[ previous ] [ next ] [ threads ]
 
 From:  "Chris Bagnall" <m0n0wall at minotaur dot cc>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] 2 wans one m0n0wall
 Date:  Wed, 27 Oct 2004 15:56:38 +0100 
There are ways in which you can come close to load-balancing for some types
of traffic, but it's not without its problems either. I did this a couple of
years ago with 2 IPCop boxes (I was on ISDN at the time, and having 2x 64k
connections to separate ISPs was much cheaper than paying one ISP the
premium to allow me to channel bond for 128k).

First thing to note: IPCop has Squid built in, and Squid was an important
part of how I set it up. Essentially one box (with the most reliable ISP)
acted as DHCP and handed out all the gateway information specific to its
connection. This prevented me from having to manually configure all the
clients. The second IPCop box was set up without the DHCP server running, so
its info was never handed to any clients, but it was on the same physical
network segment.

I then used another box, also running Squid, and configured it to use the 2
IPCop boxes as parent proxies. Clients then accessed the web via this third
Squid box. This gave me pretty good load balancing for all HTTP traffic. I
believe there are also SOCKS proxies that can do something similar, but
whether those are freely available or not I don't know.

One big problem with all this load balancing stuff, whether home-grown or
with a proper hardware load balancer: some sites don't like seeing multiple
connections from the same computer but from different IPs. This was
particularly a problem with online banking sites - eventually I got to a
point where I told squid to not load balance any HTTPS traffic. Seemed to
solve the problem.

If one had two connections of different speed, you could use the weight=
setting in the cache_peer directives to divide connections accordingly
between your connections.

(In hindsight, the whole lot could be done without the third Squid box -
choose one of the others to be the primary server, and tell it to only
cache_peer for half of the connections).

Regards,

Chris
-- 
C.M. Bagnall, Partner, Minotaur
Tel: (07010) 710715   Mobile: (07811) 332969   ICQ: 13350579
AIM: MinotaurUK   MSN: minotauruk at hotmail dot com   Y!: Minotaur_Chris
This email is made from 100% recycled electrons