Become a fan of Slashdot on Facebook


Forgot your password?
Networking IT

Working With 2 ISPs For Home Networking? 356

An anonymous reader writes "This is, I think, a simple question — but one which I can't get the answer to. As a typical, but perhaps high-demand home user I would like to use 2 separate ISPs. ADSL is pretty cheap nowadays, and 2 x ADSL seems a better value than one fast one — especially in terms of reliability. If one breaks, at least the other will work. Using an old box as a router/firewall, how can I configure a system to use two completely separate ISPs in a sensible manner? Ideally, I'd like the load of my browsing to be balanced, but at the minimum, I'd want some kind of 'fail-over.' If I leave torrents running over night, I'd like the router to use whichever connection doesn't block the traffic — and preferably for it to reset the errant connection. Ideas?"
This discussion has been archived. No new comments can be posted.

Working With 2 ISPs For Home Networking?

Comments Filter:
  • Point of failure (Score:5, Insightful)

    by tepples ( 727027 ) <tepples@gmail.BOHRcom minus physicist> on Saturday June 28, 2008 @02:36PM (#23983487) Homepage Journal

    ADSL is pretty cheap nowadays, and 2 x ADSL seems a better value than one fast one â" especially in terms of reliability. If one breaks, at least the other will work.

    When your DSL is down, it's likely that your neighbor's DSL is down too. Consider cable + DSL, not cable + cable or DSL + DSL.

    • Re:Point of failure (Score:5, Informative)

      by ( 1108067 ) on Saturday June 28, 2008 @03:02PM (#23983757) Homepage Journal

      Even if they're from different providers, they're running over the same phone network (esp. since smaller providers are just resellers). A backhoe, lightning storm, or major power blackout doesn't give a sh*t that you went through two different providers.

    • Re: (Score:2, Informative)

      by Etylowy ( 1283284 )
      The last mile is expensive. It is almost sure that even with DSL from 2 different providers if one fails so does the other.

      just as tepples wrote: you need 2 internet connections using different infrastructure for the last mile, or preferably more. DSL+Cable should be the right solution.

      As for load balancing etc, you've got two options:
      1. router with 2 WAN ports
      2. any pc with 3 network cards + linux + googled up howto for 2 internet connections
      • Re: (Score:3, Insightful)

        by mikael_j ( 106439 )
        The last mile is expensive. It is almost sure that even with DSL from 2 different providers if one fails so does the other.

        In my experience from working for ADSL ISPs in Sweden only very rarely is an actual outage caused by the "last mile", with newly installed DSL it is not unusual for people living fram from the DSLAM to have problems with unstable sync but this is generally easily adjusted.

        So with two different phone lines connected to two different DSLAMS belonging to two different ISPs using two diffe

        • by mikkelm ( 1000451 ) on Saturday June 28, 2008 @04:10PM (#23984353)

          That's because you're in Sweden, and the infrastructure there, especially urban infrastructure, is typically much less vulnerable than here in the southeastern US, for example. We frequently have last mile outages due to storms, flooding and lightning, and when a tree hits a phone mast, you lose your DSL, no matter how many different providers you have.

          It all depends on the local conditions, so suggesting separate last-mine access technologies as a way to optimise your redundancy is not such a bad idea.

          • Re:Point of failure (Score:5, Interesting)

            by jettoblack ( 683831 ) on Saturday June 28, 2008 @09:59PM (#23986771)

            You know, this is something I haven't been able to figure out. I live in Japan where we are hit by strong earthquakes at least a month, and typhoons (like hurricanes), thunderstorms, minor flooding, etc. almost every day during the rainy season. And no I don't live in central Tokyo, I live in the middle of a farming town and have to walk through flooded rice paddies to get from my apartment to the station. But my power and internet have NEVER gone out once in the 6 years I've lived here. We don't have anything special... the power and phone run on overhead lines on metal poles just like most places in the US.

            Meanwhile, at my mom's house in the DC Metro area, USA, the power & internet go out every time there is anything more than a gentle breeze. What's going on?

            • by farnsaw ( 252018 ) on Sunday June 29, 2008 @12:20AM (#23987491) Homepage

              Well, the main reason is that Japan has a total area of about 375,000 sq km.


              The USA has about 9,200,000 sq km, or about 30 times the area. Now we (the USA) have covered this out to supply power, telephone, cable tv, and internet but have not been able to cover every single residence with redundancy on these services.

              Japan is slightly smaller than California, a large state, but still only one of 50.

            • Re: (Score:3, Interesting)

              by ek_adam ( 442283 )

              And your system was totally rebuilt after WWII. Ours has just been "maintained" by the "if it's not broken don't touch it" scheme since Edison.

