[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problems with load balancing

On Tue, Feb 22, 2005 at 08:36:40PM -0500, Jaime Vargas wrote:
> >>#  nat outgoing connections on each internet interface
> >>nat on $ext_if1 from $lan_net to any -> $ext_ip1_2
> >>nat on $ext_if1 from $lan_net to any -> $ext_ip1_1
> >
> >This won't work, the criteria in both rules are the same (same
> >interface, same source address), so the second rule never matches,
> >because the first one already does.
> >
> >If you could use tagged in nat rules, that might be an option, but I
> >don't think that's supported yet.
> That was my suspicion thanks for clarifying this.
If you're willing to run -current, you can try this patch
This adds support for 'tagged' to NAT rules. So you can tag connections
that you want to route to the second gateway and replace the source
address based on that tag, like
  nat on $ext_if1 from $lan_net to any tagged rerouted -> $ext_ip1_2
  nat on $ext_if1 from $lan_net to any                 -> $ext_ip1_1
The tricky part is to get the tag attached only to those connections
that you re-route to the second gateway.
A single rule like
  pass out on $ext_if1 route-to { ($ext_if1 $ext_gw1_1), \
	($ext_if1 $ext_gw1_2) } tag rerouted
won't help, as it will tag all connections no matter where they're
routed to.
Instead on relying on round-robin, you could use the 'probability'
option, like
  pass out quick on $ext_if1 route-to ($ext_if1 $ext_gw1_2) tag rerouted \
	probability 50%
Each new connection gets randomly routed through one of the gateways.
It's not strictly round-robin, several consecutive connections may go
through the same gateway, but given statistics and large numbers, the
result could be similar enough.