'm not sure simple port trunking on the switches (which is what I guess you're suggesting in the first approach) is going to do the job if the WiFi devices are essentially standard APs, since I presume they'd have their own IP addresses? If the WiFi devices were operating at a lower level than IP, it'd probably work, possibly if they were using some sort of L2TP tunnelling internally? (though you might then have to consider packet fragmentation, depending on the packet size) Regards, Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: OT: Re: Tricky infrastructure question
Michel Servaes a écrit : I can only think of using a switch, being capable of port bonding... 802.3ad capable switches like HP Procurve 1800's can link multiple ports for better speed. Don't know how they end up, using wireless bridges though ;-) Thanks for your input, but the last line is also my concern :). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: OT: Re: Tricky infrastructure question
Chris Bagnall a écrit : We are currently using vlans because we have VoIP services going through this and different kind of users. Everything is working OK as of now. However, the max bandwidth of one WiFi link like that is about 10 mbps. To increase the total bandwidth, we want to add another antenna in Building 1. I don't know the layout of the buildings, but have you considered using point-to-point laser links between the buildings? I was involved in a project at a site earlier this year that was happily getting 100mbps between buildings using roof-mounted lasers. Much lower latency than 802.11a/b/g as well (assuming that's what you're using). If you do stick with WiFi, I'd not worry too much about the downtime - a) it should only be a few minutes, and b) it can probably be managed such that it's done during off peak hours. Can you give us any more information about the WiFi hardware at each end? I'm not sure simple port trunking on the switches (which is what I guess you're suggesting in the first approach) is going to do the job if the WiFi devices are essentially standard APs, since I presume they'd have their own IP addresses? If the WiFi devices were operating at a lower level than IP, it'd probably work, possibly if they were using some sort of L2TP tunnelling internally? (though you might then have to consider packet fragmentation, depending on the packet size) The antennas are SkyPilots. They do have an IP address, for configuration, but I think they could also be configured via console. Thanks a lot for your input on this OT matter :). Ugo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
[pfSense Support] Monitor IP address
Hi, Can somebody please explain to me exactly how this works. I am having an argument with my superior. He is insistent on setting the monitor IP addresses in my load balancer pool to the same IP address. In his mind it makes sense, as that way it will pick up which line is the fastest to the same point and route accordingly. I read in the manuals that these IP addresses should be unique, and therefore did as the manual said. What will happen if they are set to the same address and why is that so ? Here is my thinking on how it works, please correct me where I am going wrong. I have 5 WAN ports. The load balancer will constantly ping WAN1, WAN2,WAN3, WAN4 WAN5 simultaneously. Depending on which has the quickest response and is not currently transmitting packets, it will utilise. Then why set the unique IP addresses ? Best regards, Mike Mike Lever +27 82 903 8613 Mobile +27 11 807 0100 Telephone +27 11 807 1208 Fax http://www.velocityfilms.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Monitor IP address
On Mon, Dec 1, 2008 at 2:41 PM, Mike Lever [EMAIL PROTECTED] wrote: Hi, Can somebody please explain to me exactly how this works. I am having an argument with my superior. He is insistent on setting the monitor IP addresses in my load balancer pool to the same IP address. In his mind it makes sense, as that way it will pick up which line is the fastest to the same point and route accordingly. Yeah, that won't work. I read in the manuals that these IP addresses should be unique, and therefore did as the manual said. What will happen if they are set to the same address and why is that so ? You'll actually lose link failure detection. Whichever link came up last will set the route to your monitor IP through it. Here is my thinking on how it works, please correct me where I am going wrong. I have 5 WAN ports. The load balancer will constantly ping WAN1, WAN2,WAN3, WAN4 WAN5 simultaneously. Depending on which has the quickest response and is not currently transmitting packets, it will utilise. Then why set the unique IP addresses ? Usually the monitor IP is set to the next hop so you can detect link failure. Latency is not taken into account. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Monitor IP address
Thanks for the explanation Bill. Can you please elaborate where you mention: You'll actually lose link failure detection What exactly is link failure detection ? I understand the meaning of the words in isolation but can you elaborate in the load balancing / Pfsense context ? Whichever link came up last will set the route to your monitor IP through it. So then, say WAN2 was the last WAN port to come up and the monitor addresses were set to the same IP address, would it then only route traffic through WAN2 ? Best regards, Mike Mike Lever +27 82 903 8613 - Mobile +27 11 807 0100 - Telephone +27 11 807 1208 - Fax http://www.velocityfilms.com -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: 01 Dec 2008 10:46 PM To: support@pfsense.com Subject: Re: [pfSense Support] Monitor IP address On Mon, Dec 1, 2008 at 2:41 PM, Mike Lever [EMAIL PROTECTED] wrote: Hi, Can somebody please explain to me exactly how this works. I am having an argument with my superior. He is insistent on setting the monitor IP addresses in my load balancer pool to the same IP address. In his mind it makes sense, as that way it will pick up which line is the fastest to the same point and route accordingly. Yeah, that won't work. I read in the manuals that these IP addresses should be unique, and therefore did as the manual said. What will happen if they are set to the same address and why is that so ? You'll actually lose link failure detection. Whichever link came up last will set the route to your monitor IP through it. Here is my thinking on how it works, please correct me where I am going wrong. I have 5 WAN ports. The load balancer will constantly ping WAN1, WAN2,WAN3, WAN4 WAN5 simultaneously. Depending on which has the quickest response and is not currently transmitting packets, it will utilise. Then why set the unique IP addresses ? Usually the monitor IP is set to the next hop so you can detect link failure. Latency is not taken into account. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Monitor IP address
