Wan Balancers?

[Deleted member 12106]

The absolute fastest we can get from our provider is 1.5/768. Well, 3/768, however, with users working offsite, both speeds pretty much suck.

Question is, if we could pull in 4 lines, of whatever speed, what are our options in terms of balancing these together?

We currently have an untangle box, and I was looking at the wan balancer add-on, and other balancers in general. Some it looks like it can combine the connections together? My question is how does this work on connections coming in? Does the balancer route traffic accordingly?

 

[calvinj]

You know it kind of makes me mad that untangle charges you for it, but pfsense will give it to you for free.. but that is another days discussion.

http://doc.pfsense.org/index.php/Multi-WAN_using_VLANs_with_pfSense

Check out that link. Also there is something in their documentation on what they call Sticky connections for servers such as web, mail and etc.

The guide I'm linking here is a lan party guy who uses 5 dsl lines through pfsense for lan parties to gain speed.

Edit: Might be worth switch pfesense for your gateway and put untangle in bridge mode for filtering and other services your currently using it for

 

[fantasticdan]

Does your provider support MLPPP, it's not ideal but it basically allows you to bond lines together to increase your max speed rather than load balance through things like DNS or MAC round robin.

 

[keenan]

Does your provider support MLPPP, it's not ideal but it basically allows you to bond lines together to increase your max speed rather than load balance through things like DNS or MAC round robin.

This would be the way to go if it's an option for you. That way you can keep a single public facing IP address and get better line utilization.

pfSense does a good job though, and you can do policy routing as well. What you will need to sort out though is if the people working remotely are initiating connections to your 'head office' servers. Typical load balancing will get you multiple public IPs, and obviously the WAN router you're using doesn't have any control over which the client connects to. Maybe round-robing DNS could work here, but something to think about.

 

[Deleted member 12106]

Does your provider support MLPPP, it's not ideal but it basically allows you to bond lines together to increase your max speed rather than load balance through things like DNS or MAC round robin.

Not a clue.

I musta pissed someone off there this morning, I told them with the lack of service they provide, that they are hindering small companies a chance to expand and that we would be looking at alternative methods, even if it ment we had to get a t1 from someone else.
With the cost of the service already, it makes me sick. 15 miles away, I have a 22/3 line and with my cable its the same we pay for JUST the internet out there, granted, my home line is not business grade, but, it has been much more reliable than the business line at work.


2hrs later, I had a call from someone higher up, and they had mentioned they might be able to provide us with a 3/3 line, which would be MUCH better then going with a few 1.5/768 lines. I am still going to look into the balancers, we where already looking at some of the paid serives from untangle, so, paying for it is a moot point.

 

[calvinj]

2hrs later, I had a call from someone higher up, and they had mentioned they might be able to provide us with a 3/3 line, which would be MUCH better then going with a few 1.5/768 lines. I am still going to look into the balancers, we where already looking at some of the paid serives from untangle, so, paying for it is a moot point.

For your pain and suffering and to really keep your business i see a 2 for the price of one offer 2 x 3/3 pipes with some sort of wan balancer / fail over could be in order.

Man I can't wait until our current isp at work gets wind that we are working with another company to get a fiber line ran right to our doorstep. They can only be upset with themselves for not letting us tap into the fiber that is only 200 feet from our drive way because " we don't do enough business with them to allow us to tap into it"

 

[k1pp3r]

Man I can't wait until our current isp at work gets wind that we are working with another company to get a fiber line ran right to our doorstep.

I'll be the first to tell you, they really don't care.

Sad, but thats the way telco's are. You have to change when you contract is up or they will screw you

 

[calvinj]

I'll be the first to tell you, they really don't care.

Sad, but thats the way telco's are. You have to change when you contract is up or they will screw you

Oh I know they don't care, because I use to work for them. Just makes me chuckle about how much they really suck at conducting business

 

[Deleted member 12106]

For your pain and suffering and to really keep your business i see a 2 for the price of one offer 2 x 3/3 pipes with some sort of wan balancer / fail over could be in order.

Man I can't wait until our current isp at work gets wind that we are working with another company to get a fiber line ran right to our doorstep. They can only be upset with themselves for not letting us tap into the fiber that is only 200 feet from our drive way because " we don't do enough business with them to allow us to tap into it"

One of the owners told me I could piss on the fiber node from our door step, yeah, it's that close, however, I don't know who'd I call to get into that.

 

[calvinj]

LOL Piss on it and when it stops working you'll find out

 

[k1pp3r]

LOL Piss on it and when it stops working you'll find out

Yeah, cause fiber is a great conducter

 

[Deleted member 12106]

LOL Piss on it and when it stops working you'll find out

Yeah, cause fiber is a great conducter

I think there was some implied sarcasm there

calvinj, I'll apologize for this guy, pretty much everyone outside of general mayhem is a douche

 

[k1pp3r]

I think there was some implied sarcasm there

calvinj, I'll apologize for this guy, pretty much everyone outside of general mayhem is a douche

bad day, sarcasim meter is broken lol

 

[nitrobass24]

I have comptemplating a similar issue myself and have been looking at PFsense.

However my ISP will not do MLPPP (home line of service).

So what are options for my external facing IP?
Right now I have two of them. Is there some sort of DNS tricks I can do?
I have 4 registered domains at my disposal.

 

[criccio]

At my job (CLEC), we offer bonded T1's (up to 6) via our Adtran IAD's.

 

[Deleted member 12106]

I have comptemplating a similar issue myself and have been looking at PFsense.