            • Re: (Score:3, Informative)

              by KPU ( 118762 )

              Systems are engineered for typical weather conditions. In California, heavy rain is sufficiently infrequent that utilities that utilities figure it's cheaper to fix lines after a storm. Similarly, new buildings in California almost always leak. If you're hit by earthquakes every month, it makes a lot of sense to invest in stronger infrastructure.

    • Re:Point of failure (Score:4, Informative)

      by isj ( 453011 ) on Saturday June 28, 2008 @03:44PM (#23984125) Homepage

      I use a failover setup where the primary connection is an xDSL connection and the backup connection is cable.

      Some details make failover non-trivial to do. The ADSL occasionally gets the DSL line up but no IP connectivity. The cable modem is very stable but slow. I ended up configuring linux on a small embedded computer (soekris net4801). I have a script running from crontab that pings the next-hop. If the primary connection fails, the default route is changed to the backup interface. One interesting complication is that I also use bandwith shaping with tc/htb, so iptables is configured to mark packets based on which interface they come from, which tc then can pick up and shape. I don't think there is any box/product that can fulfill all my needs, but I would have saved me much time if there were.

      • Re:Point of failure (Score:5, Informative)

        by profplump ( 309017 ) <> on Saturday June 28, 2008 @05:28PM (#23985079)

        You can use more than one default route. For reliability you'll want keep some sort of connection-specific check script and reset to a dedicated route if one of the connections goes do. But while both of them are up you can use both connections together so long as you have multiple data streams:

        ip route add default table "${MULTI_TABLE}" \
                nexthop via "${T1_GW}" dev "${T1_DEV}" weight 1 \
                nexthop via "${DSL_GW}" dev "${DSL_DEV}" weight 3

        There's a bit more to it than that, but the above example is the heart of a routing policy that splits traffic 3:1 between the DSL and T1. Google should be able to show you the rest.

        • Re:Point of failure (Score:4, Informative)

          by isj ( 453011 ) on Saturday June 28, 2008 @07:05PM (#23985711) Homepage

          There's a bit more to it than that [...]

          That is the understatement of the year :-)

          The 'weight' feature is quite nice. It evens keeps the route selection sticky per-flow.

        • Re: (Score:3, Interesting)

          by zerocool^ ( 112121 )

          You can probably do some sort of ghetto load balancing with ipvs/keepalived and iproute2.

          I'm just thinking out loud... all in all, you can probably do this without a whole lot of difficulty, but it really is probably going to require a linux router and 3 network interfaces... unless you want to plug both internet connections into a switch with all your other computers and use a bunch of static IPs and routes and whatnot...

          Probably [the internet x 2] --$gt; [linux router] --- switch ==== other pc's.

          Set it u

    • Re: (Score:3, Informative)

      by yyttrrre ( 741310 )
      If cable isn't available you can always go with cellular as a backup. With the right setup you can see 300kbps down and the cell phone towers are more likely to survive power outages and disasters and the like.
      • Re: (Score:3, Interesting)

        by mccabem ( 44513 )

        I don't mean to dog cellular/wireless as a backup, but anything based on the POTS network is going to be more reliable in terms of being strong against blackouts and disaster. Latter day technologies are less likely so because generally the legal requirements for that strength are not there or are significantly less.

        High-speed cable and DSL aren't that cheap (~$100/month and up) and T1's are cheap as hell nowadays (~$400/month is not uncommon, can be less) and you've got a 4 hour repair guarantee - if you'

    • There are four main reasons that DSL goes down

      • Your DSL modem/router.
      • Backhoe takes out a cable.
      • Card fails in a router/switch/DSLAM.
      • Technician misconfigures something, either in a phone connector box or router/switch/DSLAM or billing system.

      I've had DSL fail four times in the last 10 years. One was my DSL router. Two were when phone company installers working on boxes down the street disconnected me by accident. One was a billing problem (but that was when my ISP was providing beta service, and they mixe

  • I'd figure that using cable/dsl mixture would be better, since the systems work over entirely different topology. I tried two cable modems at once years ago when they were limited to around 1.5mb dl, and used one of them for gaming traffic, and the other for web traffic... this was for a lan party. It was done strictly by port. I know you can do software load balancing, but I'm not sure how.
  • DSL+Cable (Score:5, Informative)

    by certain death ( 947081 ) on Saturday June 28, 2008 @02:41PM (#23983529)
    You can get a "Firebox" VPN/Firewall/Router pretty cheap on ebay. They are running about $75.00US for the Firebox 1200/2. The "/2" part means it has 2 WAN ports and you can load balance across both, it is setup to be redundant, so if one goes down, it moves all traffic to the other automagically. I use one and it works like a champ. There are more expensive solutions, and probably "Roll your own" solutions, but as most of us know, that can provide months and months of aggravation!
    • Re:DSL+Cable (Score:5, Insightful)

      by HalAtWork ( 926717 ) on Saturday June 28, 2008 @02:45PM (#23983591)
      probably "Roll your own" solutions, but as most of us know, that can provide months and months of aggravation!

      Ah, but also fun and learning. "You must be new here" ;)
    • by growse ( 928427 )

      Does it support HSRP?

      Bit pointless spending the money on two connections and then running it through one box. Either you have redundancy or you don't.

    • Re:DSL+Cable (Score:5, Informative)

      by kesuki ( 321456 ) on Saturday June 28, 2008 @02:56PM (#23983695) Journal

      " SmoothFirewall 4.0 - Update 3

      Download Update 3 Update 3
      516 KB (528,827 bytes)
      MD5: 85ac7940504a0fe7eef2b91016cf80f6

      This update adds Load Balancing abilities to Advanced Firewall systems. It also corrects a problem with IP address sorting on some pages and updates the DHCP client to fix a theoretical vulnerability. Problems with PPTP and PPPoE clients have also been corrected.

      Please install core Update 2 prior to installing this update.


              * Load Balancing
                  It is now possible to load balance outbound proxy requests and other network traffic in Advanced Firewall. Primary and secondary external connections are 'pooled' using the Firewall / connectivity and Firewall / secondary addresses pages."

      smoothwall4 supports load balancing out of the box, no hassle, no mess, no fuss, but then, smoothwall is only free as in beer, but i find it works well enough.

    • Re:DSL+Cable (Score:4, Informative)

      by Zymergy ( 803632 ) * on Saturday June 28, 2008 @03:43PM (#23984119)
      I am not sure which of these (if any including the above listed Firebox) just roll-over to the second connection if the first goes down or if they truly load-balance all the time?
      D-Link made a (now discontinued) 4-port router that load-balanced: []
      Edimax Technology currently makes a couple of lower-priced load-balancing routers: []

      It appears that software firewall solutions (mostly linix-based) have the best support and the most features, for example: []
    • Fortinet makes a pretty badass product in the Fortigate 50B. For $400 we're talking a full QoS/NAT box with 2 WAN ports, load balancing, HA failover and connection tracking.

      And they're not even that difficult to set up if you know how to do QoS firewalling. If you pay the yearly maintenance fee you also get full IDS/AV/Spam/Content filtering (any of which can be turned on/off either on a schedule or at your pleasure.) If you're really paranoid you can buy 2 and set them into HA mode for failover.

      Yeah, you c

  • Linux distros (Score:5, Informative)

    by santix ( 1234354 ) on Saturday June 28, 2008 @02:42PM (#23983547) Homepage
    There are little Linux distributions like Brazilfw [] which run on old hardware and work out of the box with features like QOS, load-balancing, port forwarding, etc. Maybe that's what you need.
    • Been a while since I've set up a Linux router but won't the following work on any Linux distro:

      Set up a box with two ADSL cards in it, set two default routes via the next hop IPs for the connections on each card. By default it should load balance across the two. If one drops then it'll realise the next hop isn't reachable (as it's on same subnet as the interface which has now vanished) and remove that route.

      I seem to remember that Linux can set routes via interfaces, that would work even better than using n

    • by jd ( 1658 )
      OpenWRT might be a better choice, as that's designed to run on existing off-the-shelf ADSL routers.
  • by Anonymous Coward on Saturday June 28, 2008 @02:43PM (#23983553)
    pfSense can handle the load balance and failover for you. Then you just need to get two ISPs. Preferably one cable + one DSL but if you can get the two DSL lines on separate circuits, that would work well.

    • Re: (Score:2, Informative)

      pfSense or M0n0wall would work great for this. I would be weary of buying DSL from two different providers because often times it is the same provider just the local ILEC has entered into an agreement to allow reselling services in the area so that they can sell services in the area that they service. If you buy DSL from two different DSL providers it is likely fed out of the same Central Office and therefore fed into the same router that is your gateway to the Internet. So, if there is a hiccup in the r
      • by Bandman ( 86149 )

        I'd recommend FiOS as a priority (just for the speed), and then whatever broadband service you could get from another provider. His decision has a lot to do with where he lives and who's available.

  • Dual WAN router (Score:5, Informative)

    by ribit ( 952003 ) on Saturday June 28, 2008 @02:43PM (#23983559)
    Isn't a dual-WAN router the simplest/cheapest method, whatever you are planning to put downstream of it? []
    • Simple, not cheap (Score:2, Informative)

      by Anonymous Coward

      A dual-WAN router is the easiest way to go, but I wouldn't call it cheap. A decent dual-WAN router will cost you about twice what it would cost to build a cheap, but decent linux box.

