Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Multi-WAN, DNS, and load balancing – possible with pfSense?

    Routing and Multi WAN
    1
    1
    1898
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      schof last edited by

      We currently have one 4xT1 bonded coming into our office. For a variety of reasons, we've chosen to get additional bandwidth from another vendor rather than increase our bandwidth with our original vendor. So we're going to have one 6Mb connection (4xT1) and one 10Mb connection (microwave).

      We operate a number of different servers internally (web, rsync, etc.) as well as using these connections for normal office traffic (web browsing, SMTP, etc.).

      We'd like a setup where normally traffic is divided between the two ISPs (ideally using all 16Mb at peak), but if one ISP goes down, all traffic (incoming and outgoing) is routed through the remaining ISP.

      Apparently the best way to accomplish this is with BGP; however, I have never worked with BPG, and my understanding is that a) it would require me to coordinate with the technical staff of both ISPs, and b) you really don't want your first exposure to BPG on a high-priority project with a close deadline.

      So that leaves me with the solution I'm about to describe. I first encountered this on a Radware Linkproof I used at a previous job. I'd like to implement this on a 1U server with 3 NICs.

      Traffic originating within the office would be load balanced either in a round-robin manner, or even better, balanced based on the current load on each pipe. If one pipe went down, all traffic would go through the remaining pipe.

      Traffic originating outside the office (to our mail server, web server, etc.) would work in the following manner: (Let's say this is a request for www.example.com.)

      Our external DNS server in the cloud would have two NS records for www.example.com, each one pointing to an IP on a different WAN pipe. (pfSense would need to run two different DNS servers, or one server that returned different records depending on which pipe a request entered on.)

      In the case where everything is up, the requests for www.example.com would round-robin among both NS records, doing the load balancing. If a request got the IP for the DNS server on PIPE1, it would query that server, and the DNS server on PIPE1 would return an IP, also on PIPE1, that reaches the web server.

      If PIPE1 goes down, a client could request the address from the external DNS server, get the NS record, attempt to lookup the IP on the DNS server on PIPE1, and timeout. It would then lookup the IP on the DNS server on PIPE2, succeed, and go to that IP to reach the web server.

      I hope I've described this clearly.

      My questions:

      1. Is what I've described actually the best way to go about this?

      2. If it is, is this something pfSense can handle? How complicated is this to configure on pfSense?

      Thanks very much!

      Schof

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy