Failover and load balancing using advanced NAT daemon
G Bryant
bsd at roamingsolutions.net
Wed Jan 25 09:29:37 PST 2006
Hey there Oleg,
I have done something similar with 2 internet interfaces, but I use very
crude IPFW rules to "remember" sessions.
I have a seperate natd running for each interface, but my setup includes
mail, web and pptp servers on the LAN which complicates matters.
I did not have load balancing but am using a ping script to monitor
interfaces and re-route traffic using ipfw set's which get enabled and
disabled.
This ping script could be modified to calculate ping times and shift
load by the same method - but that's _really_ rough.
I am sure there are much more elegant ways of doing this though.
Keep us posted!
Graham
Oleg Tarasov wrote:
>Hello,
>
>I have an idea of implementation of this common task. Please tell me
>if there is some alternative or use my idea to implement advanced NAT
>daemon (this would be great). Maybe it would be good to upgrade
>standart natd daemon.
>
>The task:
>We have several interfaces connected to internet and all having static
>IPs and one (or more) interfaces to local network.
>We must provide NATed internet access to local network users
>load-balancing internet interfaces and providing failover. All session
>have to "remember" their outgoing interface as one session will break
>if packets start to come from different IPs.
>
>A way to perform this:
>- We need to monitor interface state (some simple like up/down) or more
>complex like periodic gateway ping for example.
>- We need to measure interface load
>- We need NAT that aliases outgoing connections to one of these
>interfaces
>- We need to route outgoing packets based on source IP assigned by
>NAT. This can be performed using ipfw forward mechanism.
>
>First three functions would be great to be implemented inside one
>daemon like standart natd. Packets should be diverted into it. This
>daemon can easily perform all of the tasks listed above as all of the
>packets are passed through it.
>
>Using it in a combination with policy-routing would be a powerful
>mechanism!
>
>
>
More information about the freebsd-net
mailing list