Category:Bonding: Difference between revisions

From AAISP Support Site
(Added section about fulll bonding with pfSense 2.0.1+)
Line 84: Line 84:
==Full Bonding with a FireBrick==
==Full Bonding with a FireBrick==
A FireBrick at your side can manage bonding, fallback and firewalling - this would give you maximum benefit of having multiple lines. AAISP staff can configure a router when purchased for bonding for a nominal fee. The [[FireBrick]] pages also covers config examples for bonding on the 2500 and 2700 FireBricks
A FireBrick at your side can manage bonding, fallback and firewalling - this would give you maximum benefit of having multiple lines. AAISP staff can configure a router when purchased for bonding for a nominal fee. The [[FireBrick]] pages also covers config examples for bonding on the 2500 and 2700 FireBricks

==Full bonding with pfSense==
If you can't afford to buy a FireBrick, you might try [http://pfsense.org pfSense] as a free alternative. From version 2.0.1, it's possible to configure pfSense for policy-based routing and fallback over multiple WAN connections. One AAISP customer runs this with two AAISP ADSL lines, switching to an AAISP SIM card if both lines fail - see his [http://blog.martinshouse.com/2012/01/multi-wan-multi-lan-no-nat-routing-with.html blog entry] for details. However, pfSense does not yet have IPV6 support, and (as of 2.0.1) the recovery from fallback might not always work perfectly.


=Mixing BT and BE lines=
=Mixing BT and BE lines=

Revision as of 10:25, 8 Ocak 2012

Related Pages on the A&A Website:


AAISP have been providing bonded ADSL services for many years... There are various things to consider and understand...

Overview

AAISP support per-packet bonding - this is at the IP level, and simply means that packets entering or leaving your site use the ADSL lines on a roundrobin basis (or based on the speed of the lines). That way, a single TCP/IP session is transmitted over multiple lines. There is also details on the AAISP KB page: [1] Also see the FireBrick 105 Bonding FAQ [2]

Advantages

More bandwidth, as well as resilience (having more that one line increases the probability of staying online in the event of a fault) People often want greater upload bandwidth so as to improve performance of remote workers (etc VPN/remote sessions etc) or sending out large files etc.

Limitations

FireBrick 105 Throughput

We do recommend the FireBrick 105 product for bonding, fallback, and firewalling - as of Oct 2010, this is nearing the end of it's life, and the throughput peaks at around 10-10Mb/s - so with today's faster lines, it's limit may be easily reached. -New products are due very soon to replace the 105.

Firebrick 2500 and 2700

The replacement to the 105 is the 2500 and the 2700. There is a separate section on this wiki for FireBrick.

Packet re-ordering

As IP packets are taking separate routes to get to you, there is potential for packets to be out of order. This can happen where the ADSL lines have different amounts of latency. -this can be overcome to some extent by adding/removing 'interleaving' on the ADSL lines. Latency can be easily seen on the CQL graphs for your lines on the ADSL Control Pages.

In theory, out of order packets should not be a problem, TCP copes with out of order packets, but some applications may have problems. We have seen some VPNs and specific video streaming applications being very sensitive to packets being out of order. This is rare though.

Bonding

Download Bonding

From the Internet to you. AAISP use FireBrick FB6000 routers to manage ADSL connections. This manages the bonding of traffic from AAISP to your location. IP blocks (configured on Clueless) can be routed to multiple lines on your login. for fallback, the FB6000 will stop routing IPs down a line that is off line, and from the Control Pages you can control which lines are used. Speed wise, the FB6000 will route based on the speed of the line - so if you have a 10M line and a 5M line, then the traffic will be weighted correctly (ie 1/3 on the 5M line, and 2/3 on the 10M line.)

Upload Bonding

Upload bonding requires a device at your side to route IP packet up alternate lines. Typically a FireBrick can do this, as well as provide fallback (not using a line that is down) and firewalling. AAISP staff can also configure the Firebrick for your lines for a nominal fee.

