I have two internet connections. One is a 3Mb link and the other a 10Mb
link. It's not enough to get a decent BGP configuration going. I use a
single freebsd based router with ipfw handling source addresses based
routing to determine the proper link to deliver the traffic.
I'm interested in getting outbound load balancing. I have the Nexland
box, I also have a newer Sonicwall product with their "Enhanced" OS that
does load balancing based on stateful connections. Their "balancing"
system involves defining a percentage of traffic per WAN interface,
which tends to behave well. They both work with light load but under
medium load things fall apart.
Apparently the Nexland unit uses an algorithm to pick which interface at
stateful connection is sent out on. There's a weight system but for the
most part if the client opens multiple connections (say HTTP) it's
possible some of the connections will be delivered over one link and
some over the other. That creates its own share of fun with websites
that rely on source IP for session handling. I'm interested in getting
rid of this unit- the support pretty much dried up.
From what I can see the Sonicwall uses a similar algorithm but instead
of it being per connection it's per host. Just a minor wrinkle that
doesn't "load balance" quite as well, but it achieves a better user
experience on those broken websites.
Both fail when it comes to statefulness. I can't say this enough. A
UDP dns query eats a state entry. In my case I only have two Squid
boxes on the lan side and the WAN side connected to my internet network.
Each squid box has its own dnscache instance and during the day the
state tables overflow roughly every 35 minutes. I haven't yet found a
way to get the units to do something more intelligent with DNS packets.
I would love to use my soekris boxes with m0n0wall instead of these
"load balancers". Is there any more work in that direction?