Doug Coats wrote: >I have an interesting twist that is going to be introduced to my network >here in the next month and I would like your opinion as to how to approach >it. > >We currantly have an Internet connection through Comcast (cable). I then >route this to two subnets and one webserver. We have been forced (no DSL in >our area) to have our mailserver off site hooked up to DSL so that we could >have a static IP. > >This going to change in May because we will have DSL on-site. We will be >movig our mailserver so that everything is in one building. We are planning >on keeping the Comcast connection (it's faster) and I need to incorporate >this new DSL connection into our exiting network so that we have outside >access and so that in-house mail traffic stays in-house. > >I hope that I have explained that well enough. Does anyone here have >experience in anything similar? Anyone with a gateway with two out-side >NIC's in it? Any suggestions or ideas would be greatly appreciated. > > > the problem is not load balancing by itself ( linux will load balance over equal cost paths) but with routing. say you have a block of IPs from comcast and other from dsl provider, if you put up two defaults pointing to different ISP, you`ll end up sending the packets with source IP of one provider via the link of the other provider where it`ll eventually be dropped. what could be done: 1. get your own private IP block and announce it - hard, and may not be neccesary in your case 2. NAT + policy routing - very real :) In this case I`d assume that you have a real IP address from each provider. You put your gear behind NAT and inbound traffic destined to certain ports you NAT to internal IPs and vice versa. This is inbound traffic. For outbound you setup some policy routing, basically you can configure a linux box so that for example web traffic goes through this ISP and SMTP through this one. For more info look at LARTC.org or contact me I`ll help you out. For SMTP you can setup 2 MX records for your doiman zone pointing to different hostnames which in turn point to different IPs, this will give you some redundancy. But in this case you`ll not know via what link the pacet came and not now through which to send a subsequent responce. So you`d have to have some for of monitoring the link state so that when one fails then you start sending your traffic out of the active one. This could be done with a simple shell script that pings and if pings time out it executes the commands to switch the traffic over to other link. To sum this all up, it all depends on what you want to achieve, how much redundancy and reliabilty you need. The setup I`ve described has limitations, but is fairly reliable and cheap, and you`d not have to run routing protocols. Though of course best way to go is get a private space and run BGP, from what you told that would be an overkill and also it is quite expensive :) >Doug > > >_______________________________________________ >TCLUG Mailing List - Minneapolis/St. Paul, Minnesota >http://www.mn-linux.org tclug-list at mn-linux.org >https://mailman.real-time.com/mailman/listinfo/tclug-list > > > _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list