      • by Bandman ( 86149 )

        That's very true. Plus it could do any kind of service providing he was looking for, like web, mail, or whatever.

        You could probably script the dynamic dns services to switch when failover occcurs, as well.

  • by ( 410908 ) on Saturday June 28, 2008 @02:44PM (#23983573) Journal

    called Clarkconncect (

    It's basically a CentOs (aka free Red Hat) wich can do multi-Wan. It has a nice web interface fir Firewall, ftp, web and mail server, shell..

    No idea if it can reset errant connections, but it can do anything you can on redhat, including using two Wans simultaneously. (chek Clarkconnects forums for multi wan)

    up and running within 30 minutes, mine has reached 165 days uptime (Bi-P3 GHz, 2 Go Ram, 4*500Go HDD, 3*Eth 100 (upgraded from a faithfull Compaq Deskpro 400 Mhz "server")- web, mail, and bittorrent dowvnloader (torrentflux-bart) as well as "media server" connected to the xbox with XBMC)

    • I loved clark connect. Best firewall package out of the box- and you're right, up and running within 30 minutes.

      Unfortunately (couldn't you tell) some of the changes they've made are less than stellar. I'm still pissed about how difficult it was to get the new virtual hosts up and running on apache, and I have had to edit all the files by hand.

      In addition the user accounts are a pain- I don't know how to log in except as root (or other user) to get full access to the server. Basic user accounts are limit

  • LARTC (Score:2, Informative)

    by chrispatch ( 578882 )
  • by guanxi ( 216397 ) on Saturday June 28, 2008 @02:45PM (#23983583)

    Most DSL circuits, even sold by different vendors, go through the same facilities and sometimes the same equipment. For example, the local loop is usually the local telco's, no matter who your DSL vendor is. And many DSL vendors resell one of a few wholesale providers (e.g., Covad), so your data on both DSL lines could be going through the same wholesale provider's equipment/facilities. The same may be true of other technologies (e.g., fiber).

    In trying to setup something similar, we finally settled on using cable for one circuit and fiber for the other. We know the cable company has its own local loop, and they assured us (FWIW) that they have their own facilities out to their upstream provider (e.g., AT&T, Sprint, etc.). Fiber would be Verizon. We would use DSL, but I'm concerned that it would end up in the same Verizon facilities.

    Good luck. There are also routers that do fail-over, but I know that's not what you asked about.

    • by Bandman ( 86149 )

      Unless there was an infrastructure sized event in the Verizon colo, I can't imagine a DSL issue would take out your FiOS. On the other hand, better safe than sorry

    • Let's start at the bottom of the OSI stack - physical layer. The wires from your house to the telco office are usually physically separate until they hit the first active device, which might be a Subscriber Loop Carrier in a big green box down the road, but is more likely to be copper all the way to the telco office. They're bundled into bigger and bigger cables (e.g. 24-pair, 50-pair, etc.) There are common-mode failures here - backhoes, wet cables, cars crashing into the telco box - but one of the mos

  • HotBrick (Score:5, Informative)

    by Anti_Climax ( 447121 ) on Saturday June 28, 2008 @02:46PM (#23983605)

    Hotbrick makes a very good load-balancing soho router. They're a bit pricey but they seem to work quite well for exactly what you're describing. Take a look on ebay for their LB series.

    I do have to second the suggestion of using Cable+DSL rather than DSL+DSL. Most places where there are multiple DSL providers, they're both operating from the same physical infrastructure with one reselling the service of the other. It's certainly better than one by itself, though.

  • by Zephiris ( 788562 ) on Saturday June 28, 2008 @02:53PM (#23983667)

    Honestly, I think that's not understanding how DSL works very well. In virtually all markets, there's one physical DSL provider, and a few dozen 'ISPs' which cost a little bit more to provide potentially 'unique' services on top. One monopoly for phone (and hence DSL), one monopoly for cable.

    Er, the cheapest DSL is what, around $25, $30, for 256k? Double that, and you've got a price for very fast (8mbit or more) cable, including 256-512kbit upstream. Even if you have 2x256k, and the equipment to use it in a decently efficient manner, that's still some 512kbit, and two different IPs.

    Only in a few situations can you use the bandwidth of both cooperatively for a single task, and the most common failure is based on when the physical link/line conditions deteriorate, in which case having two ports to the same network isn't going to make any difference at all.

