dslreports logo
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
9121
share rss forum feed


houkouonchi

join:2002-07-22
Ontario, CA
Reviews:
·Verizon FiOS
reply to guppy_fish

Re: Dual 155/75

said by guppy_fish:

I still don't understand the issue and I took a minute an looked at the configuration page fro that software

Take your assigned /24 and treat it as a /30 for the IP assigned for each of your ONT's. Make them both have default gateways that aren't the real one the Onts expect

If I get the jist of how the software works, you just add static routes to handle the two default routes you created by subnetting and have the static route bridge/route to the actual default route

I assume your pc has three nics as well?

Ok well what your explaining sounds a bit hacky to me.

If I get what your saying would be instead of them being a /24 like they really are make them a /30 so they are no longer in the same network space. make a route to a different ip in those same /30's that really goes to the .1 gateway IP?

I guess one issue is how do I make traffic going to another IP go to .1? I don't quite see the right behavior happening with linux iproute2.

Also my main ip is aaa.bbb.ccc.2 so if in the case of a /30 I would think the fact the real gateway being the only other host in that subnet might cause problems? I guess I could maybe get around this with a /29 but then what if my second ip is aaa.bbb.cc.4 ?
--
150/75 mbit Verizon FiOS connection FTW!


guppy_fish
Premium
join:2003-12-09
Lakeland, FL
kudos:4
Reviews:
·Verizon FiOS
said by houkouonchi:

Ok well what your explaining sounds a bit hacky to me.

If I get what your saying would be instead of them being a /24 like they really are make them a /30 so they are no longer in the same network space. make a route to a different ip in those same /30's that really goes to the .1 gateway IP?

Correct. Your assigned IP's to your ONT's I assume are more than 4 IP address apart. So if your aaa.bbb.cc10 its default route is aaa.bbb.cc9 the network address for a /30

said by houkouonchi:

I guess one issue is how do I make traffic going to another IP go to .1? I don't quite see the right behavior happening with linux iproute2.

A static route that routes all aaa.bbb.cc9 to aaa.bbb.cc1

said by houkouonchi:

Also my main ip is aaa.bbb.ccc.2 so if in the case of a /30 I would think the fact the real gateway being the only other host in that subnet might cause problems? I guess I could maybe get around this with a /29 but then what if my second ip is aaa.bbb.cc.4 ?

Him, I was hoping neither assigned static was within a /30 for the default route

BTW, the VPN bonding isn't happening at layer 3, its layer two and is sending packets based on the MAC address of the ONT. I'm assuming the router software is using the entered IP to arp and get the MAC address and if both interfaces have the same IP its isn't setup for that situation


guppy_fish
Premium
join:2003-12-09
Lakeland, FL
kudos:4
reply to houkouonchi
Check this out

»ask.metafilter.com/111616/how-to ··· e-subnet

Claims pfSense can handle this situation


houkouonchi

join:2002-07-22
Ontario, CA
Reviews:
·Verizon FiOS
reply to guppy_fish
With static routes in linux you route traffic to a destination subnet (or host if a /32) via . The problem is that say I make a static route to go to aaa.bbb.ccc.10/30 to route via my real gateway (aaa.bbb.ccc.1). Well the problem is even if the packets make it to aaa.bbb.ccc.1 they are still going to be destined for aaa.bbb.ccc.10 atleast how I would normally use static routes so I don't think static routes can do what you were describing (at least the way you described it).

As for the VPN. Yes bonding is layer 2 but the VPN connection is going over UDP/IP (layer 3). The VPN allow's me to encapsulate layer 2 over layer 3 which is what allows the bonding in the first place. This does mean that all bonded traffic is routed over another machine (VPN server) and that is a disadvantage.

Honestly though I think I need a different IP just to get my regular balancing working as well. I have yet to get my second IP pingable and I have only gotten any traffic working at all via a static route (which I tested to get 35 megabytes/sec off usenet) =)
--
150/75 mbit Verizon FiOS connection FTW!


houkouonchi

join:2002-07-22
Ontario, CA
Reviews:
·Verizon FiOS
reply to guppy_fish
said by guppy_fish:

Check this out

»ask.metafilter.com/111616/how-to ··· e-subnet

Claims pfSense can handle this situation

Hmm I can find several references that state that is not true:

»redmine.pfsense.org/issues/228

And

»forum.pfsense.org/index.php?topi ··· =47072.0

"nachtfalke' aslo mentions they m ust not have the same gateway.
--
150/75 mbit Verizon FiOS connection FTW!


guppy_fish
Premium
join:2003-12-09
Lakeland, FL
kudos:4
Reviews:
·Verizon FiOS
reply to houkouonchi
If I recall from reading other posting, Verizon provisions the gateway and netmask to much larger than your allocated subnet. You might have 1 IP but are given a /24 for the subnet.

