[kwlug-disc] Bandwidth aggregation
L.D. Paniak
ldpaniak at fourpisolutions.com
Tue Feb 10 16:51:13 EST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
unsolicited wrote:
>
> Esoteric, yes, in that you essentially have two choices:
> (1) A single device must take in both 'providers', or each headend
> device must run a gateway protocol. The devices have to negotiate
> between themselves who's going to handle what. See (2). Ultimately, only
> one device can have an IP. (DNS returns a single IP, essentially.
> Fallbacks not included here.) Which device is going to claim the IP?
> There is no guarantee as to the pathway of incoming packets - if one
> device sends a packet out, expecting a reply, and it returns on the
> other device, the other device goes "Why are you sending me this, I
> didn't ask for it? Toss.) Such 'knowledgeable' devices are not overly
> common at the consumer level.
> (2) You have to maintain your own routing table. e.g. Your DNS IP comes
> in and goes out one device. Your internal internet requests go out the
> other. The advantages of, we'll call it 'load levelling' are
> substantially lost. Good luck guessing which routes should go where.
> Things get more complicated when services use reverse dns (smtp) to
> verify the incoming packet is coming from the publicized source. And the
> request went out the other.
>
> That's what I can think of off the top of my head, but it gets stranger
> and more irritating. e.g. Providers don't like them - it is now up to
> you to make sure that their network can't be attacked via your gateway
> from another provider. And they don't trust you. Let alone, if the route
> gets into the routing table, they now have multiple paths between
> providers. It gets stranger and stranger.
>
> Thus the creation of gateway (edge) protocols to handle this nonsense,
> and not many devices have that. Nonsense as it aggravation and fiddly bits.
>
I don't think one has to re-invent the wheel with these kinds of
connections. From a hardware point-of-view, I can easily imagine an
OpenWRT-based router with two WAN ports. In fact, I have one running
downstairs. After that it boils down to some iptables gymnastics. I
find Shorewall to be the most user-friendly way to participate in that
sport. For multiple ISPs, take a look at:
http://www.shorewall.net/MultiISP.html#Overview
For VOIP, I'd only want to be sending packets for a particular
connection over one link to avoid the dreaded route-flapping. There the
second link is for other connections/failover.
Anyway, I'd certainly like to hear how this works from someone who knows
what they are talking about.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFJkfbR8h2PnOHbiQcRAg13AJsFOVEg4m94XUCZQPTxsJZ2KtP4KgCfe4dF
mVnAtp3mT/eGoJ3dureKkmc=
=hh6v
-----END PGP SIGNATURE-----
More information about the kwlug-disc
mailing list