| Main Archive Page > Month Archives > shorewall-users archives |
Re: [Shorewall-users] SHOREWALL - ISP Y LOAD BALANCE
From: Simon Hobson <linux_at_nospam>Date: Wed Aug 31 2011 - 09:03:07 GMT
To: Shorewall Users <shorewall-users@lists.sourceforge.net>
Geovana Navarro wrote:
>I have two Internet connections (2 ISPs) use shorewall to balance
>the load, and this works well, is it possible to obtain the sum of
>the two ISP or at least have a larger bandwidth to an ISP?
>
>Load Balancing for me is to distribute the different flows between
>an ISP and the other, respecting the bandwidth of each of them and
>get more bandwidth on my connection, and not to limit the bandwidth
>of a single link (ose to an ISP).
>
>ISP1 =6Mbps
>ISP2 =6Mbps
>ISP-Total= 12 Mbps
OK, you seem to lack understanding of what the limitation is.
Your connection to ISP1 is limited to 6M<period> If that's what the
limit is, then you cannot get more than that. The same for ISP2.
So just because the combined throughput is 12M does **NOT** mean you
can get more than 6M to either ISP - each is still limited to 6M.
So no, just by not running traffic through one connection, you cannot
magically get 12M through the other (or even 6.1M). In the same way,
you can't get yourself a high-performance car by buying two low
performance ones and leaving one in the garage !
The other thing to realise is that without active assistance from the
ISP(s) or a third party, you cannot actually load balance across two
connections anyway. You can "sort of as long as you don't look too
hard at what's going on" do it, but it's not true load balancing and
does cause some problems.
The first thing is that any single established connection **cannot**
use more than one ISP link. You might get away with sending packets
down the "other" ISP for it's IP address, but most ISPs will filter
these and drop them. You 100% will not get any inbound packets via
the "other" ISP.
So if you are downloading a large file with something like FTP or
HTTP, then it cannot use more bandwidth than that available on ONE of
your links.
Where multiple streams are involved, then the "load balancing" as
done with Shorewall can only distribute connections between links.
With a large number of randomish connections then the resulting
bandwidth will appear to be balanced - but if one of those
connections then uses a lot of bandwidth (such as the previously
mentioned file download), then your traffic will be unbalanced.
Also, be aware that if the connection distribution is properly
randomised then this can cause problems - eg a website sees some of
your requests come from one IP, and some from a different IP. Some
sites may see this as the same user logged in from two places and
either get confused and not work properly, or may flag it as an
attack and lock you out.
-- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users