Visit The New, Modern Unix Linux Community


Firewall support loadbalance and faileover?!

 
Thread Tools Search this Thread
Special Forums UNIX and Linux Applications Firewall support loadbalance and faileover?!
# 1  
Firewall support loadbalance and faileover?!

hi
I am looking for a solution free & opensource
Such as IP fire or kerio-control
but can Multi-line Internet for load balance and failover support
thanks..

Previous Thread | Next Thread
Thread Tools Search this Thread
Search this Thread:
Advanced Search

Test Your Knowledge in Computers #33
Difficulty: Easy
In HTTPS, the letter 'S' stands for 'safe'.
True or False?

9 More Discussions You Might Find Interesting

1. Cybersecurity

Firewall

Hey Guys, I am looking for a good firewall software to implement in medium/large office, with at least 150 users. I was hopping you guys could help me on this one. Regards, (4 Replies)
Discussion started by: andrevicente
4 Replies

2. Linux

Firewall?

Dear All I have put my windows machine behind my centos firewall server with just one NIC. At now, the windows machine can ping 192.9.9.3 but cannot resolve valid url (like www.google.com). I have set DNS for it as well. Can you please let me know what is the missing step? Thank you (6 Replies)
Discussion started by: hadimotamedi
6 Replies

3. SuSE

Firewall

Is there a command line interface to the firewall? (4 Replies)
Discussion started by: jgt
4 Replies

4. UNIX for Dummies Questions & Answers

unix firewall

our WBM is not working so I cannot enter firewall entries so I would like to know how to do it using unix commands after I have logged in via telnet:wall: (4 Replies)
Discussion started by: kool
4 Replies

5. AIX

Firewall

:b:Hi,, How do configure firewall in aix.. similar to linux iptable. Rgards, k.sumathi. (3 Replies)
Discussion started by: sumathi.k
3 Replies

6. Cybersecurity

help with firewall

hi everyone I am a newbee to firewall scripting. cannot understand how to write rules per host. in ip6tables. anyone plz:( (2 Replies)
Discussion started by: xecutioner
2 Replies

7. IP Networking

sockets and firewall

Is it possible to trace the packages and the statuses of client's and/or server's sockets by the UNIX network administrative tools? Two applications interact via sockets. There is no problem if they stay in the same network segment. If their hosts connected through the firewall then they aren't... (4 Replies)
Discussion started by: gogogo
4 Replies

8. Cybersecurity

Looking Out from Behind a Firewall

Would it be possible to restrict access to internet pages in the following way? A machine: IP = 128.1.17.123 Only pages from domains of the type "go.jp" and "ne.jp" are viewable. All others are not viewable or only partly viewable. B machine: IP = 128.1.17.146 Regardless of the domain... (4 Replies)
Discussion started by: mntamago
4 Replies

9. Cybersecurity

What Firewall do you use?

Just out of curiosity, I see a lot of people here use Linux IPTables as their firewall. Anyone here use something else like OpenBSD PF or *BSD IPF, IPFW? I'm quite fond of OpenBSD and their Packet Filters. I find their syntax much easier to manage and from my personal experience, I find them... (5 Replies)
Discussion started by: tarballed
5 Replies
LAGG(4) 						   BSD Kernel Interfaces Manual 						   LAGG(4)

NAME
lagg -- link aggregation and link failover interface SYNOPSIS
To compile this driver into the kernel, place the following line in your kernel configuration file: device lagg Alternatively, to load the driver as a module at boot time, place the following line in loader.conf(5): if_lagg_load="YES" DESCRIPTION
The lagg interface allows aggregation of multiple network interfaces as one virtual lagg interface for the purpose of providing fault-toler- ance and high-speed links. A lagg interface can be created using the ifconfig laggN create command. It can use different link aggregation protocols specified using the laggproto proto option. Child interfaces can be added using the laggport child-iface option and removed using the -laggport child-iface option. The driver currently supports the aggregation protocols failover (the default), lacp, loadbalance, roundrobin, broadcast, and none. The pro- tocols determine which ports are used for outgoing traffic and whether a specific port accepts incoming traffic. The interface link state is used to validate if the port is active or not. failover Sends traffic only through the active port. If the master port becomes unavailable, the next active port is used. The first interface added is the master port; any interfaces added after that are used as failover devices. By default, received traffic is only accepted when they are received through the active port. This constraint can be relaxed by setting the net.link.lagg.failover_rx_all sysctl(8) variable to a nonzero value, which is useful for certain bridged network setups. loadbalance mode. lacp Supports the IEEE 802.1AX (formerly 802.3ad) Link Aggregation Control Protocol (LACP) and the Marker Protocol. LACP will nego- tiate a set of aggregable links with the peer in to one or more Link Aggregated Groups. Each LAG is composed of ports of the same speed, set to full-duplex operation. The traffic will be balanced across the ports in the LAG with the greatest total speed, in most cases there will only be one LAG which contains all ports. In the event of changes in physical connectivity, Link Aggregation will quickly converge to a new configuration. loadbalance Balances outgoing traffic across the active ports based on hashed protocol header information and accepts incoming traffic from any active port. This is a static setup and does not negotiate aggregation with the peer or exchange frames to monitor the link. The hash includes the Ethernet source and destination address, and, if available, the VLAN tag, and the IP source and destination address. roundrobin Distributes outgoing traffic using a round-robin scheduler through all active ports and accepts incoming traffic from any active port. broadcast Sends frames to all ports of the LAG and receives frames on any port of the LAG. none This protocol is intended to do nothing: it disables any traffic without disabling the lagg interface itself. Each lagg interface is created at runtime using interface cloning. This is most easily done with the ifconfig(8) create command or using the cloned_interfaces variable in rc.conf(5). The MTU of the first interface to be added is used as the lagg MTU. All additional interfaces are required to have exactly the same value. The loadbalance and lacp modes will use the RSS hash from the network card if available to avoid computing one, this may give poor traffic distribution if the hash is invalid or uses less of the protocol header information. Local hash computation can be forced per interface by setting the use_flowid ifconfig(8) flag. The default for new interfaces is set via the net.link.lagg.default_use_flowid sysctl(8). EXAMPLES
Create a link aggregation using LACP with two bge(4) Gigabit Ethernet interfaces: # ifconfig bge0 up # ifconfig bge1 up # ifconfig lagg0 laggproto lacp laggport bge0 laggport bge1 192.168.1.1 netmask 255.255.255.0 The following example uses an active failover interface to set up roaming between wired and wireless networks using two network devices. Whenever the wired master interface is unplugged, the wireless failover device will be used: # ifconfig em0 up # ifconfig ath0 ether 00:11:22:33:44:55 # ifconfig create wlan0 wlandev ath0 ssid my_net up # ifconfig lagg0 laggproto failover laggport em0 laggport wlan0 192.168.1.1 netmask 255.255.255.0 (Note the mac address of the wireless device is forced to match the wired device as a workaround.) SEE ALSO
ng_one2many(4), ifconfig(8), sysctl(8) HISTORY
The lagg device first appeared in FreeBSD 6.3. AUTHORS
The lagg driver was written under the name trunk by Reyk Floeter <reyk@openbsd.org>. The LACP implementation was written by YAMAMOTO Takashi for NetBSD. BUGS
There is no way to configure LACP administrative variables, including system and port priorities. The current implementation always performs active-mode LACP and uses 0x8000 as system and port priorities. BSD
October 1, 2014 BSD

Featured Tech Videos