pfSense Gold Subscription

Author Topic: Multi-WAN support with same gateway on multiple interfaces ***{NOW $650}***  (Read 20416 times)

0 Members and 1 Guest are viewing this topic.

Offline GoldServe

  • Full Member
  • ***
  • Posts: 255
    • View Profile
I know this can be done already by natting all the interfaces to make it appear as multiple gateways but if commercial routers can do this, why not pfsense?

I think pfsense is great but the whole system needs to be more multi-wan aware. I know lots of kernel hacking is required so please post your interest and bounty!

I'm a home user but i'm gonna put $100 down to see this get done. I can very well go buy a dual wan commercial router but I want to see pfsense kick some serious ass!

Thanks for looking!
« Last Edit: February 25, 2009, 08:42:59 pm by submicron »

Offline ermal

  • Administrator
  • Hero Member
  • *****
  • Posts: 3354
    • View Profile
Re: Multi-WAN support with same gateway on multiple interfaces
« Reply #1 on: June 28, 2008, 05:36:12 am »
You want load balancing between connection going over the same interface with the same gateway or between multiple connection that share the gateway?

Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6287
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: Multi-WAN support with same gateway on multiple interfaces
« Reply #2 on: June 28, 2008, 11:08:19 am »
I talked to GoldServe in IRC last night - what he wants is multiple interfaces and connections with the same gateway Ermal. Like you'll usually end up with if you have multiple cable modems. Since we have to use IPs with route-to there isn't anything we can do as is, but I was hoping you'd see this.  :)  Thought you might know of a way to hack pf to accommodate this, if more people were willing to chip in on the bounty.

Offline ermal

  • Administrator
  • Hero Member
  • *****
  • Posts: 3354
    • View Profile
Re: Multi-WAN support with same gateway on multiple interfaces
« Reply #3 on: June 28, 2008, 01:54:09 pm »
Thought you might know of a way to hack pf to accommodate this, if more people were willing to chip in on the bounty.
Well there is a way adding to pf(4) the ability to directly send arp packets in the wire :).
But if i add that then it will open up the ability to do arp level(layer2) balancing wouldn't it :P

I might consider it if more chips in on the bounty since kernel hacking is involved.

Ermal

Offline GoldServe

  • Full Member
  • ***
  • Posts: 255
    • View Profile
Re: Multi-WAN support with same gateway on multiple interfaces
« Reply #4 on: June 28, 2008, 02:18:04 pm »
I really hope more people can add to this bounty. It would be much simpler to do multi-wan.

Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6287
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: Multi-WAN support with same gateway on multiple interfaces
« Reply #5 on: July 07, 2008, 09:33:34 pm »
Well there is a way adding to pf(4) the ability to directly send arp packets in the wire :).
But if i add that then it will open up the ability to do arp level(layer2) balancing wouldn't it :P

I don't think that would solve it though - we're talking about the same MAC address on both interfaces as well generally, so L2 load balancing wouldn't fix this. It has to have a way to leave a particular physical interface, without using anything L2-L7.

Offline ermal

  • Administrator
  • Hero Member
  • *****
  • Posts: 3354
    • View Profile
Re: Multi-WAN support with same gateway on multiple interfaces
« Reply #6 on: July 08, 2008, 11:08:02 am »
Well there is a way adding to pf(4) the ability to directly send arp packets in the wire :).
But if i add that then it will open up the ability to do arp level(layer2) balancing wouldn't it :P

I don't think that would solve it though - we're talking about the same MAC address on both interfaces as well generally, so L2 load balancing wouldn't fix this. It has to have a way to leave a particular physical interface, without using anything L2-L7.

I thought it was the same ip for the gateway ;)

For the same mac address not much can be done with different enviroments ;-{

Offline hhh3h

  • Newbie
  • *
  • Posts: 11
    • View Profile
Re: Multi-WAN support with same gateway on multiple interfaces
« Reply #7 on: July 18, 2008, 04:57:30 pm »
I really have no idea how pfSense works, because I am just in the thinking stages of whether I should move to a pfSense/IPCop router or should keep my perfectly fine cisco multi-wan VPN router.  Nevertheless, I'd like to throw this idea out there (please don't flame if its a stupid idea).

It seems that multi-wan support is merely an appendage feature that's thrown in at the end of the project without much thought behind it.  But, wouldn't it be better if IpTables was redesigned to simply address which ethernet port the packets should be forwarded to?




---------------------
Something like this would be the setup for someone who wants to have one group of PCs use one modem, and another group of PCs use another modem:

IP RangeDefault Ethernet AdapterBackup Ethernet AdapterLoad Balance Switch Threshold (kbps) (Note1)Applicable Ports (Note2)
192.168.0.*012000*
192.168.1.*102000*
192.168.1.0-192.168.1.10,192.168.1.15,192.168.1.34012000*




---------------------
And using the same table, but going with a different need, something like this would be the setup for someone who wants, for all PCs, to direct certain types of traffic to one modem, and other types of traffic to go to another modem:

IP RangeDefault Ethernet AdapterBackup Ethernet AdapterLoad Balance Switch Threshold (kbps) (Note1)Applicable Ports (Note2)
*012000*
*10200080-81,500




---------------------
(Note1) Set "Load Balance Switch Threshold" to 0-kbps to never load balance, meaning the backup ethernet adapter would only be used if the first one failed.

