[SASAG] Load Balancing Small Office

tres at apollonian.net tres at apollonian.net
Mon Jun 16 11:09:04 PDT 2008 

I've I recently did this very thing using PF  on BSD UNIX for a small  
office. All web traffic is piped out a DSL connection, and high- 
priority traffic is sent through a T1. If you're okay with using a BSD  
router, PF makes this easy using the "route-to" directive. Here's a  
little sample of how things work:

===\

# ssh
pass in quick on $internal_interface route-to ($t1_interface  
$t1_gateway) proto tcp from { <rfc1918>, <rfc3927> } to any port  
$ssh_ports modulate state flags S/SA label "ssh:$if"
pass out quick on $t1_interface proto tcp from { <rfc1918>,  
<rfc3927> } to any port $ssh_ports modulate state flags S/SA label "ssh:$if 
" queue ssh

===\

This is pretty simple, just sending all ssh traffic through the T1.  
There's some macros (like $t1_interface) and tables (like <rfc1918>)  
in use, but they're not necessary to get things running. And you're  
definitely not limited to routing all traffic using a certain port; it  
would be pretty easy to make the granularity even finer, so say you  
only route traffic to a range of IP addresses, or to a single IP  
address over the T1.

I know, it's not Linux, but it is free and does work (pretty well  
too). If you'd like more information, or want a generic PF ruleset to  
look at, let me know -- I can put an example ruleset together pretty  
quickly.

Tres

On Jun 16, 2008, at 9:22 AM, Eric Kahklen wrote:

> We currently have a T1 that is split between phone and data service.
> Unfortunately I cannot increase the speed of the data side unless we  
> get
> an additional T1.  We currently host our own email server so I need a
> reliable and stable Internet connection.  The main need for a speed
> increase is because we now use a hosted application that requires  
> many of
> my 30 users in the main office to be connected to the application  
> all day.
> I was wondering if there is an affordable appliance or solution using
> Linux that could allow me to add a business class cable or DSL modem  
> for
> general Internet use while keeping the T1 dedicated for email.  Or  
> is this
> generally not a good design?  I'd appreciate any other ideas or  
> comments.
>
> Thanks,
>
>
> -- 
> Eric Kahklen
> Lynnwood, WA
> 206-595-2934
>
>
> _______________________________________________
> Members mailing list
> Members at lists.sasag.org
> http://lists.sasag.org/mailman/listinfo/members

More information about the Members mailing list