Working With 2 ISPs For Home Networking? 356
An anonymous reader writes "This is, I think, a simple question — but one which I can't get the answer to.
As a typical, but perhaps high-demand home user I would like to use 2 separate ISPs. ADSL is pretty cheap nowadays, and 2 x ADSL seems a better value than one fast one — especially in terms of reliability.
If one breaks, at least the other will work.
Using an old box as a router/firewall, how can I configure a system to use two completely separate ISPs in a sensible manner?
Ideally, I'd like the load of my browsing to be balanced, but at the minimum, I'd want some kind of 'fail-over.' If I leave torrents running over night, I'd like the router to use whichever connection doesn't block the traffic — and preferably for it to reset the errant connection.
Ideas?"
Point of failure (Score:5, Insightful)
ADSL is pretty cheap nowadays, and 2 x ADSL seems a better value than one fast one â" especially in terms of reliability. If one breaks, at least the other will work.
When your DSL is down, it's likely that your neighbor's DSL is down too. Consider cable + DSL, not cable + cable or DSL + DSL.
Re:Point of failure (Score:5, Informative)
Even if they're from different providers, they're running over the same phone network (esp. since smaller providers are just resellers). A backhoe, lightning storm, or major power blackout doesn't give a sh*t that you went through two different providers.
Re:Point of failure (Score:4, Informative)
That's true, but you can only do so much to prevent outages. In the enterprise, if you want to avoid fiber-seeking backhoes, you get a failover location. That's difficult to do in a home network.
I'd say cable+DSL ( or maybe throw in something like the AT&T USB Connect 881 [att.com].
I'd see if it's possible to get FiOS in your area, too. That would give you the best speed, for sure.
Re:Point of failure (Score:5, Informative)
Re:Point of failure (Score:4, Informative)
Another alternative would be the Linksys/Cisco RV082 VPN router. THat too has dual-WAN support, and makes a nice home VPN endpoint as well.
Re: (Score:2, Informative)
just as tepples wrote: you need 2 internet connections using different infrastructure for the last mile, or preferably more. DSL+Cable should be the right solution.
As for load balancing etc, you've got two options:
1. router with 2 WAN ports
2. any pc with 3 network cards + linux + googled up howto for 2 internet connections
Re: (Score:3, Insightful)
In my experience from working for ADSL ISPs in Sweden only very rarely is an actual outage caused by the "last mile", with newly installed DSL it is not unusual for people living fram from the DSLAM to have problems with unstable sync but this is generally easily adjusted.
So with two different phone lines connected to two different DSLAMS belonging to two different ISPs using two diffe
Re:Point of failure (Score:5, Insightful)
That's because you're in Sweden, and the infrastructure there, especially urban infrastructure, is typically much less vulnerable than here in the southeastern US, for example. We frequently have last mile outages due to storms, flooding and lightning, and when a tree hits a phone mast, you lose your DSL, no matter how many different providers you have.
It all depends on the local conditions, so suggesting separate last-mine access technologies as a way to optimise your redundancy is not such a bad idea.
Re:Point of failure (Score:5, Interesting)
You know, this is something I haven't been able to figure out. I live in Japan where we are hit by strong earthquakes at least a month, and typhoons (like hurricanes), thunderstorms, minor flooding, etc. almost every day during the rainy season. And no I don't live in central Tokyo, I live in the middle of a farming town and have to walk through flooded rice paddies to get from my apartment to the station. But my power and internet have NEVER gone out once in the 6 years I've lived here. We don't have anything special... the power and phone run on overhead lines on metal poles just like most places in the US.
Meanwhile, at my mom's house in the DC Metro area, USA, the power & internet go out every time there is anything more than a gentle breeze. What's going on?
Re:Point of failure (Score:4, Insightful)
Well, the main reason is that Japan has a total area of about 375,000 sq km.
https://www.cia.gov/library/publications/the-world-factbook/geos/ja.html [cia.gov]
The USA has about 9,200,000 sq km, or about 30 times the area. Now we (the USA) have covered this out to supply power, telephone, cable tv, and internet but have not been able to cover every single residence with redundancy on these services.
Japan is slightly smaller than California, a large state, but still only one of 50.
You're ignoring a key fact here: (Score:4, Informative)
The Japanese definition of "rural" is nowhere near the definition of rural here in the US. this is because they have an ungodly amount of people for the land they inhabit.
Basically, what I am saying is the Japanese idea of rural is, at best, like a marginally populated suburban neighborhood in the US.
Here are some raw numbers to better illustrate my point (from this study [columbia.edu], year 2000 numbers):
Japan total rural area (sq km): 273,646
Japan total rural population: 13,498,527
Japan rural population density (people/sq km): 49.32
US total rural area (sq km): 8,423,867
US total rural population: 54,936,968
US rural population density (people/sq km): 6.52
SEE THE DIFFERENCE? It's almost an order of magnitude! And the urban numebrs show a 3x difference between the US and Japan; closer, but still nowhere near each other.
