Using multiple WAN connections in load balancing mode

Keenetic routers can use multiple WAN connections simultaneously in balancing mode (on Keenetic routers, this mode is called Multipath Transmission). Any WAN interface — wired, modem, DSL, WISP, PPPoE, etc. — can participate in balancing.

Starting with KeeneticOS 3.9, intelligent balancing has been implemented, and a new multipath policy has been added to the web interface to optimize the use of multiple Internet connections, speeding up and balancing the traffic.

TIP: Note: Balancing will be most effective for multithreaded traffic (point-to-multipoint or one-to-many connections), such as torrent traffic, P2P or other protocols that open multiple connections that do not require saving the source address. In this case, the connections will be distributed over different links.
Balancing will not work correctly for point-to-point or one-to-one connections because most hosts will drop packets from the same session if they come from different IP addresses. For example, an HTTPS-enabled website or web service that opens multiple sessions might not work because if some sessions are routed to different ISPs, it will trigger security and errors for the HTTPS protocol.

Multipath transmission can operate within a single non-main profile and allows the speeds of several connections to be summed up. To set up, all you need to do is:

1. Connect several providers;

2. On the 'Connection priorities' page, add a new policy;

3. Tick both Internet connections and the 'Enable multipath' option;

4. Move to this policy the device (e.g. PC) on which you want to get the summarized speed of several connections;

5. Check if the multipath transmission is working. Run a torrent client or file download on the PC. Now it will be able to use both connections simultaneously unless, of course, both ISPs block P2P traffic (torrent traffic may not work in mobile operators' networks, or it will be artificially limited in speed).

Multipath1_en.png

TIP: Note: Providers must give the Keenetic router IP addresses from different subnets so that there is no conflict. Since KeeneticOS 3.9, the number of sessions is not distributed in the ip global priority ratio but in the physical interface speed ratio. So with two Gigabit connections, the sessions will be split in half. And if the first connection is 1000 Mbit/s and the second 100 Mbit/s, the ratio is 10/1. Only the physical link speeds of the ports used are taken into account. ISP's shaper speed limits according to tariff plan are not taken into account.
It is important to understand that the session ratio does not guarantee the speed ratio. These ratios are closer to each other when there are a large number of homogeneous sessions. If the main load is generated by a single session, however, it can be randomly set through any connection. In this case, the speed will only be determined by the speed of that single connection.
Another new feature in KeeneticOS 3.9 is the ability to distribute sessions across connections not only based on the ip source/destination pair but also considering the udp/tcp source port/destination port. The new distribution mode allows sessions to be set up between the same two IPs via different connections, which makes the channel utilization more even.


 

The following is another way to enable balancing mode in the router (using special commands) by taking the BitTorrent protocol as an example (as it is easier to demonstrate the multipath mode on this protocol). This method is relevant for models that do not have a multipath setting in the web interface.

1. You need to set up a separate Internet connection policy. On the 'Connection priorities' page, on the 'Internet connection policies' tab, you need to click '+ Add policy' and specify the name of the new policy, for example, torrent-multipath. Here, a policy is a set of rules and routing policies applied to hosts' traffic when they access the Internet.

NOTE: Important! Balancing mode does not work in the default policy, only in additional policies.

In our example, the Main and Backup connections are intended to provide Internet access and maximize bandwidth while downloading a file for the BitTorrent protocol.

In the right column, 'Connection', you need to check only them and save the settings.

balance_main_and_backup.png

2. Here, on the 'Connection priorities' page, click on the 'Policy bindings' tab. The 'Show all objects' option lets you display all devices registered in the local segments and the local network segments configured on the router.

balance_binding_policy.png

By holding down the Ctrl key on your keyboard with the mouse, you can select multiple devices at once. In our example, you need to move only one object (host MYHOST) to the previously added torrent-multipath policy.

balance_binded_device.png

3. Prioritizing the Main and Backup connections.

NOTE: Important! The load ratio is determined by the priority value of the ip global interfaces within the connection policy. The priority of the Backup connection must be lower by one than the priority of the Main connection. In our example, priorities 65533 and 65532 are used.

To make the balancing work, you will need to set the ip global value for Main and Backup via the router's command-line interface (CLI). In our example, the GigabitEthernet0/Vlan4 interface named Main and the ISP named Backup:

(config)> interface GigabitEthernet0/Vlan4
Core::Configurator: Done.
(config-if)> ip global 65533
Network::Interface::Ip: "GigabitEthernet0/Vlan4": global priority is 65533.
(config-if)> exit
Core::Configurator: Done.
(config)> system configuration save 
Core::ConfigurationSaver: Saving configuration.


GigabitEthernet0/Vlan4 interface for 1 Gbit/s or FastEthernet0/Vlan14 interface for 100 Mbit/s.

(config)> interface ISP
Core::Configurator: Done.
(config-if)> ip global 65532
Network::Interface::Ip: "ISP": global priority is 65532.
(config-if)> exit
Core::Configurator: Done.
(config)> system configuration save 
Core::ConfigurationSaver: Saving configuration.


4. Enable balancing mode for the torrent-multipath policy:

(config)> ip policy Policy5
Network::PolicyTable: Policy "Policy5" exists.
(config-policy)> multipath
Network::PolicyTable: "Policy5": enable multipath.
(config-policy)> exit
Core::Configurator: Done.
(config)> system configuration save 
Core::ConfigurationSaver: Saving configuration.


In our example, the torrent-multipath alias corresponds to the policy's name of the Policy5:

(config)> show ip policy

policy, name = Policy5, description = torrent-multipath: 
mark: ffffd05
table: 47


5. Here, in the command-line interface, check the routing table.

The numbering of the Internet connection policies (ip policy PolicyX) starts at 42.
In our example, the ip policy Policy5 is numbered 47:

(config)> show ip route table 47
================================================================================
Destination          Gateway           Interface                         Metric 
================================================================================
0.0.0.0/0            192.168.209.1     GigabitEthernet0/Vlan4            253      
0.0.0.0/0            193.0.174.1       ISP                               253 
10.1.30.0/24         0.0.0.0           Guest                             0
151.236.14.119/32    192.168.209.1     GigabitEthernet0/Vlan4            0
172.16.82.0/24       0.0.0.0           Wireguard2                        0
192.168.3.0/24       0.0.0.0           Bridge2                           0
192.168.22.0/24      0.0.0.0           Home                              0
192.168.209.0/24     0.0.0.0           GigabitEthernet0/Vlan4            0
193.0.174.0/24       0.0.0.0           ISP                               0
193.0.175.0/25       193.0.174.10      ISP                               0
193.0.175.22/32      193.0.174.1       ISP                               0
193.187.91.26/32     192.168.209.1     GigabitEthernet0/Vlan4            0
194.32.146.82/32     192.168.209.1     GigabitEthernet0/Vlan4            0


After enabling the balancing mode, a default route is added within the Additional policy for the interfaces added to this policy. In other words, if two ISP interfaces are in the table, it means that multipath works.

6. Check the Download speed on connected interfaces in the web interface on the Dashboard.

Channel rate of Main and Backup connections up to 100 Mbit/s = 12.5 Mbytes/s:

balancing_mode.png

The download speed is summed from the two connections, so we get up to 22.4 Mbytes/s = 179.2 Mbit/s.

torrent_downloading.png

To disable balancing mode, you will need to run the following commands via the router's CLI:

(config)> ip policy Policy5
Network::PolicyTable: Policy "Policy5" exists.
(config-policy)> no multipath
Network::PolicyTable: "Policy5": enable multipath.
(config-policy)> exit
Core::Configurator: Done.
(config)> system configuration save
Core::ConfigurationSaver: Saving configuration...

 

TIP: Tip: If you have 100 Mbit/s and 200 Mbit/s Internet channels, you need to set the first Internet connection to ip global value 10000 and the second Internet connection to ip global value 20000. Then the balancing will work in the ratio of 1:2, and the total speed will increase up to 300 Mbit/s.

TIP: Help: The balancing mode also works for the Download Station built into KeeneticOS. You can assign a connection policy for the BitTorrent client with the command torrent policy <connection_policy>

TIP: Note: Starting with KeeneticOS 3.9, intelligent balancing has been implemented. Now the number of sessions will not be distributed in the ip global priority ratio but in the physical interface speed ratio. So with two Gigabit connections, the sessions will be divided in half. And if the first connection is 1000 Mbit/s and the second 100 Mbit/s, the ratio is 10/1. Only the physical link speeds of the ports used are taken into account. ISP's shaper speed limits according to tariff plan are not taken into account.
It is important to understand that the session ratio does not guarantee the speed ratio. These ratios approach each other when there are a large number of homogeneous sessions. If the main load is generated by a single session, however, it can be randomly set through any connection. In this case, the speed will only be determined by the speed of that single connection.
Another new feature in KeeneticOS 3.9 is the ability to distribute sessions across connections not only based on the ip source/destination pair, but also considering the udp/tcp source port/destination port. The new distribution mode allows sessions to be set between two identical IPs over different connections, which makes the channel utilization more uniform.
To enable the new distribution mode, use the command:
system set net.ipv4.fib_multipath_hash_policy 1
To disable it:
system set net.ipv4.fib_multipath_hash_policy 0

Was this article helpful?

76 out of 82 found this helpful