    Cable/DSL will provide the potential reliability you'd be looking for, I think. But, as a home user, some 98-99% (even if not 99.97%) uptime isn't good enough? For the additional cost, it's not worth the extra -average- hour per month of downtime you gain 'back'.

    If your ISPs downtime is any more than that, you have every right to complain, twist their arm to fix whatever might be causing the problem.

    • Re: (Score:3, Informative)

      I think your pricing on DSL is drastically off. Around here, the cable is Timewarner at $50/month for 5 megabit. My DSL service is $60/month for 20 down/1 up. $30/month gets you 3 down/1 up. I haven't even SEEN 256k advertised since I had to use Suscom (which is cable, BTW) in 2003/2004. I am not in a major metro area, there are less then 20,000 people in my 'city.' That having been said, I agree wholeheartedly with the rest of your post. As a heavy net user I still find my ISP uptime to be perfectly
    • by Kjella ( 173770 )

      Cable/DSL will provide the potential reliability you'd be looking for, I think. But, as a home user, some 98-99% (even if not 99.97%) uptime isn't good enough? For the additional cost, it's not worth the extra -average- hour per month of downtime you gain 'back'. If your ISPs downtime is any more than that, you have every right to complain, twist their arm to fix whatever might be causing the problem.

      Yep. My plan B would be the cell phone - it's not fast, not pretty and costs an arm and a leg but it works well enough as fallback to do basic things as check mail and such. The torrents can wait until you get back online with your real connection, the only thing I could think of would be VPN/remote working where the boss might not be happy with your poorly chosen internet downtime. But if I did, I'd consider it my "business" and get a business line, ah well.

    • Re: (Score:3, Interesting)

      by aclarke ( 307017 )

      Cable/DSL will provide the potential reliability you'd be looking for, I think. But, as a home user, some 98-99% (even if not 99.97%) uptime isn't good enough? For the additional cost, it's not worth the extra -average- hour per month of downtime you gain 'back'.

      Umm, who are you to tell someone else what's worth it and what isn't? I can see a lot of situations where one would feel the extra $50 or so per month is worth it. For instance, if you're day trading from home, a 20 minute outage at the wrong ti

  • Answer one: buy yourself a cheap low-end Cisco router big enough to hold a full table, get yourself an Autonomous System, a presence at a reasonable peering location, buy transit from the NSPs of your choice. Oh and you'll be needing to spend a few years with your nose in Cisco Press books learning BGP. BTW the AS costs $5000, last time I needed to know.

    Second answer: assuming you already have DSL or cable from one provider, get a second line from a different provider (this means cable if you already have

  • by vux984 ( 928602 ) on Saturday June 28, 2008 @03:03PM (#23983773)

    Seriously? Is your network infrastructure -that- unreliable that its actually worth *doubling* your costs for redundancy?

    I have had maybe 10-15 hours of internet-only downtime in the last 8 years. Of that, maybe 4 hours affected me (ie I was awake and wanted to use the internet). I've had another 10-15 hours of power fail in the last 8 years, and even with backup power the internet was still down (routers, switches, etc in the upstream path weren't on backup power so keeping my 'modem' up isn't worth beans.

    In any case, I can see a lot of situations where it would be worth another $2500 over that period to have had internet access for those couple hours.

    If I were running servers (and I am), it might be worth it, but in practice its not worth the trouble. round-robin DNS just means every odd connection attempt fails if one of the links is down, and dynamic dns updates to take the downed link out of rotation would be great except most internet outages are over before dns updates are likely to propogate. So its just not effective.

    If I wanted -faster- downloads, that might be worth 2 connections, but that's not what you claimed your objective was. And even then, it usually won't make a specific download faster, but will rather let you do 2 at once at full speed (in the case of a large http or download for example which only uses one connection) which may or may not be what you need. Torrents, using multiple connections, will of course benefit from the extra bandwidth capacity.

    If you SERIOUSLY want redundancy, you might want to look at a router that can fail-over to dialup. That will actually stand of chance of being available during a power failure, and might not cost you extra in terms of service, since many ISPs give you some free dialup hours as part of your broadband. And the dialup infrastructure is often separate enough from the adsl/cable infrastructure that you'll be able to connect on dialup while adsl/cable is down.

    • by DingerX ( 847589 )
      If you've used broadband for the last eight years and not had any trouble with your ISP, you must be really lucky. I've had all kinds of festive things happen, most of them related to crappy ISP-provided hardware (modems) or ISP-owned hardware (the switch at the second mile). If an ISP acts like any other corporation, it's not going to upgrade its hardware to maintain consistently the same level of service: it will vary within a band. And when you get in the saturated part of the band, it sucks, and you wis
    • Seriously? Is your network infrastructure -that- unreliable that its actually worth *doubling* your costs for redundancy?

