RE: decent loadbalancing with 2 different ISP's with minimum risks

• Previous message: Glen Dosey: "Re: decent loadbalancing with 2 different ISP's with minimum risks"
• Maybe in reply to: P. Deelman: "decent loadbalancing with 2 different ISP's with minimum risks"
• Next in thread: Kent Ritchie: "Re: decent loadbalancing with 2 different ISP's with minimum risks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 16 Apr 2004 16:18:56 -0500
To: <focus-linux@securityfocus.com>

P. Deelman,

You probably can not do this the way you want to, as both of your ISP
providers would have to support asynchronous routing or BGP if you have
multiple IPs routed to your location. And therefore you will not be able
to 'bond' the connections into a single 'virtual interface' of 3mbit
(2mbit + 1mbit).

If you are doing NAT on both connections, it might be possible to select
the least-saturated link before transmitting data out, but you could not
control how data is initially delivered to you. You would definitely
need to NAT stacks, and you could probably do the saturation-based
routing with iproute2's traffic control utility (assuming that you have
all the QoS classifiers, queues, etc compiled or loaded into your
kernel). Check out the LARTC Howto located at http://www.lartc.org/ for
more details on that.

Not sure how well this helps you, but if you would like to give me more
details I may be able to assist you further.

Regards,
 
Bryce Porter
Network Administrator
Heart Technologies, Inc.
Direct 309-634-2282
Fax 309-634-2382
 

-----Original Message-----
From: P. Deelman [mailto:p.deelman@hccnet.nl]
Sent: Friday, April 16, 2004 2:18 PM
To: focus-linux@securityfocus.com
Subject: decent loadbalancing with 2 different ISP's with minimum risks

Due to a little mistake i now have 2 broadband connections at home and
somehow i want to balance them (2mbit + 1 mbit). I wondered what the
most efficient way of doing this is and with possible security risks
involved.

At the moment i have a nice setup with a statefull designed iptables
firewall and i want to keep it that way. I've googled some and i found
some vague tools for windows that i really don't trust (well the entire
windows part, but that's something else) and a router that has 2 wan
connectors that claims that can do it. Since i also have wlan at home in

a wlan-dmz at my gateway i just want to insert a 4th nic into my box and

do some configging.

My current setup includes:
debian 3.0 stable 2.4.26 kernel
3 networks: wlan, internal, external
statefull iptables-script

my future setup needs to include just an extra network namely external2
:) without too many implications such as running a proxy with patches
which should be the last option to consider since my gateway isn't all
that fast :)

Any help welcome,
Regards,
P.Deelman

• Previous message: Glen Dosey: "Re: decent loadbalancing with 2 different ISP's with minimum risks"
• Maybe in reply to: P. Deelman: "decent loadbalancing with 2 different ISP's with minimum risks"
• Next in thread: Kent Ritchie: "Re: decent loadbalancing with 2 different ISP's with minimum risks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]