Trying to load balance 10x DSL connections through Vlans
-
Hello guys, we´re currently deploying a mid size network in a remote town so people in the neighbourhood can have a reliable Internet access, but using recycled,cheap, used, or refurbished Hardware, as this is a non-profit project.
So we got a refurbished HP Proliant DL 380 server as a gift from a local store, a couple used recycled racks, brand new Access points cables and tools as a gift from Ubiquiti. (Thanks Ubiquiti!!! ;) ) A Cisco 2960s and TP-LINK TL-SL 3428 Managed Switches and a local telco provided us with 10 x10 Mbps DSL connections including the ADSL modems for free!
So we wanted to load balance all of these DSL connections say in 2 groups, tier1 and tier2. We already managed to install PfSense v 2.3.2 in the HP server and created 10 vlans with WAN interface as parent. In the Pfsense vlan configuration it only asks for a tag, so we just put a “1“ for first vlan, “2“ for the second one, “3“ for the third and so on… So our vlan tags go form “1“ to “10“. We also added those vlans to the interfaces and enabled them, so now we can see them as “real“ interfaces, waiting only to be “bonded“ in a gateway group.
The thing is we haven't been able to assign the right parameters to the network switch in order to make it work properly. I mean, we are able to “see“ 12 interfaces in the server (WAN, LAN, DSL1, DSL2, DSL3...), and assigned static-access ports to the vlans we created in the cisco switch through the CLI, and plugged in all 10 DSL modems. Now if we attach an Ethernet cable to LAN port in the Pfsense server, we are able to get an IP address, Through the DHCP server itself of course, and have Internet access. Taking a closer look at the interfaces, we can see, that only the WAN interface has a valid ip (through the dhcp setting in this interface), and all other “interfaces“ (Vlans in fact) seem to be up, due to activity in WAN port I suspect, but they all show invalid IP parameters (0.0.0.0). Now If I disconnect the modem the WAN port was taking its ip from, it takes another one shortly after, from another DSL modem plugged in another switch port.
Our question is: How the heck this works? What are we missing here? How the Pfsense server knows in which port of the switch to look to establish a connection between DSL number x and configured virtual gateway number x in pfsense itself and all other matching DSL´s and gateways everything through a single physical WAN port!!!???
I wonder if we´re doing this wrong from the beginning? LOL ;D
I hope you guys can help us with this Issue, and sorry if the post was a little bit confusing! ??? :-\
Thank you very much in advance!
-
Any shed of light anyone?
-
How do you get from the 10 Wan-VLANs to the 10 ADSL modems?
-
How do you get from the 10 Wan-VLANs to the 10 ADSL modems?
Through a Cisco 2960S managed switch. Why?
-
Why? Because that's probably where your problem is.
One trunk to the switch and each VLAN untagged to it's dedicated modem?How do you want to solve the "multiple WANs all with the same getaway" problem later on? Is this confirmed to be an active feature of pfSense now? I just read the opposite but I might be wrong.
-
I´m sorry jahonix, but I dunno what do you mean by “One trunk to the switch and each VLAN untagged to it's dedicated modem?“ we hadn't worked with Vlans before.
We Just assigned 1 Vlan per each ADSL connection and assigned static-ports for those Vlans in the cisco switch. We didn't assign a static ip to those ports, nor dhcp either. We´re planning to turn the modems into routers, so we can have different IP addresses for each connection and never have a “Same Gateway“ Issue. But we´re kinda stuck here at the moment due to the lack of knowledge in managing vlans in the switch.
In the PF box we assigned a tag for each vlan, so we have tag 1 for vlan1, tag 2 for vlan 2, and so on… So when you talk about VLAN untagged to its dedicated modem, what do you mean? Isn´t it supposed to every Vlan should be tagged so it could match the tag on the PF Box? Sorry for my ignorance here if I´m wrong.
Another question: What should we do with the WAN interface itself? Should we disable it? I mean, we have 11 interfaces now beside LAN interface (1 physical, 10 virtual), but only 10 DSL connections. And I guess we can't disable one of the Vlans because every DSL connection is a Vlan in the switch itself.
Any thoughts?
TVM in advance!
-
I do not believe there is such a thing as tagged VLAN 1. You might want to use something else.
What are the WAN configurations from the ISP for these?
-
Well, I´m not quite sure if it is the right thing to say that we configured a tagged VLAN 1, all I said was that in the PF box we set the number 1 in the TAG field in the VLAN configuration page, for the first VLAN we created; number 2 in the TAG field for the second VLAN, and so on… As stated earlier, we´re pretty newbies in VLANs configurations, as a matter of fact, this is our first time experimenting with VLANs.
As for the WAN configurations, we get public IPs from each modem, so they act as a bridge from factory, but we can change those settings and make them work in routing mode so we can avoid possible “WANs with the same gateway“ issue in any given time.
Any thoughts in what can we use for this project with the equipment we already have?
TVM in advance!
-
Static? DHCP? PPPoE? Something else?
-
All modems get their IP from the ISP via DHCP, and they work in “bridged“ mode from factory, that´s why we have different public IPs on our end every few days. Yet we´re planning to change these settings and make them work as a router, and although the IP addresses are gonna be different every few days for each connection, the PF box will manage every Interface as a static one;
eg: 10.0.1.1/255.255.255.252 For DSL 1 / WAN 1
10.0.2.1/255.255.255.252 For DSL 2 / WAN 2
10.0.3.1/255.255.255.252 For DSL 3 / WAN 3And so on…
-
C´mon, Anyone?
-
Hi @Skid,
This kind of setup really requires a good understanding of VLANs, how they work and how to configure them. I get the impression you are not so familiar? Go online, read up on access ports and trunk ports, tagged and untagged, VLAN IDs - different vendors vary the terminology a bit but it's all the same stuff!
I've just returned from doing a temporary event with a very similar setup - only five ADSL connections on the WAN side but they were dotted all over site and had to pass through multiple switches to get to the router (a pfsense VM on a DL380).
You need to define a few bits first:
1. Assign a VLAN ID to each WAN (eg. 51, 52 … 60).
2. Create untagged (access) ports on the cisco switch which connect to each modem.
3. Create a trunk (tagged) port on the cisco switch which passes all those VLAN IDs (ie. 51..60). Connect that port to you r pfsense router and configure each VLAN on it's own interface in pfsense.
4. Don't use DHCP of PPPoE on the WAN connections, I had major issues doing it this way when a connection went offline. Configure them all in their own subnets as you describe and set a static IP address for each WAN interface in pfsense.
5. Configure load balancing / traffic shaping in the pfsense router.You also need to create and configure a LAN connection - ideally via a physically separate network port but this could be a VLAN too, of course you'll need a suitably sized subnet and DHCP scope to cope with the number of users.
What's your location? I might be happy to help you with this.