      Yeah, seriously - my apartment is on the same network as the USGS National Earthquake Information Center. So since I have oodles of extra bandwidth and 100% uptime, everyone else should have it too.</sarcasm>

    • by Bandman ( 86149 )

      Seriously? Is your network infrastructure -that- unreliable that its actually worth *doubling* your costs for redundancy?

      For a home network, I agree completely. It sounds like overkill, but some people seem to think home internet is worth it. Whatever floats your boat.

    • Seriously? Is your network infrastructure -that- unreliable that its actually worth *doubling* your costs for redundancy?


      I live in the Rockies on the western edge of a mountain ridge at 10k ft elevation - in other words a lightning magnet. I'm a full-time telecommuter for a multinational, & I work daily with people from 5 different time zones. Teleconferences, webex's etc. are my daily work life. Loss of connectivity to our source code repository can be a serious problem.

      EVERY time there's light

      • by karnal ( 22275 )

        In your situation, it's all about priorities. If it really was enough of a hassle for you to be where you are (i.e. where you call "home") then you'd probably up and move.

        But if I had to hazard a guess, the view where you're at is breathtaking. And some small part of me doesn't fault you for that.

  • It's easy (Score:5, Funny)

    by Slashcrap ( 869349 ) on Saturday June 28, 2008 @03:17PM (#23983887)

    You just get a Linux box with 2 NICs and start adding static routes :

    route add eth0
    route add eth1
    route add eth0

    Etc, etc....

    It might seem like a big job, but there's huge ranges of reserved addresses you can skip. Let us know how you get on.

  • If you get both cable Internet and DSL, there are some interesting options. Cable usually has better downlink bandwidth than DSL, but DSL has better uplink bandwidth, especially during peak periods. So sending some or all of the upstream packets on the DSL link while getting all the incoming traffic on the cable link could be a win. The IP of the cable link can be used for sending on the DSL link or the cable link. The downstream direction of the DSL link is unused. You'll need to configure a local rou

  • Dual WAN Router (Score:5, Informative)

    by Doc Ruby ( 173196 ) on Saturday June 28, 2008 @03:27PM (#23983959) Homepage Journal

    What you want is a "dual wan" router []. Which will give you two ways out, by default putting each connection between your local host and a remote host over a single WAN's route, but pool the two WANs so the less-full one gets the whole next connection.

    Then you want to look into "bonding []", or whatever the router vendor calls their version of it. It usually doesn't work, because the two different WANs usually take very different routes most of the way to the remote host, and the bonding has to accommodate all the hops between on each of the two WAN routes. But sometimes it does work, especially if the routers at both ends of the routes share the same bonding technique.

    But you will indeed get immediate uptime benefits. Because if one WAN gives you, say, 99.9% uptime, that's 0.1% downtime, which is still over 31,000 seconds down a year, which is still almost 9 hours. But if you can get connections over either one WAN or the other (each at 99.9%), you can get 99.9999% uptime, which is only about 32 seconds a year, which is unattainable at reasonable prices for a home user.

  • I don't have any real experience, but I've seen Pfsense recommended often for a Multiple-Wan capable router OS.
  • Multihomed routing (Score:4, Informative)

    by Majik Sheff ( 930627 ) on Saturday June 28, 2008 @03:28PM (#23983983) Journal

    It sounds like multihomed routing is what you're looking for. there's a decent intro here: []

  • I'm not using 2 connections, but I do have my fiber connection connected to two failover firewalls on OpenBSD 4.3 with PF.
    Carp provides IP failover, PFsync ensures connections are synced on both machines. I can kick down the active firewall and the other ones takes over at once without dropping any internal or external connections. (if only it would also mirror ssh sessions to itself :-) )

    The one thing I'm working out now is getting a connection running between them so all the internal nics (regular lan,
  • Recent events (FLOODS) have shown me how fragile my DSL service here is. My provider's DSL was down for the entire state for several days. So I called my local nephew-of-satin cable co and had them install a cable modem last week.

    I run a web server, mailserver, and numerous other hobby services here, so I had the "business grade DSL", which is 936/1536. (divide kbps by 9 for a good guestimate in kb/sec, so 100 up, 170 down) DSL always provides me with that speed, it never fluctuates so I get every penny

  • Multihoming (Score:4, Informative)

    by not_hylas( ) ( 703994 ) on Saturday June 28, 2008 @03:40PM (#23984099) Homepage Journal

    Cable/DSL []

    Multihoming caveats: []

    Get matching NIC cards.

