LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-12-2018, 08:59 PM   #16
Skaperen
Senior Member
 
Registered: May 2009
Location: WV, USA
Distribution: Slackware, Ubuntu, Amazon Linux
Posts: 1,850
Blog Entries: 21

Original Poster
Rep: Reputation: 119Reputation: 119

Quote:
Originally Posted by wpeckham View Post
Using two ISP upstreams is not something home users normally do
, it is something that businesses with a need for high availability do. A business can justify the expense of a perimeter device (firewall) that can balance and failover using two or more upstream paths. That is an advanced technique that even Cisco has never gotten right.
i agree about home users. i do see cases where a business would like to have, or may get some advantage from, higher availability and increased bandwidth. many businesses are located where broadband providers do not have the infrastructure for anything more than what they typically sell to homes. so some businesses are limited to that. where i live and work, if i wanted anything more than what they provide to homes, i'd have to pre-pay all the costs of laying about 3 miles of fiber about 6 months before i'd even get to use it.

and i agree with "even Cisco has never gotten right" from personal experience. although we did manage to get it up, it was never stable by the time i left there. a test with OpenVPN worked quickly, solidly, and always.

as far as i know, whatever the solution for using two internet connections together, especially with separate providers (good for higher availability), something needs to join the remote endpoints. what do your solutions do in that regard?

i have yet to finish and test the scheme i have in mind. i am planning to use an AWS EC2 instance as the remote endpoint. it uses OpenVPN. it is a totally software solution, at least for Linux users. i'll see what i can do to get it to work on those other OSes if it works on Linux.
 
Old 01-13-2018, 05:53 AM   #17
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 2,557

Rep: Reputation: 1042Reputation: 1042Reputation: 1042Reputation: 1042Reputation: 1042Reputation: 1042Reputation: 1042Reputation: 1042
Quote:
Originally Posted by Skaperen View Post
...as far as i know, whatever the solution for using two internet connections together, especially with separate providers (good for higher availability), something needs to join the remote endpoints. what do your solutions do in that regard?
I cannot speak to all of the different perimeter solutions that support multiple upstream providers. I CAN speak to Cisco and ASG (Astaro Security Gateway). Our Cisco NEVER worked in this configuration, and Cisco support did NOT help: they simply said "you cannot do that" at the time.

With ASG already working for a single upstream: you just defined the one (or more) additional upstream interfaces, combined the upstream interfaces in the multipath settings, picked some default traffic rules (traffic responded on the interface of the original traffic, priority for outbound traffic on this interface, etc.) to turn on and defined your own at need. Set them for failover so if one stopped working the other upstream interfaces took over the traffic, and it all just worked. Not only worked, but easier and faster than any other device I have used.

Cisco has improved things every year, but has kept their basic administrator interface. They excel at expensive training programs. Astaro focused on excellent engineering and making it easy and fast for the network engineer to administrate, and it shows. HOWEVER: Both are difficult to support ($$$) for a home user. There are complete open source firewall distributions that are supposed to have the functionality, I simply have not had time to try them all.

Some of the suggestions already made should work well enough, but I must return to one point: why would this ever be a good investment for a home user? What information are we missing that would make this make sense for a non-business network?

Last edited by wpeckham; 01-13-2018 at 05:56 AM.
 
Old 01-13-2018, 08:45 PM   #18
Skaperen
Senior Member
 
Registered: May 2009
Location: WV, USA
Distribution: Slackware, Ubuntu, Amazon Linux
Posts: 1,850
Blog Entries: 21

Original Poster
Rep: Reputation: 119Reputation: 119
Quote:
Originally Posted by wpeckham View Post
With ASG already working for a single upstream: you just defined the one (or more) additional upstream interfaces, combined the upstream interfaces in the multipath settings, picked some default traffic rules (traffic responded on the interface of the original traffic, priority for outbound traffic on this interface, etc.) to turn on and defined your own at need. Set them for failover so if one stopped working the other upstream interfaces took over the traffic, and it all just worked. Not only worked, but easier and faster than any other device I have used.
i am curious how ASG handled the remote peer. i see 4 possibilities:

1. you set up a remote peer somewhere, which could be a leased/rented/VPS server or owned hardware you put in colocation or another place you have high-end bandwidth and/or reliability. presumable they (ASG) would include instructions how to set this up. maybe their hardware could serve that end, too.

2. they (or someone else) provide a service you subscribe to that acts as your remote end.

3. it just switches over when there is a need to do so. the masqueraded IP address changes and existing connections hang and timeout.

4. they came up with some "magical" solution to all of the issues of doing this. i'd have quite many questions about it.

if the idea i have works, it could be either a cheap/free all software thing for small businesses, homes and others, or maybe require adding a PC to run Linux (if i cannot get it to run on Windows and Mac OSX).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
loading of providers from file: http://download.kde.org/ocs/providers.xml failed Limited5ive Slackware 3 03-10-2018 10:14 PM
how to find ip address of other computer in LAN network from my own Computer sanjay786 Linux - Networking 4 08-27-2011 12:48 AM
one computer affects DHCP for other computer on same LAN? discomurder Linux - Networking 1 12-12-2006 03:15 AM
Beginner LAN - computer name instead of IP LancerNZ Linux - Networking 6 02-28-2005 10:04 PM
Wake up computer on LAN Linh Linux - Networking 2 06-15-2003 05:33 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:21 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration