Question about VPN bonding

Home Page Forums Network Management ZeroShell Question about VPN bonding

This topic contains 6 replies, has 0 voices, and was last updated by  houkouonchi 8 years, 7 months ago.

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #42290

    houkouonchi
    Member

    Anyone know how well this can scale?

    I am thinking of doing this to bond two 50/20 megabit connections (or possibly 35/35 megabit). My planned setup is, at the DC:

    A box running zeroshell at a data center with multiple gigabits of connetivity conneted @ 1000m

    Does this box need two NICs or can it just have a single LINK as it will have more than enough bandwidth for the aggergate. Can I run this on a VM or do I need actual hardware at these speed levels?

    At my home:

    Z box running zero shell hooked up to two 35/35 or 50/20 connections to the internet. It will setup the VPN connection to bond over these two links to the server I have at the DC which has one big fat pipe. After I have the VPN connection setup I will want to route all internet traffic through the tunnel to basically get one fat 70/70 pipe or 100/40 pipe into my home.

    Does this sound feasible or does anyone know if zeroshell can scale to connections this high?

    #49912

    ppalias
    Member

    ZS can do it with these connections. I think that a modern pc with the power of a Pentium4 and 512MB ram will do it just fine. Of course it depends on some aspects such as if you will enable encryption and compression, if you will have iptables rules and if you will apply QoS.

    #49913

    karl05
    Member

    What company are you getting 35/35 or 50/20 from??? Out here, I am in DFW, Verizon will only run 1 fiber line per location… would love to have two 35/35’s 🙂

    #49914

    houkouonchi
    Member

    @karl05 wrote:

    What company are you getting 35/35 or 50/20 from??? Out here, I am in DFW, Verizon will only run 1 fiber line per location… would love to have two 35/35’s 🙂

    I am in a Verizon area (already have one 35/35 and getting the second one installed on Saturday). You can get two connections with Verizon but the second one will need to be a business connection and requires two separate ONT’s at your premises.

    #49915

    houkouonchi
    Member

    Well I finally got my two connections (they had to run another fiber and conduit so getting the second drop took a while). Here are some pictures of the drops (taken with my cell phone):




    So far the zeroshell box is working great. I was having some weird issues where from the outside i was seeing 50% packetloss (now and then the connection would just stop responding) but that seems to have been resolved after applying that netbalancer/qos patch and the VPN saw no issues.

    Speedtest.net doesn’t seem to give me very good upstream results but here is what I got:

    Here is what I got to verizon’s test server which gives me better upstream results than down:

    Here is what MRTG shows for upload:

    download:

    I might have been able to get a bit more out of the connection but both tests (upload/download) were done using a single wget

    upstream:


    --15:39:05-- http://10.1.1.2/2gb.bin
    => `/dev/null'
    Connecting to 10.1.1.2:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 1,992,294,400 [application/octet-stream]

    100%[==================================================>] 1,992,294,400 8.24M/s ETA 00:00

    15:42:57 (8.18 MB/s) - `/dev/null' saved [1992294400/1992294400]

    downstream:


    --08:46:06-- http://10.1.1.1/files/2gb.bin
    => `/dev/null'
    Connecting to 10.1.1.1:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 1,992,294,400 [application/octet-stream]

    100%[==================================================>] 1,992,294,400 8.05M/s ETA 00:00

    08:50:04 (8.01 MB/s) - `/dev/null' saved [1992294400/1992294400]

    The connections are a bit faster than 35 down (around 37) which is nice as it makes up for the overhead when going through VPN and thus is showing I am getting 70/70 when going through BOND00 so I am very happy =)

    Luckily routing is good to my server so I am ~5-6ms of latency when going over the VPN which is just about best case as the connections are ~5ms when they hit the backbone

    #49916

    houkouonchi
    Member

    and in case anyone is curious on my 1.6 Ghz atom box (dual core with hyperthreading so shows as 4CPU’s) uses 40% per process to do VPN traffic for the bond so 80% (of one core) when pushing 70 megabits. It uses about 20% of one core on a modern core 2 quad 2.4 Ghz CPU pushing the same level of traffic which is on the other end.