  • by Craig Ringer ( 302899 ) on Saturday June 28, 2008 @03:42PM (#23984105) Homepage Journal

    I have quite a bit of experience with this, as I use two consumer ADSL circuits to provide very reliable 'net services at my office.

    To an extent you either get to use two different services (for reliability) or combine them into one service for improved performance. Not both.

    If you're going for reliability, you'll be using two different providers. That eliminates the use of multilink PPPoE to bond the two services into a single logical service with a single public IP address. It also eliminates ATM channel bonding, which is the other way to achieve the same end. This isn't such a great loss as you might think since I've *NEVER* found a provider (at least here in Australia) that knows what either is, let alone supports even one of them.

    So, you're stuck with two ADSL circuits, each with separate PPPoE connections (or direct IP over ATM links; either way) and separate public IP addresses.

    This sucks. You can't even load balance across them properly without the cooperation of a router/proxy on the other side of your ADSL links.

    Load balancing your transmissions on a per-packet basis is obviously hopeless because any sane ISP has egress filtering based on source IP address, and even if they don't you'll still get replies back on the official source IP (so you won't gain much). SNAT won't help because if you SNAT some packets in a connection the recipient will have no idea they're part of the same connection as the unmodified packets leaving on the other connection. The only way that packet-level load balancing across multiple links with different IPs will work is if you're only talking to an endpoint (probably a VPN termination point) that is aware that you're using multiple connections and can combine them. You can use tricks like multilinked PPTP for this, or iptables trickery on each end. In any case, you're going to need access to a server with enough bandwidth to service both connections that's willing to route traffic for you. You probably don't have this.

    So, packet-level load balancing is out. What's left? Connection-level, and per-protocol.

    Connection level load balancing works well for some services. Outgoing SMTP, for instance, is well suited to being randomly allocated between multiple ADSL links (if you're unfortunate enough to have users who think that 100MB attachments are a good idea). Unfortunately most home user services like HTTP web browsing are not. You'll find that websites like to store session data with your IP address, so if you do connection load balancing with HTTP you'll find that websites keep on forgetting your login. To work around this you need to use "sticky" load balancing that remembers which connection was used to talk to a given host - but that, of course, reduces the benefits of the load balancing.

    In the end, all you can really do is a bit of sticky connection-level load balancing when establishing new outgoing connections for some protocol types. If you want more than that, you need to do ugly things like say "all FTP connections go out ADSL1, and all SIP and other VoIP connections go out ADSL2" etc.

    Personally, I don't bother even with that. I have both ADSL services listed as MXes for the company's DNS, so if one is down we still get mail. The A record points at a colocated server elsewhere on the Internet, so that's not a worry, but if it didn't I'd have to use some sort of ISP-level or colo load balancing to reroute traffic down whichever link was currently available.

    Outgoing connections just all use the primary link when it's up, and fail back to the secondary link if/when the fast one is down. The secondary link is the primary MX, so when both links are up mail will tend to come in one link and everything else in the other.

    If I wanted more than this, I'd probably have to route everything through another server colocated at an ISP or peering point. Unless I could get free traffic between it and both my ADSL circuits this would get expensive fast - and it'd also reduce the benefits of the redundant ADSL links

  • OpenBSD ships with support for round-robin queuing.

    This is an interesting idea for a fun hack.

    A similar idea that me and a buddy [if you are law enforcement, read: didn't] put into action one afternoon was a BSD box that latched onto as many wireless networks as cards we could find, then queued out to all of them.

    BWAHAHAHAHA!! /saturday afternoon hacks ftw.

  • I used to do that with ease and great success with OpenBSD.

    Using PF for load balancing and relayd to check link status and to automatically change PF rules when needed.

    It worked great, never had any single failure with it. It was on a Soekris Net4801.

    With OpenBSD 4.3, I think you can even do it without PF, just with routing.

  • What you ask is very simple to do with a dual DSL router; Hawking Technology makes one that isn't too expensive and easy to set it up ( I'm an ISP who provides DSL. DSL depends on the DSLAM and phone line condition. Two phone lines to your house from the same phone company can be VERY different in quality and it is line quality that is most important with DSL. After that, a problem could occur with the providers DSL

  • The Draytek 2910 is a Dual WAN router so rather than having a computer booted up you can use a much less power hungry SOHO router. Don't know if you can route via both, but it definitely does failover.
  • Ideas?

    pfsense on cheap itx mobo with mikrotik routerboard 44G/pci. or two. CF card in CF/IDE slot adapter. I am happy with that. Don't forget an ups powering both router and adsl gateways. Just in case...

  • by mbone ( 558574 ) on Saturday June 28, 2008 @05:41PM (#23985163)

    To do this properly with load sharing and immediate failover, at the moment the professional solution would be that you should

    - get business class connections and
    - run BGP over both links.

