9

I've recently been thinking again about a product that Viprinet provide, basically they've got a pair of routers, one that lives in a datacentre, Their VPN Multichannel Hub and the on-site hardware, their VPN multichannel routers

They've also got a bunch of interface cards (like HWICs) for 3G, UMTS, Ethernet, ADSL and ISDN adapters.

Their main spiel seems to be bonding across different media. It's something that I'd really like to use for a couple of projects, but their pricing is really quite extreme, the hub is about 1-2k, the routers are 2-6k, and the interface modules are 200-600 each.

So, what I'd like to know is, is it possible with a couple of stock Cisco routers, 28xx or 18xx series, to do something similar, and basically connect a bunch of different WAN ports, but have it all presented neatly as one channel back to the internet, with seamless (or nearly) failover if one of the WAN interfaces should fail.

Basically, If i got 3x 3G to ethernet modems, and each on a different network, I'd like to be able to loadbalance/bond across all of them, without having to pay Viprinet for the privilege.

Does anyone know how I'd go about configuring something for myself, based around standard protocols (or vendor specific ones), but without actually having to buy the Viprinet hardware?

Tom O'Connor
  • 27,440
  • 10
  • 72
  • 148
  • What kind of applications will run over these 3x3G connections? What are your requirements for throughput and how consistent does this need to be? What speed will these 3G connections be at? – Mike Pennington Jun 24 '12 at 11:37
  • Web browsing, twitter, email, general connectivity.. no VoIP (probably). Does it matter? They'll be at whatever speed the networks in that area provide.. How long is a piece of string? – Tom O'Connor Jun 25 '12 at 10:34
  • No VOIP is good. Why does it matter: 3G jitter isn't very nice to TCP throughput. Bonding multiple 3G channels into a single virtual pipe will make you wish you had a real wire after you start fixing TCP. Don't care about your string, red-herring. – Mike Pennington Jun 25 '12 at 11:18

4 Answers4

7

With Cisco, I would go either for some CEF load sharing or Policy Based Routing (now called performance routing).

I never tried CEF load-sharing on 3G (only on frame-relay leased lines), but setting three tunnels, each via a different card, to an endpoint (which will be your gateway) and with three equal-cost routes to that endpoint could work. In my setup the PE router was the endpoint, so no tunnel was needed.

Cisco has some documentation about it, and load-sharing can be set either per-packet or per-destination.

From the troubleshooting guide:

7200-1.3(config)#interface fast 0/0

7200-1.3(config-if)#ip load-sharing ? 
  per-destination  Deterministic distribution 
  per-packet       Random distribution 

7200-1.3(config-if)#ip load-sharing per-packet

Ivan Pepelnjak has also two entries on his blog regarding CEF load-sharing that are worth reading.

Regarding Policy Based Routing, I also operate a customer network of small sites that are connected to a central hub via various tubes. Each spoke has a FR leased line, a dsl internet access (with IPSec over the internet) and a satellite link.

All links goes to one of our PE router (be it frame, internet or satellite) and then over mpls (in different vpns) to the central hub, where each vpn terminate in a VRF (vrf-lite here, no mpls) on the CE router. Each vpn is then routed to a vlan.

The various customer applications are routed (by destination IP or L4 port) on the spokes over the different links. Voice goes over satellite, mail and some other over the dsl link, and core apps over the leased line.

In case of link failure, traffic is re-routed over the other links.

Cisco wiki has an interesting article about PfR.

On a side note, if you are going to go the 3G way, pay attention to the providers you are choosing as the 3G Node-Bs are not going to have a lot of bandwidth (just a few E1s usually) and you may not get the expected bandwidth. Pick different service providers, and not from one who is reselling another's service.

petrus
  • 5,287
  • 25
  • 42
5

I think I understand what you're asking for. I've been very happy with the Elfiq line of multi-WAN load balancers. In my current application, I'm balancing MPLS, fixed-wireless, T1, DSL and 3G USB at one location. The 3G support is good and well-documented. This setup handle inbound and outbound load balancing.

The Elfiq sits in front of a Cisco ASA firewall and is transparent to my L2L VPN connections.

Management console

enter image description here

Load-balancing algorithm selection

enter image description here

ewwhite
  • 194,921
  • 91
  • 434
  • 799
  • Those look cool, but given that I can buy some 2nd hand Cisco routers and switches for well under $200 each, I'd really like a solution I can build myself out of that kind of hardware. – Tom O'Connor Jun 23 '12 at 23:42
  • Understood. I'd think the CEF makes sense then. Over my head, though. – ewwhite Jun 24 '12 at 05:01
4

Well, this is advanced kind of hardware, as it also runs VPN. Why not build yourself one? Just drop OpenVPN on Linux, setup load balancing with iproute, add firewall rules, maybe some Snort IPS, SELinux for security, proper server with redundant memory and CPUs, dual power supplies, low power Xeons, SSD drives and some good WAN cards. It would do everything including port forwarding, connection tracking, proxy, smtp virus scanning, whatever is needed. You can buy server machine for £400 from e.g. IBM plus the WAN card. I did this for few projects and worked very well, I had only to tune connection tracking hash table size to be bigger to handle dozens of thousands of connections. But these projects actually required also some sort of specialized software to be run on it, so that's why I went with Centos machine and real-time kernel to guarantee some processes priority in user-space packet forwarding. Such server comes with two NICs, and you have PCIe port, RAID-1 for SSDs etc. This would even run another vm machine, with e.g. full office, domain controller and exchange. You can make them in HA mode and have routing and office automation fully done just on these. All you need to make sure that the extra WAN card is stable and working well with e.g. Centos 6 and if not, you need to make a script which checks it out, and handles fault gracefully. This way you can achieve success in case of some dodgy WAN stuff.

Andrew Smith
  • 1,123
  • 13
  • 23
1

A friend has bonded a Virgin Media cable and ADSL lines (seamlessly), apparently they use OSPF and some kit in Telehouse, I don't know much more than that unfortunately!

Gaz
  • 11
  • 1