I have two internet connections (2 PSI) shorewall use for load balancing, and this works well, if I need to upload a large file and I want my two connections simultaneously use the Internet, what do I configure shorewall? and may obtain the sum of the bandwidth of the two ISP: ISP1 =6Mbps ISP2 =6Mbps ISP-Total= 12 Mbps DITG done with testing, sending 2 streams to different IP addresses and note that each stream flows through a different ISP, but there is enough packet loss (50%) apparently shorewall limits the bandwidth of a single link but actually goes by two links. The configuration used is as follows: Providers root@voyage:/# cat /etc/shorewall/providers # # Shorewall version 4 - Providers File # # For information about entries in this file, type "man shorewall-providers" # # For additional information, see http://shorewall.net/MultiISP.html # ############################################################################################ #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY SHO1 1 1 main ath0 192.168.2.2 track,balance eth0 SHO2 2 2 main ath1 192.168.1.2 track,balance eth0 interface ############################################################################### #ZONE INTERFACE BROADCAST OPTIONS #Definimos las interfaces q tienen salida a internet net ath0 detect net ath1 detect #Definimos el area local de nuestra red loc eth0 detect masq #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK USER/ # GROUP ath0 eth0 192.168.2.1 ath1 eth0 192.168.1.1 eth0 ath0 10.1.6.2 eth0 ath1 10.1.6.2 Also modify the value / proc/sys/net/ipv4/route/gc_timeout = 0, so do not hold the routing cache I hope someone can help me with this problem, I took several weeks working on this. regards Geovana ------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you''ll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev
On Aug 30, 2011, at 12:17 PM, Geovana Navarro wrote:> > > I have two internet connections (2 PSI) shorewall use for load balancing, and this works well, if I need to upload a large file and I want my two connections simultaneously use the Internet, what do I configure shorewall? and may obtain the sum of the bandwidth of the two ISP: >You can''t. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you''ll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev
I may not explain well in the past, so rewrite them, hoping you can help me. I have two Internet connections (2 ISPs) use shorewall to balance the load, and this works well, is it possible to obtain the sum of the two ISP or at least have a larger bandwidth to an ISP? Load Balancing for me is to distribute the different flows between an ISP and the other, respecting the bandwidth of each of them and get more bandwidth on my connection, and not to limit the bandwidth of a single link (ose to an ISP). ISP1 =6Mbps ISP2 =6Mbps ISP-Total= 12 Mbps DITG done with testing, sending 2 streams to different IP addresses and note that each stream flows through a different ISP, but there is enough packet loss (50%) apparently shorewall limits the bandwidth of a single link but actually goes by two links. The configuration used is as follows: Providers root@voyage:/# cat /etc/shorewall/providers # # Shorewall version 4 - Providers File # # For information about entries in this file, type "man shorewall-providers" # # For additional information, see http://shorewall.net/MultiISP.html # ############################################################################################ #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY SHO1 1 1 main ath0 192.168.2.2 track,balance eth0 SHO2 2 2 main ath1 192.168.1.2 track,balance eth0 interface ############################################################################### #ZONE INTERFACE BROADCAST OPTIONS #Definimos las interfaces q tienen salida a internet net ath0 detect net ath1 detect #Definimos el area local de nuestra red loc eth0 detect masq #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK USER/ # GROUP ath0 eth0 192.168.2.1 ath1 eth0 192.168.1.1 eth0 ath0 10.1.6.2 eth0 ath1 10.1.6.2 Also modify the value / proc/sys/net/ipv4/route/gc_timeout = 0, so do not hold the routing cache I hope someone can help me with this problem, I took several weeks working on this. regards Geovana Geovana Navarro Dios te Bendiga Solo Cristo Jesus puede darte Amor verdadero, entregale tu corazon. From: teastep@shorewall.net Date: Tue, 30 Aug 2011 19:41:10 -0700 To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] SHOREWALL - ISP Y LOAD BALANCE On Aug 30, 2011, at 12:17 PM, Geovana Navarro wrote: I have two internet connections (2 PSI) shorewall use for load balancing, and this works well, if I need to upload a large file and I want my two connections simultaneously use the Internet, what do I configure shorewall? and may obtain the sum of the bandwidth of the two ISP: You can''t. -Tom Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you''ll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you''ll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev
Geovana Navarro wrote:>I have two Internet connections (2 ISPs) use shorewall to balance >the load, and this works well, is it possible to obtain the sum of >the two ISP or at least have a larger bandwidth to an ISP? > >Load Balancing for me is to distribute the different flows between >an ISP and the other, respecting the bandwidth of each of them and >get more bandwidth on my connection, and not to limit the bandwidth >of a single link (ose to an ISP). > >ISP1 =6Mbps >ISP2 =6Mbps >ISP-Total= 12 MbpsOK, you seem to lack understanding of what the limitation is. Your connection to ISP1 is limited to 6M<period> If that''s what the limit is, then you cannot get more than that. The same for ISP2. So just because the combined throughput is 12M does **NOT** mean you can get more than 6M to either ISP - each is still limited to 6M. So no, just by not running traffic through one connection, you cannot magically get 12M through the other (or even 6.1M). In the same way, you can''t get yourself a high-performance car by buying two low performance ones and leaving one in the garage ! The other thing to realise is that without active assistance from the ISP(s) or a third party, you cannot actually load balance across two connections anyway. You can "sort of as long as you don''t look too hard at what''s going on" do it, but it''s not true load balancing and does cause some problems. The first thing is that any single established connection **cannot** use more than one ISP link. You might get away with sending packets down the "other" ISP for it''s IP address, but most ISPs will filter these and drop them. You 100% will not get any inbound packets via the "other" ISP. So if you are downloading a large file with something like FTP or HTTP, then it cannot use more bandwidth than that available on ONE of your links. Where multiple streams are involved, then the "load balancing" as done with Shorewall can only distribute connections between links. With a large number of randomish connections then the resulting bandwidth will appear to be balanced - but if one of those connections then uses a lot of bandwidth (such as the previously mentioned file download), then your traffic will be unbalanced. Also, be aware that if the connection distribution is properly randomised then this can cause problems - eg a website sees some of your requests come from one IP, and some from a different IP. Some sites may see this as the same user logged in from two places and either get confused and not work properly, or may flag it as an attack and lock you out. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you''ll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev
Many thanks for your clarification.> Date: Wed, 31 Aug 2011 10:03:07 +0100 > To: shorewall-users@lists.sourceforge.net > From: linux@thehobsons.co.uk > Subject: Re: [Shorewall-users] SHOREWALL - ISP Y LOAD BALANCE > > Geovana Navarro wrote: > > >I have two Internet connections (2 ISPs) use shorewall to balance > >the load, and this works well, is it possible to obtain the sum of > >the two ISP or at least have a larger bandwidth to an ISP? > > > >Load Balancing for me is to distribute the different flows between > >an ISP and the other, respecting the bandwidth of each of them and > >get more bandwidth on my connection, and not to limit the bandwidth > >of a single link (ose to an ISP). > > > >ISP1 =6Mbps > >ISP2 =6Mbps > >ISP-Total= 12 Mbps > > OK, you seem to lack understanding of what the limitation is. > Your connection to ISP1 is limited to 6M<period> If that''s what the > limit is, then you cannot get more than that. The same for ISP2. > So just because the combined throughput is 12M does **NOT** mean you > can get more than 6M to either ISP - each is still limited to 6M. > > So no, just by not running traffic through one connection, you cannot > magically get 12M through the other (or even 6.1M). In the same way, > you can''t get yourself a high-performance car by buying two low > performance ones and leaving one in the garage ! > > The other thing to realise is that without active assistance from the > ISP(s) or a third party, you cannot actually load balance across two > connections anyway. You can "sort of as long as you don''t look too > hard at what''s going on" do it, but it''s not true load balancing and > does cause some problems. > > The first thing is that any single established connection **cannot** > use more than one ISP link. You might get away with sending packets > down the "other" ISP for it''s IP address, but most ISPs will filter > these and drop them. You 100% will not get any inbound packets via > the "other" ISP. > > So if you are downloading a large file with something like FTP or > HTTP, then it cannot use more bandwidth than that available on ONE of > your links. > > Where multiple streams are involved, then the "load balancing" as > done with Shorewall can only distribute connections between links. > With a large number of randomish connections then the resulting > bandwidth will appear to be balanced - but if one of those > connections then uses a lot of bandwidth (such as the previously > mentioned file download), then your traffic will be unbalanced. > > Also, be aware that if the connection distribution is properly > randomised then this can cause problems - eg a website sees some of > your requests come from one IP, and some from a different IP. Some > sites may see this as the same user logged in from two places and > either get confused and not work properly, or may flag it as an > attack and lock you out. > > -- > Simon Hobson > > Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed > author Gladys Hobson. Novels - poetry - short stories - ideal as > Christmas stocking fillers. Some available as e-books. > > ------------------------------------------------------------------------------ > Special Offer -- Download ArcSight Logger for FREE! > Finally, a world-class log management solution at an even better > price-free! And you''ll get a free "Love Thy Logs" t-shirt when you > download Logger. Secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsisghtdev2dev > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you''ll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev