On 2021-07-22, Cand Tec <[email protected]> wrote: > I've a few openbsd 6.8 installations running as a FW/router/vpn at some > client offices. No problems, It just works! > I would like to use openbsd 6.9 on x86 HW (either lanner device or dell > rack mount svr) at this new client (mining industry). They're however in a > bandwidth constrained location being a mining site. > The current ISP - xplornet - provides an LTE-25 connection and from what > I've been told, the connections terminate via an ethernet cable from ISP > provided modem. > The client has added 2 additional services for a total of 3 LTE > connections. I would like to bundle these 3 connections to provide > increased bandwidth for the local LAN. I was thinking of using aggr(4) to > config the interfaces, but I need some clarification or direction on how > best to achieve this. > At the moment this is strictly for internet access and there are no session > based services as yet. > Based on what I see in the man aggr - > ifconfig aggr0 create > ifconfig aggr0 trunkport em0 > ifconfig aggr0 trunkport em1 > ifconfig aggr0 trunkport em2 > ifconfig aggr0 192.168.1.100/24 > ifconfig aggr0 up > Do I need to assign the wan ips to the respective interfaces in the aggr0? > I've looked at all the postings over the last 3 years so far and I've not > come across anyone using a similar setup. Is there anyone doing this type > of bonding with multiple wan ips? > I'm not looking for fail-over or active/passive setups but mainly bonding. > > Thanks in advance for your comments >
aggr/trunk will not work. 1. You can load-balance between the connections with a nat address pool, see https://www.openbsd.org/faq/pf/pools.html 2. If you have somewhere on decent bandwidth you can host a router or VM, you can use a multilink VPN (mlvpn is in packages, or you could use a separate device running something like openmptcprouter) and aggregate between the connections there 2 is obviously more work, but lets you spread a single TCP/UDP connection across multiple paths which you can't with nat balancing, also saves the need to make exceptions if yoy disxover services that don't like the client IP address to change during a session. If you want to run a VPN load-balanced between multiple of these LTE connections you'll need to do 2 because it's a single PF state so otherwise it would stick to just one of the LTE connections.
