netbsd-users: RE: two default gateways

Subject: RE: two default gateways
To: 'Zafer Aydogan' <netbsd-users@netbsd.org>
From: Gary Parker <G.J.Parker@lboro.ac.uk>
List: netbsd-users
Date: 11/29/2004 11:35:59
> -----Original Message-----
> From: netbsd-users-owner@NetBSD.org 
> [mailto:netbsd-users-owner@NetBSD.org] On Behalf Of Zafer Aydogan
> Sent: 29 November 2004 11:04
> To: netbsd-users@netbsd.org
> Subject: two default gateways
> 
> Hej Mailing-List,
> 
> Our Company has two seperate Internet Connections with two 
> simple Routers.
> 
> How can I manage to route Web traffic over one Connection and 
> SMTP over the
> other one ?

This one's relatively easy: set up a box, with it's default gateway set to
be the router of your choice, running squid and proxy all your users' web
requests through it. This will have the added bonus of reducing your
browsing traffic due to local caching. You can do likewise with the SMTP
traffic, setup a box with an SMTP server of your choice that will accept
connections from anyone on your LAN and forward them on to the relevant
server on the Internet. Make it's default gateway the router that *isn't*
handling your www and you're sorted.

To police this it's also a good idea to block outgoing traffic from your LAN
on port 80 and 25 to ensure your users use these two proxies and don't just
send the traffic out through whichever router they choose. This can also be
very helpful in blocking virus-infected client PCs on your network that are
acting as spam sources.

> Or how can I route traffic over one connection if the other one fails.
> (fail-over)
> And How can I share the load on both connection (50% 50% e.g.)

This one's easy for your www traffic, it's just a matter of setting up a
non-caching squid process for each connection then telling a master process
to load balance between the two. If Squid sees that one of it's parent
caches is not responding it will dynamically route all it's traffic through
the remaining caches it knows about. Check out www.squid-cache.org for more
details of what you can do (and how to do it) with Squid.

For load-balancing of other types of traffic and fail-over you're looking at
more complex setups, I'm afraid.

--
/-Gary Parker-----------------------f-Loughborough University-\
n IT Bandwidth Management Specialist - http://www.bmas.ja.net |
| Computing Services      - http://www.lboro.ac.uk/computing/ o
\r----------------------------------------------------------d-/