On Mon, Dec 1, 2008 at 3:41 PM, Mike Lever [EMAIL PROTECTED] wrote: I have 5 WAN ports. The load balancer will constantly ping WAN1, WAN2,WAN3, WAN4 WAN5 simultaneously. Depending on which has the quickest response and is not currently transmitting packets, it will utilise. What Bill said is correct. One additional comment, the above isn't true. Your load balancing is round robin, all connections in a pool are used equally. If the monitor IP for a specific gateway stops responding, that gateway is removed from the pool. If you use the same monitor IP for all connections, it won't work as when that monitor IP stops responding, the system will think you have no WANs available and remove them all. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Monitor IP address
On Mon, Dec 1, 2008 at 3:06 PM, Mike Lever [EMAIL PROTECTED] wrote: Thanks for the explanation Bill. Can you please elaborate where you mention: You'll actually lose link failure detection What exactly is link failure detection ? I understand the meaning of the words in isolation but can you elaborate in the load balancing / Pfsense context ? Only one of the links (whichever one has decided that your monitor IP is available over it) will actually do any link failure detection. ie. in your case with 5 WANS, if monitoring is occurring for WAN5 and it's the same address as WANS1-4, if WAN1 goes down, you'll still send 1/5th of your traffic down that pipe (even though it won't work) as there will be nothing in place to determine it's availability. Whichever link came up last will set the route to your monitor IP through it. So then, say WAN2 was the last WAN port to come up and the monitor addresses were set to the same IP address, would it then only route traffic through WAN2 ? It'll still round robin over all 5 links. It's just that only one of them will be monitored for availability. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Monitor IP address
On Mon, Dec 1, 2008 at 3:09 PM, Chris Buechler [EMAIL PROTECTED] wrote: On Mon, Dec 1, 2008 at 3:41 PM, Mike Lever [EMAIL PROTECTED] wrote: I have 5 WAN ports. The load balancer will constantly ping WAN1, WAN2,WAN3, WAN4 WAN5 simultaneously. Depending on which has the quickest response and is not currently transmitting packets, it will utilise. What Bill said is correct. One additional comment, the above isn't true. Your load balancing is round robin, all connections in a pool are used equally. If the monitor IP for a specific gateway stops This is an important point to note. Monitoring is for the purposes of availability, not for latency detection. The WANs are load balanced from a connection perspective, not from a throughput or latency perspective. If you have a single flow eating up an entire connection, nothing will stop other flows from using that connection. The load balancing is on a flow by flow basis in a round robin fashion. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
[pfSense Support] RE: [Pfsense Support] Monitor IP address
Great, thank you very much Bill. One point for clarification purposes... please define a flow ? Best regards, Mike Mike Lever +27 82 903 8613 - Mobile +27 11 807 0100 - Telephone +27 11 807 1208 - Fax http://www.velocityfilms.com -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: 02 Dec 2008 12:33 AM To: support@pfsense.com Subject: Re: [pfSense Support] Monitor IP address On Mon, Dec 1, 2008 at 3:09 PM, Chris Buechler [EMAIL PROTECTED] wrote: On Mon, Dec 1, 2008 at 3:41 PM, Mike Lever [EMAIL PROTECTED] wrote: I have 5 WAN ports. The load balancer will constantly ping WAN1, WAN2,WAN3, WAN4 WAN5 simultaneously. Depending on which has the quickest response and is not currently transmitting packets, it will utilise. What Bill said is correct. One additional comment, the above isn't true. Your load balancing is round robin, all connections in a pool are used equally. If the monitor IP for a specific gateway stops This is an important point to note. Monitoring is for the purposes of availability, not for latency detection. The WANs are load balanced from a connection perspective, not from a throughput or latency perspective. If you have a single flow eating up an entire connection, nothing will stop other flows from using that connection. The load balancing is on a flow by flow basis in a round robin fashion. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] RE: [Pfsense Support] Monitor IP address
On Mon, Dec 1, 2008 at 4:42 PM, Mike Lever [EMAIL PROTECTED] wrote: Great, thank you very much Bill. One point for clarification purposes... please define a flow ? Any given TCP connection (from connection setup, to teardown). Or UDP (say a VOIP call) stream of sufficient packet frequency to remain in state. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
[pfSense Support] IPSEC stopped working
IPSEC with shrewsoft has been working great and all of a sudden I cant bring the tunnel up with the following log in pfsense.Nothing has changed that I could point to racoon: *[Self]*: INFO: 66.x.x.x[500] used as isakmp port (fd=20) Dec 2 00:24:55 racoon: INFO: fe80::207:e9ff:fe07:c085%fxp0[500] used as isakmp port (fd=19) Dec 2 00:24:55 racoon: *[Self]*: INFO: 192.168.2.1[500] used as isakmp port (fd=18) Dec 2 00:24:55 racoon: INFO: fe80::21b:21ff:fe1b:4c92%em0[500] used as isakmp port (fd=17) Dec 2 00:24:55 racoon: *[Self]*: INFO: 127.0.0.1[500] used as isakmp port (fd=16) Thank you for any help paul