Emerging Member
Posts: 54
Registered: ‎03-10-2009
Kudos: 2
Accepted Solution

PPPoE Clients and load balancing

Hi, I have an ERL - PPPoE Server and dual PPPoE WAN load balanced.

The question is: Does the load balancing works for such configuration, my PPPoE clients will use both ADSL modems as in a DHCP network?, it looks like that only one of the modems is working for my clients.

Here is my config:

firewall {
    all-ping enable
    broadcast-ping disable

    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians disable
    modify balance {
        rule 1 {
            action modify
            modify {
                lb-group G
            }
        }
    }
    
    name WAN_IN {
        default-action drop
        description "WAN to internal"
        rule 10 {
            action accept
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            state {
                invalid enable
            }
        }
    }
    name WAN_LOCAL {
        default-action drop
        description "WAN to router"
        rule 10 {
            action accept
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            state {
                invalid enable
            }
        }
    }
    options {
        mss-clamp {
            interface-type pppoe
            mss 1452
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
interfaces {
    ethernet eth0 {
        description Internet
        duplex auto
        pppoe 0 {
            default-route auto
            firewall {
                in {
                    name WAN_IN
                }
                local {
                    name WAN_LOCAL
                }
            }
            mtu 1492
            name-server auto
            password 123456
            user-id yyyyy@zzzzzz.xx
        }
        speed auto
    }
    ethernet eth1 {
        description "Internet 2"
        duplex auto
        pppoe 1 {
            default-route force
            firewall {
                in {
                    name WAN_IN
                }
                local {
                    name WAN_LOCAL
                }
            }
            mtu 1492
            name-server auto
            password 123456
            user-id hhhhh@gggggg.bb
        }
        speed auto
    }
    ethernet eth2 {
        address 192.168.0.1/24
        description Local
        duplex auto
        firewall {
            in {
                modify balance
                name MACIP_LAN
            }
        }
        speed auto
    }
    loopback lo {
    }
}
load-balance {
    group G {
        interface pppoe0 {
            weight 60
        }
        interface pppoe1 {
            weight 40
        }
    }
}
service {
    dhcp-server {
        disabled false
        hostfile-update disable
        shared-network-name LAN {
            authoritative enable
            subnet 192.168.0.0/24 {
                default-router 192.168.0.1
                dns-server 192.168.0.1
                lease 86400
                start 192.168.0.100 {
                    stop 192.168.0.142
                }
            }
        }
    }
    dns {
        forwarding {
            cache-size 150
            listen-on eth2
        }
    }
    gui {
        https-port 443
    }
    nat {
        rule 5000 {
            outbound-interface pppoe0
            type masquerade
        }
        rule 5002 {
            outbound-interface pppoe1
            type masquerade
        }
    }
    pppoe-server {
        authentication {
            mode radius
            radius-server 192.168.0.5 {
                key ttttttttttt
            }
        }
        client-ip-pool {
            start 192.168.0.49
            stop 192.168.0.99
        }
        dns-servers {
            server-1 8.8.8.8
        }
        interface eth2
    }
    ssh {
        port 22
        protocol-version v2
    }
}
system {
    conntrack {
        expect-table-size 4096
        hash-size 4096
        table-size 32768
        tcp {
            half-open-connections 512
            loose enable
            max-retrans 3
        }
    }
    host-name my_wisp
    ip {
        override-hostname-ip 192.168.0.1
    }
    login {
        user ubnt {
            authentication {
                encrypted-password $1$zKNoUbAo$gomzUbYvgyUMcD436Wo66.
            }
            level admin
        }
    }
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    offload {
        ipv4 {
            pppoe enable
        }
    }
    package {
        repository squeeze {
            components "main contrib non-free"
            distribution squeeze
            password ""
            url http://http.us.debian.org/debian
            username ""
        }
        repository squeeze-security {
            components main
            distribution squeeze/updates
            password ""
            url http://security.debian.org
            username ""
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone America/Tijuana
}


/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@3:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.5.0alpha1.4653508.140328.1720 */

 

 

Thanks.


Accepted Solutions
Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3143
Solutions: 945
Contributions: 16

Re: PPPoE Clients and load balancing

I was able to hack it with:

sudo iptables -t mangle -A VYATTA_FW_IN_HOOK -i pppoes+ -j balance

 Where "balance" was the name of my modify chain.  We really need to find a way to do this from the CLI though.

EdgeMAX Router Software Development

View solution in original post


All Replies
Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3143
Solutions: 945
Contributions: 16

Re: PPPoE Clients and load balancing


@DanielT wrote:

Hi, I have an ERL - PPPoE Server and dual PPPoE WAN load balanced.

