Multi-WAN support with same gateway on multiple interfaces ***{NOW $650}***

GoldServe · Feb 26, 2009, 2:42 AM

I know this can be done already by natting all the interfaces to make it appear as multiple gateways but if commercial routers can do this, why not pfsense?

I think pfsense is great but the whole system needs to be more multi-wan aware. I know lots of kernel hacking is required so please post your interest and bounty!

I'm a home user but i'm gonna put $100 down to see this get done. I can very well go buy a dual wan commercial router but I want to see pfsense kick some serious ass!

Thanks for looking!

eri-- · Jun 28, 2008, 10:36 AM

You want load balancing between connection going over the same interface with the same gateway or between multiple connection that share the gateway?

cmb · Jun 28, 2008, 4:08 PM

I talked to GoldServe in IRC last night - what he wants is multiple interfaces and connections with the same gateway Ermal. Like you'll usually end up with if you have multiple cable modems. Since we have to use IPs with route-to there isn't anything we can do as is, but I was hoping you'd see this. :) Thought you might know of a way to hack pf to accommodate this, if more people were willing to chip in on the bounty.

eri-- · Jun 28, 2008, 6:54 PM

@cmb:

Thought you might know of a way to hack pf to accommodate this, if more people were willing to chip in on the bounty.

Well there is a way adding to pf(4) the ability to directly send arp packets in the wire :).
But if i add that then it will open up the ability to do arp level(layer2) balancing wouldn't it :P

I might consider it if more chips in on the bounty since kernel hacking is involved.

Ermal

GoldServe · Jun 28, 2008, 7:18 PM

I really hope more people can add to this bounty. It would be much simpler to do multi-wan.

cmb · Jul 8, 2008, 2:33 AM

@ermal:

Well there is a way adding to pf(4) the ability to directly send arp packets in the wire :).
But if i add that then it will open up the ability to do arp level(layer2) balancing wouldn't it :P

I don't think that would solve it though - we're talking about the same MAC address on both interfaces as well generally, so L2 load balancing wouldn't fix this. It has to have a way to leave a particular physical interface, without using anything L2-L7.

eri-- · Jul 8, 2008, 4:08 PM

@cmb:

@ermal:

Well there is a way adding to pf(4) the ability to directly send arp packets in the wire :).
But if i add that then it will open up the ability to do arp level(layer2) balancing wouldn't it :P

I don't think that would solve it though - we're talking about the same MAC address on both interfaces as well generally, so L2 load balancing wouldn't fix this. It has to have a way to leave a particular physical interface, without using anything L2-L7.

I thought it was the same ip for the gateway ;)

For the same mac address not much can be done with different enviroments ;-{

hhh3h · Jul 18, 2008, 9:57 PM

I really have no idea how pfSense works, because I am just in the thinking stages of whether I should move to a pfSense/IPCop router or should keep my perfectly fine cisco multi-wan VPN router. Nevertheless, I'd like to throw this idea out there (please don't flame if its a stupid idea).

It seems that multi-wan support is merely an appendage feature that's thrown in at the end of the project without much thought behind it. But, wouldn't it be better if IpTables was redesigned to simply address which ethernet port the packets should be forwarded to?

–-------------------
Something like this would be the setup for someone who wants to have one group of PCs use one modem, and another group of PCs use another modem:

| IP Range | Default Ethernet Adapter | Backup Ethernet Adapter | Load Balance Switch Threshold (kbps) (Note1) | Applicable Ports (Note2) |
| 192.168.0.* | 0 | 1 | 2000 | * |
| 192.168.1.* | 1 | 0 | 2000 | * |
| 192.168.1.0-192.168.1.10,192.168.1.15,192.168.1.34 | 0 | 1 | 2000 | * |

–-------------------
And using the same table, but going with a different need, something like this would be the setup for someone who wants, for all PCs, to direct certain types of traffic to one modem, and other types of traffic to go to another modem:

| IP Range | Default Ethernet Adapter | Backup Ethernet Adapter | Load Balance Switch Threshold (kbps) (Note1) | Applicable Ports (Note2) |
| * | 0 | 1 | 2000 | * |
| * | 1 | 0 | 2000 | 80-81,500 |

–-------------------
(Note1) Set "Load Balance Switch Threshold" to 0-kbps to never load balance, meaning the backup ethernet adapter would only be used if the first one failed.