Of course we have infrastructure problesm here in then US, and they largely don't; it just comes with the territory.
Re: (Score:3, Interesting)
And your system was totally rebuilt after WWII. Ours has just been "maintained" by the "if it's not broken don't touch it" scheme since Edison.
Re: (Score:3, Informative)
Systems are engineered for typical weather conditions. In California, heavy rain is sufficiently infrequent that utilities that utilities figure it's cheaper to fix lines after a storm. Similarly, new buildings in California almost always leak. If you're hit by earthquakes every month, it makes a lot of sense to invest in stronger infrastructure.
Re:Point of failure (Score:4, Informative)
I use a failover setup where the primary connection is an xDSL connection and the backup connection is cable.
Some details make failover non-trivial to do. The ADSL occasionally gets the DSL line up but no IP connectivity. The cable modem is very stable but slow. I ended up configuring linux on a small embedded computer (soekris net4801). I have a script running from crontab that pings the next-hop. If the primary connection fails, the default route is changed to the backup interface. One interesting complication is that I also use bandwith shaping with tc/htb, so iptables is configured to mark packets based on which interface they come from, which tc then can pick up and shape. I don't think there is any box/product that can fulfill all my needs, but I would have saved me much time if there were.
Re:Point of failure (Score:5, Informative)
You can use more than one default route. For reliability you'll want keep some sort of connection-specific check script and reset to a dedicated route if one of the connections goes do. But while both of them are up you can use both connections together so long as you have multiple data streams:
ip route add default table "${MULTI_TABLE}" \
nexthop via "${T1_GW}" dev "${T1_DEV}" weight 1 \
nexthop via "${DSL_GW}" dev "${DSL_DEV}" weight 3
There's a bit more to it than that, but the above example is the heart of a routing policy that splits traffic 3:1 between the DSL and T1. Google should be able to show you the rest.
Re:Point of failure (Score:4, Informative)
There's a bit more to it than that [...]
That is the understatement of the year :-)
The 'weight' feature is quite nice. It evens keeps the route selection sticky per-flow.
Re: (Score:3, Interesting)
You can probably do some sort of ghetto load balancing with ipvs/keepalived and iproute2.
I'm just thinking out loud... all in all, you can probably do this without a whole lot of difficulty, but it really is probably going to require a linux router and 3 network interfaces... unless you want to plug both internet connections into a switch with all your other computers and use a bunch of static IPs and routes and whatnot...
Probably [the internet x 2] --$gt; [linux router] --- switch ==== other pc's.
Set it u
Re: (Score:3, Informative)
Re: (Score:3, Interesting)
I don't mean to dog cellular/wireless as a backup, but anything based on the POTS network is going to be more reliable in terms of being strong against blackouts and disaster. Latter day technologies are less likely so because generally the legal requirements for that strength are not there or are significantly less.
High-speed cable and DSL aren't that cheap (~$100/month and up) and T1's are cheap as hell nowadays (~$400/month is not uncommon, can be less) and you've got a 4 hour repair guarantee - if you'
Re:That's not the usual Point of failure here (Score:3, Interesting)
There are four main reasons that DSL goes down
I've had DSL fail four times in the last 10 years. One was my DSL router. Two were when phone company installers working on boxes down the street disconnected me by accident. One was a billing problem (but that was when my ISP was providing beta service, and they mixe
I've done that informally (Score:2)
Ok, technically I didn't ask first :-) But I can usually see 3-4 unlocked wireless systems from home, and while not all of them do everything I need (e.g. they block port 25), I've been able to borrow them the couple of times my DSL wasn't working.
I'm much more likely to borrow them by accident when something warps the local 2.4GHz wavelength or the electricity blips for a minute and my laptop gloms onto a neighbor's system instead of mine; I typically don't notice until I try to send mail from Eudora or
Cable/DSL? (Score:2)
DSL+Cable (Score:5, Informative)
Re:DSL+Cable (Score:5, Insightful)
Ah, but also fun and learning. "You must be new here"
Re:DSL+Cable (Score:5, Informative)
Well in my ventures into traffic shaping I've seen lots of data on load balancing as well. Most traffic shaping on GNU-Linux starts off with iptables.
A good backgrounder on iptables is at the Linux Documentation Project. (TLDP.org) You might start off with a short introduction to a simple NAT. Setting up a basic NAT is a good start before you get too far into it so you feel like you've at least got some success before you get into the deep end.
Once you feel like you've got a simple NAT down, then look for the Linux Advance Routing Howto or something of that nature. I forgot the exact title but it's close to that. That's a good one. It's dense reading, but look at the cookbook section. It has a script called wondershaper that is interesting and might give you some ideas about traffic shaping and load balancing.
Gentoo also does some nice documentation on load balancing and traffic shaping. Once you have some of the lingo down you can google around for some of the tutorials the Gentoo users have posted. Most of those tutorials can be used with the kernel that comes with Knoppix 5.0 without needing any modifications.
Personally, I think Knoppix is a good starting point for a router because it gives you a level of security in that most of your OS is read-only and the default security is pretty tight. Working with Live CDs can be a challenge if you're new to it, but a key tip is that you can quite easily modify the isolinux.cfg file on the CD to create custom boot commands burnt into a CD such as how to automatically load up your iptables scripts upon reboot. This makes a nice home-brewed embedded style device using all generic second-hand components.
Anyway, that's mostly stuff I use for traffic shaping, but it's a good start towards doing failover stuff too.
The Knoppix part may be too much of my personal preference but the part about going to TLDP and looking for the Linux Advanced Routing Howto should certainly be a good start in any case.
*nix on old hardware (Score:5, Informative)
look for the Linux Advance Routing Howto
Somewhere in that site it talks about some of the problems of having 2 IP addresses, like confusing game servers and the like, but with a bit of tweaking you could get it functional. I don't think this solution explicitly provides failover functionality, but I suppose that could be scripted in somehow.
pfsense [pfsense.org] is a nice turnkey solution for this too, if you're not into spending a couple weeks solid trying to make your debian or lfs distro act like a router.
db
Re: (Score:2)
Does it support HSRP?
Bit pointless spending the money on two connections and then running it through one box. Either you have redundancy or you don't.
Re:DSL+Cable (Score:5, Funny)
but make sure its not in the same neihborhood as your primary...
Re: (Score:2)
As most accidents occur in the home, I advise you to move house.
Re: (Score:2, Funny)
And if the continent sinks, you're still fucked.
Get 2 houses with 2 power lines and 2 ADSL providers each on 3 different continents.
Of course, if aliens destroy the planet...
And don't forget the solar system...
And wasn't Milky Way about to collide with an another galaxy anyway?
Re:DSL+Cable (Score:5, Funny)
and even if you have ups's for both, your house could be destroyed, better have a back up house
Or, you know, a laptop.
Re: (Score:3, Funny)
Hence the need for two power systems, preferably from two different utilities.
Re: (Score:3, Insightful)
That's really getting into the enterprise level of redundancy. Rare indeed would be the home network which would necessitate two power companies. I could see a generator for auxiliary power, but I can think of a lot of things higher in priority than my home network.
Re: (Score:2)
Re: (Score:2)
You're right, it depends on how much you care about redundancy.
Also, thinking about it, there is a difference between making your connection resilient and your hardware resilient. You have control over your hardware, and have the ability to replace it relatively quickly if it goes down. However, if your connection goes down, you're in the mercy of your provider. And most people I know don't have SLAs with their ISP.
Re: (Score:2)
Most people have best effort services. If you want an SLA, you should get a T1 [blogspot.com].
Of course, that might be a little slow for this guy's needs.
Re:DSL+Cable (Score:5, Informative)
" SmoothFirewall 4.0 - Update 3
Download Update 3 Update 3
516 KB (528,827 bytes)
MD5: 85ac7940504a0fe7eef2b91016cf80f6
This update adds Load Balancing abilities to Advanced Firewall systems. It also corrects a problem with IP address sorting on some pages and updates the DHCP client to fix a theoretical vulnerability. Problems with PPTP and PPPoE clients have also been corrected.
Please install core Update 2 prior to installing this update.
Detail:
* Load Balancing
It is now possible to load balance outbound proxy requests and other network traffic in Advanced Firewall. Primary and secondary external connections are 'pooled' using the Firewall / connectivity and Firewall / secondary addresses pages."
smoothwall4 supports load balancing out of the box, no hassle, no mess, no fuss, but then, smoothwall is only free as in beer, but i find it works well enough.
Re:DSL+Cable (Score:4, Informative)
D-Link made a (now discontinued) 4-port router that load-balanced: http://support.dlink.com/products/view.asp?productid=DI-LB604 [dlink.com]
Edimax Technology currently makes a couple of lower-priced load-balancing routers: http://www.edimax.com/en/produce_list.php?pl1_id=3&pl2_id=18 [edimax.com]
It appears that software firewall solutions (mostly linix-based) have the best support and the most features, for example: http://www.smoothwall.com/products/advancedfirewall2008/?loadbalance [smoothwall.com]
Re: (Score:2)
Fortinet makes a pretty badass product in the Fortigate 50B. For $400 we're talking a full QoS/NAT box with 2 WAN ports, load balancing, HA failover and connection tracking.
And they're not even that difficult to set up if you know how to do QoS firewalling. If you pay the yearly maintenance fee you also get full IDS/AV/Spam/Content filtering (any of which can be turned on/off either on a schedule or at your pleasure.) If you're really paranoid you can buy 2 and set them into HA mode for failover.
Yeah, you c
Re: (Score:2, Interesting)
Re: (Score:2)
Well, switching from one to the other in a round robin fashion is a really crude way of doing load sharing... Especially if the lines are of different speeds/latency...
You really want proper load balancing, based on you know, load?