So, you could have 172.123.123.6 on ont 1 and 172.123.123.2 on the other as your IP address. They can't be close than 4 as that's the smallest subnet one can have ( which would be something hidden on Verizons end ).

A simple thing you can try for giggles is config the two interfaces as /30 subnets. One will work as is as its IP is in the /30 block. the other will be aaa.bbb.ccc.dd5 which then connect to your new action tech and just have it configured for a static route of aaa.bbb.ccc.dd5 to aaa.bbb.ccc.dd1. This should work fine and get around all your concerns


houkouonchi

join:2002-07-22
Ontario, CA
Reviews:
·Verizon FiOS
said by guppy_fish:

If I recall from reading other posting, Verizon provisions the gateway and netmask to much larger than your allocated subnet. You might have 1 IP but are given a /24 for the subnet.

So, you could have 172.123.123.6 on ont 1 and 172.123.123.2 on the other as your IP address. They can't be close than 4 as that's the smallest subnet one can have ( which would be something hidden on Verizons end ).

Don't think this is correct. I had a previous order that was not correct and was assigned aaa.bbb.ccc.8 (1 difference from the IP I ended up getting.

I know by utilizing the actiontec there are a couple of ways I could get things working but that is undesirable for me.
--
150/75 mbit Verizon FiOS connection FTW!

buckweet1980

join:2011-12-31
Allen, TX

1 edit
reply to Mahalo
said by Mahalo:

Have you been a datacenter lately that uses HP in the core? Me neither and I have been to 5 large (130,000 sq ft each). I would use it on the edge or remote locations. Mostly Juniper and Cisco right now.

I actually work for HP Networking now because of the gear acquired from 3Com. It's awesome stuff, I wouldn't have changed jobs unless I believed in it. I recently moved over from JP Morgan Chase where I was working on the data center team. At JPMC I worked on Cisco and Juniper high end platforms, including the Nexus platforms. The HPN gear is every bit as good and better in ways than Cisco at a much lower price point.

We, HPN, are taking customers away from Cisco in the branch, campus and data centers every day and are impacting them I guarantee. We do have big name accounts running our gear in their data centers as well. We don't have the presence of Cisco, but that will change in the coming years I assure you. Massive R&D dollars are being put into HPN because the execs finally realized that we have to be in that game. Cisco got into our server game so we have to react.

Cisco makes great kit, so does Juniper. All I ask is that people stop thinking that Cisco is the only vendor and are the defacto best, because they aren't. Networking gear is a commodity anymore, they all do the same thing. It really comes down to do the boxes meet your need and does it meet your financial requirements. Just open your minds and give us a chance, we'll meet your needs! There is no reason to be a sole Cisco mentality anymore!

My 2 Cents


houkouonchi

join:2002-07-22
Ontario, CA
Reviews:
·Verizon FiOS
reply to houkouonchi
Ok so i was able to get my bonded VPN up but having some weird latency difference on the lines which was causing a lot of out of order packets. I was able to help performance by going jumbo frames on the VPN links. That being said my load balancing is still not working at all so I need to either get a new IP or DHCP.

Speed test over the bonded link:


--
150/75 mbit Verizon FiOS connection FTW!


houkouonchi

join:2002-07-22
Ontario, CA
Reviews:
·Verizon FiOS
Well VZ test gives bad upload results:



I believe its because its not using the MTU size from the huge number of duplicate ACKs so not sure how useful bonding will be other than my home -> my server communication but I am find with doing balancing too.

Some single threaded wget tests:

Download test (wget off server)
admin@zeroshell: 07:33 PM :~# wget -O /dev/null http://172.31.1.1/2gb.bin
--19:33:18--  http://172.31.1.1/2gb.bin
           => `/dev/null'
Connecting to 172.31.1.1:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1,992,294,400 [application/octet-stream]
 
 9% [====>                  ] 179,440,712   36.05M/s    ETA 00:4
 

Upload test (wget off home machine):
# wget -O /dev/null http://172.31.1.2/2gb.bin
--19:33:46--  http://172.31.1.2/2gb.bin
           => `/dev/null'
Connecting to 172.31.1.2:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1,992,294,400 (1.9G) [application/octet-stream]
 
 4% [====>                  ] 89,365,332    17.14M/s  
 
--
150/75 mbit Verizon FiOS connection FTW!


Smith6612
Premium,MVM
join:2008-02-01
North Tonawanda, NY
kudos:25
Reviews:
·Verizon Online DSL
·Frontier Communi..
All I can say is...



That is a lot for a home! Hope you enjoy it


mnl1121

join:2008-01-03
Clifton, NJ
reply to houkouonchi
houkouonchi you created a VPN for yourself? Can I ask how you did it? I am really interested in creating a VPN myself, but I'm not sure what the best way about doing it is.