    #49917

    ppalias
    Member

    Are there any firewall or QoS rules? That would help us benchmark the forwarding capabilities of ZS.

    #49918

    houkouonchi
    Member

    I thought I responded to this but I guess not.

    There are some firewall rules but that should only add a marginal amount of overhead. QoS I could see adding quite a bit more but I am not using it as my connection speed is to the point where it is not really even needed that much (things are still pretty fast even when its completely saturated).

    Also it did take quite a bit of time getting everything setup but I finally got some torrent clients, rrdtool, and php compiled/installed on my zeroshell box. I had some extra trouble due to the fact that when I installed GCC I used a version greater than 4.3 which causes some programs to fail to compile.

    Here is a list of some of the various stuff I compiled/installed on the machine:


    admin@zeroshell: 06:55 AM :~# ls -1 *.gz *.bz2
    Twisted-10.0.0.tar.bz2
    TwistedWeb-10.0.0.tar.bz2
    autoconf-2.66.tar.gz
    autogen-5.10.1.tar.gz
    automake-1.9.6.tar.gz
    boost_1_36_0.tar.gz
    boost_1_43_0.tar.gz
    cairo-1.8.10.tar.gz
    curl-7.21.0.tar.gz
    deluge-1.3.0_rc1.tar.gz
    dmidecode-2.10.tar.gz
    fontconfig-2.8.0.tar.gz
    freetype-2.4.0.tar.gz
    gd-2.0.34.tar.gz
    gettext-0.18.1.1.tar.gz
    gkrellm-2.3.4.tar.gz
    glib-2.12.9.tar.gz
    gmp-4.3.2.tar.bz2
    guile-1.8.7.tar.gz
    jfsutils-1.1.14.tar.gz
    libart_lgpl-2.3.21.tar.gz
    libhid-0.2.16.tar.gz
    libpng-1.2.35.tar.gz
    libpng-1.4.3.tar.gz
    libsigc++-2.2.8.tar.gz
    libtool-2.2.8.tar.gz
    libtorrent-0.12.2.tar.gz
    libtorrent-0.12.6.tar.gz
    libtorrent-rasterbar-0.15.1.tar.gz
    libusb-1.0.8.tar.bz2
    libxml2-sources-2.7.7.tar.gz
    lsof_4.83.tar.gz
    mpc-0.8.1.tar.gz
    mpfr-2.4.2.tar.bz2
    nano-2.2.4.tar.gz
    ncurses-5.7.tar.gz
    ndt-3.3.21.tar.gz
    net-snmp-5.4.3.tar.gz
    nmap-5.30BETA1.tar.bz2
    openssl-0.9.8o.tar.gz
    openssl-1.0.0a.tar.gz
    pango-1.17.5.tar.gz
    perl-5.12.1.tar.gz
    perl-5.13.1.tar.gz
    php-5.3.2.tar.gz
    pixman-0.18.2.tar.gz
    pkg-config-0.25.tar.gz
    pyOpenSSL-0.10.tar.gz
    pygobject-2.21.4.tar.gz
    pygtk-2.16.0.tar.gz
    pyxdg-0.19.tar.gz
    rrdtool-1.2.27.tar.gz
    rsync-3.0.7.tar.gz
    rtorrent-0.8.6.tar.gz
    screen-4.0.3.tar.gz
    slocate-3.1.tar.gz
    sqlite-3.6.23.1.tar.gz
    swig-1.3.40.tar.gz
    swig-2.0.0.tar.gz
    sysstat-9.1.2.tar.gz
    traceroute-1.4a12.tar.gz

    PHP was installed mainly so I could make some nice graphs that used rrdtool:

    http://fios1.houkouonchi.jp/rrd/

    I use MRTG as well but I like these graphs a bit better (especially the CPU/disk I/O graph).

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.