Ben Hart

asked on

Cisco 3750 ipbase.. want to load-balance 3 DSL circuits.

I've been reading article today and it seems as though this is doable merely by configuring 3 default gateways or with three static routes all with a priority of 1.

I have 3 DSL lines right now, The motorola modems are handing off ethernet.  So what I want to do is a simple outbound load balance then hand off the up link to pfsense.  I know there are many other ways to accomplish this that would be simpler and sometimes cheaper however A: I already have the 3750 and B: I want to make this work if at all possible.
I also know that pF will natively load balance multi wan circuits however that's what I am doing know.. it isn't working.  So I devised this alternative to help verify if indeed pF's load balancing is broken or not.

I just upgraded to c3750e-ipbasek9-mz.150-2.se9, license are:

Index 1Feature: ipbase
Period left: Lifetime

Now if this is indeed possible, how would I need to configure the 4 ports?

Thanks In Advance!
Sorry, I'm confused a bit by what you want to do.

Do you want to connect 3 modems to pfSense via a 3750 switch, or do you want to connect 3 modems to the 3750 and route internet traffic to the pfSense via the 3750?

Can you draw what you're proposing?

Also, about your current setup... what's not working?
First off the current setup.. background history my original pF hardware failed last year.  An Optiplex 360 (i think) I replaced it with an i5 powered optiplex and 2.2.6 pF. Back then I could do either nooblet tests or file transfers over ssh and top out above 8mbps.
Now though after upgrading both the pf version and the underlying hardware all indication point to barely 3mbps.  And I have 3 x 3mb DSL circuits.

Not being one to want to roll back either the soft or the hardware, I'm looking for a different path.

So yeah my idea is to feed all three dsl lines into the 3750 and have it even out the load across them (not failover) then feed that one combined pipe into pF to be filtered.
Maybe my very crude gimp image will help.
Ok I think I understand now.

You won't be able to hand it off as one big pipe - that's not going to work.  Similarly, bundling the links at the pfSense shouldn't be giving you a combined speed of 8Mbps, unless it was doing MLPPP.  All you're actually doing by using load-balancing (without MLPPP) is putting more lanes on the road, so to speak, but the limit is still 3Mbps.
I believe you about the old pF.. but I'm here to say something gave it the performance and appearance of almost 9mb or combined all three.

But if the layer 3 switch idea won't work then it wont work.
I'm only guessing but I think speedtests will have looked like 9Mbps because they're pulling a file in 3 parts.  The maths is crude but it'll probably say that it could download a file in 'x' amount of time so the bandwidth must be 'y'.

If you put 3 cars in a line and start the clock, the first car will always pass the finish line before the last car, even if they travel at the same speed and started at the same time.  Put those cars side-by-side though and they all arrive at the same time, so the extra time that you have to wait when going down one lane is removed as each car has its own lane.  The cars didn't go any faster though.

It sounds to me like your pfSense is doing failover rather than load-sharing.
It could be, but that's not what it's configured for.  Something clearly changed am with the only changes being inconsequential like the CPU, ram amount, hdd size, underlying chipset and maybe not so inconsequentially the pf version.

At any rate I'd need a real router to do what I'm wanting, is that right?
Thanks for your input Craig.  Now if I go full router... what would be the best method to accomplish what I want?
You want it free?  Grab another old Optiplex and some multi-port NICs.  You can load Sophos UTM (formerly Astaro) with multiple WAN connections.   If you want content filtering, try their newer XG has content filtering, scanning, IDS...but it kills streaming to any Apple device.  They have a workaround on the UTM, but not for the XG Firewall yet.