Multiple gateways on local network



  • Hi

    I am currently looking for a good solution for my problem.

    In some weeks i and some friends are going to set up a lan party with around 200-250 participants and we have to make a network that works good based on what we have, and it is not what we consider the best solution.

    But, we have a lot of servers and we get 5 public IPs to balance the participants usage over, this because some/many of the game networks (e.g. battle.NET)  block ips when they have to many request from the same ip. and 1 gbit link.

    What i have in mind right now to lighten the server load is to set up 5 pfsense servers and have 5 different local nettworks like 10.0.0.0, 10.0.1.0 and so on, one for each server.

    This way we will have no load issues and the servers will pull trough ok. But the issue i want to solve is the local network. By my planning right now i sit with 5 seperate local networks which can not connect to eachother over local network.

    So what i wonder, is there av way i can connect the 5 local networks? For example would it be possible to have one local network with 5 subnets and 5 gateways assigned based on the ip?

    Ill take every hint and suggestions on have to get the best out of my situation.

    Sorry for my bad english

    Best regards
    Kristoffer


  • LAYER 8 Global Moderator

    Do you really think you need 5 different pfsense boxes to handle 250 users?  Must be very limited hardware?  It would be easier to just setup 1 pfsense with 5 lan nics.  Now depending on which lan segment your on you could setup pfsense to use a different public IP for the nat on your wan interface.



  • I dont think i need that many, but last time we had 200 user it didnt pull trough. And since we have way to many boxes it does not realy matter how many we put up.

    Its pretty old hardware. Most servers have one Intel Xeon at 2,4-3.0 ghz and 1-2gb of ram and intel nics. Last time we runned on a setup with two 3.0ghz cpus and 4 gb ram, it became to much for it. But we also know that we can run about 80 participants on one server from earlier test. So we are just looking out to safe it and have a stable high performance network.




  • LAYER 8 Global Moderator

    How about something as simple as still using 1 lan segment and having your pfsense boxes on say

    10.0.0.1, .2, .x, .5 with a /23 mask to give you plenty of room for your other devices
    .

    then on the dhcp server on each pfsense only set a scope of say 50 clients. Or whatever you max number of clients end up being /numberofpfsense boxes

    So then as your clients connect the would randomly connect to 1 of the 5 pfsense boxes based upon dhcp it gets first as its gateway.  When a pfsense reaches its limit of leases it would stop issuing and you should fill up your other scopes and have a distribution between all 5 pfsense boxes.  Worse case I could see is you have like 50 on 4 of them and then 5 only has like 20 or something..

    But since your clients would send out discover and then just pick first one it gets back to request to, and then get ack and lease from you should get a random sort of distribution between the boxes.

    Leases would be like

    10.0.1.1 - 1.50
    1.51 -  1.100
    1.101 - 1.150
    1.151 - 1.200
    1.201 - 1.250

    This gives you the whole 10.0.0.1-255 for your other devices.

    Your leases would then all point to their specific pfsense box as gateway, and dns if so desired, etc.  If need be increase the mask to allow for more clients.  I don't think 500 some clients should cause you too much broadcast traffic issues?  You could always update the mask if you need more IPs but I doubt you have double your clients in other devices?  At some point the broadcast traffic might be a bit much and then you would want to break out into different segments.  But with only 250 clients and then support hardware to support that wireless AP switches with IPs, servers, etc.  I would think a /23 should be more than big enough?

    This makes for a simple easy to install flat sort of network while allowing you to distribute your internet load across the pfsense boxes.

    edit:  If need be you could setup these boxes as carp for failover, or just have some pfsense boxes all setup and ready to drop in if one of the pfsense boxes dies, etc.

    And you didn't mention any need of firewall / acls between the segments - so with only 250 clients I say just put it on 1 lan segment for ease and simplicity ;)



  • johnpoz:

    I was thinking of something like this but i was a little afraid about how the balance would fall between the boxes, but as you say, if i use a /23 and limit to for example 50 per server then they will balance themselves.


  • LAYER 8 Global Moderator

    Yeah even if 1 is faster than the others at the start in handing out leases - once he hits 50, he is done and the others can fill up.  But what should happen is a random here or there until full.

    Test this if you want before the party, setup 2 and make very small scopes like 3 each and connect some machines and see what happens.


Log in to reply