Hello, I can load balance on the firewalls with pf , but the problem of that Solution is that there is no failover AFAIK. If I loose a link between an ISP and me half of the packets will be lost.
And not loosing packets is more important to me than load balancing... -- Cordialement, Pierre BARDOU ________________________________ De : Frans Haarman [mailto:[EMAIL PROTECTED] Envoyé : mardi 7 octobre 2008 18:54 À : BARDOU Pierre Cc : misc@openbsd.org Objet : Re: OpenBGP load balancing between 2 ISP (multihoming) 2008/10/7 BARDOU Pierre <[EMAIL PROTECTED]> Hello, I am trying to set up a configuraion like this : +------- -+ +---------+ | ISP1 | | ISP2 | Cisco | ROUTER | | ROUTER | | AS3215 | | AS12670 | +---------+ +---------+ | | | | +---------+ +---------+ | BGP | | BGP | | ROUTER | | ROUTER | OpenBSD 4.3 | AS47818 | | AS45818 | +---------+ +---------+ | | | | +-------------------------+ | 217.109.108.240/28 | +-------------------------+ | | | | +--------+ +-------+ | FW |--------| FW | OpenBSD 4.3 | MASTER | pfsync | SLAVE | +--------+ +-------+ | | | | +-------------------------+ | PRIVATE NETWORKS | +-------------------------+ I'd like to load balance outgoing connections to the internet, but I don't know how to configure openBGPd to do this. I searched a lot on the Internet and I found a lot of informations on how to do this with cisco, but I have never found an openBGP solution. Some people speak about it but I have never seen it. I made a test conf where failover works like a charm (using iBGP on the FW's with 'set nexhop self' on BGP routers), but when both connections are active only one is used. Would it be possible to help me please ? Is setting up iBGP sessions between FW's and BGP routers a good idea ? Should I rather use OSPF for this ? And in tha case how to configure it to loadbalance/failover ? Many thanks PS : loadbalancing incoming connections too would be very nice, but I understood it was much more difficult. -- Cordialement, Pierre BARDOU just wondering...... What happens when you load balance your traffic on your firewalls ? So you devide the traffic over both bgp routers: http://www.openbsd.org/faq/pf/pools.html maybe you could even do the route-to on the bgp routers ? something like: route-to { ($ext_if $ext_ISP1), ($local_if $BGP2 ) } round-robin from $lan_net to any keep state #and on the other bgp router route-to { ($ext_if $ext_ISP2), ($local_if $BGP1 ) } round-robin from $lan_net to any keep state Beware: I have no idea if any of this is possible. But thats what I'd try :) Gr. FH
BEGIN:VCARD VERSION:2.1 N:Bardou;Pierre FN:BARDOU Pierre ADR;WORK:;B011 LABEL;WORK:B011 EMAIL;PREF;INTERNET:[EMAIL PROTECTED] REV:20070806T072621Z END:VCARD
smime.p7s
Description: S/MIME cryptographic signature
