multiple ISP

Rémy Sanchez remy.sanchez at hyperthese.net
Mon Oct 31 02:28:15 UTC 2011 

On Friday 28 October 2011 16:22:25 nyoman.bogi at gmail.com wrote:
> dear all,
> 
> I need to set up a router (using FreeBSD)
> that connect to the Internet
> to accomodate multiple ISP,
> so users can be load balanced through
> those several ISP lines.
> 
> how can I do that?
> 
> thanks in advance

Well, let's suppose that your ISP interfaces have respectively $ispN_ip and 
$ispN_router as interface IP and ISP router IP. And that $natN is the divert 
port corresponding to the NAT for the given ISP. Then you get something like

# This treats incoming trafic
ipfw add 1310 divert $nat1 ip from any to any in via $if1
ipfw add 1320 divert $nat2 ip from any to any in via $if2
...
ipfw add 13N0 divert $natN ip from any to any in via $ifN

# Check states
ipfw add 3000 check-state

# Load balance outgoing trafic
# Note: change 1/N, 1/(N-1), etc by actual values for your N
ipfw add 10100 prob 1/N skipto 20100 ip from $internal to any keep-state
ipfw add 10200 prob 1/(N-1) skipto 20200 ip from $internal to any keep-state
...
ipfw add 10N00 skipto 20N00 ip from $internal to any keep-state

# Do outgoing NAT
ipfw add 20100 divert $nat1 from $internal to any out
ipfw add 20110 fwd $isp1_router ip from $isp1_ip
ipfw add 20200 divert $nat2 from $internal to any out
ipfw add 20210 fwd $isp2_router ip from $isp2_ip
...
ipfw add 20N00 divert $natN from $internal to any out
ipfw add 20N10 fwd $ispN_router ip from $ispN_ip


And here is what the natd.conf would look like

### ISP 1 ###
port 8868
dynamic yes
interface re1

### ISP 2 ###
instance dsl2
port 8869
dynamic yes
interface re2

### ISP N ###
instance dsl3
port 8870
dynamic yes
interface re


You'll notice that the load balancing rules are skipto to NAT rules instead of 
directly being NAT rules. This is because this way you can factorize your NAT 
rules with several sets of load-balancing rules (like having different 
patterns for TCP and UDP, or depending on the users, etc).

Also note that those lines are inspired by my actual configuration file, that 
is much more complex than this, and I didn't test anything, so it might not 
work out-of-the-box, however this gives you a good preview of what it should 
be.

One last important thing : this kind of load-balancing can be relatively 
complex to get correctly working if you do have different bitrates from your 
ISPs. You might also want to try protocols like MLPPP (with mpd for example), 
but this is more complex to setup and you need a server on "the other side" to 
get it working.

Well, have fun :)

-- 
Rémy Sanchez
http://hyperthese.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20111031/9c0f7c81/attachment.pgp

More information about the freebsd-net mailing list