[kwlug-disc] Bandwidth aggregation

L.D. Paniak ldpaniak at fourpisolutions.com
Wed Feb 11 11:43:35 EST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks for putting the time into a detailed explanation.  I understand
now how my simple-minded picture of the issue was lacking.

Do you know how 'multi-link PPP' which appears to be available from the
ISP TekSavvvy compares to a "multihomed IP space"?  Are these
operationally the same thing?




Andrew Kohlsmith (lists) wrote:
> On February 10, 2009 03:52:44 pm L.D. Paniak wrote:
>> I think it would be a great topic.  WAN connections are easily the most
>> unreliable part of a modern computer system.  For things like VOIP,
>> failover capability is essentially a requirement.
>>
>> Is it really that esoteric?  Don't most homes/businesses have access to
>> cable and DSL or two channels of DSL?
> 
> Yes it is.  I said "multihomed IP space" -- that is not the same thing as two 
> DSL or cable connections at all.
> 
> Multihomed IP space means an IP address which is reachable through two or more 
> providers. I'm not aware of any DSL, Cable, Cell or Wifi providers which give 
> you this kind of address.
> 
> If you get 55.1.2.3 from your DSL provider and 99.1.2.3 through your cable 
> provider, both of those addresses are single-homed from your perspective.  If 
> someone on the internet sends a packet to 55.1.2.3, it will ONLY come from 
> your DSL line, and never from your cable.  If you send a request out your DSL 
> connection, the response will come back through your DSL connection.  It 
> won't balance between the DSL and cable connections.  You can try to fake 
> your source address to have a request go out one and back the other, but any 
> ISP worth their salt will be dropping packets not sourced from their own IP 
> space.
> 
> What I am doing is "extruding" multihomed IP space through a number of 
> single-homed connections.  Through SCS Internet, I have access to multihomed 
> IP space.  (e.g. 77.1.2.0/24.)  Traffic to any of these addresses can come 
> from one of (I think) three or four different providers into his rack.
> 
> Using a server in that rack (with IP 77.1.2.2, for example), I "extrude" an 
> IP, say 77.1.2.3.  I use proxy-arp to as a means to capture traffic for that 
> IP.  Basically that means that whenever someone asks for the ethernet address 
> of 77.1.2.3, the server responds with its own MAC.
> 
> Your router at the office has a DSL and cable connection, with IP 55.1.2.3 and 
> 99.1.2.3 from your respective providers.  What I do now is to set up two GRE 
> tunnels, one from 55.1.2.3 to 77.1.2.2 and one from 99.1.2.3 to 77.1.2.2.  So 
> now your home router actually has four routes: DSL-to-world, cable-to-world, 
> DSL-to-server-via-tunnel0, cable-to-server-via-tunnel1.
> 
> What I do now is to use iproute2 and iptables to set up a packet marking and 
> load balancing system.  I say that traffic for the world (i.e. default route) 
> is via DSL-to-server-via-tunnel1 *AND* to cable-to-server-via-tunnel1, with 
> equal weighting (neither route is preferred). I also to disable route 
> caching, which works against us in this scenario.  Now any traffic that the 
> router wants to send out to the world will go through either tunnel and "pop 
> out" as traffic from 77.1.2.3.
> 
> It may have taken the path through the cable or DSL IP, but it was 
> encapsulated in the tunnel at that point.  The traffic exits from 151 Front 
> with a source IP of 77.1.2.3 and heads out through any of the providers that 
> he has available.  It reaches the destination, and a response comes back to 
> 77.1.2.3.  The server receives that traffic, sends it back through one of the 
> two tunnels, and your router gets it and does what it would normally do with 
> it.  All the tunnels are brought up and torn down with your standard ip-up 
> style scripts that PPPoE gives, but you could also do it with the normal 
> networking post-route scripts (for cable or wifi connections, for example).
> 
> If a tunnel fails, the other tunnel's there, and traffic still flows.  If you 
> add more tunnels, the bandwidth is load-balanced over them.  Since the 
> 77.1.2.3 address is multihomed, you don't lose connectivity when one of the 
> providers that SCS Internet uses has troubles, since that IP is reachable 
> through several other paths.  You can play with route metrics to favour one 
> tunnel over the other, and of course you can play with the routing table 
> selections on the router so that you do NOT use the multihomed space for 
> regular web traffic, windows updates or whatever other nonessential traffic 
> you may have.
> 
> You can *also* use IPSec to encrypt everything over the tunnel.
> 
> The only real downsides are
> 1) bandwidth considerations at the colo
> 2) slightly increased latency due to tunnelling and encryption
> 
> I've used this method to provide highly-available bandwidth for the auto 
> industry, where they were willing to pay for the colocated server at 151 
> Front -- multihomed IP space was simply not available at some of their 
> plants, and simply too expensive at others. They decided to get more bang for 
> their buck by using the colocated server as an IPSec endpoint, FTP server for 
> *huge* CAD drawings and a conferencing bridge instead of bringing absolutely 
> all that traffic back to their home network.
> 
> Anyway -- that's why I feel it's an esoteric topic.  You can bring two DSL or 
> cable connections together for home/office use, but that's not the same thing 
> as what I described.
> 
> -A.
> 
> _______________________________________________
> kwlug-disc_kwlug.org mailing list
> kwlug-disc_kwlug.org at kwlug.org
> http://astoria.ccjclearline.com/mailman/listinfo/kwlug-disc_kwlug.org
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFJkwA38h2PnOHbiQcRAmc9AJ9/EVBv+v1jdo/cBDPjY/7Gna2aIwCcDA5F
sF0TLRJynor/J4SDWVyPf2Y=
=dGT2
-----END PGP SIGNATURE-----




More information about the kwlug-disc mailing list