I’ve been using Zeroshell site-to-site VPN to bridge into a datacentre from home.
I started with just a 5Mb ADSL line which was fine, no speed issues pushing everything over a VPN.
I installed 1.5Km of fibre and power up the hill to a radio and added a wireless link to a new 65Mb VDSL line a few Km away. I found I was only able to get between 10-30Mb over the VPN. No problem if I just went out direct.
After a bit of troubleshooting (I blamed XenServer for a long time), it turned out the ISP was throttling VPN connections, I just never noticed it before on my 5Mb line.
I tried all sorts of stuff to hide the VPN traffic, but eventually realised found I could get around the throttling by creating 5 identical VPN connections (on different ports) and adding them all to the bond.
The only problem I have now, is that I would like the old 5Mb to be in the bond as a failover ONLY.
I have a weighted Load Balance + Failover setup with the VPN on 5Mb line weighted at 1 and the 5 VPNs on my 65Mb line weighted at 200.
What I would like to be able to do is set a weight of “0”, so the interface is not normally used, just as a failover.
I was looking at this, the problem is the current implementation.
Instead of having a general mode switch Fail-over / Load balancing we should have 2 pools, one for Load balancing and one for fail-over.
All interfaces registered in Load balancing pool will act as a fail-over but the ones in fail-over will be enabled only after everything else fails. Weight could act as priority on fail-over. This would make sense especially if traffic on one interface is expensive.
Unfortunately I do not use a setup this complicated, I have only a fail-over on LTE.