This is an attempt to explain some of the pros and cons of dual wan setups, I will try to keep it simple without getting into too much technical detail, however some basic knowledge of networking is expected. This document is a work in progress and any comments are greatly appreciated. The page is slightly outdated but still relevant.
Firstly, lets define dual wan routing since this is the first mistake people make, it is NOT multiplexing/bonding as with 128K ISDN (combining 2 64K(b) channels). Dual Wan Routing is rather the balancing of physical links in which case the route are pooled or distributed in a round robin fashion.
Simply put, if you have 2 Internet connections, for arguments sake we will assume you have 2 ADSL links, one is 1mbit (link a) and the other is 2mbit (link b), in a dual wan setup connections will alternate between links, so if you had the system routing in a ratio of 2:1 (in favor of the 2mbit link) 2 connections would go over link b for every 1 connection over link a. So the question then is, do you get 3mbit? well, yes and no. As you read further you will begin to understand the limitations of this setup as well as how to get the most out of your dual wan setup.
Firstly lets tackle the advantages of a dual wan setup since this is most likely why you are interested in creating such a setup. Simply put there are 2 major advantages, bandwidth and fail over.
By balancing your routes you will have more bandwidth available to you, as mentioned this is not the same as multiplexing or bonding, a single download thread will NOT run at 3mbit (keeping with our example) however if you start a second thread it will use the next link and you will get more bandwidth. This is where there are some disadvantages which I will get into shortly.
The next big advantage is fail over, if one link goes down you can re-route everything through the remaining link, this minimizes downtime and is already enough reason to consider dual wan routing. This however is not without flaw, you will need a way to determine when a link is down, most often you would ping a host for a response and move to another link if one host does not respond, however pinging is not a sure way to determine failed links, you might have problems with aspects of your connectivity (international access for example) which cannot be detected with a simple ping.
The disadvantages of dual wan routing are not really disadvantages, you will not lose any functionality however consideration needs to be taken to compensate for the subtle issues.
Firstly as already mentioned the issue of bandwidth, you will not get combined bandwidth without some effort, you will need to run multi-threaded downloads to get maximum speed and while browsing as a single user the benefit might not be as great as you hoped. However if we look at a corporate example with hundreds of users then dual wan routing becomes much more useful.
I already mentioned the shortcomings of fail over, although the shortcomings apply to the automation of fail over, you will still have full manual control to remove a link should it become slow or unreliable.
The biggest disadvantage however comes in another form, FTP/E-mail server and some HTTPS sites. Often it is important that the outgoing IP remains static or that a reverse lookup can be done. For example some FTP sites expect commands to come from the same IP address that made the initial log on, if you are alternating connections over gateways this address may change. HTTPS has similar security restrictions. If you run an E-mail server you will already know that many servers will do a reverse lookup when you connect to deliver mail, if your DNS record points to a the IP address of link a and the connection was made from link b your mail will not get delivered. However hope is not lost, this brings me to my next point which is policy based routing in dual wan setups.
Up to now I have focused on straight forward round robin routing however this cannot be effective since there are some issues which need to be addressed to ensure normal operation of some facilities, for example FTP/E-mail Servers etc. You will need to create firewall rules/policies which restrict the flow of these protocols over particular links, you will need to investigate your own requirements to decide which policies are best. In the case of our example you may consider routing Mail/FTP/HTTPS over the larger 2mbit link and then balancing your links on a 1:1 ratio for HTTP.
The challenge with policy based routing is understanding your own requirements, you might for example want to segment your LAN and send certain groups over a particular link (difficult if you use a proxy server) or you may want to use multiple public ips to separate functions. You may just want to save space and energy by consolidating your router/firewall into a single box.
With careful thought and consideration dual wan routing can be a valuable investment of your time and energy, once implemented you will wonder how you survived without it.
0 comments:
Post a Comment