[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Problems with load balancing



I am resending this, because this the second time I don't get any
response from the list. Am I not asking properly or providing enough
details? Please let me know, I had spent a lot of hours testing
the configuration below trying to figure out why it doesn't work.
I am beg for your help.

Jaime

On Feb 21, 2005, at 6:40 PM, Jaime Vargas wrote:

I seem to have problems with this setup. I am trying to
load balance multiple ISPs using the same interface with
multiple aliases. My problem is that the the return path
for tcp doesn't seem to work. I had tried with reply-to
but no luck. I see the first SYN coming in one interface,
and the reply going back in another.

What am I doing wrong? Thanks for the help, Jaime

# ifconfig sis1
sis1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        address: 00:00:24:c2:3e:11
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet6 fe80::200:24ff:fec2:3e11%sis1 prefixlen 64 scopeid 0x2
        inet 2.M.N.74 netmask 0xfffffffc broadcast 2.M.N.75
        inet 6.X.Y.182 netmask 0xfffffff8 broadcast 6.X.Y.183
        inet 6.X.Y.181 netmask 0xffffffff broadcast 6.X.Y.181
        inet 2.A.B.187 netmask 0xffffff00 broadcast 2.A.B.255

# arp -an
? (2.M.N.73) at 00:05:65:52:e0:ab on sis1
? (2.M.N.74) at 00:00:24:c2:3e:11 on sis1 static
? (2.A.B.1) at 00:30:b8:c3:ee:00 on sis1

# tcpdump -env -i sis1 host 64.83.10.246
tcpdump: listening on sis1
04:03:16.220111 0:30:b8:c3:ee:0 0:0:24:c2:3e:11 0800 64: 64.83.10.246.53959 > 2.A.B.187.22: S [tcp sum ok] 3928674842:3928674842(0) win 65535 <mss 1460> (DF) (ttl 42, id 54539)
04:03:16.680065 0:0:24:c2:3e:11 0:5:65:52:e0:ab 0800 66: 2.A.B.187.22 > 64.83.10.246.53959: . [tcp sum ok] ack 3928674843 win 65535 <nop,nop,timestamp 3181486910 3318599810> (DF) (ttl 63, id 26736)
04:03:22.040414 0:0:24:c2:3e:11 0:5:65:52:e0:ab 0800 74: 2.A.B.187.22 > 64.83.10.246.53959: S [tcp sum ok] 2430943524:2430943524(0) ack 3928674843 win 65535 <mss 1460,nop,wscale 0,nop,nop,timestamp 3181486921 3318599810> (DF) (ttl 63, id 26810)
04:03:22.220118 0:30:b8:c3:ee:0 0:0:24:c2:3e:11 0800 64: 64.83.10.246.53959 > 2.A.B.187.22: S [tcp sum ok] 3928674842:3928674842(0) win 65535 <mss 1460> (DF) (ttl 42, id 54656)
04:03:22.220874 0:0:24:c2:3e:11 0:5:65:52:e0:ab 0800 66: 2.A.B.187.22 > 64.83.10.246.53959: . [tcp sum ok] ack 1 win 65535 <nop,nop,timestamp 3181486922 3318599810> (DF) (ttl 63, id 26811)
04:03:34.280184 0:30:b8:c3:ee:0 0:0:24:c2:3e:11 0800 64: 64.83.10.246.53959 > 2.A.B.187.22: S [tcp sum ok] 3928674842:3928674842(0) win 65535 <mss 1460> (DF) (ttl 42, id 54791)
04:03:34.280972 0:0:24:c2:3e:11 0:5:65:52:e0:ab 0800 66: 2.A.B.187.22 > 64.83.10.246.53959: . [tcp sum ok] ack 1 win 65535 <nop,nop,timestamp 3181486946 3318599810> (DF) (ttl 63, id 26964)
04:03:46.120408 0:0:24:c2:3e:11 0:5:65:52:e0:ab 0800 74: 2.A.B.187.22 > 64.83.10.246.53959: S [tcp sum ok] 2430943524:2430943524(0) ack 3928674843 win 65535 <mss 1460,nop,wscale 0,nop,nop,timestamp 3181486969 3318599810> (DF) (ttl 63, id 27187)
04:03:58.390075 0:30:b8:c3:ee:0 0:0:24:c2:3e:11 0800 64: 64.83.10.246.53959 > 2.A.B.187.22: S [tcp sum ok] 3928674842:3928674842(0) win 65535 <mss 1460> (DF) (ttl 42, id 55042)
04:03:58.390826 0:0:24:c2:3e:11 0:5:65:52:e0:ab 0800 66: 2.A.B.187.22 > 64.83.10.246.53959: . [tcp sum ok] ack 1 win 65535 <nop,nop,timestamp 3181486994 3318599810> (DF) (ttl 63, id 27458)




