Need Load Balancer Router For 2 Dsl Lines

[jeffrosner]

I've ordered a TT&T Maxnet to sit alongside my TOT ADSL. I would like to use a hardware solution if it could be found here. Instead of one WAN port on the back and 4 LAN ports, it would have 2 WAN ports and would load balance between them.

This means my connection would be 2mbs and if one fails I keep running at 1mbps.

My fallback should there be no hardware available here, is to use an old computer and put a special version of BSD that is designed to do this.

[jeffrosner]

Well.

[solo siam]

Are you using two phone lines?

[jeffrosner]

yes

[monty]

This is quite expensive and not common used equipment, I doubt you'll find it in Pattaya.

Some examples:

http://www.shop4thai.com/en/product/?pid=16276

http://www.shop4thai.com/en/product/?pid=14286

[Phil Conners]

You can get it in Pattaya - I have one, a Linksys RV042 (Google it for details). It cost about 6,500 baht and you can find it in Tukcom, 4th floor, the shop specializing in network products (surprisingly enough) in the South-East corner.

It takes two WAN (LAN) inputs and has a 4 port switch built in. Note that you will also need a bridge between the router and the phone line. I use two Linksys AM300 configured in Bridge mode. You can get them in the same shop, price just under 1,000 baht each.

The biggest problem at this time is that it's now over a month ago I got my second (TOT) line. It worked for 4 days and then it could no longer connect (Link Down). It took 4 visits by TOT technicians before they would accept the problem was with the line; now I'm waiting for them to sort it out. Fortunately the first (TTT) line mostly works.

There are some catches to using this setup. It works, by and large, but for example some forum software get very confused when you enter through different IP addresses and log you out. For some reason also SSH connections seem to drop after just a minute or two of inactivity. As I said I only had both lines working for a few days so there may be more issues.

[gadgetbkk]

I would also recommend the Linksys RV042. However I usually select PPPoE pass through on the ADSL terminals (modems) and then enter the ISP PPPoE settings on the RV042, The RV042 has a default MTU setting of 1500, change it to 1492 and it will be much more stable. It's true that some software gets confused alternating between two WAN IP address, however you can set up rules specifying which WAN to use based on the client PC, port no., etc.. The VPN client software bundled with the RV042 only runs on Windoze :-(

[jeffrosner]

Any choice of one of these being able to do wireless as well?

Why do I need another router for each wan or a bridge? Isn't this device capable of PPPOE over each WAN interface? If it isn't, that seems like quite a waste of resources - One box should do it all.

Edited February 10, 2007 by jeffrosner

[Phil Conners]

You can buy a Wifi access point and plug that into one of the 4 LAN ports.

It's only a router, it does not have ADSL modems built it, hence you need to buy this separately.

[monty]

A bit of a mix-up of terminology!

The devices discussed are load balancing routers.

This means they will distribute internet access from two separate sources (the two WAN ports) to the local area network (the LAN ports).

The actual internet fed into the two WAN ports can come from different sources, for example one ADSL modem and one cable modem. Or like in your case, it would come from two ADSL modems.

There are no modems built-in in the load balancing router, it literally only balances the internet access from the two WAN ports towards the LAN ports.

Most often an ADSL modem which has an Ethernet (LAN) port also has a router built in. Hence the confusion, and in effect unnecessary double equipment. The router built into the modem would remain unused since the load balancing device will do all the routing work!

Unfortunately, most ADSL modem-only equipment without the router built in, only are equipped with a USB port, and no Ethernet port, and as such cannot be connected to the load balancing router...

If wireless is required, a wireless accesspoint will have to be hooked up to one of the LAN ports of the load balancing router...

[rogerdee123]

"The devices discussed are load balancing routers........ This means they will distribute internet access from two separate sources (the two WAN ports) to the local area network (the LAN ports) .......it literally only balances the internet access from the two WAN ports towards the LAN ports.

Does this mean it really balances the load? ... or will it (hopefully) chose the best/fastest alternative and use that one?

[jeffrosner]

"The devices discussed are load balancing routers........ This means they will distribute internet access from two separate sources (the two WAN ports) to the local area network (the LAN ports) .......it literally only balances the internet access from the two WAN ports towards the LAN ports.

Does this mean it really balances the load? ... or will it (hopefully) chose the best/fastest alternative and use that one?

Not sure - the Linksys router is a bit sketchy on the details. My other option is to use PFsense http://www.pfsense.com. It boots from CD rom is small and I can run it on an old computer without a harddrive -

3 network cards.

You'll notice it has incoming and outgoing load balancing pools, or complete failover. Lately my TOT goes does for 10 to 15 seconds a few times each hour.

pfSense Features

pfSense changes implemented (subject to change daily):

• FreeBSD 6.1 - CURRENT with ALTQ
  
• Wireless a/b/g wpa_supplicant, turbo, WEP, WPA-E/PSK and WPA2 (TKIP)
  
• Incoming load balancing pools
  
• PPPoE Server
  
• Themes
  
• New system->afterfilterchangeshellcmd xml tag which is executed on the system after each filter change (or other networking related changes)
  
• All of the GREAT m0n0wall features, some improved
  
• setup wizard using xml -> web gui toolkit
  
• package xml -> web gui toolkit. RAPIDLY create packages and GUI's
  
• rebootless changes of settings
  
• multiple WAN Support
  
• outgoing load balancing pool
  
• pf (openbsd's packet filter)
  
• CARP - for failover and clustersyncing (rules, trafficshaper, nat, IPSEC SAs...)
  
• failovercapable DHCP-Server with advanced settings (specify gateway, DNS, WINS)
  
• advanced support for wireless devices (including WEP, WPA, HostAP-mode, hardware-encryption if supported by driver, mac-filtering, hide SSID, ...) with by freeBSD6 supported wirless devices (atheros recommended for full functionality)
  
• Systemstatus with realtimegraphs including SWAP usage monitor
  
• ALTQ traffic shaping with integrated magic shaper wizard
  
• Queuegraphs for Trafficshaper
  
• Edit file option
  
• Execute command now in menu
  
• SSH Support
  
• Console support on COM1
  
• FTP-Proxy
  
• enhanced ALIAS-system
  
• enhanced configuration-system featuring a configuration history and partial config down-/uploads
  
• a lot of small "helpers" that make admins life easier
  
• Packages!
  • pfflowd - converting PF-status-massages to Cisco NetFlow-Datagrams
    
  • PFStat - Graphing
    
  • NTOP - Enhanced network history data
    
  • STunnel - wrap standard ports with SSL
    
  • Squid Transparent Proxy
    
  • arpwatch - watch ethernet/ip-adress-pairings
    
  • assp - Anti-Spam-Proxy
    
  • freeradius - Radiusserver
    
  • mtr - enhanced traceroute
    
  • nmap - networkscanner for security auditing
    
  • siproxd - proxy/masquerading for SIP-protocol
    
  • spamd - fake SMTP-Server as Spam-Tarpit
    
  • iperf - bandwidth-measuring
    
  • netio - bandwidth-measuring
    

(some of the linked screenshots are not up to date as this is work in progress)

m0n0wall base features

• web interface (supports SSL)
  
• serial console interface for recovery
  • set LAN IP address
    
  • reset password
    
  • restore factory defaults
    
  • reboot system
    

  [*]wireless support (access point with PRISM-II/2.5/3 cards, BSS/IBSS with other cards including Cisco)

  [*]captive portal

  [*]802.1Q VLAN support

  [*]stateful packet filtering

  [*]block/pass rules

  [*]logging

  [*]NAT/PAT (including 1:1)

  [*]DHCP client, PPPoE, PPTP and Telstra BigPond Cable support on the WAN interface

  [*]IPsec VPN tunnels (IKE; with support for hardware crypto cards and mobile clients)

  [*]PPTP VPN (with RADIUS server support)

  [*]static routes

  [*]DHCP server

  [*]caching DNS forwarder

  [*]DynDNS client

  [*]SNMP agent

  [*]traffic shaper

  [*]SVG-based traffic grapher

  [*]firmware upgrade through the web browser

  [*]Wake on LAN client

  [*]configuration backup/restore

  [*]host/network aliases

[jeffrosner]

Just read through the manual on the linksys - it can be setup as a simple failover or a load balancer using round robin. It would appear to favor whichever service is connected to Wan1 so that should probably be the faster of the two.