(Note2) If you leave out a port, the router will not forward packets on that port to any ethernet adapter, meaning the packet on that port would be dropped (blocked) like an outgoing firewall.

eri-- · Jul 18, 2008, 10:17 PM

Well, ;D, you remind me of why so many people talk as they please and few of them do the real work.

GoldServe · Jul 18, 2008, 10:20 PM

That is a really cool idea and would put pfsense above all others! Unfortunately, it is going to take some massive rewrite and someone's commitment to accomplish that. I will put down $200 out of my own pockets to see work being down in that direction.

hhh3h · Jul 19, 2008, 12:11 AM

@ermal:

Well, ;D, you remind me of why so many people talk as they please and few of them do the real work.

I'm sorry..

@GoldServe:

That is a really cool idea and would put pfsense above all others! Unfortunately, it is going to take some massive rewrite and someone's commitment to accomplish that. I will put down $200 out of my own pockets to see work being down in that direction.

Thank you

I would be inclined to support a project with this functionality as well, but I only learned about pfsense and feature bounties today. I am wondering what the trackrecord is and/or likelihood that something would actually be developed.

GoldServe · Jul 19, 2008, 12:13 AM

The bounty system proved successful for the traffic shaper. Now it is vastly improved and functional.

cmb · Jul 19, 2008, 1:02 AM

@hhh3h:

I would be inclined to support a project with this functionality as well, but I only learned about pfsense and feature bounties today. I am wondering what the trackrecord is and/or likelihood that something would actually be developed.

For this feature, I don't know how likely it is to be completed. This is a more difficult one to implement than ones that have been completed in the past.

The only problem to date with bounties is people pledging support and never paying. The last one I did was even worse - I bought the hardware the company was using so I could implement the desired functionality with the promise it would be reimbursed, did the work as agreed upon and it was successfully completed. They refuse to pay, so I'm out $450 USD out of my pocket plus all the time spent. Losing time is one thing, losing that much money out of my pocket is another entirely… Lesson learned, I'll never buy any hardware under the promise of reimbursement again.

The bounty system has proven to be a great way to get functionality implemented for the end users. The developers have gotten screwed on multiple occasions, to varying degrees, but no end user has ever gotten less than promised.

hhh3h · Jul 19, 2008, 1:34 AM

@cmb:

@hhh3h:

I would be inclined to support a project with this functionality as well, but I only learned about pfsense and feature bounties today. I am wondering what the trackrecord is and/or likelihood that something would actually be developed.

For this feature, I don't know how likely it is to be completed. This is a more difficult one to implement than ones that have been completed in the past.

Thank you for replying. It seems that there are many many of threads on I see on the internet about "why doesn't IPCop support multi-WANs", and "why is it so hard to get multi-WANs working in pfSense". Therefore, I would assume that well-designed, intrinsic functionality to support a multi-WAN environment should be a high priority.

But nevertheless, are you saying that I should not pledge any money on this project because it is not likely to be completed? I would really appreciate a realistic projection.

Thank you

eri-- · Jul 19, 2008, 7:23 AM

Well nobody stops you from pledging!
The problem is that the offer should be serious and so should be your commitment when the bounty is finished.

I do not think that multi-WAN in pfSense is difficult, though in 1.3 the configuration has changed somewhat.

The first thing before pledging moeny is stating what are your needs and after that what is your pledge.

Ermal

hhh3h · Jul 19, 2008, 5:13 PM

@ermal:

Well nobody stops you from pledging!
The problem is that the offer should be serious and so should be your commitment when the bounty is finished.

I'm serious about getting something done. I'm not going to pledge money for this idea if cmb is saying it's not going to be doable…....

eri-- · Jul 19, 2008, 5:19 PM

Actually it is quite doable and i am one of the possible implementers of it. Just need to be convinced to do it…..

GoldServe · Jul 20, 2008, 4:41 PM

That's good news. I'm very serious about committing $200 of my personal money for this. I use pfsense for home use only as I am a geek =D I paid a little for the traffic shapper changes even though I do not use it but I hear it was well worth it.

Cheers!

hhh3h · Jul 20, 2008, 6:53 PM

@ermal:

Actually it is quite doable and i am one of the possible implementers of it. Just need to be convinced to do it…..

Great.. How much total pledge money will convince you?

eri-- · Jul 21, 2008, 7:53 AM

How much total pledge money will convince you?

You make your offer and i will give my answer.