Multi-WAN, DNS, and load balancing – possible with pfSense?
We currently have one 4xT1 bonded coming into our office. For a variety of reasons, we've chosen to get additional bandwidth from another vendor rather than increase our bandwidth with our original vendor. So we're going to have one 6Mb connection (4xT1) and one 10Mb connection (microwave).
We operate a number of different servers internally (web, rsync, etc.) as well as using these connections for normal office traffic (web browsing, SMTP, etc.).
We'd like a setup where normally traffic is divided between the two ISPs (ideally using all 16Mb at peak), but if one ISP goes down, all traffic (incoming and outgoing) is routed through the remaining ISP.
Apparently the best way to accomplish this is with BGP; however, I have never worked with BPG, and my understanding is that a) it would require me to coordinate with the technical staff of both ISPs, and b) you really don't want your first exposure to BPG on a high-priority project with a close deadline.
So that leaves me with the solution I'm about to describe. I first encountered this on a Radware Linkproof I used at a previous job. I'd like to implement this on a 1U server with 3 NICs.
Traffic originating within the office would be load balanced either in a round-robin manner, or even better, balanced based on the current load on each pipe. If one pipe went down, all traffic would go through the remaining pipe.
Traffic originating outside the office (to our mail server, web server, etc.) would work in the following manner: (Let's say this is a request for www.example.com.)
Our external DNS server in the cloud would have two NS records for www.example.com, each one pointing to an IP on a different WAN pipe. (pfSense would need to run two different DNS servers, or one server that returned different records depending on which pipe a request entered on.)
In the case where everything is up, the requests for www.example.com would round-robin among both NS records, doing the load balancing. If a request got the IP for the DNS server on PIPE1, it would query that server, and the DNS server on PIPE1 would return an IP, also on PIPE1, that reaches the web server.
If PIPE1 goes down, a client could request the address from the external DNS server, get the NS record, attempt to lookup the IP on the DNS server on PIPE1, and timeout. It would then lookup the IP on the DNS server on PIPE2, succeed, and go to that IP to reach the web server.
I hope I've described this clearly.
Is what I've described actually the best way to go about this?
If it is, is this something pfSense can handle? How complicated is this to configure on pfSense?
Thanks very much!