(Note2) If you leave out a port, the router will not forward packets on that port to any ethernet adapter, meaning the packet on that port would be dropped (blocked) like an outgoing firewall.
« Last Edit: July 18, 2008, 07:03:08 pm by hhh3h »

Offline ermal

  • Administrator
  • Hero Member
  • *****
  • Posts: 3354
    • View Profile
Re: Multi-WAN support with same gateway on multiple interfaces
« Reply #8 on: July 18, 2008, 05:17:05 pm »
Well,  ;D, you remind me of why so *many* people talk as they please and few of them do the real work.


Offline GoldServe

  • Full Member
  • ***
  • Posts: 255
    • View Profile
Re: Multi-WAN support with same gateway on multiple interfaces
« Reply #9 on: July 18, 2008, 05:20:22 pm »
That is a really cool idea and would put pfsense above all others! Unfortunately, it is going to take some massive rewrite and someone's commitment to accomplish that. I will put down $200 out of my own pockets to see work being down in that direction.

Offline hhh3h

  • Newbie
  • *
  • Posts: 11
    • View Profile
Re: Multi-WAN support with same gateway on multiple interfaces
« Reply #10 on: July 18, 2008, 07:11:54 pm »
Well,  ;D, you remind me of why so *many* people talk as they please and few of them do the real work.

I'm sorry..

That is a really cool idea and would put pfsense above all others! Unfortunately, it is going to take some massive rewrite and someone's commitment to accomplish that. I will put down $200 out of my own pockets to see work being down in that direction.

Thank you

I would be inclined to support a project with this functionality as well, but I only learned about pfsense and feature bounties today.  I am wondering what the trackrecord is and/or likelihood that something would actually be developed.

Offline GoldServe

  • Full Member
  • ***
  • Posts: 255
    • View Profile
Re: Multi-WAN support with same gateway on multiple interfaces ***$200***
« Reply #11 on: July 18, 2008, 07:13:13 pm »
The bounty system proved successful for the traffic shaper. Now it is vastly improved and functional.

Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6287
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: Multi-WAN support with same gateway on multiple interfaces
« Reply #12 on: July 18, 2008, 08:02:25 pm »
I would be inclined to support a project with this functionality as well, but I only learned about pfsense and feature bounties today.  I am wondering what the trackrecord is and/or likelihood that something would actually be developed.

For this feature, I don't know how likely it is to be completed. This is a more difficult one to implement than ones that have been completed in the past.

The only problem to date with bounties is people pledging support and never paying. The last one I did was even worse - I bought the hardware the company was using so I could implement the desired functionality with the promise it would be reimbursed, did the work as agreed upon and it was successfully completed. They refuse to pay, so I'm out $450 USD out of my pocket plus all the time spent. Losing time is one thing, losing that much money out of my pocket is another entirely... Lesson learned, I'll never buy any hardware under the promise of reimbursement again.

The bounty system has proven to be a great way to get functionality implemented for the end users. The developers have gotten screwed on multiple occasions, to varying degrees, but no end user has ever gotten less than promised. 

Offline hhh3h

  • Newbie
  • *
  • Posts: 11
    • View Profile
Re: Multi-WAN support with same gateway on multiple interfaces
« Reply #13 on: July 18, 2008, 08:34:02 pm »
I would be inclined to support a project with this functionality as well, but I only learned about pfsense and feature bounties today.  I am wondering what the trackrecord is and/or likelihood that something would actually be developed.

For this feature, I don't know how likely it is to be completed. This is a more difficult one to implement than ones that have been completed in the past.

Thank you for replying.  It seems that there are many many of threads on I see on the internet about "why doesn't IPCop support multi-WANs", and "why is it so hard to get multi-WANs working in pfSense".  Therefore, I would assume that well-designed, intrinsic functionality to support a multi-WAN environment should be a high priority.

But nevertheless, are you saying that I should not pledge any money on this project because it is not likely to be completed?  I would really appreciate a realistic projection.

Thank you

Offline ermal

  • Administrator
  • Hero Member
  • *****
  • Posts: 3354
    • View Profile
Re: Multi-WAN support with same gateway on multiple interfaces ***$200***
« Reply #14 on: July 19, 2008, 02:23:15 am »
Well nobody stops you from pledging!
The problem is that the offer should be serious and so should be your commitment when the bounty is finished.

I do not think that multi-WAN in pfSense is difficult, though in 1.3 the configuration has changed somewhat.

The first thing before pledging moeny is stating what are your needs and after that what is your pledge.

Ermal