lan_net = "172.16.0.0/24"
int_if  = "sis0"
ext_if1 = "sis1"
ext_if2 = "sis2"

#external ext_if1 aliases "Public IPs"
ext_ip1_1 = "2.A.B.187"
ext_ip1_2 = "2.M.N.74"
ext_ip1_3 = "6.X.Y.181"
ext_ip1_4 = "6.X.Y.182"

#external gateways through ext_if1 "Private ISPs"
ext_gw1_1 = "2.A.B.1"
ext_gw1_2 = "2.M.N.73"
ext_gw1_3 = "6.X.Y.177"

#external gateways through ext_if2 "Private Wireless Channel"
ext_gw2 = "10.10.10.3"

#  mapping to critical servers
rdr on sis1 proto tcp from any to 2.A.B.187 -> 172.16.0.1
#rdr on sis1 proto tcp from any to 6.X.Y.179 -> 172.16.0.8
#rdr on sis1 proto tcp from any to 6.X.Y.178 -> 172.16.0.9
rdr  on sis1 proto tcp from any to 6.M.N.74 -> 172.16.0.15

#  nat outgoing connections on each internet interface
nat on $ext_if1 from $lan_net to any -> $ext_ip1_2
nat on $ext_if1 from $lan_net to any -> $ext_ip1_1

#  default deny
#block in  from any to any
#block out from any to any

#  pass all outgoing packets on internal interface
pass out on $int_if from any to $lan_net
#  pass in quick any packets destined for the gateway itself
pass in quick on $int_if from $lan_net to $int_if


# route packets from protocols with a state to the same path they came thru
pass out log on $ext_if1 reply-to ($ext_if1 $ext_gw1_1) from any to $ext_ip1_1
pass out log on $ext_if1 reply-to ($ext_if1 $ext_gw1_2) from any to $ext_ip1_2



# load balance outgoing tcp traffic from internal network. pass in on $int_if route-to \ { ($ext_if1 $ext_gw1_2), ($ext_if1 $ext_gw1_1) } round-robin \ proto tcp from $lan_net to any flags S/SA keep state # load balance outgoing udp traffic from internal network pass in on $int_if route-to \ { ($ext_if1 $ext_gw1_2), ($ext_if1 $ext_gw1_1) } round-robin \ proto udp from $lan_net to any keep state # load balance outgoing icmp traffic from internal network pass in on $int_if route-to \ { ($ext_if1 $ext_gw1_2), ($ext_if1 $ext_gw1_1) } round-robin \ proto icmp from $lan_net to any


# general "pass out" rules for external interfaces pass out on $ext_if1 proto tcp from any to any flags S/SA keep state pass out on $ext_if1 proto { udp, icmp } from any to any keep state


# route packets from any IPs on $ext_if1 to $ext_gw1 and the same for
# $ext_if2 and $ext_gw2
pass out on $ext_if1 route-to ($ext_if1 $ext_gw1_2) from $ext_ip1_2 to any
pass out on $ext_if1 route-to ($ext_if1 $ext_gw1_1) from $ext_ip1_1 to any