    If you don't already know what BGP is, this solution is probably too complicated for you. Worse, the global BGP routing table is a shared expense, and your extra route would impose a (slight) extra cost on literally every other ISP running BGP. (The business class connections are because you will need several static fully routable IP addresses to do this, plus run BGP, and that requires more than a consumer class connection.)

    There is a lot of discussion at the moment about this at the IETF, and people are working on something called LISP (no relation to the computer language), which would provide true multi-homing without the bother of running BGP and adding to the global routing tables. Things like immediate failover and load balancing should follow more or less automatically.

    There is a lot more information available at []. I have heard of some initial testing, but in my opinion this is still a ways from commercial use.

  • by buss_error ( 142273 ) on Saturday June 28, 2008 @07:49PM (#23985995) Homepage Journal

    OK, so you have two routes to the internet. One packet departs, but is returned by the other route. How to glue those together is a very non-trivial problem.

    Sprint tried that in 1997-2001 time frame with bonded T1 & T3 services. The bonding never worked for persistant connections, and only slightly better for transiant connections. UDP worked best. And that was using a routing system that understood it was bonded, not one completely unaware of another route.

    These days $DAYJOB uses OC3's and SONET rings for Internet, so there may have been advances I'm unaware of, but back then, it really, really sucked. Off the cuff, I'd say use Linux and the Zebra package on a old computer, and try that, but no promises. Personally, I don't think it will work well.

  • Broadbond (Score:4, Interesting)

    by Will Sowerbutts ( 91222 ) on Saturday June 28, 2008 @09:15PM (#23986513) Homepage

    I produce a system that can do this. It's called Broadbond [].

    You can bond several ADSL lines, even from independent providers, and it will deliver the combined upstream and downstream bandwidth of the two. All traffic is load balanced across the two lines and can also be transparently compressed. The throughput of the lines is automatically measured to determine the optimal load balancing. Differences in latency on the two lines are compensated for.

    The catch (there's always a catch!) is that you need to have a partnering system co-located with an ISP to handle the far end of the tunnel -- although I can also provide this if you would prefer.

    The system is available as a software package that you can license to run on Linux or OpenBSD and also pre-installed and pre-configured on a couple of small embedded Linux boxes -- very low power (under 5W), no moving parts, good for up to 90Mbit/sec.

    I bond two ADSL lines to my office, 4.4Mbit and 9.6Mbit, and I get around 13.5Mbit on file transfers.

    If you're interested, contact me (details on the web page).

  • Dynamic routing idea (Score:3, Interesting)

    by oldzoot ( 60984 ) <morton.james@comca[ ]net ['st.' in gap]> on Saturday June 28, 2008 @09:19PM (#23986531)

    I have DSL and cable. I also have a D-Link DL604 load balancing router. It sucks.

    The router seems to think that as long as the physical ethernet connection is up, the provider is up. It tends not to detect network failure. There are ways to set up a periodic monitor of some host to detect if the network is up, but it does not seem to work properly.

    What I want from this thing is:
    Lock SMTP to one port and thus one provider. My AT&T DSL SMTP server will not accept mail from my Comcast account. (this is correct behavior for anti-spam). The DL 604 does this correctly.

    I want the router to send any new connection for a naive (not currently in routing table) external network to both providers. I want it to measure the response time ( over a number of packets ) and then lock the route to the network which provides the best performance. It can periodically re-test the routes - perhaps every 5 minutes or so. This should address the problem of non-neutral peering between various providers. It is not always true that the higher bandwidth cable connection is the best connection to where I want to go. If I am accessing a client's machine who is on AT&T DSL, my DSL connection may be faster than my cable connection. I want the router to deeply inspect the traffic and be able to detect if a session breaks on a particular WAN port, and try the other. I also want it to quickly recognize when all sessions on a particular WAN port break and switch to the alternate port, while testing the original port.

    I want built-in diagnostics that can show me how often a provider drops the ball, shiny graphs of bandwidth and latency etc. It would be cool if the router would allow me to see what the instant connection graph between my LAN and external networks looks like. ( which of my hosts connect to which external domains at the moment ).

    I would like to be able to see graphics of IP address / port scans.

    I want the router to be able to do some intrusion prevention, particularly if no one is using my network at the moment - someone tries to scan - shut the thing off for a while. ( do I care if I DOS myself if I am not using the net? NO! )

    There is a hardware provider [] that can provide multi-wan multi-lan and wireless router hardware for cheap. They also have software but nothing that does all the tricks I want...

    Coders, here's a base spec, send some bits!


I use technology in order to hate it more properly. -- Nam June Paik