2 ip subnets with 2 providers



  • Hi all,

    I have a location with 2 providers and 1 subnet /27 from each provider
    it is possible to load balance the traffic through providers and in the same time every computer behind pfsense to be routed in internet with an ip address from routed subnets?
    I do not want to buy subnets and as number

    thanks



  • I have a location with 2 providers and 1 subnet /27 from each provider

    Ok

    it is possible to load balance the traffic through providers

    Let pfSense acting as a firewall and doing load balancing would be your way.

    • session based load balancing
    • policy based load balancing
    • service based load balancing

    With weighting and ratios if both Internet connections are not at the same speed.

    and in the same time every computer behind pfsense to be routed in internet with an ip address from routed subnets?

    Why PCs should be routed to the Internet with their own static public IP address?
    Are this Servers or PCs? Or are you acting as a ISP/WISP it selfs.

    Perhaps pfSense should then acting as a traffic shaper more then a load balancer.

    I do not want to buy subnets and as number

    Me too ???



  • computers have private ip class
    sometimes ip`s are blocked by some sites used in activity and they cannot afford to block all computers



  • @gabi:

    computers have private ip class
    sometimes ip`s are blocked by some sites used in activity and they cannot afford to block all computers

    Not clear to me. It doesn't explain (or I don't understand) why you would want to route public IP from your LAN.



  • you cannot/shouldn't/won't work.
    assymetric routing is impossible when you don't control the entire setup: https://doc.pfsense.org/index.php/Asymmetric_Routing_and_Firewall_Rules



  • @gabi
    It would perhaps helping much more if you try out to draw a small network schematic for us.



  • i do not have visio on this computer but i make something

    all computers have private class 192.168.0.0/24
    from both ISP I have a public ip and a subnet /27 routed through this ip
    i want each computer to be seen in internet with a ip from /27 (1ip from ISP1 / 1ip from ISP 2)
    also internet connections to be used in a round robin manner between ISP(have the same speed)

    I can set from NAT to force a computer to be routed with an ip from /27 but the second ISP will not allow of course to use ip from ISP 1 and viceversa

    thanks




  • @gabi:

    i want each computer to be seen in internet with a ip from /27 (1ip from ISP1 / 1ip from ISP 2)
    also internet connections to be used in a round robin manner between ISP(have the same speed)

    Your drawing is pretty clear but I don't understand, unless you are hosting services, on each internal desktop, to be accessed from internet, why you would need to have each desktop seen with pubic IP.

    • Load balancing is pretty straightforward defining gateway group.

    Still source IP translation is questionable and at least not clear to me.



  • i want each computer to be seen in internet with a ip from /27 (1ip from ISP1 / 1ip from ISP 2)

    This would be not able to do as I see it right, without using AS and BGP, and with using this
    you will see even also only one PC with one IP! But this way you wont go as you explained above.

    also internet connections to be used in a round robin manner between ISP(have the same speed)

    Load balancing between two or more ISPs would be running at a glance without problems and there are
    three common and mostly used methods to do so and realize it well, and yes the policy based routing is
    a so called round robin manner so please beware of using the real round robin method please!!!
    This is only for CARP or cluster based pfSense firewalls that has a switch in the front of the WAN ports
    and some modems connected to this switch also and then perhaps if two or more ports are building a
    static LAG (not over LACP) and this will be used then as one WAN Port.

    I can set from NAT to force a computer to be routed with an ip from /27 but the second ISP will not allow of course to use ip from ISP 1 and viceversa

    Yes for sure this is correct and there fore I was telling at some line above that is not able to realize with
    load balancing, perhaps you will find a way to let the pfSense acting as a traffic shaper or something like this.


Log in to reply