Saturday, March 19, 2011

LOAD BALANCING OUTGOING CONNECTION


What was meant by outgoing load balancing in this discussion? I mean outgoing load balancing here is balancing two or more Internet connections and optimize the connection.

in doing this I use the load balancing pool pf

http://www.openbsd.org/faq/pf/pools.html # outgoing

in this example I will present only two connections. for more than 2 connections you my try it by your self.
pre conditions:

1. Kernel compilation is in suport PF

2. There are 3 pieces Lancard 2 for wan connection and 1 for LAN

3. Two line connection isp

First please log into your server:

ogeb @ ogeb-desktop: ~ $ ssh ogeb@indofreebsd.or.id
Password :****************

[ogeb @ indofreebsd ~] $ sudo su -

indofreebsd #

The next thing I did was compile a kernel for pf firewall support and built-in kernel

refer to http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-pf.html

indofreebsd # cd / sys/i386/conf /

indofreebsd # cp GENERIC indofreebsd

indofreebsd # vi indofreebsd

#---- add the following line in your kernel configuration ----#

###--- to support PF ---- # # #
device pf
pflog devices
pfsync devices
cbq ALTQ ###--- for support if needed later --- #



ALTQ options
options ALTQ_CBQ # Class Bases Queuing (CBQ)
options ALTQ_RED # Random Early Detection (RED)
options ALTQ_RIO # RED In / Out
options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC)
options ALTQ_PRIQ # Priority Queuing (PRIQ)
options ALTQ_NOPCC # Required for SMP build

cuman ####--- this hour of need ditambahain ---------#
Save the kernel configuration
after editing kernel configuration and I re-compile the kernel.
indofreebsd # cd / usr / src
indofreebsd # make buildkernel KERNCONF = indofreebsd

-------------------------------------------------- ------------
>>> Kernel build for indofreebsd completed on Wed Jun 26 05:57:45 CEST 2007
-------------------------------------------------- ------------

after that I installed the kernel of his



indofreebsd # make installkernel KERNCONF = indofreebsd

install-o root-g wheel-m 555 if_xe.ko / boot / kernel
===> xl (install)
install-o root-g wheel-m 555 if_xl.ko / boot / kernel
===> zlib (install)
install-o root-g wheel-m 555 zlib.ko / boot / kernel
kldxref / boot / kernel

indofreebsd #

after new kernel installation phase is complete, I need to configure rc.conf for the purpose pf

walking boot

indofreebsd # vi / etc / rc.conf

--- # Add this ###---



pf_enable = "YES" # Enable PF (load module if required)
pf_rules = "/ etc / pf.conf" # rules definition file for pf
pf_flags = "" # additional flags for pfctl startup
pflog_enable = "YES" # start pflogd (8)
pflog_logfile = "/ var / log / pflog" # where pflogd Should store the logfile
pflog_flags = "" # additional flags for pflogd startup
gateway_enable = "YES" # Enable as LAN gateway
router_flags = "-q"
router = "/ sbin / routed"
router_enable = "YES"

defaultrouter = "10.0.0.1" # input one of your isp connection gateway

-------- # #---- Completed

then I save the edits rc.conf serve targeted.

The next step to make configuration pf.conf for loadbalancing pool. in this experiment I

using the configuration of http://www.openbsd.org/faq/pf/pools.html # outexample

indofreebsd # vi / etc / pf.conf

# --- Content pf ---- # configuration



lan_net = "192.168.1.0/24"
int_if = "rl2"
ext_if1 = "rl0"
ext_if2 = "rl1"
ext_gw1 = "10.0.0.1"
ext_gw2 = "10.0.0.2"

# Nat outgoing connections on EACH Internet interface
nat on $ ext_if1 from $ lan_net to any -> ($ ext_if1)
nat on $ ext_if2 from $ lan_net to any -> ($ ext_if2)

# Default deny
block in from any to any
block out from any to any

# Pass all outgoing packets on internal interfaces
pass out on $ int_if from any to $ lan_net
# Pass in quick any packets destined for the gateway Itself
pass in quick on $ int_if from $ lan_net to $ int_if
# Load balance outgoing tcp traffic from internal network.
pass in on $ int_if route-to \
{($ Ext_if1 $ ext_gw1), ($ ext_if2 $ ext_gw2)} round-robin \
proto tcp from $ lan_net to any flags S / SA modulate state
# Load balance outgoing udp and icmp traffic from internal network
pass in on $ int_if route-to \
{($ Ext_if1 $ ext_gw1), ($ ext_if2 $ ext_gw2)} round-robin \
proto {udp, icmp} from $ lan_net to any keep state

# General "pass out" rules for external interfaces
pass out on $ ext_if1 proto tcp from any to any flags S / SA modulate state
pass out on $ ext_if1 proto {udp, icmp} from any to any keep state
pass out on $ ext_if2 proto tcp from any to any flags S / SA modulate state
pass out on $ ext_if2 proto {udp, icmp} from any to any keep state

# Route packets from any IPs on $ ext_if1 to $ ext_gw1 and the Same for
# $ Ext_if2 and $ ext_gw2
pass out on $ ext_if1 route-to ($ ext_if2 $ ext_gw2) from $ ext_if2 to any
pass out on $ ext_if2 route-to ($ ext_if1 $ ext_gw1) from $ ext_if1 to any
# --- Done --- #
then I save the configuration of pf.
indofreebsd # reboot
phase is already finished making the router load balancing 2 pcs connection
suggestion: for your convenience please costumize port port the need to pass or block
check the documentation of squid and pf if you want to run a transparent proxy.

greetings,
ogeb

0 comments: