Let’s say, tinc A node server LAN-1(single internet circuit), tinc B node and tinc C node are both serve LAN-2.(two internet circuits) Normally, we can only set tinc A to connect to either B or C, and then the other set as backup. But in some circumstances, we would like to combine the internet pipe of both two circuits, so that the tunnel traffic can have a better bandwidth. If that’s the case, is there anyway we can load-balance the traffic from LAN-1 to LAN-2’s dual internet entry point, for example, load-balance per flow. Best Regards Bright Zhao ✉ -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20171029/3a9b00d6/attachment.html>
Phang Mulianto
2017-Oct-29 12:02 UTC
Tinc support load-balance of one node to the other two?
Hi, You mean use the vpn link as active active? What service run for the vpn? If pure tcp load balance, iptables can do these needs. If http service you can use L7 load balancer On 29 Oct 2017 7:04 pm, "Bright Zhao" <startryst at gmail.com> wrote:> Let’s say, tinc A node server LAN-1(single internet circuit), tinc B node > and tinc C node are both serve LAN-2.(two internet circuits) > > Normally, we can only set tinc A to connect to either B or C, and then the > other set as backup. > > But in some circumstances, we would like to combine the internet pipe of > both two circuits, so that the tunnel traffic can have a better bandwidth. > > If that’s the case, is there anyway we can load-balance the traffic from > LAN-1 to LAN-2’s dual internet entry point, for example, load-balance per > flow. > > > Best Regards > > Bright Zhao > ✉ > > > > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20171029/ecd7f648/attachment.html>
Hi, Phang Thank you, I figured this out by tcp load balance, where the mangle table of iptables can do the work. I setup two tinc tunnels, and using mangle PREROUTING to track connection and mark packet, then do the policy routing to send to each tinc tunnel. so in this case, I just imagine the two tunnels tinc build just like two interface, and do the per flow load balancing across those two interfaces. Best Regards Bright Zhao ✉> On 29 Oct 2017, at 8:02 PM, Phang Mulianto <braveh4rt at gmail.com> wrote: > > Hi, > > You mean use the vpn link as active active? > > What service run for the vpn? > > If pure tcp load balance, iptables can do these needs. > If http service you can use L7 load balancer > > On 29 Oct 2017 7:04 pm, "Bright Zhao" <startryst at gmail.com <mailto:startryst at gmail.com>> wrote: > Let’s say, tinc A node server LAN-1(single internet circuit), tinc B node and tinc C node are both serve LAN-2.(two internet circuits) > > Normally, we can only set tinc A to connect to either B or C, and then the other set as backup. > > But in some circumstances, we would like to combine the internet pipe of both two circuits, so that the tunnel traffic can have a better bandwidth. > > If that’s the case, is there anyway we can load-balance the traffic from LAN-1 to LAN-2’s dual internet entry point, for example, load-balance per flow. > > > Best Regards > > Bright Zhao > ✉ > > > > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org <mailto:tinc at tinc-vpn.org> > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc <https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc> > > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20171029/98195efb/attachment-0001.html>