tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: How to use two WAN connections at once?

David Young wrote:

>> Is that possible with ipfilter or pf? How would I do that?
>Yes, it is possible.  I have done just what you want.

Great! :)

>The trick is to use PF to pin each flow to a particular WAN connection.
>In that way, if WAN 1 is disrupted *temporarily*, flows on that
>connection may stall for a while, but they have the possibility to
>recover, which is important.  Meanwhile, you establish all new flows on
>WAN 2 while the WAN 1 disruption persists.  When WAN 1 recovers, you may
>establish new flows on either connection, again, and the WAN 1 flows

That would be very good. I guess it will also work, when the machine
running PF is not directly connected to the WAN interface (ifwatchd is
useless for me), but will just route the packets to the next host (which
is e.g. a DSL-router/modem)?

I have no experience with PF yet (was always using ipfilter). Could you
share such an example pf.conf with us? This would be a good starting point
for me.

>I have not tried load-balancing, myself, but I don't see any reason that
>it should not be possible.

Ok. The health-checks are more important.

>What is most tricky, after producing the right PF rules, is to come
>up with the proper metric for WAN connection "badness" and to set the
>criteria for stop establishing flows on a connection.

What did you do? Is PF capable to detect timeouts on an interface?
It should not stop a connection, when it is not used over a period, but
it should monitor connection timeouts.

Frank Wille

Home | Main Index | Thread Index | Old Index