Forum Replies Created
Sure…the QOS settings we used were to take the DEFAULT QOS – default class for unclassified traffic, set the max bandwidth to whatever the aggregation would be (2 t1s for example would be 3mb/s) and apply it to the bond. No other changes. if the QOS is not there giving it enough max bandwidth, we did not get good aggregation….if any at all.
Yup…we got 2 lines between the ZS boxes. thus 2 vpns, thus 1 bond.
Please forgive my sheer ignorance in these matters.
I guess before I try to get it to load every time, I need to know how to get it to show up in the gui. The ifconfig shows the adapter, yet the web console will not show it. I notice the naming of the primary connection in the console is ETH00, and this new one shows up as eth0…possibly a conflict?
If anyone knows where to name this connection and how to refresh it in the gui, I would be greatly appreciative.
Excellent…thanks…will give a try
Well…we found the asix.ko in cdrom/modules/220.127.116.11/kernel/drivers/net/usb/asix.ko
if I manually do an insmod cdrom/modules/18.104.22.168/kernel/drivers/net/usb/asix.ko
and then an ifconfig -a…a new connection called eth0 shows up…and the mac address matches the device.
but if I hit freresh in the web gui…I see no network interface of eth0.
So…my question is this…
1. Why would it not show up in the web gui?
2. what do I need to do to make sure this asix.ko actually loads each time?
I’m so close…I can taste it!!
THanks for everyone’s help to this point!!
Yours is different from mine…we are using 2 Zeroshell devices…to create the tunnels, while it looks like you are doing 1 ZS to an outside server.
We got great help from ppalias in getting ours figured out…so believe him on what he posts.
I agree with his last post…looks like the subnets on the bond are wrong…one side is 192.168.1.X and the second side is 192.168.0.X
we went like this:
(ETH10.1.1.1)ZS–(VPNa)-calls outside of ZS2 —ZS2 (ETH10.1.2.1)
then 2nd adapter on ZS uses VPNB calls 2nd adapter on ZS2
Once creqated…Bond both VPNa and VPNb together on both sides…..gave the bond00 on ZS 172.16.1.1/24 and the bond00 on ZS2 the address of 172.16.1.2/24
Went into routing on ZS and told it that the 10.1.2.X network goes to 172.16.1.2 and on ZS2…told it that the 10.1.1.X network can be found on 172.16.1.1…and it works great (see details earlier in post for best speeds and such)
So if it were me…I would put a 2nd ZS box in so you are building the tunnel between the 2 locations…your life will be easier.
OK…makes sense…custom built.
Ppalias mentioned SNMP already on there? It shows up in the Web gui as a project yet to come.
I assume “service start snmp”….yet it comes back with:
/sbin/service: line 6 /etc/rc.d/init.d/start: no such file or directory
/sbin/service: line 6 exec: /etc/rc.d/init.d/start: cannot execute: no such file or directory
SO we look at /sbin/service and it’s calling to exec /etc/rc.d/init.d/$1 $2
No clue what the variables of $1 and $2 would be
Well…we run the lsusb and we see the device at 0b95:7720 (we know this because if we remove it…and rerun lsusb…it is missing)
I look that up and it actually turns out to be
vendor: 0b95 (“ASIX Electronics Corp.”), product: 7720 (“AX88772”)
LSMOD however shows nothing about the usb ehternet device nor asix.
I do a search on the ZS box and I find in /cdrom/modules/22.214.171.124/kernel/drivers/net/usb/asix.ko but I’m not sure how to load it..and more importantly…how to get it to auto load each time.
ifconfig comes back with the info about the onboard nic, the dummy1 conncetion, and the built in VPN connection…but no USB (because there is no mod loaded for it I would assume.)
The GREP command comes back with info only about eth00…specifically r8169 : ETH00: link up.
So…what does one need to do to get the module to load for this usb nic?
All help is greatly appreciated.
