[aklug] Re: Bonding multiple network connections

On Wed, 20 Jan 2010, Scott A. Johnson wrote:

> Arthur and Shane - My current setup is two connections over GCI. Not for
> redundancy but load balancing; the ability to open multiple TCP sessions and
> max out each connection. I want to have one TCP session over multiple
> connections. There's one NIC on my LAN pushing all the traffic, then the
> router just round-robin splits every other request over the two connections.
> So it's a single L2 connection to my switch, with the software conducting
> the load balancing. So far, so good (I think). To the best of my
> knowledge, GCI doesn't support bonding the two connections on their end into
> one bigger pipe, so I'm thinking I could create a VPN session over each
> connection to a host in a datacenter that I control, having that host then
> be my router and re-assemble the two TCP streams into a single TCP session,
> and route it back out to it's ultimate destination. Kind of like so:
>
> ___________ ____________
>
> |LAN Gateway|ETH0----VPN----ETH0|Data Center |
>
> My LAN----ETH2| Router | |Hosted Box |ETH1------Internet
>
> |___________|ETH1----VPN----ETH0|____________|
>

FYI: As long as you're relying your your black-boxed router you can't
guarantee that your two VPNs will be on separate connections. Not unless
you're going to guarantee that *all* other traffic ceases during the time
you set up the connections. If you can get two different IPs for each VPN
termination in the data center, you may be able to set preferred paths for
each using static routes, though. That would solve that problem.

> Per Shane's recommendation, reading through bonding.txt, it appears the
> "balance-rr" mode may be what I'm after, if I can get the kernel to conduct
> this balancing over the VPN connection. I'll probably have to deal with
> some packets getting out of order so it won't scale 100% linear, but
> hopefully it would be better than nothing. So, yes, looking to aggregate at
> the L3 (well, more like L5 if you want to get technical with the VPN), but
> essentially L3 as it's the TCP session in the end that needs split over two
> links, then reassembled on the other end.

Let me know if you get this to work. I do bonding all the time, but I've
never tried it over pppd connections. Miimon support is usually
required in the base driver you're bonding for link detection.

Personally, after what Shane said about the multilink stuff I'd think it
would be easier to automate non-persistent connections setup/tear-down than
bonding. I'd seriously consider exploring that avenue first.

         --Arthur Corliss
           Live Free or Die
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Fri Jan 22 00:41:56 2010