Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Load balancing gateway group without NAT

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 220 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • senseivitaS
      senseivita
      last edited by

      I have a remote gateway with two public addresses, IPv4.

      Remotely, each of those addresses has its own interface with its own bandwidth allocation, which if aggregated is still less than my single local link to the Internet. Thus, attempting to get the most out of them I set up two VPN links to loosely aggregate their bandwidth via ECMP.

      Remote router/gateway

      Neighbor ID     Pri State           Dead Time Address         Interface                        RXmtL RqstL DBsmL
1.0.0.1           1 Full/DROther      36.236s 192.168.91.1    ovpns1:192.168.91.0                  0     0     0
1.0.0.1           1 Full/DROther      36.235s 192.168.92.1    ovpns2:192.168.92.0                  0     0     0

      Local router/gateway

      Neighbor ID     Pri State           Dead Time Address         Interface                        RXmtL RqstL DBsmL
4.0.0.1           1 Full/DROther      34.164s 192.168.91.0    ovpnc1:192.168.91.1                  0     0     0
4.0.0.1           1 Full/DROther      34.165s 192.168.92.0    ovpnc2:192.168.92.1                  0     0     0
1.0.0.2           1 Full/DR           37.618s 10.190.0.3      vmx0.190:10.190.0.1                  0     0     0

      There is no [double-]NAT happening between routers anywhere, all NAT occurs only on interfaces with public addresses and in some 1:1-natted VIPs (to split and recombine rev proxying and other data streams), so traffic routed to the remote gateways keeps its source address all the way until it's about the exit to the public network.

      In the remote gateway each of the tunnels' incoming traffic, has its own gateway assigned, opposite to the tunnel the traffic came in, unless it's initiated from outside (port forwarding) then it's straight-through all the way. it's sent to a VIP in the local gateway with the route decided by the routing protocols.

      Lastly, as I mentioned already, aided by FRR/OSPF, ECMP routing is active between sides, which is where my question stems from since I think it might conflict with this as traffic seems already lossy: can I set a load balancing gateway group without NAT in the LOCAL ROUTER using the tunnels?

      I don't quite understand or know if (and how) the visibility into the network from the other side might prompt it to return the traffic through the other tunnel, and not from the one it was sent, and what that might cause. Just in case though, I enabled the static route filtering option in the local side:

      Screen Shot 2023-11-16 at 08.25.50.png

      I tried to make a drawing to illustrate all of this but it's kinda complicated, and on the third draft I still can't get it simple enough. Here's… something:

      lb-gateway-group-without-nat.png

      Should I remove the LB gateway group, and perhaps set a gateway on a virtual IP on the remote side, or on the interface on the remote side, or something like that?

      Thanks.

      Missing something? Word endings, maybe? I included a free puzzle in this msg if you solv--okay, I'm lying. It's dyslexia, makes me do that, sorry! Just finish the word; they're rarely misspelled, just incomplete. Yeah-yeah-I know. Same thing.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.