How to transfer data through several VPN tunnels simultaneously
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How to transfer data through several VPN tunnels simultaneously
Several VPN tunnels are available for anonymity. But they are all bandwidth-limited, and some are unreliable. Let's say they are accessible through interfaces eth0, eth1, eth2, ...
1. How can a linux box be set up to use all these VPN tunnels simultaneously in order to increase bandwidth for browsing?
2. How can redundancy be added so data is transferred in duplicates through interfaces eth0 and eth1?
3. Is it possible that an rsh session goes through all VPN tunnels, as in 1 and 2 above?
You could theoretically turn the machine into a router and essentially look at each connection as a WAN connection then via load balancing you could take advantage of more than one tunnel at a time, however, it won't do things like speed a download up, because the download will only happen over one pipe. But multiple browser requests or multiple downloads could be conducted in parallel faster.
"ifenslave is a tool to attach and detach slave network devices to a bonding device. A bonding device will act like a normal Ethernet network device to the kernel, but will send out the packets via the slave devices using a simple round-robin scheduler. This allows for simple load-balancing, identical to "channel bonding" or "trunking" techniques used in switches. The following example shows how to setup a bonding device and enslave two real Ethernet devices to it:
Even if a connection can only go through one of the slave devices, how can a remote server help so a connection is artificially split at my end, and rejoined at the remote server end? So the site visited thinks everything is coming from the remote server.
What about TCP over UDP? TCP making the connection, UDP individual packets getting shared by ifenslave between the slave devices, and the remote server putting them back together? Something like TCP over UDP seems to exist already:
"iproxy comprises of a client-side proxy and a server-side proxy that
allows arbitrary TCP/IP services to run over Broadcast, Multicast or
Unicast UDP."
TCP and UDP are two protocols in the TCP/IP netowrking suite. you shouldn't really do TCP over UDP unless you are running something like a VPN tunnel. The reason for this is TCP is for for reliable communication where all the packets need to be received, where as UDP is used in cases where some loss is acceptable, like video streaming. The only issue I see with TCP over UDP is that if the UDP stream is very lossy it will significantly slow down the TCP traffic because they TCP packet will have to be transmitted again, more frequently by additional UDP packets.
What the bold in your earlier post means is that it will round robin connections through the interface that are slaved, that does not mean for instance you start streaming a video and each packet comes in from a different interface. But it does mean you start streaming a video and it used one of the connections then you start a download it uses another and then you browse the web and it uses yet another.
That project "iproxy" sounds interesting, but it still doesn't sound quite like what you are looking for. Yes it does allow TCP traffic over UDP packets, but the software implements the error checking that would normally be done by the TCP protocol natively. It still doesn't really do what you want it to do, and I can think of very few situations where this would be some thing you want to do. As a mater of fact early on in the PDF you link to the stated purpose for implementing this initially was to configure servers that didn't all ready have IP addresses via web browser, a very special case.
If you can configure two servers at both ends of the links to be aggregated, then theoretically you can run a protocol similar to Cisco's etherchannel to bundle up multiple interfaces and increase bandwidth. A requirement for etherchannels however is that the interfaces are of the same type and speed. In our theoretical setup, you will need to have similar delays over all the links, or put up with large buffers and increasing the total delay to that of the worst link which I suspect will defeat the purpose of the whole excercise.
Even if you have 2-3 poor quality links of very similar average delay, the actual delay is going to vary hugely and you will need to always go as fast as your slowest link. So the overall result could easily be negative...
These are just my thoughts, I am tempted to experiment with this in a lab
No bonding is a little different than round robin, ifenslave that you were looking at does a basic round robin. Bonding uses a bit of a more complex algorithm. There are actually many ways to load balance. ifenslave is a simple way to do so.
Section 12.1.1 in the link above outlines the different modes of operation. First paragraph:
Quote:
balance-rr: This mode is the only mode that will permit a single
TCP/IP connection to stripe traffic across multiple
interfaces. It is therefore the only mode that will allow a
single TCP/IP stream to utilize more than one interface's
worth of throughput.
I am not saying it is the best mode, this will depend on your topology and usage patterns.
No bonding is a little different than round robin, ifenslave that you were looking at does a basic round robin. Bonding uses a bit of a more complex algorithm. There are actually many ways to load balance. ifenslave is a simple way to do so.
Round-robing or not, no load balancing with the bonding driver has been described in full yet that will put a connection through all network interfaces simultaneously. If this is supported by the bonding driver, how do we set it up?
True, but nikmit points out that that balance-rr basically does what you want. Now how to implement it, I unfortunately can't say. I'm not even sure if it will work with different IPs on each interface. Usually it's multiple interfaces bonded together into one large interface basically.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.