Skip to main content

Load Balancing DSL for small office / home office

Below is a summary of my experiences with setting up a load balanced DSL (or other broadband) configuration for home/home office.

This apparently has been an ever-elusive configuration for a lot of people, so I figured that since we now have it all working right, I'd share some details about what I did, the problems I ran into, and some thoughts about why you might WANT to do this, or why you SHOULDN'T do this.

First of all, why would you want a load balanced DSL config for home or your home office?
  • DSL is slow (or 'not fast enough' for what you want to do)
  • You need something more reliable (i.e. failover, for home office)
Basically my situation is that we live in an area where cable tv+internet is not available, but DSL is.  We only qualify for the slowest speed option for DSL.  When we setup a home office, the Internet access just wasn't very reliable and was pretty slow at home.  That is fine if you are just surfing the net or checking email, but if you are relying on good Internet to do work (like VoIP phones, fast uploads/downloads, etc.) it becomes an issue.  For us, Internet was just too darn slow for our VoIP phones and we needed several people to use the internet at the same time during business hours, so a 2nd DSL was required.  I placed the order and in a few days, the second connection was up and running with its own DSL router.

Now, if you are thinking: "hmmm, that means I can have redundant 2x speed website hosting here, right ?" you would be WRONG.  An important thing to understand about load balancing is that it is ONE-SIDED.  At your small/home office, if you load balance two  DSLs, that means you make requests out to the internet, and your requests are split up over two connections.  The converse is not true:  If you host a website, you need to point DNS to one of your connections, so that traffic will always go over one DSL and won't be redundant, and won't take advantage of the combined speeds.  The only way to get DSL working fully redundant is to have the connections BONDED, which means routing magic needs to happen not only at your home/small office location, but also at your ISP, who will allow a public ip address (your website) to properly flow via two different routes (your two DSLs) to your server.  This is not an easy configuration as you need to use advanced protocols like BGP, and that assumes that your ISP will agree to do all that setup on their end, which most will not for residential access.  If they do, it will be cost prohibitive.

But, back to the real scenario, which is: we needed a better way to USE the internet, faster and reliable.

As a band-aid type fix for the problem, one could 'divide' who uses what with two DSLs by simply hard wiring some people/devices through router 1, and others through router 2, but then nobody gets failover protection, and nobody can take advantage of the combined speed, so I looked for a solution to load balance both connections.

For a while I looked into configuring Vyatta and pfSense with a spare PC to handle two different WANs (i.e. two DSLs, or DSL + cable, or any combination thereof), which was tedious and basically requires you to know a fair bit about how to configure routing.  Both are open source and will work, but require some patience and technology know-how.  The other issue was that Vyatta and pfsense both did connection-level routing instead of packet-level routing.  This may have changed since I originally started this project, but this limitation was a big factor for me to move on.  Connection level routing means that you still can't take advantage of the speed of both WANs together, as each connection would go down one pipe or the other, not split and simultaneously sent down both (what I wanted).

I eventually settled on purchasing a Linksys RV042 4-port VPN router, which has dual-wan management built in, and does packet-level routing for load balancing.  I got it for $50 used on eBay, knowing that if it didn't work, I wouldn't cry too much over $50.

Once I got the RV042, I updated its firmware to the latest, and then set it up.  Configuration was a breeze, though non technical people might still be intimidated.  I tried multiple configurations and ultimately settled on load balancing config, and weighted each of the DSL lines with available upload/download bandwidth.

The concept is that you connect your two DSL/WAN connections into the RV042, then you connect your desktop/laptop/etc. into the RV042.  RV042 takes care of deciding which internet pipe to use for your data.

Basically the configuration worked pretty well right away.  There were a few issues though.  I observed the following:
  • Slow latency and loading on some web pages
  • Broken images
  • Some pages never load
  • Logging into some secure websites complained that my IP address changed
A few things that are not so easily found caused these issues.

1. Improper MTU setting in the RV042: You can configure what the "maximum transmission unit" size should be in the RV042, but the default is 1500.  Turns out that for most DSL providers, the maximum you can use is 1492.  Changing it from the default to 1492 made a great difference in throughput speeds and latency.

2. DNS problems: By default the RV042 acts as your DNS server if you are using DHCP to auto-assign ip addresses (who doesn't use DHCP anymore?), and when it receives a DNS, it sends it to one of your two WAN connections' DNS servers.  After chasing my tail a bit, I discovered that my ISP's DNS servers are VERY overworked, and a lot of times I was getting timeouts, which caused both the broken images and page-never-loading issues.

You can be creative as to how you solve this problem, but I opted to use an old PC, put in a 4GB flash thumb drive (no hard drive) and installed Linux (Centos) and setup a caching DNS server.  I run this DNS server locally on my home network, and its job is to do proper DNS lookups and cache them for fast performance.  I had to configure the RV042 (under DHCP) so that it gives out my DNS server's address for DHCP.  Once that was done, no more broken images, and pages load nice and quick.

3. The issue of logging into websites, and them complaining about my IP address changing is a valid one, and is a very real problem.  Basically each time you reload a page on a website, that site will see you as coming from one of your two DSL/WAN connections, each of which give you a different public IP address, so you see the websites complaining about your changed IP address is actually correct.  This especially becomes an issue with bank websites, company extranets, and sites like this that rely on knowing your IP address all the time for your session.

To address this, I added a rule in the RV042 to say that all HTTPS (secure) traffic must go over one of the LANs, so secure traffic is no longer load balanced or failover secured, but at least it solves the issue.  If the DSL connection that I use for HTTPS goes down, I can always manually switch this rule to use the second DSL.

Probably the most significant thing that made this configuration even acceptable to work was having a local DNS server.  If there is enough need and interest, I'll blog about how to set that up.  Comment if you want to know more!

To sum all things up, here is a graphic of the network topology now that it's all done and working great.


Each DSL router gets its own IP address from the ISP.  The RV042 handles assigns its own IP addresses for the internal network, and decides which packets go down which pipe based on available bandwidth.  My in-house dns server resolves all IPs to fix my ISP's slow dns server issue.  All the other pcs and wireless devices work the same as if I was using a single DSL.  Now we effectively get 2x the speed out to the internet, and if one connection goes down, we are still online, just at 1/2 speed, which is better than no speed.  Mission accomplished.

Popular posts from this blog

Installing python 3.4.x on OSX El Capitan

I love "brew" package manager, but sometimes being too progressive breaks things.  I have several python apps that I maintain that get deployed to AWS using Elastic Beanstalk.  AWS eb can deploy with python 2.7 or 3.4.  Any recent 'brew install python3" will get 3.5.1. #annoying

Making Macbook Air with 128GB SSD usable with Bootcamp

I recently got a new Macbook Air 11" (the 2012 version) and loaded it with goodies like 8GB ram and 2GHz Core i7.  What I DIDN'T upgrade was the internal SSD.  My config came with 128GB SSD and I refused to pay $300+ to upgrade it to 256GB.  Yeah I know, some call me cheap, but SSds cost $75-$150 for 240GB, so adding another 128GB for $300 seemed way too steep for me.  I figured "ok, I'm going to make 128G work!"

Here is the story of how that went...

Getting Started with OpenVAS on CentOS - an open source vulnerability scanner

The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. (Taken from the OpenVAS website, which is at http://www.openvas.org/ )





This blog entry will introduce OpenVAS version 3.1, walk through installation on CentOS and is intended as a "getting started" guide. I'll also do a guide for installing on Ubuntu later.