Failover WAN with multipath

1

1

I'm configuring a dd-wrt router to allow access via VPN to a remote desktop server. The router will sit behind another router providing NAT. I'm configuring it with a backup 3G mobile broadband link.

My primary concern is maintaining connection to a Citrix server. The land-line connection bounces (alternates between being up and down) sometimes, and the frequent disconnects wreak havoc on the remote desktop session.

Can I configure reliable multipathing over the two WAN connections?

  • Is this even possible behind two routers with NAT?
  • Will the latency of the 3G connection cause problems?
  • Can I maintain enough connection quality to prevent disconnect?

I'm not concerned with a truly 'seamless' failover, if it stutters for thirty seconds and comes back up that's sweet victory. The connection is only shared with one or two machines, and I'd like to get this done on a Linksys WRT54GL.

Tanner Faulkner

Posted 2012-07-28T19:32:03.147

Reputation: 11 948

1What streaming? Are you planning to watch video over a Windows Remote Desktop connection over the VPN connection? Is that what you're referring to as "streaming"? If not, then what software/protocols are you planning to use for streaming, and where is the source/server and viewer/client of the stream? – Spiff – 2012-07-28T20:39:40.323

Streaming of the remote desktop using Citrix. Does the content make a difference? The server could be located across the country. – Tanner Faulkner – 2012-07-28T20:55:55.600

I didn't realize some people might call using a computer remotely to be "streaming". I generally think of streaming to be one-way, non-interactive. So when you said "streaming", I thought you might have left something out of your question, because nothing in your question sounded like streaming to me. – Spiff – 2012-07-28T22:53:28.237

@Spiff thanks I removed 'streaming' from the description. That explains the blank stares I've been getting... – Tanner Faulkner – 2012-07-29T02:31:46.907

I wanted to make this work until I saw Connectify beat me to it. :( Looks like their new Dispatch product does this, or at least tries to. – Tanner Faulkner – 2012-08-17T21:49:24.397

Answers

1

I think the biggest problem you're facing is that most software's concept of a connection or session is between one server IP address and one client IP address. So, since your client -- or actually the NAT gateway that the server thinks is the client -- probably has two different public IP addresses, one for each WAN uplink, then when one of those uplinks fails, that IP address is no longer reachable, and the Remote Desktop connection (as well as the VPN connection) would terminate.

If you were a big institution, you could have an Autonomous System Number (ASN) and a block of IP addresses assigned directly to you by the RIR instead of being carved off from a block that was allocated to your ISPs, and then you could advertise more than one route to your network (one through each failover WAN link) and then you could have a single public IP address for your NAT gateway or for your client and the packets would find the right route to you, even if one of the links goes down.

But short of that, you're probably stuck trying to find Remote Desktop type software that can establish multiple TCP connections for a single client login session, so that when one TCP connection fails, the other one takes over. But I don't know of any software that can do that.

There are research projects and proposed new protocols that are not widely deployed that act as kinds of redundant, flexible transport layer protocols that could handle the situation you described. One that comes to mind is SCTP. There are probably many, many others. Unfortunately, I don't know of any apps that use any of these research projects or proposed protocols, so it doesn't seem likely that you'll find an easy way to do this.

Spiff

Posted 2012-07-28T19:32:03.147

Reputation: 84 656

Asked: 2012-07-28T19:32:03.147

Viewed: 447 times

Active: 2012-07-29T04:16:45.480