Emerging Member
Posts: 54
Registered: ‎03-10-2009
Kudos: 2
Accepted Solution

PPPoE Clients and load balancing

Hi, I have an ERL - PPPoE Server and dual PPPoE WAN load balanced.

The question is: Does the load balancing works for such configuration, my PPPoE clients will use both ADSL modems as in a DHCP network?, it looks like that only one of the modems is working for my clients.

Here is my config:

firewall {
    all-ping enable
    broadcast-ping disable

    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians disable
    modify balance {
        rule 1 {
            action modify
            modify {
                lb-group G
            }
        }
    }
    
    name WAN_IN {
        default-action drop
        description "WAN to internal"
        rule 10 {
            action accept
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            state {
                invalid enable
            }
        }
    }
    name WAN_LOCAL {
        default-action drop
        description "WAN to router"
        rule 10 {
            action accept
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            state {
                invalid enable
            }
        }
    }
    options {
        mss-clamp {
            interface-type pppoe
            mss 1452
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
interfaces {
    ethernet eth0 {
        description Internet
        duplex auto
        pppoe 0 {
            default-route auto
            firewall {
                in {
                    name WAN_IN
                }
                local {
                    name WAN_LOCAL
                }
            }
            mtu 1492
            name-server auto
            password 123456
            user-id yyyyy@zzzzzz.xx
        }
        speed auto
    }
    ethernet eth1 {
        description "Internet 2"
        duplex auto
        pppoe 1 {
            default-route force
            firewall {
                in {
                    name WAN_IN
                }
                local {
                    name WAN_LOCAL
                }
            }
            mtu 1492
            name-server auto
            password 123456
            user-id hhhhh@gggggg.bb
        }
        speed auto
    }
    ethernet eth2 {
        address 192.168.0.1/24
        description Local
        duplex auto
        firewall {
            in {
                modify balance
                name MACIP_LAN
            }
        }
        speed auto
    }
    loopback lo {
    }
}
load-balance {
    group G {
        interface pppoe0 {
            weight 60
        }
        interface pppoe1 {
            weight 40
        }
    }
}
service {
    dhcp-server {
        disabled false
        hostfile-update disable
        shared-network-name LAN {
            authoritative enable
            subnet 192.168.0.0/24 {
                default-router 192.168.0.1
                dns-server 192.168.0.1
                lease 86400
                start 192.168.0.100 {
                    stop 192.168.0.142
                }
            }
        }
    }
    dns {
        forwarding {
            cache-size 150
            listen-on eth2
        }
    }
    gui {
        https-port 443
    }
    nat {
        rule 5000 {
            outbound-interface pppoe0
            type masquerade
        }
        rule 5002 {
            outbound-interface pppoe1
            type masquerade
        }
    }
    pppoe-server {
        authentication {
            mode radius
            radius-server 192.168.0.5 {
                key ttttttttttt
            }
        }
        client-ip-pool {
            start 192.168.0.49
            stop 192.168.0.99
        }
        dns-servers {
            server-1 8.8.8.8
        }
        interface eth2
    }
    ssh {
        port 22
        protocol-version v2
    }
}
system {
    conntrack {
        expect-table-size 4096
        hash-size 4096
        table-size 32768
        tcp {
            half-open-connections 512
            loose enable
            max-retrans 3
        }
    }
    host-name my_wisp
    ip {
        override-hostname-ip 192.168.0.1
    }
    login {
        user ubnt {
            authentication {
                encrypted-password $1$zKNoUbAo$gomzUbYvgyUMcD436Wo66.
            }
            level admin
        }
    }
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    offload {
        ipv4 {
            pppoe enable
        }
    }
    package {
        repository squeeze {
            components "main contrib non-free"
            distribution squeeze
            password ""
            url http://http.us.debian.org/debian
            username ""
        }
        repository squeeze-security {
            components main
            distribution squeeze/updates
            password ""
            url http://security.debian.org
            username ""
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone America/Tijuana
}


/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@3:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.5.0alpha1.4653508.140328.1720 */

 

 

Thanks.


Accepted Solutions
Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3142
Solutions: 945
Contributions: 16

Re: PPPoE Clients and load balancing

I was able to hack it with:

sudo iptables -t mangle -A VYATTA_FW_IN_HOOK -i pppoes+ -j balance

 Where "balance" was the name of my modify chain.  We really need to find a way to do this from the CLI though.

EdgeMAX Router Software Development

View solution in original post


All Replies
Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3142
Solutions: 945
Contributions: 16

Re: PPPoE Clients and load balancing


@DanielT wrote:

Hi, I have an ERL - PPPoE Server and dual PPPoE WAN load balanced.

