Load balancing and VPN

[Notnab]

Hi all.
We are part of a UK company that has opened offices in South Africa recently.
At the moment we are using 5x 4MB DSL lines that is bonded using the Technology Concepts sollution, but it is not working for us.
We are connected to the UK office WAN via VPN, and have about 10 users.

My question now, I am looking at implementing a load balancing sollution on the 5 dsl lines, as we can not justify the cost of a leased line at the moment.
(We do understand the difference between the two sollutions, and is happy to go with balancing instead of bonding for the time being)
What would the implications be for the VPN tunnel should we have 5 and not one static IP? I am looking into setting up a pfSense box to do the load balancing, and was wondering if we would be able to connect to the WAN in the UK at all?

I also understand that connecting to a secure website would mean that certain policies would need to be in place to prevent packets coming from more than one IP, so that will be addressed.

Any suggestions are welcome!

 

[gregmcc]

Why do you need to much bandwidth? 5 x 4MB does not mean you will get 20MB international

 

[Brandon]

I did try multihoming with pfsense, but never really got the results I was looking for from it & wasn't so keen on having to support the power & space of another PC in my rack.

We use the TC 5 port ADSL solution, (working through verizon not IS) it can be a rollercoster ride speed wise but have noticed upload speed is very consistent at around 2.2Mbits, down speed can go from 1.8MBytes down to 400Kbytes for whatever reasons. We are using an Edimax BR-6641 Details here. to balance traffic to and from our other IS uncapped lines. Hosting a corporate intranet with it & so far so good.

The edmax unit is only 4 wan ports, but is very easy to configure and is well worth the initial cost. It is also quite comprehensive in its routing policies. From the above link take a look at the users manual for detailed info.

 

[Roman4604]

(We do understand the difference between the two sollutions, and is happy to go with balancing instead of bonding for the time being) What would the implications be for the VPN tunnel should we have 5 and not one static IP?

That wouldnt be an issue, but what would be is the fact that 1 VPN tunnel will only be as fast as a single line (think max 440Kbps upstream).

You're not only going to have to balance general internet traffic over the 5 links, but to get resonable VPN speed you're going to have to create 5 seperate VPN tunnels (one on each link) and balance traffic over the tunnels as well (on both ends).

I dont believe this level of complexity is warranted for 10 users. Possibly just go lo-tech, by assigning each pair of users their own VPN capable router & link. With clever masking you can make it look like they are all on one LAN when communication with each other, but each pair looks seperate to the Internet & HQ.