There are other devices that can do this, some of the Mikrotik range of routers can do this.

Linux upload bonding example

Examples

Simple Download Bonding

This is a poor-mans bonding setup, but would be effective, but not as flexible is using additional hardware such as a Firebrick. As AAISP manage download bonding, the simplest set up is as follows:

  • You have 2 or more ADSL lines with AAISP (either BT, or BE, or a mix)
  • You have a block of IPs, big enough for your LAN
    • The first usable IP will be Router 1, the second Router 2, and the rest will be for your devices.
  • You have 2 standard ADSL routers (eg supplied by AAISP)
    • The ZyXELS can be configured to use the other router as a fallback gateway (giving some level of fallback if the ADSL goes down, this isn't configured automatically by AAISP router programming)
  • You plug the routers, and computers etc all in to the same network switch
  • You pick on of the routers IP addresses to use as the gateway on your devices (or you can set up DHCP server on one of the routers)
    • You could use one router as the gateway for half of your devices, and the other router as the gateway for the other half - thus giving some level of upload bonding

With this setup, you wouldn't have any firewall capabilities (apart from that provided by your operating systems.)


Simple Download Bonding, using a router/firewall

If you have an existing router/firewall, then you could use this to firewall your network, and provide NAT (if that's what you want to do) The points are similar to the above example, with a difference on the LAN side of the ADSL routers.

  • You have 2 or more ADSL lines with AAISP (either BT, or BE, or a mix)
  • You have a block of IPs, big enough for your LAN (assuming you are not natting), and a block of IPs for the ADSL routers and your firewall.
    • The first usable IP will be Router 1, the second Router 2, and the rest will be for your firewall.
    • The LAN block will be configured as static routes in the ADSL routers to route the traffic to your firewall.
  • You have 2 standard ADSL routers (eg supplied by AAISP)
    • The ZyXELS can be configured to use the other router as a fallback gateway (giving some level of fallback if the ADSL goes down, this isn't configured automatically by AAISP router programming)
  • You plug the ADSL routers and firewall (WAN port) in to the same network switch
  • Your firewalls LAN port is connected to your main LAN switch.
  • Your firewall uses one of the routers as it's gateway
  • Your firewall can be the DHCP server, can run NAT etc for your LAN

With this case, assuming your firewall is not able to do upload bonding, or have the ability to change which router it uses in the case of an ADSL line being down, in the event of the ADSL line that is being used for upload fails, fallback would need to be controlled manually (ie configure the firewall to use the other ADSL router as it's gateway)

Full Bonding with a FireBrick

A FireBrick at your side can manage bonding, fallback and firewalling - this would give you maximum benefit of having multiple lines. AAISP staff can configure a router when purchased for bonding for a nominal fee. The FireBrick pages also covers config examples for bonding on the 2500 and 2700 FireBricks

Full bonding with pfSense

If you can't afford to buy a FireBrick, you might try pfSense as a free alternative. From version 2.0.1, it's possible to configure pfSense for policy-based routing and fallback over multiple WAN connections. One AAISP customer runs this with two AAISP ADSL lines, switching to an AAISP SIM card if both lines fail - see his blog entry for details. However, pfSense does not yet have IPV6 support, and (as of 2.0.1) the recovery from fallback might not always work perfectly.

Mixing BT and BE lines

AAISP BT lines and BE lines can be used for bonding, and gives even great resilience in the case of a fault in BT or a fault in BE. - as of October 2010, BE lines need to run on a reduced MTU of 1492 - and bonding will need all lines to use this reduced MTU. This is an tickbox option on the control pages though

Bonding FTTC Circuits

FTTC lines can be bonded in exactly the same way - although we do sometimes see congestion on the BT network, we have set up 2 FTTC lines and bonded them with a FireBrick 2700, giving the full throughput - 40Mb/s down and 16Mb/s up.

Subcategories

This category has only the following subcategory.

Pages in category 'Bonding'

The following 5 pages are in this category, out of 5 total.