However my ISP will not do MLPPP (home line of service).

So what are options for my external facing IP?
Right now I have two of them. Is there some sort of DNS tricks I can do?
I have 4 registered domains at my disposal.

I can't find a solid answer/example of how it would work with multiple ip's coming in across multiple lines, or, how it would work for inbound traffic.

I should know after the holidays about the 3/3 line at work. Should also be getting a call back on other services from other providers.

Either way it is going to be expensive, however, this should get the monkey off my back.

 

[keenan]

So what are options for my external facing IP?
Right now I have two of them. Is there some sort of DNS tricks I can do?
I have 4 registered domains at my disposal.

Easiest is to use DNS. All you need to do is create multiple records with the same name & type but different IPs, and each time a client generates a query a random one of the returned results should be chosen. It can pose issues in situations where a client needs to use the same IP for a while, across different sessions or over time, but for most protocols works reasonably well. Load distribution is generally not great, and you don't get implicit failover (though you can do some coarse failover by using a low TTL and updating DNS if a server goes down).

You could set up an external load balancer somewhere (preferably directly upstream of the two links) to balance the load for you and monitor for failures, and this might be viable if traffic is fairly light and latency requirements lax, with a cheap dedicated server or VPS.

It would take some coordination with your ISP, so it's probably out of the question, but it would also be possible to set up some form of multipath routing where you could have a single IP address come in from multiple WAN connections, but if they won't talk to you about MLPPP I'm pretty certain they're not going to touch this, especially if you don't already know about it .

I can't find a solid answer/example of how it would work with multiple ip's coming in across multiple lines, or, how it would work for inbound traffic.

Multiple IPs are handled either with the Virtual IPs feature in pfSense. You add the IPs or subnets that pfSense is responsible for and bind them to an interface, then they become available for use with 1:1 NAT, port forwarding and outbound NAT rules as appropriate. Plain old routing works fine as well, obviously provided that you add the necessary firewall rules to allow the traffic.

Be aware that pfSense can't directly handle two WAN interfaces on the same subnet with the same default gateway, as the traffic to that router will always go out the same interface regardless of routing policy, so if you've got two links with the same ISP you might need to finagle something to get them on different subnets or do NAT on one of the incoming connections before attaching it to pfSense.

 

[calvinj]

I think there was some implied sarcasm there

calvinj, I'll apologize for this guy, pretty much everyone outside of general mayhem is a douche

Nobody needs to apologize for anybody. I let it go and it didn't bother me. If i did I would be like most of the douches on this forum who gets their panties bunched up over something stupid

 

[just2cool]

Haha, this guy was just being sarcastic. But, these forums are littered with douches. I think everyone is used to it by now. The other guy in the thread w/xphil3 is much worse.

The important thing is that there are a few decent people left.

 

[calvinj]

Had a feeling that was going to happen oh well
Posted via [H] Mobile Device

 

[Deleted member 12106]

ISP will be out tomorrow to discuss options. The CO has 1000mbps coming into it, we are no shit, like 150 yards away from it line of site. So I am going to inquire about wireless.

They have enough copper coming from the CO to us to support 2mbps is what they are telling me.

 

[simm0]

+1 for pfSense.

We have it in production at work and it just works, once configured I barely need to touch it.

We have it set up for dual WAN and it balances well. I have needed to tweak the balancing by adding more instances of one interface to the pool to even out the loading. I think with the newer releases they have changed the load balancing app so it may be better now, I haven't upgraded it yet.

As others have recommended ou rexternal DNS has a round robin set up so both our static IPs point to remote.domain.com. Remote access (and everything else) works fine.

 

[Deleted member 12106]

They are going to bringing in a synchronous service to us, we are starting with a 3/3 line to start with. With the tech they are using, they can being in up to 45mbps over copper.

Sweet

 

[swatbat]

They are going to bringing in a synchronous service to us, we are starting with a 3/3 line to start with. With the tech they are using, they can being in up to 45mbps over copper.

Sweet

Nice.

For future options with load balencing just in case you want to have another provider running you service as well for redunancy.

As others have said pfsence will handle it. Past that you can always look at a sonicwall router. Even the smaller t200's support load balencing with up to 4 wan connections(thing only has 4 ports on the back of it).

 

[Deleted member 12106]

Nice.

For future options with load balencing just in case you want to have another provider running you service as well for redunancy.

As others have said pfsence will handle it. Past that you can always look at a sonicwall router. Even the smaller t200's support load balencing with up to 4 wan connections(thing only has 4 ports on the back of it).

I don't think we could really afford to bring in another provider for redundancy, at least not at this time.

This is the only local option, everything else is T1 or satellite. t1=$475/mo plus 800$ install. Satelite is 3 down 1 up, 800 meg a day limit and runs $400, plus shipping/setup.

 

[swatbat]

I don't think we could really afford to bring in another provider for redundancy, at least not at this time.

This is the only local option, everything else is T1 or satellite. t1=$475/mo plus 800$ install. Satelite is 3 down 1 up, 800 meg a day limit and runs $400, plus shipping/setup.

With your latest update it sounds like you will not be needing the load balencing but I figured I'd throw it out there as a just in case for the future.

Yea satelite is a joke. We had a few clients that had it at home. All of them have been switched to evdo cards. The evdo cards give around a meg in most cases which was as good as the home satelite connections at the time but the latency was a lot lower allowing them to use rdp to access work systems. They also didn't take you below dial up if you managed to transfer over 200 megs in a day.