StoneBlog.stonesoft.com

StoneGate FW/VPN and SMC 5.3 provide a couple of nice enhancements related to StoneGate’s unique Multi-Link feature.

Continue reading »

written by Tero Jantunen - 1,067 views \\ tags: 5.3, Aggregation, Feature Previews, multilink, QoS, Throughput, traffic balancing, VoIP, VPN

Hello,

I’ve been on your main site looking for something to use as a bit of a sales tool to demonstrate how straightforward it is to set-up multi-homing using Multi-Link.  Can’t find anything.

Do you have anything I can point my customers to which is similar to Cisco’s explanation here of how to configure BGP for multi-homing?

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a008009456d.shtml

written by gizago - 2,221 views \\ tags: bgp, multi-homing, multilink, MultiLink VPN

Seems like there is an undocumented setting in SMC regarding the Netlinks. You’ll see them when you right-click any Netlink on the Status view and select Netlink state. A new drop-down menu opens with three choises:

1. always enabled 2.always disabled and 3. reset to auto

By default, the state selection setting is “auto”. With this setting, netlink works normally meaning that netlink status probing is taken into account.

1. always enabled

When setting is “always enabled”, netlink remains in active state even if the status probing fails. In other words, it remains active/enabled even if probing shows it to be down. This can be used in situation where netlink status probing doesn’t work reliably. For example if you know that netlink is up and working but probing shows status to be down, setting netlink state to “always enabled” will allow using this netlink as well.

2. Always disabled

Well, this quite clear. When this setting is on the particular netlink is always in inactive/disabled state and doesn’t process traffic.

3. Reset to auto

Last option “reset to auto” can be used to change this setting in engine back to default auto setting if it was previously set to “always enabled” or “always disabled”.

written by Emalias - 2,326 views \\ tags: multilink, Netlinks, state

Some details about StoneGate MultiLink VPN and Load Balancing.

Goal is to explain a bit how it works to avoid false expectations.

Link selection is done per packet.
This means that single tcp/udp connection can change link during it’s lifetime.
This provides transparent connection failover of links when using Multi-Link VPN, but this does not mean that consecutive packets would be intelligently routed over different links in order to provide increased bandwidth.

Results, especially on multiple connections, is a de facto aggregation of multiple links performances with transparent failover (the latter is not possible with MultiLink ISP).

For example: there is a customer who has two sites (Site A and Site B) and there is a 1 Mbps connection between them. When the customer put StoneGate Multi-Link VPN there and added another 1Mbps ISP connection, the performance did not double to 2Mbps when it was tested. Why is that?

Because,

1. StoneGate Multi-Link VPN does provide load balancing based on host pairs. This customer had only one host on both sites and these hosts were changing messages between each other.
2. From StoneGate’s point of view this is one connection and this one connection is using the fastest ISP link. All connections between these two hosts will be using same ISP link. StoneGate cannot split one connection between several ISP links. That is why customer got 1Mbps performance instead of 2Mpbs.
3. This is a special case, because normally customers would have several hosts that are connected through Multilink VPN connection. Then StoneGate will and can load balance each host pair through different ISPs. Then customer would get on the average near 2Mpbs capacity as total capacity between sites.
4. You should remember that each separate VPN tunnel in this case has maximum speed of 1Mbps (because each ISP link had 1Mbps speed). But if you look at total capacity between the Site A and Site B then it would be 2 Mbps.
5. In laymen terms maximum speed stays at 1Mpbs when you add another ISP and use StoneGate Multi-Link VPN, but capacity doubles.

Maybe a good analogy is highway where you have 70 miles per hour speed limit. If you add another lane to highway then the speed limit is same (70 miles per hour), but you will get twice as many cars there.

Roar!

written by RoarinPenguin - 1,593 views \\ tags: load balancing, multilink, VPN

hello, can someone explain the shortcomings of bonding and how it compares to stonesoft’s multilink please

written by gizago - 2,297 views \\ tags: bonding, multilink