The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
FreeBSD Support
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 Dual WAN Backbone
Author: Victoria Chan 
Date:   12-01-03 22:39

I have brought up my second backbone on a totally different subnet and I have a quandary about the setting for defaultrouter.

The FreeBSD box is running IPNAT & IPMON so I have configured it to have all NAT traffic to go to WAN-B while I serve up Web / Mail / etc on WAN-A, and using WAN-B as a backup MX for the Mail System.

The defaultrouter when set to WAN-A or WAN-B causes stange routing issues. Any comments would be helpful.

Reply To This Message
 
 Re: Dual WAN Backbone
Author: .daniel.schrock 
Date:   13-01-03 00:59

what exactly is the issue... you can't load-balance these lines without cooperation from both providers. Yes, you can 'fake' it, but true load-balancing is not possible... so what can you do with this.

you need a private subnet that is common to all systems.

WAN-A gets public traffic, WAN-B is NAT for private LAN as well as secondary DNS and backup MX.

WAN-A will have the default route of WAN-A, WAN-B will have the default route of WAN-B. The private subnet you assign will have access to both, without needing a 'default route' because the subnet is connected. anything on that private will be able to access anything else on that subnet as long as its connected.

you need to give more info, but if you are running vlan capable switches, this type of set up would be easy to setup, keeping the 2 WANs separate, but accessable at al times via the common private subnet.

Reply To This Message
 
 Re: Dual WAN Backbone
Author: Victoria Chan 
Date:   13-01-03 19:01

No VLan switched unfortunately. There is a private subnet that we use internally of 192.168.0.0/24 and the defaultroute goes to the FreeBSD box doing this dual WAN thing. The defaultroute for the private LAN is not the issue, but how does one go about putting a different default route for each WAN-A & WAN-B? I thought rc.conf sets up defaultrouter for system wide.

My intention is not to load balance at all but for redundancy of DNS & MX. WAN-A is for public access and WAN-B is for NAT LAN and tertiary DNS & MX backup. I am very happy to have IPNAT go through WAN-B as it has a higher bandwidth.

Another wrinkle is WAN-B uses DHCP, but even when I forced a hard-coded IP to it, so that I have full control the defaultroute, WAN-A becomes inaccessible from public when I use defaultroute for WAN-B, and when I use defaultroute for WAN-A, the IPNAT stops working.

Reply To This Message
 
 Re: Dual WAN Backbone
Author: .daniel.schrock 
Date:   14-01-03 00:19

Do both of them have to come into the same box? or can you build a second box for wan-b?
if they do need to come into the same box, is that system running strictly as a router or does it have other services on it?

if you have to keep it on the same box, i would remove all services except for sshd, install routed or gated and set it up as strictly a router. this should allow you to use multiple default routes...

another thing you may want to look into is writing a script to set up your routing instead of using rc.conf and the defaultrouter setting.
just remove the defaultrouter setting and add a way for rc.network to call a short add_route script that will setup the routes for each line.

you could even go as far as to add directives to rc.conf... i used this method to add fastetherchannel support. i can turn fastetherchannel on and off via a setting in rc.conf... if on, it adds the kernel module ng_fec0.ko, bundles the interfaces and brings them up. If set to off, it skips to the next function in rc.network, as if i never changed anything.

what you are looking for isn't exactly easy, but definitely doable...

good luck and let us know if you have any more questions and how it works out for you.

Reply To This Message
 
 Re: Dual WAN Backbone
Author: Victoria Chan 
Date:   14-01-03 07:04

Thanks for your wonderful input. There are many services runing on this box. They include apache, mysql, ssh, qmail, sftp, & ipf. I am bringing up FreeBSD # 3 to do just IPNAT/IPF for now, but I really would prefer to have one FreeBSD do everything.

The 2nd FreeBSD box does pretty much the same as the 1st box, but it does not do the IPNAT. I was hoping to do the same Dual WAN for FreeBSD box # 2 as well.

Currently, I have rc.conf set up a static route to my token_ring segment that my novell server (internal) does the routing:
static_routes="tokenring"
route_tokenring="192.168.1.0/24 192.168.0.5"

What do you think of my adding something like this, whereby WAN-A is public access, and WAN-B is redundancy & NAT, and ditching the "defaultrouter" statement:
static_routes="wan-a"
route_wan-a="0.0.0.0/32 64.114.80.1"
static_routes="wan-b"
route_wan-b="0.0.0.0/32 24.77.228.1"

Reply To This Message
 
 Re: Dual WAN Backbone
Author: Victoria Chan 
Date:   14-01-03 08:25

Oops! Wrong syntax. How about:

static_routes="tokenring WAN-A WAN-B"
route_tokenring="192.168.1.0/24 192.168.0.5"
route_WAN-A="0.0.0.0/32 64.114.80.1"
route_WAN-B="0.0.0.0/32 24.77.228.1"

/v

Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org