Linux distros (Score:5, Informative)
Re: (Score:2)
Been a while since I've set up a Linux router but won't the following work on any Linux distro:
Set up a box with two ADSL cards in it, set two default routes via the next hop IPs for the connections on each card. By default it should load balance across the two. If one drops then it'll realise the next hop isn't reachable (as it's on same subnet as the interface which has now vanished) and remove that route.
I seem to remember that Linux can set routes via interfaces, that would work even better than using n
Re: (Score:2)
pfSense + two independant ISPs (Score:4, Informative)
Re: (Score:2, Informative)
Re: (Score:2)
I'd recommend FiOS as a priority (just for the speed), and then whatever broadband service you could get from another provider. His decision has a lot to do with where he lives and who's available.
Dual WAN router (Score:5, Informative)
Simple, not cheap (Score:2, Informative)
A dual-WAN router is the easiest way to go, but I wouldn't call it cheap. A decent dual-WAN router will cost you about twice what it would cost to build a cheap, but decent linux box.
Re: (Score:2)
That's very true. Plus it could do any kind of service providing he was looking for, like web, mail, or whatever.
You could probably script the dynamic dns services to switch when failover occcurs, as well.
what I use is a nice distro... (Score:5, Informative)
called Clarkconncect (http://www.clarkconnect.com/)
It's basically a CentOs (aka free Red Hat) wich can do multi-Wan. It has a nice web interface fir Firewall, ftp, web and mail server, shell..
No idea if it can reset errant connections, but it can do anything you can on redhat, including using two Wans simultaneously. (chek Clarkconnects forums for multi wan)
up and running within 30 minutes, mine has reached 165 days uptime (Bi-P3 GHz, 2 Go Ram, 4*500Go HDD, 3*Eth 100 (upgraded from a faithfull Compaq Deskpro 400 Mhz "server")- web, mail, and bittorrent dowvnloader (torrentflux-bart) as well as "media server" connected to the xbox with XBMC)
Re: (Score:2)
I loved clark connect. Best firewall package out of the box- and you're right, up and running within 30 minutes.
Unfortunately (couldn't you tell) some of the changes they've made are less than stellar. I'm still pissed about how difficult it was to get the new virtual hosts up and running on apache, and I have had to edit all the files by hand.
In addition the user accounts are a pain- I don't know how to log in except as root (or other user) to get full access to the server. Basic user accounts are limit
LARTC (Score:2, Informative)
http://lartc.org/howto/lartc.loadshare.html [lartc.org]
Check it out.
Those ISPs may not be redundant (Score:5, Informative)
Most DSL circuits, even sold by different vendors, go through the same facilities and sometimes the same equipment. For example, the local loop is usually the local telco's, no matter who your DSL vendor is. And many DSL vendors resell one of a few wholesale providers (e.g., Covad), so your data on both DSL lines could be going through the same wholesale provider's equipment/facilities. The same may be true of other technologies (e.g., fiber).
In trying to setup something similar, we finally settled on using cable for one circuit and fiber for the other. We know the cable company has its own local loop, and they assured us (FWIW) that they have their own facilities out to their upstream provider (e.g., AT&T, Sprint, etc.). Fiber would be Verizon. We would use DSL, but I'm concerned that it would end up in the same Verizon facilities.
Good luck. There are also routers that do fail-over, but I know that's not what you asked about.
Re: (Score:2)
Unless there was an infrastructure sized event in the Verizon colo, I can't imagine a DSL issue would take out your FiOS. On the other hand, better safe than sorry
Here's what DSL typically shares (Score:3, Informative)
Let's start at the bottom of the OSI stack - physical layer. The wires from your house to the telco office are usually physically separate until they hit the first active device, which might be a Subscriber Loop Carrier in a big green box down the road, but is more likely to be copper all the way to the telco office. They're bundled into bigger and bigger cables (e.g. 24-pair, 50-pair, etc.) There are common-mode failures here - backhoes, wet cables, cars crashing into the telco box - but one of the mos
HotBrick (Score:5, Informative)
Hotbrick makes a very good load-balancing soho router. They're a bit pricey but they seem to work quite well for exactly what you're describing. Take a look on ebay for their LB series.
I do have to second the suggestion of using Cable+DSL rather than DSL+DSL. Most places where there are multiple DSL providers, they're both operating from the same physical infrastructure with one reselling the service of the other. It's certainly better than one by itself, though.
2 ISPs? Single provider. (Score:5, Informative)
Honestly, I think that's not understanding how DSL works very well. In virtually all markets, there's one physical DSL provider, and a few dozen 'ISPs' which cost a little bit more to provide potentially 'unique' services on top. One monopoly for phone (and hence DSL), one monopoly for cable.
Er, the cheapest DSL is what, around $25, $30, for 256k? Double that, and you've got a price for very fast (8mbit or more) cable, including 256-512kbit upstream. Even if you have 2x256k, and the equipment to use it in a decently efficient manner, that's still some 512kbit, and two different IPs.
Only in a few situations can you use the bandwidth of both cooperatively for a single task, and the most common failure is based on when the physical link/line conditions deteriorate, in which case having two ports to the same network isn't going to make any difference at all.
