[kwlug-disc] Bandwidth aggregation

[L.D. Paniak]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



unsolicited wrote:

> 
> Esoteric, yes, in that you essentially have two choices:
> (1) A single device must take in both 'providers', or each headend
> device must run a gateway protocol. The devices have to negotiate
> between themselves who's going to handle what. See (2). Ultimately, only
> one device can have an IP. (DNS returns a single IP, essentially.
> Fallbacks not included here.) Which device is going to claim the IP?
> There is no guarantee as to the pathway of incoming packets - if one
> device sends a packet out, expecting a reply, and it returns on the
> other device, the other device goes "Why are you sending me this, I
> didn't ask for it? Toss.) Such 'knowledgeable' devices are not overly
> common at the consumer level.
> (2) You have to maintain your own routing table. e.g. Your DNS IP comes
> in and goes out one device. Your internal internet requests go out the
> other. The advantages of, we'll call it 'load levelling' are
> substantially lost. Good luck guessing which routes should go where.
> Things get more complicated when services use reverse dns (smtp) to
> verify the incoming packet is coming from the publicized source. And the
> request went out the other.
> 
> That's what I can think of off the top of my head, but it gets stranger
> and more irritating. e.g. Providers don't like them - it is now up to
> you to make sure that their network can't be attacked via your gateway
> from another provider. And they don't trust you. Let alone, if the route
> gets into the routing table, they now have multiple paths between
> providers. It gets stranger and stranger.
> 
> Thus the creation of gateway (edge) protocols to handle this nonsense,
> and not many devices have that. Nonsense as it aggravation and fiddly bits.
> 


I don't think one has to re-invent the wheel with these kinds of
connections.  From a hardware point-of-view, I can easily imagine an
OpenWRT-based router with two WAN ports. In fact, I have one running
downstairs.  After that it boils down to some iptables gymnastics.  I
find Shorewall to be the most user-friendly way to participate in that
sport.  For multiple ISPs, take a look at:

http://www.shorewall.net/MultiISP.html#Overview

For VOIP, I'd only want to be sending packets for a particular
connection over one link to avoid the dreaded route-flapping.  There the
second link is for other connections/failover.

Anyway, I'd certainly like to hear how this works from someone who knows
what they are talking about.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFJkfbR8h2PnOHbiQcRAg13AJsFOVEg4m94XUCZQPTxsJZ2KtP4KgCfe4dF
mVnAtp3mT/eGoJ3dureKkmc=
=hh6v
-----END PGP SIGNATURE-----