Multiple ADSL lines using bonded uplink
 |
 |
 |
|
|
 |
2Mbs/250Kbs no-NAT ADSL line with block
of IPs
500Kbs/250Kbs no-NAT ADSL line with block of 4 IPs
|
|
|
|
 |
|
|
|
|
|
|
|
|
In this configuration a customer has a no-NAT 2Mb/s ADSL line (with
250Kb/s uplink) and a large block of IPs so that machines on the LAN
have real addresses. The 2Mb/s ADSL is normally used, and the 500Kb/s
ADSL is a backup and to provide additional uplink capacity.
- 2Mb/s ADSL router has an address A
- FireBrick allocated an address on 2Mb/s router subnet, address B
- 500Kb/s ADSL router has an address C
- FireBrick allocated an address on 500Kb/s router subnet, address D
- Network adderss for 2Mb/s ADSL line is address E
Basic IP setup :-
- First subnet, LAN, no NAT, no Stealth, using address B. This
gives machines on the LAN real addresses on 2Mb/s line
- Second subnet, WAN, no NAT, Stealth, using address B. This allows
the FireBrick to see router on address A
- Third subnet, WAN, no NAT, no Stealth, using address D. This
allows the FireBrick to see router on address C
- Routing entry, LAN to WAN for address A, proxy ARP. This allows
machines on the LAN to see router address A
- Equipment on the LAN to use the 2Mb/s ADSL subnet's addresses and
FireBrick address B as their gateway.
This basic setup allows machines on the LAN to have real addresses.
Gateway setup :-
- Default gateway set to address E
- Gateway alternative list set to addresses A and B
This means that all traffic from to the internet will use the pseudo
address E, which is mapped to A and B alternatively for each packet
allowing a bonded uplink of 500Kb/s for outgoing traffic. The pseudo
address is used because if the router address such as A was used, then
the profile based re-routing to use teh 2Mb line would using gateway A
would still be mapped to both gateways which would not work if one was
down. By using a pseudo address, this is avoided and you can route to A,
C or both (using E) based on routing rules as necessary.
Fallback setup :-
- Profile (2MBADSL) monitoring an internet address, such as routers
WAN address, via address A on WAN, set to alert when inactive and
reroute on change
- Profile (500KADSL) monitoring an internet address, such as
routers WAN address, via address C on WAN, set to re-route.
- Add route between subnets and gateway Any->WAN, gateway A,
profile Not 500KADSL
- Add route between subnets and gateway Any->WAN, gateway C,
profile Not 2MADSL with NAT
This means if the 500K ADSL fails, the default route changes to A and
traffic continues only via 2Mb ADSL.
If the 2Mb ADSl fails, the default changes to C and traffic continues
via the 500Kb/s ADSL but NATed to ensure replies arrive.
Email alerts of profile changes are recommended.
If you have SMTP incoming email, then you may want to set FireBrick
address D as an additional lower priority MX record target, and have a
port map for this address to your mail server allowing incoming mail
even if the main 2Mb link fails.