Em 08-07-2015 15:05, lausg...@gmail.com escreveu:
My isp gives me a bunch of dynamic external ip addresses via dhcp one per nic.
They don't share common default gateway route all together, so I'm forced to
put each next in its own rdomain.
As so, http://www.openbsd.org/faq/pf/pools.html#nat or
http://www.openbsd.org/faq/pf/pools.html#outgoing examples are not applicable.
I'm just interested in random redistribution. Here's an ugly solution I
currently use:
match out on em0 inet from lan:network nat-to (em0:0)
match out on em1 inet from lan:network nat-to (em1:0)
match out on em2 inet from lan:network nat-to (em2:0)
pass in on lan inet from lan:network to !lan:0 # fallback
pass in on lan inet from lan:network to !lan:0 rtable 1 probability 34%
pass in on lan inet from lan:network to !lan:0 rtable 2 probability 34%
What would be the correct way of doing this? Is it possible to achieve this
using vether(4) without big performance penalty (which occurs when real nic and
virtual interface which relies on it are not in the same rdomain)? Thanks!
You could, instead of using routing domains, enable mpath, and then deal
with the default gateways using route-to and reply-to. Load balancing
can be achieved with the round-robin or, even better, least-states
directive. To put a cherry on top, you can make all these rules on
anchors and make ifstated check for the gateways availability, and
update the rules accordingly. At least this is my approach for dealing
with many default gateways. Using tags you can write an even conciser
ruleset.
Cheers,
Giancarlo Razzolini
