Hello All!
I am looking for advice how to combine bandwith from multiple internet lines (4 cable internet connections) with firewall appliance. For some weird reasons internet from my internet provider is cheaper to buy as separate lines, one line with higher speed is way more expensive. I found out that sonicwall pro devices can load-balance 2 internet lines, but I am looking for solution to combine more then 2 of them.
TIA.
Better check into the realities of what they mean by load-balancing them... probably requires identical boxes on the other end and might not work like you think.
Nothing in the soho space that I know of does this well, the NexLan products claimed to but people I know that tried them had little success.
-Russ.
If you're considering load balancing an Internet server, then round-robin DNS will be the easiest solution, by far. If you are seeking to balance client traffic then something like ipfw probabilities may serve the purpose, but configuration will be far more complex. Another possibility to consider is the use of a number of sonicwalls in a hierarchical configuration, 4:2:1. I know nothing about sonicwall and have no idea if such a configuration is possible.
He's talking about using mulitple smaller lines to approximate one bigger line, so he wants to do something more like bonding. Round Robin DNS will balance incoming traffic only, and even then only approximately.
Along the same lines with a high end soho box you could source route to spread traffic over two links, but that's a very weak form of load balancing.
If he thinks he's going to get 6Mbps downloads with four 1.5Mbps lines, it's just not going to happen.
-Russ.
Yes, I have 4x 8Mbps lines and about 20 workstations with users who use A LOT of bandwith. Right now I have to keep changing gateways for them if someone need more dedicated bandwith. Usually someone starts screeming that he has important client on the demo and someone is using all internet on his line. Then I have to figure out who else is set to that gateway and move them somewhere else. I would like to plug all those lines into one box and set policies in it who can use how much bandwith.
Thank you for all responses!
Agreed. That would certainly require some sort of application-layer proxy, if possible at all.
That won't work. You need some sort of multiplexer on *both* ends to break up the traffic over multiple links and reassemble it on the other end.
-Russ.
Truthfully you need a *real* load balancer to do that properly. Not cheap. F5 is one of the premier vendors of such boxes. Maybe you can find a used one on the old (pre version 9) chipsets for a reasonable cost.
At very least, with a reasonable router that does source routing like a Fortigate, you could redirect the workstation from the router rather than messing with their gateway. A less maintenance-prone approach might be to additionally prioritize and/or rate shape their traffic to ensure that the important stuff gets through -- arriving at a workable if not perfect solution most of the time. With only 20 workstations and only so many types of traffic you could probably dream up a scheme to do it -- source routing means you can route based on source IP *or* protocol, so you could send, say, all the web out one feed, and half the workstations ftp out feed 2, the other half out feed 3, but video conference gets 4MB guaranteed on feed 1, and voip gets high priority over all the rest of the spillover on feed 4... that sort of thing... The important stuff gets through, less important has to wait or share smaller chunks of particular lines...
-Russ.
Or just a download accelerator like axel, and this will work.
You're joking, no?
I'm curious to know if the problem is caused by limited upstream or downstream bandwidth. Barring modem-level antispoofing, routing upstream traffic randomly across the four links should be quite trivial. Downstream traffic will be confined to the corresponding link. I imagine a topology natting four logical networks to four public IPs and then randomly forwarding packets across the four links.
There is a sub-set of the load balancing market that focuses on ISP link load balancing. It is significantly less costly than the "application-focused" load balancing technologies out there, and is commonly provided by the same companies. Many of them provide advanced link health-checking that would allow you to load balance links and more heavily utilize those links that cost you less $$$ and/or get you better performance. F5's Link Controller line is probably best in functionality, although the price reflects that. Radware is a close second with a better price, and a company called FatPipe has done only this. If the business really needs high performance and high availability from internet/WAN links, this stuff is cost-justified. If the high performance is just a "nice-to-have" for 20 users, then the other recommendations on this thread would be a better choice.
Why?
It is not too difficult to create a software, which uses more than one connection and file offsets to download a single file over more than one connection at the same time, if one is using HTTP 1.1.
See RFC 2616, 14.35 Range.
Of course, the download server has to support this HTTP 1.1 option as well. But most of the web servers do today.
Similar things you can do with FTP's RESTART command.
Yours, VB.
We're contemplating a network-based solution, not a host-based solution. Also, we're not talking about HTTP connections, we're talking about WAN links. The original poster stated that there are twenty network users. A host-based solution could only work for one user at a time, unless that host was some sort of proxy. From what I could gather about Axel, it is host-based and it has neither the ability to proxy nor the ability to explicitly route.
Russ wrote: | If he th> > It is not too difficult to create a software, which uses more than one
Yes. And it's very easy to have a device, which routes over four lines with load balancing. Usually, just a router which can do load balancing over routes with the same metric will do.
Please read the OP again.
The problem left maybe will be NAT with downloads, if there is no fixed network to route in. And for that problem I was outlining a possible solution, because it was asked by Russ in
Russ asked for downloads. This is why I referenced HTTP and FTP, the two probably most used protocols for downloads.
Yes. But I did not think, that routing over more than one line using load balancing by having routes with the same metric would be a question for anybody.
Yours, VB.
FreeBSD/IPFW/Dummynet can accomplish that for sure.
What router does this? I have been exploring the host-based router possibilities and have failed to find anything that will perform such a feat. FreeBSD will not allow more than one default route, although one may employ IPFW to explicitly route traffic. Windows 2003 allows more than one default route, but strictly for failover purposes.
OK, I've just researched Cisco and it seems that IOS is capable of load-balancing across multiple default routes in the same manner as I previously suggested with IPFW. I still fail to see how Axel factors into this solution.
For example, a Linux kernel will do:
If there is no fixed network to route in, but there are dial-up connections with dynamic IPs, then NAT is a little bit tricky for such a setup. Usually, one tries to distribute NAT connections over the lines, using NAT load balancing:
For this scenario, a download accelerator will do the job to distribute one single download over the lines, because it distributes one single download over many connections.
Yours, VB.
I understand the function of a download accelerator. Please explain the scenario, conceptually. Please do not refer to the links, as I am not familiar with iptables.
To utilize full downstream bandwidth across all four links, the private host would be required to originate four connections from four different public IP addresses. How would a router accomplish this? Please outline the logic. Does it use per-packet or per-destination load balancing?
I tried this in my previous posting ;-)
OK, let's see...
If you're routing with NAT over a couple of independent lines, then there is no routing back into a network over such different routes. You can transmit packets with load balancing, but every connection will end on a single line (because source NAT means, that any connection end-point inside will be reflected to one IP address and port number outside, and that means, the IP address on one single line, because there is no other way to do so), so you will recieve over one single line only for every connection.
For distributing received traffic, you can use a host based solution. And, because Russ wanted to have downloads, I mentioned the possibility to distribute in layer 5/6 OSI.
Of course, you could set up a proxy, which does this, too. But you will end up with the problem, that there is no easy way to address mirrors in general, and user action usually is required to define mirror groups for each download (a HTTP protocol extension is missing there, let's design one ;-)
Yes. Or, in practice, four or more.
By load balancing connections with NAT over more than one external IP address. The easiest way to do this would be using a round robin algorithm.
Per connection. Everything else will not work with TCP.
Yours, VB.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.