Re: aggregating a bit of three different network connections into one ...
From: Julian Elischer (julian_at_elischer.org)
Date: 02/04/05
- Previous message: Guy Helmer: "Netgraph performance question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 04 Feb 2005 11:30:59 -0800 To: Joe Schmoe <non_secure@yahoo.com>
Joe Schmoe wrote:
>Hello,
>
>I have three totally distinct network connections at
>my office. We have an ISDN line, a T1, and a DSL
>connection. I do not need to worry about the
>particulars of each connection, because I actually
>have an ethernet drop for each of them - someone else
>does the routing/csu-dsu/etc. - I just get a usable
>ethernet drop that supports DHCP (a distinct DHCP
>service on each port - they aren't related).
>
>I _also_ have a FreeBSD server sitting in a datacenter
>many miles away, with its own single, dedicated
>network connection out to the real world.
>
>What I would like to do is build a PC with three
>network cards in it, connect each card to each of
>those three network drops, and use 10% of the total
>bandwidth of each connection - somehow turning that
>into one single network connection that that PC would
>use.
>
>BUT I do not want some kind of round-robin scheme
>wherein TCP session X uses the fraction of the ISDN,
>and TCP session Y uses the fraction of the T1, etc. -
>I want the end result to be one single connection that
>behaves just like any other single connection.
>
>What I want is to create a virtual tunnel from this PC
>to the server in the datacenter - so all packets from
>the PC go out, equally, on the three disparate
>connections, and they all are pointed to the hosted
>server. The hosted server then pieces everything back
>together and creates useful connections to the outside
>internet, which it then passes back over the three-way
>tunnel to the PC.
>
>
> /--- 10% of this connection ---\
>PC----- 10% of this connection ---- server -> Internet
> \---- 10% of this connection ---/
>
>Is this possible ?
>
>Is netgraph one2many the correct mechanism to be
>looking at ?
>
>Basically I want a connection that, at the end,
>presents itself to the system as one single connection
>with one single IP, and gives effective bandwidth of
>(percentage-ISDN) + (percentage-T1) +
>(percentage-DSL).
>
I do this.. thoug with only 2 connections.
BTW you probably don't need 3 interfaces... the 3 nets can coexist on
one ethernet segment if yuo are careful.
I use mpd (from ports)
Mpd allows you to use udp sockets as a link layer connection in a
multilink bundle.
In your case I would make 3 sockets and bind each to an address on a
different ISP's range.
Then make the remote end of each be a udp address on your server.
Make a multilink bundle with 3 link layer connections and each of your
UDP link connections
is one of them..
then do NOT turn on roundrobin.
Do the inverse on your server.
Packets to your server's real address must still go to the interfaces as
the UDP pacakets need that,
but you should be able to set up a 10.x.x.x address on the server as
well, that you can route to via the
vpn you are setting up.
Use ipfw dummynet on the udp packets to limit the throughput for each link.
you should also set the capacity for each link in mpd to the correct
value so that mpd can assign
the correct amount of work to each link.
For extra points, encrypt the UDP packets with ipsec with racoon doing
key exchange.
here are somethign that looks lile my mpd setups
(IP addreses obscured etc.)
%cat mpd.links
site1-ISP1:
set link type udp
set udp self xx.xx.ab.cd 4029
set udp peer xx.xx.ef.gh 4029
site1-ISP2:
set link type udp
set udp self yy.yy.ij.kl 4029
set udp peer yy.yy.mn.op 4029
site2-ISP1:
set link type udp
set udp self xx.xx.ab.cd 4028
set udp peer xx.xx.qr.st 4028
site2-ISP2:
set link type udp
set udp self yy.yy.ij.kl 4028
set udp peer yy.yy.uv.wx 4028
%cat mpd.conf
default:
set login ConsoleLogin
log -console
load vpn-site1
load vpn-site2
vpn_standard:
set iface disable on-demand
set iface idle 0
set iface mtu 1500
set ipcp yes vjcomp
set bundle enable multilink
# set bundle enable round-robin
tun_standard:
set link yes acfcomp protocomp
set link no pap
set link no chap
set link keep-alive 2 15
set link mru 900
set link mtu 900
# set link bandwidth 1440000
############### per-link settings #################
vpn-site1:
new -i ng0 vpn-site1 site1-ISP1 site1-ISP2
set iface addrs 10.12.1.24 10.12.1.10
set iface route 192.168.10.0/24
set ipcp ranges 10.12.1.24/32 10.12.1.10/32
load vpn_standard
link site1-ISP1
load tun_standard
# set bandwidth 64000
link site1-ISP2
load tun_standard
# set bandwidth 720000
open
vpn-site2:
new -i ng1 vpn-site2 site2-ISP1 site2-ISP2
set iface addrs 10.12.1.24 10.12.1.20
set iface route 192.168.20.0/24
set ipcp ranges 10.12.1.24/32 10.12.1.20/32
load vpn_standard
link site2-ISP1
load tun_standard
# set bandwidth 64000
link site2-ISP2
load tun_standard
# set bandwidth 720000
open
These config files define links to 2 such machines at site1 and site2.
each machine is actually a gateway to an entire network with a number of
192.168.10.x
or 192.168.20.x
if you are only doing one machine, and it is not a gateway to an entire
machine, then
teh following simplified config would do:
%cat mpd.links
site1-ISP1:
set link type udp
set udp self xx.xx.ab.cd 4029
set udp peer xx.xx.ef.gh 4029
site1-ISP2:
set link type udp
set udp self yy.yy.ij.kl 4029
set udp peer yy.yy.mn.op 4029
%cat mpd.conf
default:
set login ConsoleLogin
log -console
load vpn-site1
vpn_standard:
set iface disable on-demand
set iface idle 0
set iface mtu 1500
set ipcp yes vjcomp
set bundle enable multilink
# set bundle enable round-robin
tun_standard:
set link yes acfcomp protocomp
set link no pap
set link no chap
set link keep-alive 2 15
set link mru 900
set link mtu 900
############### per-link settings #################
vpn-site1:
new -i ng0 vpn-site1 site1-ISP1 site1-ISP2
set iface addrs 10.12.1.24 10.12.1.10
set ipcp ranges 10.12.1.24/32 10.12.1.10/32
load vpn_standard
link site1-ISP1
load tun_standard
# set bandwidth 64000
link site1-ISP2
load tun_standard
# set bandwidth 720000
open
Note the bandwidth commands are commented out.
on some versions of mpd they caused a segv.in mpd.
the remote site has the complementary config files..
>Thanks.
>
>
>
>
>__________________________________
>Do you Yahoo!?
>Take Yahoo! Mail with you! Get it on your mobile phone.
>http://mobile.yahoo.com/maildemo
>_______________________________________________
>freebsd-hackers@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
>To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
>
>
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Guy Helmer: "Netgraph performance question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