Cable/DSL will provide the potential reliability you'd be looking for, I think. But, as a home user, some 98-99% (even if not 99.97%) uptime isn't good enough? For the additional cost, it's not worth the extra -average- hour per month of downtime you gain 'back'.
If your ISPs downtime is any more than that, you have every right to complain, twist their arm to fix whatever might be causing the problem.
Re: (Score:3, Informative)
Re: (Score:2)
Cable/DSL will provide the potential reliability you'd be looking for, I think. But, as a home user, some 98-99% (even if not 99.97%) uptime isn't good enough? For the additional cost, it's not worth the extra -average- hour per month of downtime you gain 'back'. If your ISPs downtime is any more than that, you have every right to complain, twist their arm to fix whatever might be causing the problem.
Yep. My plan B would be the cell phone - it's not fast, not pretty and costs an arm and a leg but it works well enough as fallback to do basic things as check mail and such. The torrents can wait until you get back online with your real connection, the only thing I could think of would be VPN/remote working where the boss might not be happy with your poorly chosen internet downtime. But if I did, I'd consider it my "business" and get a business line, ah well.
Re: (Score:3, Interesting)
Umm, who are you to tell someone else what's worth it and what isn't? I can see a lot of situations where one would feel the extra $50 or so per month is worth it. For instance, if you're day trading from home, a 20 minute outage at the wrong ti
Two answers (Score:2)
Second answer: assuming you already have DSL or cable from one provider, get a second line from a different provider (this means cable if you already have
Why bother, seriously? Why? (Score:5, Informative)
Seriously? Is your network infrastructure -that- unreliable that its actually worth *doubling* your costs for redundancy?
I have had maybe 10-15 hours of internet-only downtime in the last 8 years. Of that, maybe 4 hours affected me (ie I was awake and wanted to use the internet). I've had another 10-15 hours of power fail in the last 8 years, and even with backup power the internet was still down (routers, switches, etc in the upstream path weren't on backup power so keeping my 'modem' up isn't worth beans.
In any case, I can see a lot of situations where it would be worth another $2500 over that period to have had internet access for those couple hours.
If I were running servers (and I am), it might be worth it, but in practice its not worth the trouble. round-robin DNS just means every odd connection attempt fails if one of the links is down, and dynamic dns updates to take the downed link out of rotation would be great except most internet outages are over before dns updates are likely to propogate. So its just not effective.
If I wanted -faster- downloads, that might be worth 2 connections, but that's not what you claimed your objective was. And even then, it usually won't make a specific download faster, but will rather let you do 2 at once at full speed (in the case of a large http or download for example which only uses one connection) which may or may not be what you need. Torrents, using multiple connections, will of course benefit from the extra bandwidth capacity.
If you SERIOUSLY want redundancy, you might want to look at a router that can fail-over to dialup. That will actually stand of chance of being available during a power failure, and might not cost you extra in terms of service, since many ISPs give you some free dialup hours as part of your broadband. And the dialup infrastructure is often separate enough from the adsl/cable infrastructure that you'll be able to connect on dialup while adsl/cable is down.
Re: (Score:2)
Re: (Score:2)
Yeah, seriously - my apartment is on the same network as the USGS National Earthquake Information Center. So since I have oodles of extra bandwidth and 100% uptime, everyone else should have it too.</sarcasm>
Re: (Score:2)
Seriously? Is your network infrastructure -that- unreliable that its actually worth *doubling* your costs for redundancy?
For a home network, I agree completely. It sounds like overkill, but some people seem to think home internet is worth it. Whatever floats your boat.
Re:Why bother, seriously? Why? BECAUSE... (Score:2, Interesting)
YES
I live in the Rockies on the western edge of a mountain ridge at 10k ft elevation - in other words a lightning magnet. I'm a full-time telecommuter for a multinational, & I work daily with people from 5 different time zones. Teleconferences, webex's etc. are my daily work life. Loss of connectivity to our source code repository can be a serious problem.
EVERY time there's light
Re: (Score:2)
In your situation, it's all about priorities. If it really was enough of a hassle for you to be where you are (i.e. where you call "home") then you'd probably up and move.
But if I had to hazard a guess, the view where you're at is breathtaking. And some small part of me doesn't fault you for that.
It's easy (Score:5, Funny)
You just get a Linux box with 2 NICs and start adding static routes :
route add 1.1.1.1 255.255.255.255 eth0
route add 1.1.1.2 255.255.255.255 eth1
route add 1.1.1.3 255.255.255.255 eth0
Etc, etc....
It might seem like a big job, but there's huge ranges of reserved addresses you can skip. Let us know how you get on.
Multiple routes (Score:2)
If you get both cable Internet and DSL, there are some interesting options. Cable usually has better downlink bandwidth than DSL, but DSL has better uplink bandwidth, especially during peak periods. So sending some or all of the upstream packets on the DSL link while getting all the incoming traffic on the cable link could be a win. The IP of the cable link can be used for sending on the DSL link or the cable link. The downstream direction of the DSL link is unused. You'll need to configure a local rou
Dual WAN Router (Score:5, Informative)
What you want is a "dual wan" router [google.com]. Which will give you two ways out, by default putting each connection between your local host and a remote host over a single WAN's route, but pool the two WANs so the less-full one gets the whole next connection.
Then you want to look into "bonding [wikipedia.org]", or whatever the router vendor calls their version of it. It usually doesn't work, because the two different WANs usually take very different routes most of the way to the remote host, and the bonding has to accommodate all the hops between on each of the two WAN routes. But sometimes it does work, especially if the routers at both ends of the routes share the same bonding technique.
But you will indeed get immediate uptime benefits. Because if one WAN gives you, say, 99.9% uptime, that's 0.1% downtime, which is still over 31,000 seconds down a year, which is still almost 9 hours. But if you can get connections over either one WAN or the other (each at 99.9%), you can get 99.9999% uptime, which is only about 32 seconds a year, which is unattainable at reasonable prices for a home user.
Pfsense (Score:2)
Multihomed routing (Score:4, Informative)
It sounds like multihomed routing is what you're looking for. there's a decent intro here:
http://www.oreillynet.com/pub/a/network/2002/08/12/multihoming.html [oreillynet.com]
OpenBSD, PF, Carp. PFsync (Score:2)
Carp provides IP failover, PFsync ensures connections are synced on both machines. I can kick down the active firewall and the other ones takes over at once without dropping any internal or external connections. (if only it would also mirror ssh sessions to itself
The one thing I'm working out now is getting a connection running between them so all the internal nics (regular lan,
here's what I've just got going (Score:2, Informative)
Recent events (FLOODS) have shown me how fragile my DSL service here is. My provider's DSL was down for the entire state for several days. So I called my local nephew-of-satin cable co and had them install a cable modem last week.
I run a web server, mailserver, and numerous other hobby services here, so I had the "business grade DSL", which is 936/1536. (divide kbps by 9 for a good guestimate in kb/sec, so 100 up, 170 down) DSL always provides me with that speed, it never fluctuates so I get every penny
Multihoming (Score:4, Informative)
Multihoming:
Cable/DSL
http://en.wikipedia.org/wiki/Multihoming [wikipedia.org]
Multihoming caveats:
http://en.wikipedia.org/wiki/Multihoming#Multihoming_caveats [wikipedia.org]
Get matching NIC cards.
It's actually pretty limited (Score:5, Informative)
I have quite a bit of experience with this, as I use two consumer ADSL circuits to provide very reliable 'net services at my office.
To an extent you either get to use two different services (for reliability) or combine them into one service for improved performance. Not both.
If you're going for reliability, you'll be using two different providers. That eliminates the use of multilink PPPoE to bond the two services into a single logical service with a single public IP address. It also eliminates ATM channel bonding, which is the other way to achieve the same end. This isn't such a great loss as you might think since I've *NEVER* found a provider (at least here in Australia) that knows what either is, let alone supports even one of them.
So, you're stuck with two ADSL circuits, each with separate PPPoE connections (or direct IP over ATM links; either way) and separate public IP addresses.
This sucks. You can't even load balance across them properly without the cooperation of a router/proxy on the other side of your ADSL links.
Load balancing your transmissions on a per-packet basis is obviously hopeless because any sane ISP has egress filtering based on source IP address, and even if they don't you'll still get replies back on the official source IP (so you won't gain much). SNAT won't help because if you SNAT some packets in a connection the recipient will have no idea they're part of the same connection as the unmodified packets leaving on the other connection. The only way that packet-level load balancing across multiple links with different IPs will work is if you're only talking to an endpoint (probably a VPN termination point) that is aware that you're using multiple connections and can combine them. You can use tricks like multilinked PPTP for this, or iptables trickery on each end. In any case, you're going to need access to a server with enough bandwidth to service both connections that's willing to route traffic for you. You probably don't have this.
So, packet-level load balancing is out. What's left? Connection-level, and per-protocol.
Connection level load balancing works well for some services. Outgoing SMTP, for instance, is well suited to being randomly allocated between multiple ADSL links (if you're unfortunate enough to have users who think that 100MB attachments are a good idea). Unfortunately most home user services like HTTP web browsing are not. You'll find that websites like to store session data with your IP address, so if you do connection load balancing with HTTP you'll find that websites keep on forgetting your login. To work around this you need to use "sticky" load balancing that remembers which connection was used to talk to a given host - but that, of course, reduces the benefits of the load balancing.
In the end, all you can really do is a bit of sticky connection-level load balancing when establishing new outgoing connections for some protocol types. If you want more than that, you need to do ugly things like say "all FTP connections go out ADSL1, and all SIP and other VoIP connections go out ADSL2" etc.
Personally, I don't bother even with that. I have both ADSL services listed as MXes for the company's DNS, so if one is down we still get mail. The A record points at a colocated server elsewhere on the Internet, so that's not a worry, but if it didn't I'd have to use some sort of ISP-level or colo load balancing to reroute traffic down whichever link was currently available.
Outgoing connections just all use the primary link when it's up, and fail back to the secondary link if/when the fast one is down. The secondary link is the primary MX, so when both links are up mail will tend to come in one link and everything else in the other.
If I wanted more than this, I'd probably have to route everything through another server colocated at an ISP or peering point. Unless I could get free traffic between it and both my ADSL circuits this would get expensive fast - and it'd also reduce the benefits of the redundant ADSL links
Your load balancing "problems" have been solved (Score:4, Informative)
Can't load balance hosted services without a remote router? Round robin DNS with short TTLs, with a script to remove an IP if a link goes down.
Outgoing TCP connections are OK when using Linux:
http://lartc.org/lartc.html#LARTC.RPDB.MULTIPLE-LINKS [lartc.org]
If you buy an off the shelf solution from the likes of F5 there's even more control.
round-robin queuing (Score:2)
OpenBSD ships with support for round-robin queuing.
This is an interesting idea for a fun hack.
A similar idea that me and a buddy [if you are law enforcement, read: didn't] put into action one afternoon was a BSD box that latched onto as many wireless networks as cards we could find, then queued out to all of them.
BWAHAHAHAHA!! /saturday afternoon hacks ftw.
OpenBSD (Score:2)
I used to do that with ease and great success with OpenBSD.
Using PF for load balancing and relayd to check link status and to automatically change PF rules when needed.
It worked great, never had any single failure with it. It was on a Soekris Net4801.
With OpenBSD 4.3, I think you can even do it without PF, just with routing.
Very simple to do (Score:2)
What you ask is very simple to do with a dual DSL router; Hawking Technology makes one that isn't too expensive and easy to set it up (http://www.hawkingtech.com/products/productlist.php?CatID=36&FamID=43&ProdID=20). I'm an ISP who provides DSL. DSL depends on the DSLAM and phone line condition. Two phone lines to your house from the same phone company can be VERY different in quality and it is line quality that is most important with DSL. After that, a problem could occur with the providers DSL
Draytek 2910 (Score:2)
Best standalone firewall/router ever (Score:2)
Ideas?
pfsense on cheap itx mobo with mikrotik routerboard 44G/pci. or two. CF card in CF/IDE slot adapter. I am happy with that. Don't forget an ups powering both router and adsl gateways. Just in case...LISP is intended to do this. (Score:3, Interesting)
To do this properly with load sharing and immediate failover, at the moment the professional solution would be that you should
- get business class connections and
- run BGP over both links.
If you don't already know what BGP is, this solution is probably too complicated for you. Worse, the global BGP routing table is a shared expense, and your extra route would impose a (slight) extra cost on literally every other ISP running BGP. (The business class connections are because you will need several static fully routable IP addresses to do this, plus run BGP, and that requires more than a consumer class connection.)
There is a lot of discussion at the moment about this at the IETF, and people are working on something called LISP (no relation to the computer language), which would provide true multi-homing without the bother of running BGP and adding to the global routing tables. Things like immediate failover and load balancing should follow more or less automatically.
There is a lot more information available at Lisp4.net [lisp4.net]. I have heard of some initial testing, but in my opinion this is still a ways from commercial use.
Aggrate routeing is a bad idea - here's why (Score:3, Interesting)
OK, so you have two routes to the internet. One packet departs, but is returned by the other route. How to glue those together is a very non-trivial problem.
Sprint tried that in 1997-2001 time frame with bonded T1 & T3 services. The bonding never worked for persistant connections, and only slightly better for transiant connections. UDP worked best. And that was using a routing system that understood it was bonded, not one completely unaware of another route.
These days $DAYJOB uses OC3's and SONET rings for Internet, so there may have been advances I'm unaware of, but back then, it really, really sucked. Off the cuff, I'd say use Linux and the Zebra package on a old computer, and try that, but no promises. Personally, I don't think it will work well.
Broadbond (Score:4, Interesting)
I produce a system that can do this. It's called Broadbond [broadbond.org].
You can bond several ADSL lines, even from independent providers, and it will deliver the combined upstream and downstream bandwidth of the two. All traffic is load balanced across the two lines and can also be transparently compressed. The throughput of the lines is automatically measured to determine the optimal load balancing. Differences in latency on the two lines are compensated for.
The catch (there's always a catch!) is that you need to have a partnering system co-located with an ISP to handle the far end of the tunnel -- although I can also provide this if you would prefer.
The system is available as a software package that you can license to run on Linux or OpenBSD and also pre-installed and pre-configured on a couple of small embedded Linux boxes -- very low power (under 5W), no moving parts, good for up to 90Mbit/sec.
I bond two ADSL lines to my office, 4.4Mbit and 9.6Mbit, and I get around 13.5Mbit on file transfers.
If you're interested, contact me (details on the broadbond.org web page).
Dynamic routing idea (Score:3, Interesting)
I have DSL and cable. I also have a D-Link DL604 load balancing router. It sucks.
The router seems to think that as long as the physical ethernet connection is up, the provider is up. It tends not to detect network failure. There are ways to set up a periodic monitor of some host to detect if the network is up, but it does not seem to work properly.
What I want from this thing is:
Lock SMTP to one port and thus one provider. My AT&T DSL SMTP server will not accept mail from my Comcast account. (this is correct behavior for anti-spam). The DL 604 does this correctly.
I want the router to send any new connection for a naive (not currently in routing table) external network to both providers. I want it to measure the response time ( over a number of packets ) and then lock the route to the network which provides the best performance. It can periodically re-test the routes - perhaps every 5 minutes or so. This should address the problem of non-neutral peering between various providers. It is not always true that the higher bandwidth cable connection is the best connection to where I want to go. If I am accessing a client's machine who is on AT&T DSL, my DSL connection may be faster than my cable connection. I want the router to deeply inspect the traffic and be able to detect if a session breaks on a particular WAN port, and try the other. I also want it to quickly recognize when all sessions on a particular WAN port break and switch to the alternate port, while testing the original port.
I want built-in diagnostics that can show me how often a provider drops the ball, shiny graphs of bandwidth and latency etc. It would be cool if the router would allow me to see what the instant connection graph between my LAN and external networks looks like. ( which of my hosts connect to which external domains at the moment ).
I would like to be able to see graphics of IP address / port scans.
I want the router to be able to do some intrusion prevention, particularly if no one is using my network at the moment - someone tries to scan - shut the thing off for a while. ( do I care if I DOS myself if I am not using the net? NO! )
There is a hardware provider http://www.routerboard.com/ [routerboard.com] that can provide multi-wan multi-lan and wireless router hardware for cheap. They also have software but nothing that does all the tricks I want...
Coders, here's a base spec, send some bits!
OZ
Re: (Score:2)
p2p doesn't mean stealing books, movies, or porn, project Gutenberg supports bittorent, linux, freebsd, many free open source software packages, even 'free as in beer' software is all using p2p...
for instance, VMware images are often available from P2P for 'free as in beer' users of VMware player. PBS doesn't do p2p yet, but someday they might offer downloads of shows and documentar
Re: (Score:2)
i'll have to double check if it is in ver3, because ver 4 and 5 are source code only right now, but on the comparison page, they say smoothwall supports some form of load balancing, between multiple red connections etc.
From the "I am not giving a useful answer dept" (Score:5, Insightful)
Great, so you googled some shit. Maybe he wants to get some people's experiences with them? What is good or bad?
Re:From the "I don't use google" Department. (Score:5, Insightful)
God, not another person saying this.
Slashdot articles aren't just posted for the question, but for the discussion. Yes, anyone can find an answer to anything they want with Google+Wikipedia+etc.
The point here is that maybe someone will take an interest in it that never thought of it before or cared enough to dig around Google.
Obviously from the author's point of view, multiple viewpoints by the readers would be helpful. However from the Slashdot mods (and community in general) it's an interesting enough topic to read on their own.
Re: (Score:2)
Re: (Score:2)
The point here is that maybe someone will take an interest in it that never thought of it before or cared enough to dig around Google.
Also, Google alone doesn't always get you the best answers. I know I've had a few problems where I Google for the solution, and find 50 different solutions with little grounds to compare them as to which is the best. Sometimes you'll find that most of the pages list a solution that's 5 years old, and then you find out later that there's a brand new solution that, for whatever reason, doesn't show up on Google's first 5 pages.
Google/Wikipedia a great sources of information, but it's often hard to find a p
Re: (Score:2)
I've seen ads for that. I'd be interested in hearing more about your experiences with it
Re: (Score:2)
But that's got to be supported by the provider. In the case of multiple T1s [blogspot.com], that's common. Pretty unlikely from consumer cable and DSL connections though.
Re: (Score:2)
But if you get a server hosted somewhere, you can tunnel the multi ppp over all your upstreams to your hosted server.
That way you have good peak bandwidth (combined rate of all the lines), proper redundancy - ie you still have the same ip and wont need to drop active tcp connections, the potential point of failure (your colo) is likely to be a lot more stable than your home power grid, and just incase its not you could have multiple hosted boxes using bgp to present the same ip addresses, so even if one goe
Re: (Score:2)
It doesn't sound like money is this person's biggest problem.
Juniper netscreen SSG5s are capable of far more than what you'd be asking it to do.
Re: (Score:2)
I'd like to be on the phone call when you call the cable internet technical support and ask for BGP.
THAT would be an amusing call.
Re: (Score:2)
That's an interesting compromise. Are you paying less for the two of them than you would be for the static cable IP?
Re: (Score:2)
If you want to get even fancier and make your backup link last mile backhoe-proof, Cisco has 3G wireless HWIC cards.
Somewhere on my "fun to try" list is setting up a HWIC-3G-CDMA, set up a tunnel between its router and another one somewhere offsite, exchange BGP routes over it, and use it as a last resort failsafe. Sure, it'll be ugly slow compared to normal, but I'd still be on the air in some capacity if it works.