On Mon, Aug 13, 2001 at 12:05:45PM +0300, Simas Mockevicius wrote:
> Hi,
> 
> I have a falowing situation:
> 
> I have 256 Kbps from one ISP and 128 kbps from other, also I have one firewall
> (ipf/nat) and three ethernet cards, how to do ipf/nat on one ISP I know, but how
> to set up, that if one link is almost used and to tranfer user to another ? Do
> I need to setup source routing ? And what the is it ? :) Also I have heard, that
> in some cases firewall van be configured that way: if from one ISP links is used
> up to 70%, to drop clients to another ISP, or maybe I dream about it last night
> ? :)

There are several problems to deal with, and no easy solution, so I
think you dreamt it ;-)

When you say 70% used - do you mean incoming bw, outgoing bw, or the
total of both? It would be possible to control the outgoing with some
custom code, but the incoming is rather more difficult.

Once you open a TCP session, the other side replies to the src IP you
used (or which NAT used if you're using NAT) - thus, when you pick your
src IP at the start of the connection, you've locked all TCP return
traffic on that TCP session into coming in the link whose src IP you
used - even if that session fills the link, not a single byte can ever
come in your other link. The routers don't have that information, and don't
have a way to track it, even if you wanted to give it to them.

For incoming sessions, whatever dst IP the other end picks will
determine which link is used.

Re: Outgoing bw, you could send outgoing packets out whichever link was
less used currently, but except in very specific applications, that
won't buy you much advantage anyway.

-- 
David Maxwell, david@vex.net|david@maxwell.net -->
All this stuff in twice the space would only look half as bad!
					      - me