WAN “bonding” is to aggregate multiple WAN link bandwidth in “active-active” mode, to achieve higher WAN speed and link redundancy.
There are two main options for achieving WAN “bonding”, to fit into different deployment scenarios.
- Multi-WAN (Refer to MWAN) link balancing. MWAN aggregates bandwidth by distributing traffic connections (optionally based on weights) across multiple links, utilizing all link capacity, and providing auto-failover between links.
- MWAN tracks each traffic “connection”, eg. uses upper-layer protocol information.
- MWAN works well when there are multiple streams of connections (either from one source to multiple destinations, or multiple sources to one destination, or multiple sources and destinations) so that MWAN can balance each connection.
- MWAN supports unequal WAN link bandwidth and is able to proportionally balance traffic to each link based on weights
- MWAN supports WAN link availability tracking and auto-failover between links
- MWAN does not increase bandwidth for single connection, eg. a single video streaming or voice calling. However, it still provides link redundancy (auto failover).
- VPN bonding. VPN bonding combines L2 VPN and 802.3ad/LACP features. LACP is typically used for Ethernet link aggregation. In our case, we build layer-2 VPN tunnels over each WAN link (Ethernet over VPN) and use LACP to “bond” multiple VPN tunnels (overlayed to respective WAN links), as if it’s aggregating multiple Ethernet links.
- VPN bonding adds multiple VPN tunnels into one logical link (bond interface), aggregating the total bandwidth of all VPN/WAN links.
- VPN bonding increases bandwidth for both single-stream and multiple streams of connections.
- VPN bonding supports WAN link availability tracking and auto-failover between links
- VPN bonding requires each WAN link to have similar performance (speed and latency).
Configure WAN Bonding (VPN+LACP)
Prerequisite
- Prepare mfusion access, refer to mfusion access.
- Provision the Gateway and SD-Branch remote device to mfusion. Refer to Provisioning mbox appliances.
- Import Gateway and SD-Branch to orchestrator. Refer to New Gateway, refer the same link to import SD-Branch.
- Insert 2 SIMs to HSA/UA (SD-Branch, Remote device). Refer to Understanding to insert SIM into HSA / UA.
- Enable the WWAN0 and WWAN1 Interface. Refer to Setting of Mobile Interface
.
Steps to configure WAN Bonding (VPN+LACP)
CMG Gateway
- Create new bonding interface with below details. Refer to New Bond Interface
- Bond Id = 1
- IP address (Static) = 10.1.1.1/30
- Click
.
- Create 2 VPN instance (Layer2 VPN mode) with below details.
- VPN Instance id = 1 | VPN Instance id = 2
- Server Public Address/VPN Port = <CMG public ip> | Port = 1443 | Port = 2443
- VPN Mode = Layer 2 (Ethernet Over VPN)
- Layer 2 Options = Assign Instance to Bond-Group
- Assign To Bond-Group = 1
- Click
.
.
SD-Branch device (HSA/UA)
- Configure Global Firewall rule with below settings
- Firewall rule type = Access | Action = Permit | Direction = Outbound
.
- Configure Global Wireless with below settings. Refer Global Wireless
- Enable both Radios
- SSID Name = SSID1 | Encryption Mode = WPA1/WAP2-PSK | Password = <password> | Optional Settings = Broadcast | VLAN/Network = vlan10 | Radio – enable 2.4Ghz and 5Ghz
.
- Map created Global Firewall and Wireless to HSA/UA
.
- Create vlan10 interface with below settings
- Physical 802.1q Trunking Interface = eth1 | VLAN ID = vlan10 | IP Address = 10.11.11.1/24
- DHCP Server =
[Enable this option]
.
- Create a bond interface with below settings
- Bond ID = 1 | Admin Status = Enable | IP Address = 10.1.1.2/30
.
- Map both VPN instance to HSA/UA, that was created in CMG with below settings
.
- Edit the VPN Instance settings as per below settings
- VPN Instance 1
- Other Options = Select Path | Select Path = wwan0
- VPN Instance 2
- Other Options = Select Path | Select Path = wwan1
- VPN Instance 1
- Click after configuring.