Dual WAN VPN link bonding and VPS advice needed

m_elias · 11-12-2012, 02:25 PM

Brief Background:
I am somewhat comfortable working with a linux command line, I run an Ubuntu server for various tasks and muck around the dd-wrt and patriot box office command line but most of it is following tutorials. I have basically no experience configuring iptables manually but I believe I can learn that without much difficulty.

Main Topic:
I am looking into running a dedicated linux box for load balancing two DSL PPPoE connections with QOS and VPN link bonding those two connections. At this point I believe I will also need a hosted linux virtual private server (VPS) at the other end of the VPN bond. I have played around a little with zeroshell 2.0RC1 but I'm having difficulty making it do simple tasks such as static routes and port forwarding so instead I have switched to a debian install on an Asus 900A netbook with two linksys usb300m NICs. I wouldn't mind getting zeroshell to work expect that as I understand it, I'd need a KVM VPS for zeroshell (which appears to cost more than other VPSes that run debian) so I thought I'd try to setup my own dual wan router manually.

I thought I'd look for some advice on which linux distro I should actually use, please share tutorials you may know of, and the best way to integrate the dedicated linux box into my network. Below are two images, the first one is of how my network is setup right now and the second image is how I image it to be once the DSL3 connection comes online in one week.

Current Network Topology
http://imageshack.us/a/img827/8103/c...rktopology.png

Planned Network Topology
http://imageshack.us/a/img440/418/pl...rktopology.png

More comments:
The goal is to do a better, more thorough job of load balancing where secure services won't notice connection dropouts and single threaded downloads will make use of multiple internet connections for increased bandwidth. I want to achieve a near seamless switchover when an ISP connection fails.

I realize that my 2.4ghz clients at site A will not have any redundancy but I may change my setup so that they connect to the main site instead of site A.

I could run only one multi wan router at the main site for all three DSL connections except that the wired client at site B would again not have any redundancy and the QOS on the multi wan router at the main site would need to have its downlink speed dynamically adjusted according to how much bandwidth the wired client was using. Or the wired client at site B would have to tunnel downstream into my main network, that wireless bridge would see extra traffic albeit they don't use much.

If anyone has suggestions for a VPS service, please share.

Thanks for your time,
Matt

m_elias · 11-16-2012, 06:00 PM

I have set up the following virtual internet on my network. 192.168.12.1 is the real gateway (not drawn). The text in quotes is the device's virtual name/function and how I will reference them. Each "dsl router" is connected wirelessly to my "internet" network with each their own AP and I have them throttled at 500KB/s each. When I set my "home computer's" gateway to 192.168.3.5 or 192.168.3.6 and transfer a file from the "internet file server", the respective "dsl router" shows a steady, constant speed of about 500KB/s. When I set my "home computer" gateway to 192.168.3.254 (the "VPS" lan or bond00 IP) and transfer the same file, each "dsl router" shows that they are carrying half the traffic but the average over a few minutes is only about 550-650 KB/s with spikes of 800KB/s. I was expected a steady, constant 800 KB/s or more. Watching the bandwidth meters on each "dsl router", at times I see spikes of 400 KB/s on each router and then for an unknown reason it runs at about half that speed for 10-15 secs and then back up to a sporadic 400 KB/s each. Also, it does not fail over very gracefully. If I break one of the "dsl router" connections to the 192.168.12.0 subnet while transferring a file, all the data stops for 10-15 secs and then it resumes on the remaining vpn tunnel at a steady 430 KB/s. If I then reconnect said "dsl router" connection, after 5-10 seconds it resumes using both vpn tunnels. Another strange observation, if I monitor each zeroshell's eth0 throughput through zeroshell's interface, it averages a higher throughput, on average 670+ KB/s with highs of 880 KB/s. These numbers are all a TCP vpn tunnel. Then I tried UDP tunnels and that looks a bit better, average of 700+ KB/s with a high of 900 KB/s.

So it looks like direct through a "dsl router" vs through one vpn tunnel costs about 16% in bandwidth due to vpn overhead and/or zeroshell overhead. Bonding two vpn tunnels then costs an additional 23% which may be due to the bond's round robin method (only double the speed of the weakest link) and at various times each "dsl router" takes a breath? Failover is not what I have hoped for, maybe I will have figure out how to do this manually with some linux distro as it seems most cheap VPSes aren't KVM which I understand is needed for zeroshell.

Anyone have any comments?