RolteC
0h

join:2001-05-20
New York, NY
kudos:1
It involved running other hardware/server I believe at a place that has at least a gigabit connection. Something very very few people can do or even have access to.


mnl1121

join:2008-01-03
Clifton, NJ
said by RolteC:

It involved running other hardware/server I believe at a place that has at least a gigabit connection. Something very very few people can do or even have access to.

Are you replying to me? Anyone can create a VPN. I'm not interested in doing what he did with two connections. I just want a dedicated home VPN server and I'm not sure whats the best way about doing it.


houkouonchi

join:2002-07-22
Ontario, CA
Reviews:
·Verizon FiOS
said by mnl1121:

said by RolteC:

It involved running other hardware/server I believe at a place that has at least a gigabit connection. Something very very few people can do or even have access to.

Are you replying to me? Anyone can create a VPN. I'm not interested in doing what he did with two connections. I just want a dedicated home VPN server and I'm not sure whats the best way about doing it.

You could run one from a machine at home to give people access to your network but you can also do it from any linux dedicated server as well.

Some nice features of being on a VPN (if routing internet through it). Is you can say be hopping various wireless networks and your WAN IP doesnt keep changing and things like ssh connections can stay up without dropping.

Also you can have a LAN-style environment with samba and what not with several other machines that are connected to each other over the internet without the dangers of allowing the service to be used over the internet.

I personally use openvpn which is a free and open source VPN software. I myself have only setup VPN servers on linux machines (never a windows machine for the server). I do; however, provide a ton of people I know on quakelive with VPN access due to often superior routing which allows for lower latency when there is bad routing to one of their servers. They always seem to chose a provider with crap routing. Right now using VPN makes my latency go from 80ms to their dallas server to 45ms.
--
150/75 mbit Verizon FiOS connection FTW!


mnl1121

join:2008-01-03
Clifton, NJ
okay thanks for the info. I'll look into OpenVPN


mnl1121

join:2008-01-03
Clifton, NJ
reply to houkouonchi
I've got another question. How powerful a computer would you recommend I build? I've got a 35/35 connection here at home. Would a modern CPU (desktop grade like an i7) do the trick?


houkouonchi

join:2002-07-22
Ontario, CA
Reviews:
·Verizon FiOS
said by mnl1121:

I've got another question. How powerful a computer would you recommend I build? I've got a 35/35 connection here at home. Would a modern CPU (desktop grade like an i7) do the trick?

Even the atom 1.6 Ghz box I used to have could handle VPN for dual 35/35 connections so yes any modern core i5/i7 is more than enough.

I tried getting a block of 5 IP addresses to change my static IP on my second connection but alas it is still in the same /24. Since early Friday morning I tried switching to dynamic to get my balancing/bonding working properly without ghetto static routes.

Something caused a hiccup and it wasn't switched over even on the weekend when I was told by 6 PM on Friday. Called again on early Monday and they said there was an issue... Said they would call back. They did a few hours later stating there is still a problem and that they would call back again. No call..

I call again Tuesday early morning and mentioned that the issue didn't get resolved. Interesting enough the person I talked to on Tuesday had no problems getting me provisioned to dynamic. So yay finally my load balancing is working properly with my bonding.

Been happily using the connection. Definitely seeing some usage over 75mbit up pretty consistently but downstream is hard to get over 200 megabits for long periods. I download a lot of stuff off usenet and I find newer stuff usually does go that fast but it downloads so quickly that it wont get even my 5 minute average up in the 300mbit range cause even a 9GB file takes under 5 min to download =)


--
150/75 mbit Verizon FiOS connection FTW!

doofoo

join:2002-01-21
Upper Marlboro, MD
reply to houkouonchi
Can you explain your setup a little further in detail?

Specifically around your openvpn setup and the balancing/bonding you are doing there?


houkouonchi

join:2002-07-22
Ontario, CA
Reviews:
·Verizon FiOS
said by doofoo:

Can you explain your setup a little further in detail?

Specifically around your openvpn setup and the balancing/bonding you are doing there?

Well not sure how much detail you want me to go into. The balancing is just that simply linux balancing between two gateway IP addresses (equally weighted at 1).

The bonding is done over two openvpn links going over each physical connection which are put into a mode=0 (round robin packet based) bonded link on both ends and an IP address on each bonded link on each side. Then I have iptables rules on the server-side which does NAT from the source IP on my home side so its not much different than a machine being behind a router except that the router is at a remote location and the 'physical link' is over a VPN instead of a ethernet cable.

The downside to bonding this method is that all bonded traffic must go over the DC link and uses bandwidth on that side as well so I only make rules so certain types of traffic will go over the bonded link and regular traffic does not.
--
150/75 mbit Verizon FiOS connection FTW!
Expand your moderator at work


Packeteers
Premium
join:2005-06-18
Forest Hills, NY
kudos:1
Reviews:
·Time Warner Cable
reply to houkouonchi

Re: Dual 155/75

houkouonchi - what web sight, service or software agent do you use to generate your up/download history graphs? I was using dslr's monitor, but DHCP changes my IP address so often, that I find updating dslr each time to be a nausance, so I'm looking for anything better that is free

propcgamer

join:2001-10-10
011010101
Looks like MRTG on his router to me.


houkouonchi

join:2002-07-22
Ontario, CA
Reviews:
·Verizon FiOS

1 recommendation

reply to Packeteers
As propcgamer it is MRTG. My full page is:

»fios.houkouonchi.jp/mrtg/

MRTG can be used to graph just about anything if you give it data. For example:

»fios.houkouonchi.jp/weather/room ··· oom.html

I personally like MRTG graphs but another tool made by the same person can do some even more advanced graphs:

»oss.oetiker.ch/rrdtool/

I thought DSLR only does latency checking? Like my own latency one is:

»box.houkouonchi.jp/fios1.html

It shows latency and mdev (jitter).

If you use a service like dynDNS that might make dslreports one easier although I can just easily monitor latency if you have a dynDNS account as well. I actually setup bandwidth monitoring for someone at one point which telneted into his westell (I believe) and graphed traffic until the guys IP changed and he didnt hit me back up with it (he didnt have dynamic DNS).

»box.houkouonchi.jp/vz.html

I also keep track of my bandwidth usage (totals) here:

»fios.houkouonchi.jp/bandwidth/
--
300/150 mbit Bonded Verizon FiOS connection FTW!

dragonman300

join:2011-03-02
Anaheim, CA
kudos:1
reply to houkouonchi
lol, since Verizon FiOS is upping 150mbps speed to 300mbps. Will ur setup will increase from 300mbps to 600mbps? 0__o
--
Curious about Sprint improved 3G and growing 4G LTE network? Then check it out at www.s4gru.com


Onedollar

join:2001-08-27
Pomona, CA
kudos:6
reply to houkouonchi
said by houkouonchi:

said by Onedollar:

You do know a 300 tier is coming right? Couldve saved you some headache

Lies. I was told in November by nycdave that we are looking at atleast 18 months before new speed packages (so 14 months now).

Anyway still no active service. They like had two orders like i would have three lines and they also then later said the 1500G could handle both and had us try that but it never got provisioned. Tech is getting frustrated with dealing people on the phone. Just glad my main connection has not gone down.

Gee look my prediction came true


Smith6612
Premium,MVM
join:2008-02-01
North Tonawanda, NY
kudos:25
Reviews:
·Verizon Online DSL
·Frontier Communi..
reply to dragonman300
said by dragonman300:

lol, since Verizon FiOS is upping 150mbps speed to 300mbps. Will ur setup will increase from 300mbps to 600mbps? 0__o

He might need some beefier hardware on both ends for that then!


houkouonchi

join:2002-07-22
Ontario, CA
Reviews:
·Verizon FiOS
said by Onedollar:

said by houkouonchi:

said by Onedollar:

You do know a 300 tier is coming right? Couldve saved you some headache

Lies. I was told in November by nycdave that we are looking at atleast 18 months before new speed packages (so 14 months now).

Anyway still no active service. They like had two orders like i would have three lines and they also then later said the 1500G could handle both and had us try that but it never got provisioned. Tech is getting frustrated with dealing people on the phone. Just glad my main connection has not gone down.

Gee look my prediction came true

Yup. I believed nycdave was correct when he said 18 months. That seemed more likely too.

said by Smith6612:

said by dragonman300:

lol, since Verizon FiOS is upping 150mbps speed to 300mbps. Will ur setup will increase from 300mbps to 600mbps? 0__o

He might need some beefier hardware on both ends for that then!

Current hardware can handle it I believe. The server-side is core i7 style xeon and pretty high end.

I probably will be going dual 300 megabits if the uploads are true on the new speeds if its near what I am paying now.

They say its going from 150/35 -> 300/65 but its really already 150/75. Only reason I have two connetions right now is for the extra upload capacity so if they are not upping the upload at all then I will have no reason to go back to a single connection. if 300/65 is readly 300/150 then I might go back to a single connection.
--
300/150 mbit Bonded Verizon FiOS connection FTW!

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9
reply to houkouonchi
Did you get your routing/load balancing sorted out? I dug through my archives for the magic I built a decade ago when I sold linux based LBs. You can use two links to the same gateway with a fair bit of routing configuration. The default link / routing setup will never work correctly (it will always favor one link), but the core linux routing functions can be configured to do it. (I used to make a whole lot of money selling boxes that would.)

serge87

join:2009-11-29
Reviews:
·Verizon FiOS
reply to Onedollar
said by Onedollar:

Gee look my prediction came true

Good call