Turns out to be something in the machine we were trying to use. I took the drive and put it in another machine and it booted fine.
Thanks anyway….please see next USB nic question.
It really does work…let me know what parts you would like.
So we are ok with #1….but #2….reinstall MRTG…..we’re running this off the ISO burned to a cd….the mrtg isn’t part of it by default?
After some massive testing…here’s what we found.
The big issue is QOS on the bond. If we turn on the default and tell it it has 3mb guaranteed…then it used all of the lines (except in bonded TCP vpns…see below)
Baseline : No Zeroshell…Transferring 100 MB over the routers back to back , single T1, 11 minutes
Single VPN – 100 mb, TCP, no encryption, no compression – 14min 30 sec
using the 1.2 to 1.3 connection speed.
Dual VPN TCP bonded – 12 min ( again…this is the wierd not full bandwidth issue…even with QOS)
Once we switched to UDP, on a single vpn we got 12 minutes (expected for a little overhead)
Dual UDP bonded VPN we got 7 minutes (and the t1s were both utilizing 1.2 – 1.3 MB each )
We even tested 2 vpns bonded, and pulled one connection mid transfer, then put it back in…and we watched ZS dynamically adjust to the speed differences nicely.
with UDP, we could even turn on encrytion (different ciphers tried up to 256 AES) and we saw little or no difference – maybe extra 30 seconds to transfer on 256 AES
So in controlled testing…the TCP VPN connection really pales compared to the UDP….obviously the connection based TCP protocol adds some overhead on the tunnel…like 30%.
The other thing we did see is this…
We decided to see what would happen if one of the uploads was not capable of the same speed as the other. So we took one of the simulated T1 connections and reduced it to 756K. What we saw was the 2 udp vpn tunnels both used 700K over each line…even though the other line could have done more. Is this by design or a flaw?
SO….if we have tested correctly…we have found that the UDP vpn bond is superior to the TCP bond by over 30%…and we found the a bonded VPN will throttle all connections down to the lowest speed…so if you have 2mb connection, a 1 mb cnnection, and a 256K connection bonded…you will get 3 connections running at the lowest speed of 256K EACH.
AND QOS on the bond is essential to get the bond to utilize the available bandwidth.
So moral of the story…use UDP, QOS, no compression, and make sure the speeds match.
BTW…the graphs all said that /mrtg/statisitcs.html was not found on this server….ideas?
Overall…this is a fantastic product and very resiliant. We are extremely hapy with it once we leaarned the quirks.
I may have been too verbose in these forums…but hopefully all this will help the next guy who reads this.
So..ppalias….what do you think about the 2 issues above?
1. 2 different speed links will link and use only the bandwidth of the lowest link
2. Missing mrtg graphics
The processors are asleep.
5% on the “server” side (ZS box A) of the vpns, 1% on the client side (ZS Box B).
Memory usage at 140 MB of 2 GB.
Well…thanks to ppalias…I have sucessfully configured the ZS devices, bonded and got it all running.
Here’s the interesting part:
We have setup 4 routers, the first pair with back to back T1 (1.5mps up and down)…and addressed accordingly.
The second pair…same thing…different addressing schemes.
The zero shell boxes (each with 2 wan connections) are on either side of these routers….so effectively, the routers are simulating 2 internet connections.
If I take the ZS out, and copy 100 MB of small files from 1 side to the other, over 1 set of routers…I get around 1.4 mb constant throughput till done. When I put the ZS in, setup a vpn between the 2 ZS boxes, it transfers, but I see only 800K of usage on the routers.
I setup another VPN over the 2nd set of routers,
When I bond the two together…I get about 400-500K of usage over each connection. Overall Better…but nowhere near what the routers themselves can do.
What am I missing here?
OK…so if we route between the sites…I can leave Branch A at the 10.1.1.0/24 network and Branch B at the 10.1.2.0/24 network…I don’t need to bridge and make them all the same subnet?
That would be even better if thats the case!!