Joe Schmoe wrote:
Hello,
I have three totally distinct network connections at my office. We have an ISDN line, a T1, and a DSL connection. I do not need to worry about the particulars of each connection, because I actually have an ethernet drop for each of them - someone else does the routing/csu-dsu/etc. - I just get a usable ethernet drop that supports DHCP (a distinct DHCP service on each port - they aren't related).
I _also_ have a FreeBSD server sitting in a datacenter many miles away, with its own single, dedicated network connection out to the real world.
What I would like to do is build a PC with three network cards in it, connect each card to each of those three network drops, and use 10% of the total bandwidth of each connection - somehow turning that into one single network connection that that PC would use.
BUT I do not want some kind of round-robin scheme wherein TCP session X uses the fraction of the ISDN, and TCP session Y uses the fraction of the T1, etc. - I want the end result to be one single connection that behaves just like any other single connection.
What I want is to create a virtual tunnel from this PC to the server in the datacenter - so all packets from the PC go out, equally, on the three disparate connections, and they all are pointed to the hosted server. The hosted server then pieces everything back together and creates useful connections to the outside internet, which it then passes back over the three-way tunnel to the PC.
/--- 10% of this connection ---\ PC----- 10% of this connection ---- server -> Internet \---- 10% of this connection ---/
Is this possible ?
Is netgraph one2many the correct mechanism to be looking at ?
Basically I want a connection that, at the end, presents itself to the system as one single connection with one single IP, and gives effective bandwidth of (percentage-ISDN) + (percentage-T1) + (percentage-DSL).
I do this.. thoug with only 2 connections.
BTW you probably don't need 3 interfaces... the 3 nets can coexist on one ethernet segment if yuo are careful.
I use mpd (from ports)
Mpd allows you to use udp sockets as a link layer connection in a multilink bundle.
In your case I would make 3 sockets and bind each to an address on a different ISP's range.
Then make the remote end of each be a udp address on your server.
Make a multilink bundle with 3 link layer connections and each of your UDP link connections
is one of them..
then do NOT turn on roundrobin.
Do the inverse on your server.
Packets to your server's real address must still go to the interfaces as the UDP pacakets need that,
but you should be able to set up a 10.x.x.x address on the server as well, that you can route to via the
vpn you are setting up.
Use ipfw dummynet on the udp packets to limit the throughput for each link.
you should also set the capacity for each link in mpd to the correct value so that mpd can assign
the correct amount of work to each link.
For extra points, encrypt the UDP packets with ipsec with racoon doing key exchange.
here are somethign that looks lile my mpd setups
(IP addreses obscured etc.)
%cat mpd.links
site1-ISP1:
set link type udp
set udp self xx.xx.ab.cd 4029
set udp peer xx.xx.ef.gh 4029site1-ISP2:
set link type udp
set udp self yy.yy.ij.kl 4029
set udp peer yy.yy.mn.op 4029site2-ISP1:
set link type udp
set udp self xx.xx.ab.cd 4028
set udp peer xx.xx.qr.st 4028site2-ISP2:
set link type udp
set udp self yy.yy.ij.kl 4028
set udp peer yy.yy.uv.wx 4028
%cat mpd.conf
default:
set login ConsoleLogin
log -console
load vpn-site1
load vpn-site2vpn_standard:
set iface disable on-demand
set iface idle 0
set iface mtu 1500
set ipcp yes vjcomp
set bundle enable multilink
# set bundle enable round-robintun_standard:
set link yes acfcomp protocomp
set link no pap
set link no chap
set link keep-alive 2 15
set link mru 900
set link mtu 900
# set link bandwidth 1440000############### per-link settings #################
vpn-site1:
new -i ng0 vpn-site1 site1-ISP1 site1-ISP2
set iface addrs 10.12.1.24 10.12.1.10
set iface route 192.168.10.0/24
set ipcp ranges 10.12.1.24/32 10.12.1.10/32
load vpn_standard
link site1-ISP1 load tun_standard
# set bandwidth 64000 link site1-ISP2
load tun_standard
# set bandwidth 720000
open
vpn-site2:
new -i ng1 vpn-site2 site2-ISP1 site2-ISP2
set iface addrs 10.12.1.24 10.12.1.20
set iface route 192.168.20.0/24
set ipcp ranges 10.12.1.24/32 10.12.1.20/32
load vpn_standard
link site2-ISP1 load tun_standard
# set bandwidth 64000 link site2-ISP2
load tun_standard
# set bandwidth 720000
open
These config files define links to 2 such machines at site1 and site2.
each machine is actually a gateway to an entire network with a number of 192.168.10.x
or 192.168.20.x
if you are only doing one machine, and it is not a gateway to an entire machine, then
teh following simplified config would do:
%cat mpd.links
site1-ISP1:
set link type udp
set udp self xx.xx.ab.cd 4029
set udp peer xx.xx.ef.gh 4029site1-ISP2:
set link type udp
set udp self yy.yy.ij.kl 4029
set udp peer yy.yy.mn.op 4029%cat mpd.conf
default:
set login ConsoleLogin
log -console
load vpn-site1vpn_standard:
set iface disable on-demand
set iface idle 0
set iface mtu 1500
set ipcp yes vjcomp
set bundle enable multilink
# set bundle enable round-robintun_standard:
set link yes acfcomp protocomp
set link no pap
set link no chap
set link keep-alive 2 15
set link mru 900
set link mtu 900############### per-link settings #################
vpn-site1:
new -i ng0 vpn-site1 site1-ISP1 site1-ISP2
set iface addrs 10.12.1.24 10.12.1.10
set ipcp ranges 10.12.1.24/32 10.12.1.10/32
load vpn_standard
link site1-ISP1 load tun_standard
# set bandwidth 64000 link site1-ISP2
load tun_standard
# set bandwidth 720000
open
Note the bandwidth commands are commented out. on some versions of mpd they caused a segv.in mpd.
the remote site has the complementary config files..
Thanks.
__________________________________ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo _______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