The question is: Does the load balancing works for such configuration, my PPPoE clients will use both ADSL modems as in a DHCP network?, it looks like that only one of the modems is working for my clients.


Your config looks good, but I don't think it's work correctly the the pppoe-server as it doesn't have the modify rule applied.  Guess I'll need to try that setup and see what happens.

EdgeMAX Router Software Development
Highlighted
Emerging Member
Posts: 54
Registered: ‎03-10-2009
Kudos: 2

Re: PPPoE Clients and load balancing

Thanks Stig.

I will search the web for such configuration and see if it can be adapted to ERL.

Emerging Member
Posts: 54
Registered: ‎03-10-2009
Kudos: 2

Re: PPPoE Clients and load balancing

Does anybody know how do I apply the modify rule mentioned to the pppoe-server?

 

Thanks.

Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3142
Solutions: 945
Contributions: 16

Re: PPPoE Clients and load balancing

I was able to hack it with:

sudo iptables -t mangle -A VYATTA_FW_IN_HOOK -i pppoes+ -j balance

 Where "balance" was the name of my modify chain.  We really need to find a way to do this from the CLI though.

EdgeMAX Router Software Development
Emerging Member
Posts: 54
Registered: ‎03-10-2009
Kudos: 2

Re: PPPoE Clients and load balancing

Thank you Stig!!!, that did the trick, I'll try to figure out how to do that from the cli.

Thank you very much.

SuperUser
Posts: 4,020
Registered: ‎06-30-2010
Kudos: 1834
Solutions: 173
Contributions: 9

Re: PPPoE Clients and load balancing


@UBNT-stig wrote:

I was able to hack it with:

sudo iptables -t mangle -A VYATTA_FW_IN_HOOK -i pppoes+ -j balance

 Where "balance" was the name of my modify chain.  We really need to find a way to do this from the CLI though.


Has this been added to the CLI ? 

Need failover for my PPPoE clients. Using a simular config as above.

/Paetur

Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3142
Solutions: 945
Contributions: 16

Re: PPPoE Clients and load balancing


@Paetur wrote:

@UBNT-stig wrote:

I was able to hack it with:

sudo iptables -t mangle -A VYATTA_FW_IN_HOOK -i pppoes+ -j balance

 Where "balance" was the name of my modify chain.  We really need to find a way to do this from the CLI though.


Has this been added to the CLI ? 

Need failover for my PPPoE clients. Using a simular config as above.

/Paetur


No, hasn't been added to the CLI yet.

EdgeMAX Router Software Development
SuperUser
Posts: 4,020
Registered: ‎06-30-2010
Kudos: 1834
Solutions: 173
Contributions: 9

Re: PPPoE Clients and load balancing


@UBNT-stig wrote:

@Paetur wrote:

@UBNT-stig wrote:

I was able to hack it with:

sudo iptables -t mangle -A VYATTA_FW_IN_HOOK -i pppoes+ -j balance

 Where "balance" was the name of my modify chain.  We really need to find a way to do this from the CLI though.


Has this been added to the CLI ? 

Need failover for my PPPoE clients. Using a simular config as above.

/Paetur


No, hasn't been added to the CLI yet.


This could be added to CLI like this:  

"set interfaces pppoe firewall in modify WAN_POLICY"

Or perhaps "set service pppoe-server firewall in modify WAN_POLICY"

/Paetur

Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3142
Solutions: 945
Contributions: 16

Re: PPPoE Clients and load balancing


@Paetur wrote:

@UBNT-stig wrote:

@Paetur wrote:

@UBNT-stig wrote:

I was able to hack it with:

sudo iptables -t mangle -A VYATTA_FW_IN_HOOK -i pppoes+ -j balance

 Where "balance" was the name of my modify chain.  We really need to find a way to do this from the CLI though.


Has this been added to the CLI ? 

Need failover for my PPPoE clients. Using a simular config as above.

/Paetur


No, hasn't been added to the CLI yet.


This could be added to CLI like this:  

"set interfaces pppoe firewall in modify WAN_POLICY"

Or perhaps "set service pppoe-server firewall in modify WAN_POLICY"

/Paetur


Yes of course something like that can be added.  Just a matter of prioritizing our limited resources.

EdgeMAX Router Software Development
Ubiquiti Employee
Posts: 314
Registered: ‎08-11-2016
Kudos: 67
Solutions: 6

Re: PPPoE Clients and load balancing