Hi! I'm new to OpenBSD, and want to setup a firewall router with it in the near future. I am planning a special setup with four NICs and two different ADSL lines:
rl0: ADSL 2048/512 rl1: ADSL 4096/768 re0: DMZ re1: LAN Both ADSL lines should be aggregated, to combine the down/upload-bandwidths. As far as I could read by now, TRUNK should be, what I'm looking for. The problem is the following: There will be one computer in the DMZ, which should be forced to only use the ADSL 4096/768 line on rl1 for both down- & uploads, all other machines in the DMZ or the LAN should access the virtual trunk interface and benefit from the combined bandwiths. So my main question is, can the physical interface rl1 be accessed directly, although it is part of a virtual trunk interface? In OpenBSD 3.8 there is only the round-robin algorithm suitable for trunk in such an application, which seem so be pretty simple. Will it be able to handle the two ADSL lines with different bandwidths flawlessly even under high load, and how will it react concerning the interface rl1 being accessed directly by the one computer in the DMZ directly? Can anybody give me an example of a PF-firewall ruleset, how this case could be handled? Or is there a better way for doing the requested task? I mean, round-robin does not seem to analyse the load or bandwidth on one of the available physical interfaces, to prioritize the interface with the higher bandwidth / lesser load, it just distributes packets over the ports in a circular way, right? In that case, would some kind of additional traffic shaping be the answer, or does that already mean, trunk is a no go for two unequal network connections? Any thoughts on this setup are highly appreciated. -- Sincerely, Michael An OpenBSD Prospect, who is actually using Gentoo Linux