I'm going to try the Linux box. It saves me 6500 baht for the dual wan router, and I don't need to buy another modem - already have two - the one I bought from TOT and a Zyxel - If it proves too difficult, I cough up the 8000 baht needed but it shouldn't be too bad.

I found another website that explains how to do it with Redhat - I like Suse - but would like to run a full OS on the router so I can drive a website as well.

That would be a lot of work.

We shall see.

[Phil Conners]

If configured as load balancer it will load balance between two connections, hence the problem I mentioned in one of the first posts where some forum software is confused by the different IP addresses used and logs you off. I generally get around this by using a proxy server in one of my US based web servers - but I know of at least one large forum where they use both IP checking and blocking Proxy servers and for those you'll have to configure the router to send the traffic through one of the lines only (or stop using the forum, which was what I did).

It CAN be configured for failover, but then you'll only use the backup line when the primary doesn't work, sounds like a big waste to me.

If you already have two modems and they can be configured to run in bridge mode then you can of course use them with the Linksys router.

I considered going the Linux way myself but decided I had enough clunky hardware running in my SOHO already.

[jeffrosner]

I have a perfectly good 6 year old pc that was my wife's college computer. Take out the HD - load the CD - put confix xml file to floppy and you have a router.

And what is a router anyway? It's a computer.

[Phil Conners]

True, but there is a difference in having a computer - even the smallest PC case has a footprint 3-4 times larger than the hardware router - plus the noise of the fans - usually you have minimum CPU + PSU + one extra fan - no fans in the hardware router.

Anyway, agree with you, of course a router is just a computer and you will have much more control with a Linux/PC based router, so there are advantages to either solution, you just have to decide which one is the best for you.

[nikster]

I have a perfectly good 6 year old pc that was my wife's college computer. Take out the HD - load the CD - put confix xml file to floppy and you have a router.

And what is a router anyway? It's a computer.

My routers last a lot longer on the UPS than a PC does...

Dunno about the load balancer though. As for forums that don't work - can't you set certain websites to be "sticky"? E.g. let the load balancer keep sessions sticky, or just sessions to specific websites...

I wouldn't expect using 2 lines make a whole lot of difference for most websites, especially smaller pages - transferring the data is very fast compared to the lag time (specially in thailand). It seems like 2 DSL lines would not help you at all with lag, only with actual transfer rates and only when multiple connections are in use.

For example, bittorrent or FlashGet- which downloads multiple parts of a file in parallel - would use both lines to the fullest.

[Phil Conners]

Good point re. UPS runtime, I forgot about that.

You can't make certain session or websites "sticky" but you can setup static routing to certain IP addresses:

Advanced Routing

Dynamic Routing:

The Router's dynamic routing feature can be used to automatically adjust to physical changes in the network's layout. The Router uses the dynamic RIP protocol. It determines the route that the network packets take based on the fewest number of hops between the source and the destination. The RIP protocol regularly broadcasts routing information to other routers on the network.

Working Mode:

Select Gateway mode if your Router is hosting your network¡¦s connection to the Internet. Select Router mode if the Router exists on a network with other routers, including a separate network gateway that handles the Internet connection. In Router Mode, any computer connected to the Router will not be able to connect to the Internet unless you have another router function as the Gateway.

RIP (Routing Information Protocol): The Router, using the RIP protocol, calculates the most efficient route for the network’s data packets to travel between the source and the destination, based upon the shortest paths.

Receive RIP versions: Choose the RX protocol you want for receiving data from the network. (None, RIPv1, RIPv2, Both RIPv1 and v2).

Transmit RIP versions: Choose the TX protocol you want for transmitting data on the network. (None, RIPv1, RIPv2-Broadcast, RIPv2-Multicast)

Static Routing:

You will need to configure Static Routing if there are multiple routers installed on your network. The static routing function determines the path that data follows over your network before and after it passes through the Router. You can use static routing to allow different IP domain users to access the Internet through this device. This is an advanced feature. Please proceed with caution.