The question is: Does the load balancing works for such configuration, my PPPoE clients will use both ADSL modems as in a DHCP network?, it looks like that only one of the modems is working for my clients.


Your config looks good, but I don't think it's work correctly the the pppoe-server as it doesn't have the modify rule applied.  Guess I'll need to try that setup and see what happens.

EdgeMAX Router Software Development
Emerging Member
Posts: 54
Registered: ‎03-10-2009
Kudos: 2

Re: PPPoE Clients and load balancing

Thanks Stig.

I will search the web for such configuration and see if it can be adapted to ERL.

Emerging Member
Posts: 54
Registered: ‎03-10-2009
Kudos: 2

Re: PPPoE Clients and load balancing

Does anybody know how do I apply the modify rule mentioned to the pppoe-server?

 

Thanks.

Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3143
Solutions: 945
Contributions: 16

Re: PPPoE Clients and load balancing

I was able to hack it with:

sudo iptables -t mangle -A VYATTA_FW_IN_HOOK -i pppoes+ -j balance

 Where "balance" was the name of my modify chain.  We really need to find a way to do this from the CLI though.

EdgeMAX Router Software Development
Emerging Member
Posts: 54
Registered: ‎03-10-2009
Kudos: 2

Re: PPPoE Clients and load balancing

Thank you Stig!!!, that did the trick, I'll try to figure out how to do that from the cli.

Thank you very much.

Highlighted
SuperUser
Posts: 4,020
Registered: ‎06-30-2010
Kudos: 1834
Solutions: 173
Contributions: 9

Re: PPPoE Clients and load balancing


@UBNT-stig wrote:

I was able to hack it with:

sudo iptables -t mangle -A VYATTA_FW_IN_HOOK -i pppoes+ -j balance

 Where "balance" was the name of my modify chain.  We really need to find a way to do this from the CLI though.


Has this been added to the CLI ? 

Need failover for my PPPoE clients. Using a simular config as above.

/Paetur

Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3143
Solutions: 945
Contributions: 16

Re: PPPoE Clients and load balancing


@Paetur wrote:

@UBNT-stig wrote:

I was able to hack it with:

sudo iptables -t mangle -A VYATTA_FW_IN_HOOK -i pppoes+ -j balance

 Where "balance" was the name of my modify chain.  We really need to find a way to do this from the CLI though.


Has this been added to the CLI ? 

Need failover for my PPPoE clients. Using a simular config as above.

/Paetur


No, hasn't been added to the CLI yet.

EdgeMAX Router Software Development
SuperUser
Posts: 4,020
Registered: ‎06-30-2010
Kudos: 1834
Solutions: 173
Contributions: 9

Re: PPPoE Clients and load balancing


@UBNT-stig wrote:

@Paetur wrote:

@UBNT-stig wrote:

I was able to hack it with:

sudo iptables -t mangle -A VYATTA_FW_IN_HOOK -i pppoes+ -j balance

 Where "balance" was the name of my modify chain.  We really need to find a way to do this from the CLI though.


Has this been added to the CLI ? 

Need failover for my PPPoE clients. Using a simular config as above.

/Paetur


No, hasn't been added to the CLI yet.


This could be added to CLI like this:  

"set interfaces pppoe firewall in modify WAN_POLICY"

Or perhaps "set service pppoe-server firewall in modify WAN_POLICY"

/Paetur

Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3143
Solutions: 945
Contributions: 16

Re: PPPoE Clients and load balancing


@Paetur wrote:

@UBNT-stig wrote:

@Paetur wrote:

@UBNT-stig wrote:

I was able to hack it with:

sudo iptables -t mangle -A VYATTA_FW_IN_HOOK -i pppoes+ -j balance

 Where "balance" was the name of my modify chain.  We really need to find a way to do this from the CLI though.


Has this been added to the CLI ? 

Need failover for my PPPoE clients. Using a simular config as above.

/Paetur


No, hasn't been added to the CLI yet.


This could be added to CLI like this:  

"set interfaces pppoe firewall in modify WAN_POLICY"

Or perhaps "set service pppoe-server firewall in modify WAN_POLICY"

/Paetur


Yes of course something like that can be added.  Just a matter of prioritizing our limited resources.

EdgeMAX Router Software Development
Ubiquiti Employee
Posts: 314
Registered: ‎08-11-2016
Kudos: 67
Solutions: 6

Re: PPPoE Clients and load balancing