I've recently been thinking again about a product that Viprinet provide, basically they've got a pair of routers, one that lives in a datacentre, Their VPN Multichannel Hub and the on-site hardware, their VPN multichannel routers
They've also got a bunch of interface cards (like HWICs) for 3G, UMTS, Ethernet, ADSL and ISDN adapters.
Their main spiel seems to be bonding across different media. It's something that I'd really like to use for a couple of projects, but their pricing is really quite extreme, the hub is about 1-2k, the routers are 2-6k, and the interface modules are 200-600 each.
So, what I'd like to know is, is it possible with a couple of stock Cisco routers, 28xx or 18xx series, to do something similar, and basically connect a bunch of different WAN ports, but have it all presented neatly as one channel back to the internet, with seamless (or nearly) failover if one of the WAN interfaces should fail.
Basically, If i got 3x 3G to ethernet modems, and each on a different network, I'd like to be able to loadbalance/bond across all of them, without having to pay Viprinet for the privilege.
Does anyone know how I'd go about configuring something for myself, based around standard protocols (or vendor specific ones), but without actually having to buy the Viprinet hardware?
With Cisco, I would go either for some CEF load sharing or Policy Based Routing (now called performance routing).
I never tried CEF load-sharing on 3G (only on frame-relay leased lines), but setting three tunnels, each via a different card, to an endpoint (which will be your gateway) and with three equal-cost routes to that endpoint could work. In my setup the PE router was the endpoint, so no tunnel was needed.
Cisco has some documentation about it, and load-sharing can be set either per-packet or per-destination.
From the troubleshooting guide:
Ivan Pepelnjak has also two entries on his blog regarding CEF load-sharing that are worth reading.
Regarding Policy Based Routing, I also operate a customer network of small sites that are connected to a central hub via various tubes. Each spoke has a FR leased line, a dsl internet access (with IPSec over the internet) and a satellite link.
All links goes to one of our PE router (be it frame, internet or satellite) and then over mpls (in different vpns) to the central hub, where each vpn terminate in a VRF (vrf-lite here, no mpls) on the CE router. Each vpn is then routed to a vlan.
The various customer applications are routed (by destination IP or L4 port) on the spokes over the different links. Voice goes over satellite, mail and some other over the dsl link, and core apps over the leased line.
In case of link failure, traffic is re-routed over the other links.
Cisco wiki has an interesting article about PfR.
On a side note, if you are going to go the 3G way, pay attention to the providers you are choosing as the 3G Node-Bs are not going to have a lot of bandwidth (just a few E1s usually) and you may not get the expected bandwidth. Pick different service providers, and not from one who is reselling another's service.
I think I understand what you're asking for. I've been very happy with the Elfiq line of multi-WAN load balancers. In my current application, I'm balancing MPLS, fixed-wireless, T1, DSL and 3G USB at one location. The 3G support is good and well-documented. This setup handle inbound and outbound load balancing.
The Elfiq sits in front of a Cisco ASA firewall and is transparent to my L2L VPN connections.
Management console
Load-balancing algorithm selection
Well, this is advanced kind of hardware, as it also runs VPN. Why not build yourself one? Just drop OpenVPN on Linux, setup load balancing with iproute, add firewall rules, maybe some Snort IPS, SELinux for security, proper server with redundant memory and CPUs, dual power supplies, low power Xeons, SSD drives and some good WAN cards. It would do everything including port forwarding, connection tracking, proxy, smtp virus scanning, whatever is needed. You can buy server machine for £400 from e.g. IBM plus the WAN card. I did this for few projects and worked very well, I had only to tune connection tracking hash table size to be bigger to handle dozens of thousands of connections. But these projects actually required also some sort of specialized software to be run on it, so that's why I went with Centos machine and real-time kernel to guarantee some processes priority in user-space packet forwarding. Such server comes with two NICs, and you have PCIe port, RAID-1 for SSDs etc. This would even run another vm machine, with e.g. full office, domain controller and exchange. You can make them in HA mode and have routing and office automation fully done just on these. All you need to make sure that the extra WAN card is stable and working well with e.g. Centos 6 and if not, you need to make a script which checks it out, and handles fault gracefully. This way you can achieve success in case of some dodgy WAN stuff.
A friend has bonded a Virgin Media cable and ADSL lines (seamlessly), apparently they use OSPF and some kit in Telehouse, I don't know much more than that unfortunately!