This Router is also capable of dynamic routing (see the Dynamic Routing tab). In many cases, it is better to use dynamic routing because the function will allow the Router to automatically adjust to physical changes in the network's layout. In order to use static routing, the Router's DHCP settings must be disabled.

To set up static routing, you should add routing entries in the Router's table that tell the device where to send all incoming packets. All of your network routers should direct the default route entry to the Linksys Router.

Enter the following data to create a static route entry:

1. Destination LAN IP: Enter the network address of the remote LAN segment. For a standard Class C IP domain, the network address is the first three fields of the Destination LAN IP, while the last field should be zero.

2. Subnet Mask: Enter the Subnet Mask used on the destination LAN IP domain. For Class C IP domain, the Subnet Mask is 255.255.255.0.

3. Default Gateway IP: If this Router is used to connect your network to the Internet, then your Gateway IP is the Router's IP Address. If you have another router handling your network's Internet connection, enter the IP Address of that router instead.

4. Enter hop count (max. 15):This value gives the number of nodes that a data packet passes through before reaching its destination. A node is any device on the network, such as switches, PCs, etc.

5. Interface: (LAN, WAN1, WAN2/DMZ) Interface tells you whether your network is on the LAN or the WAN, or the Internet. If you’re connecting to a sub-network. Select LAN. If you’re connecting to another network through the Internet, select WAN.

Click Add to list to add route entry or click Delete Selected IP to delete the static route entry or Update this IP.

[CobraSnakeNecktie]

I have a perfectly good 6 year old pc that was my wife's college computer. Take out the HD - load the CD - put confix xml file to floppy and you have a router.

And what is a router anyway? It's a computer.

Routers are more stable with fewer moving parts and flash memory instead of a disk which if it goes down uncleanly will need to be FSCK'd before its back up and running. That's the good reason most organizations don't use a computer as a gateway. In reality unless it has a RAID drives and redundant power supplies then it will tend to cause more problems. I would prefer to use a nice Cisco router with IOS any day of the week over a Unix gateway like Firewall-1.

There is nothing wrong with using a linux box as a firewall or router but there will be times you are troubleshooting it. It's an economics decision if you have the time and patience it will work fine.

[jeffrosner]

True, but there is a difference in having a computer - even the smallest PC case has a footprint 3-4 times larger than the hardware router - plus the noise of the fans - usually you have minimum CPU + PSU + one extra fan - no fans in the hardware router.

Anyway, agree with you, of course a router is just a computer and you will have much more control with a Linux/PC based router, so there are advantages to either solution, you just have to decide which one is the best for you.

May I call you Phil, Phil?

I beg to differ with you Phil, I'm a Cisco guy - certified and all that - many small footprint routers 1700's on up have a fan. Not a loud fan, but a fan nonetheless. I have an area next to my television in the living room which is my makeshift noc. It has my VOIP - routers - phones etc .. a small computer sitting on the floor won't make much more of a difference.

JR

[Phil Conners]

Yes Jeff, you're welcome to call me Phil

I know some routers have fans, but the RV042 doesn't which is one main reason I chose that.

Talking of fans and noise - anyone know where to get a noiseless PC cabinet in Pattaya? I've tried everything, even getting a system with 5" fans instead of the usual 3" in the hope it would make less noise.

[jeffrosner]

Well!

Phil. Well Phil - Well

Didn't I read here that there was an issue with this unit overheating. My DSL routers get quite hot as well - a fan would help. I have a noiseless case - I make them myself. Take the sides off and let the ambient air cool the innards. Unless you're running something that requires cryogenics to cool it, it works better than any fan. The only drawback is that it tends to dusty.

Which brings me to another question: Where can I buy a can of compressed air?

[Richard-BKK]

D-Link has a Load Balancer for close to 5000 Baht and works perfectly, many shops in Bangkok sell them (sorry not much experience about what is available in Pattaya)

http://www.dlink.com/products/?pid=452&sec=0

[monty]

For the die hard technofiles, get yourself a wrap board.

You can buy them online for around 135 US$.

