Complicated load balancing
-
Hey folks. I've got a complicated problem. please bare with me as I'm a total n00b to BSD.
I currently have one ISP (ISP1). Uses PPPoE with a dynamic IP address and has a CRAP upload.
I am going to get another phone line and put a business class DSL service on it (ISP2). It also uses PPPoE but has a static IP address (8 actually) and has a good upload.I have a VOIP server and a windows SBS 2003 server (actuing as DNS,domain controller,exchange).
I would like both my servers to use ONLY ISP2 for their internet access due to IP reasons as well as bandwidth reasons.
Also, I would like all my client computers to use both connections equally (eg. half a web page from ISP1 and half a web page from ISP2).Also, the servers MUST be accessible from the clients (and vice versa) via the LAN (eg. domain controller).
Is this possible?
Also, IF pfsense can't do 2 pppoe connections, i can use a modem router for ISP1 and do a double NAT for it (ISP2 must be direct due to VPN reasons).
Ideally, the clients and servers will be on the same subnet as the domain controller is tricky on a different subnet.
I have read the tutorial on multi-lan however it doesn't mention specific Computers only using one ISP.I think that I am looking for policy based load balacing based on source IP (rather than subnet as the tutorial suggests), then after that i want to Load Balance HTTP traffic however having a "default" config to send everything else to ISP1.
Your help is appreciated cheers
-
This is definitely doable as every item you mentioned should work just fine. My main suggestion would be that when you get your ISP2 dsl line in, make that the primary WAN and convert the slower "crap upload" dsl into WAN2. You can then put a modem in front of it. and you will only have one double-nat setup in your entire environment. It will also allow you to tap into the 8 static ip's better and have better handling.
Good luck and enjoy!
-
NOTE TO EVERYONE: WAN1 = ISP2, WAN2 = ISP1 from post above.
–------------------------------------------------------------That's what i was thinking!!! Fantastic!
Just a few questions. I've been doing some extentive reading of the tutorials and I'm a little puzzled over a few things.
I would like these rules in order (and Im guess I place them in FIREWALL RULES right?):
Assum WAN1 is fast new ISP and WAN2 is old crap ISP
VOIP Server Host Outgoing to WAN1
Web Server Host Outgoing to WAN1
Load Balance HTTP for all clients
Everything Else to WAN2 for all clientsWhere does failover fit in? I kinda understand the tutorials however I'm a bit flaky on where fail over (eg. WAN2FailsToWAN1 and WAN1FailsToWAN2) fits in - the tutorials make failover pools however they don't user them in the firewall rules....
Also, I would want certain ports of the static IP of WAN1 to forward to VOIP Service and certain ports of the same ip to forward to Web Server. How do I do this? -
bump :-)
-
So the test your ran in your test lab didn't give you any clue?
-
failover is for when you want all traffic to go to one ISP (eg ISP1), but if ISP1 dies and you want the traffic to go to ISP2. simple really ;)
-
failover is for when you want all traffic to go to one ISP (eg ISP1), but if ISP1 dies and you want the traffic to go to ISP2. simple really
Thanks for the reply but I know what failover is - i just don't know where it fits in in the confirguration.
Test Lab? I don't have a test lab. I'm also just trying to research and find out info before i pull my network out (it's used for business so it's important that it's up as long as possible)
-
failover is for when you want all traffic to go to one ISP (eg ISP1), but if ISP1 dies and you want the traffic to go to ISP2. simple really
Thanks for the reply but I know what failover is - i just don't know where it fits in in the confirguration.
you set up load balancer pools as required. if you want the to equally distribute connections between ISPs you use load-balancing, if you want one ISP or the other at one time you use failover.
I use failover for ssl based traffic (https, secure pop, secure smtp, ssh etc) and connection distribution for non-ssl.
-
ok that's great!
how do u "unequally disribute" http (port 80) traffic?
-
ok that's great!
how do u "unequally disribute" http (port 80) traffic?
when you setup a pool you would normally have one monitor ip from each isp. this will equally distribute connections.
if you want more traffic sent to one isp then you just add more monitor ips for that isp. if you have 2 monitors for isp1 and 1 monitor for isp2 then 2/3 of connections will be for isp1, 1/3 connections for isp2