Weblog entry #1 for naoliv
See all weblog entries made by naoliv.
#1
Load balancing with multiple ADSL connections?
Posted by naoliv on Tue 12 Jun 2007 at 13:40
Hi!
We are having some difficulties here to find a good solution for a problem. There is a computer connected to 3 ADSL lines (two of 8M and one of 2M), a card to the internal network and in the future, a new card, connected to a radio link (giving 4 connections to the world and one connection to our network).
What we want to do is to have some kind of load balancing and fail over on the available links (so all links get used and if one have a problem, the traffic will continue on the other links). Also, we would like to have a priority system, where traffic is sent preferably on the two 8M links, then on the 2M link and lastly, on the radio link.
Lokiwall seems the tool that we are needing, but it needs to have two patches applied to the kernel (and if possible, we don't want to modify our firewall Kernel).
Do somebody knows if it's possible to do this, please?
Thank you!
We are having some difficulties here to find a good solution for a problem. There is a computer connected to 3 ADSL lines (two of 8M and one of 2M), a card to the internal network and in the future, a new card, connected to a radio link (giving 4 connections to the world and one connection to our network).
What we want to do is to have some kind of load balancing and fail over on the available links (so all links get used and if one have a problem, the traffic will continue on the other links). Also, we would like to have a priority system, where traffic is sent preferably on the two 8M links, then on the 2M link and lastly, on the radio link.
Lokiwall seems the tool that we are needing, but it needs to have two patches applied to the kernel (and if possible, we don't want to modify our firewall Kernel).
Do somebody knows if it's possible to do this, please?
Thank you!
Comments on this Entry
You might wanna check shorewall out, I use it even on servers and on gateways.
with some work you can make some sick dynamic rules.
Not sure if dual routing is fully supported to your need but it meets the other requirements like failover/TOS/QOS/Routing for sure. With heartbeat and two machines you can even make your Gateway HA.
http://www.shorewall.net/MultiISP.html
with some work you can make some sick dynamic rules.
Not sure if dual routing is fully supported to your need but it meets the other requirements like failover/TOS/QOS/Routing for sure. With heartbeat and two machines you can even make your Gateway HA.
http://www.shorewall.net/MultiISP.html
[ Parent | Reply to this comment ]
+1 for shorewall
You need the patches at http://www.ssi.bg/~ja/#routes to get failover in case of dead gateway.
You need the patches at http://www.ssi.bg/~ja/#routes to get failover in case of dead gateway.
[ Parent | Reply to this comment ]
Posted by dkg (216.254.xx.xx) on Wed 13 Jun 2007 at 02:31
[ Send Message | View dkg's Scratchpad | View Weblogs ]
[ Send Message | View dkg's Scratchpad | View Weblogs ]
With such an elaborate setup, you probably also want to read (and re-read) the guide to Linux Advanced Routing and Traffic Control, in particular Routing for multiple uplinks/providers section. But seriously, at least skim the whole thing. There's a lot of good ideas in there.
[ Parent | Reply to this comment ]
Posted by Anonymous (59.176.xx.xx) on Wed 13 Jun 2007 at 17:13
He's right about the re-reading it bit. I've done something like that and it is surprisingly tricky to get right. If you want to grok it all in fullness, I
recommend absorbing the information at http://www.policyrouting.org. A week of
osmosis and you'll feel you're getting it.
Then, when you try applying it all to the real world, you'll learn a lot about
troubleshooting as you hammer things into shape. Definitely an educational
experience for the interested.
PJ
recommend absorbing the information at http://www.policyrouting.org. A week of
osmosis and you'll feel you're getting it.
Then, when you try applying it all to the real world, you'll learn a lot about
troubleshooting as you hammer things into shape. Definitely an educational
experience for the interested.
PJ
[ Parent | Reply to this comment ]
Posted by Anonymous (59.176.xx.xx) on Wed 13 Jun 2007 at 17:24
Some of the issues to handle the problem have been covered by these articles on the site:
http://www.debian-administration.org/articles/379
http://www.debian-administration.org/articles/77
http://www.debian-administration.org/articles/377
(culled from a search on policy routing)
But like I said, it turned out to be trickier to implement than I thought (at least for me).
PJ
http://www.debian-administration.org/articles/379
http://www.debian-administration.org/articles/77
http://www.debian-administration.org/articles/377
(culled from a search on policy routing)
But like I said, it turned out to be trickier to implement than I thought (at least for me).
PJ
[ Parent | Reply to this comment ]
I forgot to mension, Astaro firewalls do also a good job, I run one in our HQ Office, it works pretty well, and got also the opportunity to cluster with a second device. It blends in very well with many other vpn gateways/clients, I hooked it up to openvpn, ipcop, linksys devs.
I know, it costs some $ but its affordable and I think it meets your requierements. As far as I know its based on Pyramid firewall. It can be also purchased without hardware I think.
I attended a virtualisation workshop lately and I ve been surprised how many fellow admins use it on big collage campuses.
I know, it costs some $ but its affordable and I think it meets your requierements. As far as I know its based on Pyramid firewall. It can be also purchased without hardware I think.
I attended a virtualisation workshop lately and I ve been surprised how many fellow admins use it on big collage campuses.
[ Parent | Reply to this comment ]