This thing has three lan ports, and is perfectly capable of running pfsense. Only need a 128mb compact flash card to put the pfsense on, and you have a perfect, eminently configurable load balancing router, with no fans and on a very small footprint

Find yourself a miniPCI wireless card, pop it in the miniPCI slot, and you have a full wifi accesspoint with loadbalanced internet access!

[jeffrosner]

I would also recommend the Linksys RV042. However I usually select PPPoE pass through on the ADSL terminals (modems) and then enter the ISP PPPoE settings on the RV042, The RV042 has a default MTU setting of 1500, change it to 1492 and it will be much more stable. It's true that some software gets confused alternating between two WAN IP address, however you can set up rules specifying which WAN to use based on the client PC, port no., etc.. The VPN client software bundled with the RV042 only runs on Windoze :-(

1428 for TOT.

Someone please confirm MTU fro TT&T Maxnet.

[jeffrosner]

For the die hard technofiles, get yourself a wrap board.

You can buy them online for around 135 US$.

This thing has three lan ports, and is perfectly capable of running pfsense. Only need a 128mb compact flash card to put the pfsense on, and you have a perfect, eminently configurable load balancing router, with no fans and on a very small footprint

Find yourself a miniPCI wireless card, pop it in the miniPCI slot, and you have a full wifi accesspoint with loadbalanced internet access!

Not everyone is made of baht Monty. I've got a perfectly good old computer that will happily do the job. Ultimately I'll waste a lot of time getting OpenSuse to do the same thing - I need to run a web server for a website I've yet to create.

How much does it really come to when you bring it here: 135 plus shipping - plus duty

My ancient desktop looks better all the time - only cost me 400 baht for 2 nic cards to add to the one it has already.

[Phil Conners]

Neat gadget, but @ the price you can buy a Linksys (or Dlink for that reason, I'm sure it's not much different).

[monty]

Just like to tinker with toys like that

It's indeed roughly the same as what the existing routers are made of. Low power CPU, on board ram and rom with the software...

I'd definitely do it with an old PC myself Jeff, I just mentioned it in reply to the post where it was noted that a big ugly noisy PC just wouldn't do

Actually, I already downloaded Pfsense, have the old PC handy (with a very cool running VIA cpu, can probably do away with the cpu coolerfan if I downclock the thing) and now I'm going to rummage through all my drawers to find some wayward LAN cards

[Prasert]

Some month ago there was another thread about a load balancer. My friend got one from BKK and connected his internet shop to 2 adsl lines. It works great for browsing websites.

It does not work for a lot of other applications, e.g. ftp, messenger and skype.

Take a look at ftp: the application opens a connection for control and in this session the server and client negotiate how to setup a second connection for data transfer. While setting up this data connection, there's a 50% chance this session will be sent over the other adsl line - and the server will refuse it.

Messenger gave a lot of problems too (didn't look into the cause), sending out all tcp traffic destined for port 1863 over 1 line was a workaround for this issue.

Skype behaves like a peer2peer application: several udp connections to other skype clients connect your computer to Skype and new connections are negotiated over these existing connections. Same issues may happen as described in the ftp application, 50% chance of connection failure.

I can't remember which brand this was, but other brands come up with the same problems.

Looking at the price of these boxes, I don't think one should expect much more. These are end-user boxes, with a webinterface to keep configuration as easy as possible.

Anyway, we took the box out after a few weeks, connected the lines to bigger routers (the green noisy ones with many fans) and configured the balancing based on the application traffic - works like a charm now.

[jeffrosner]

I have a perfectly good 6 year old pc that was my wife's college computer. Take out the HD - load the CD - put confix xml file to floppy and you have a router.

And what is a router anyway? It's a computer.

Routers are more stable with fewer moving parts and flash memory instead of a disk which if it goes down uncleanly will need to be FSCK'd before its back up and running. That's the good reason most organizations don't use a computer as a gateway. In reality unless it has a RAID drives and redundant power supplies then it will tend to cause more problems. I would prefer to use a nice Cisco router with IOS any day of the week over a Unix gateway like Firewall-1.

There is nothing wrong with using a linux box as a firewall or router but there will be times you are troubleshooting it. It's an economics decision if you have the time and patience it will work fine.

PFsense boots from CD ROM - it's a live version - nothing to fsck because it doesn't require a hard drive.