Colin’s IT, Security and Working Life blog

April 12, 2011

Load Balancing VPN connections over multiple ADSL lines.

Filed under: Uncategorized — chaplic @ 12:03 pm

Here’s the scenario: You have a site that has local servers, and for reason outside your control, you cannot get a decent MPLS link in quickly, or similar.

However, you can get a number of ADSL connections in quickly, and users can use their corporate VPN client to reach head office.

But how to balance users across the ADSL lines? You could subnet the network and have each ADSL router as the default gateway. But that’s a lot of network change. You could also use my little technique described below.

The VBScript will read an XML file, throw a dice, and setup some static routes randomly based on the XML file. The static routes will refer to the IP addresses of your VPN endpoints.

The program then drops to shell to use a ROUTE ADD command – note it doesn’t set it permanently. Thus, the program should be set to run via a login script, or similar. Users will need to be a member of  the “Network Configuration Operators” Group.

 

The syntax of the XML is as shown:

<routerandom>
<rtr>
<gateway>IP.OF.FIRST.ADSL</gateway>
<route>ROUTE.OF.VPN.ENDPOINT1 MASK 255.255.255.255</route>
<route>ROUTE.OF.VPN.ENDPOINT2 MASK 255.255.255.255</route>
</rtr>
<rtr>
<route> IP.OF.2ND.ADSL MASK 255.255.255.255</route>
<route>ROUTE.OF.VPN.ENDPOINT1 MASK 255.255.255.255</route>
<route>ROUTE.OF.VPN.ENDPOINT2 MASK 255.255.255.255</route>
<gateway>IP.OF.2ND.ADSL</gateway>
</rtr>
</routerandom>

The tool is quite flexible and reliable. Unfortunately, it’s not as fault-tolerant as I would like,  because (certainly with the cisco VPN client), the software doesn’t fail over to the next-lowest-cost route if an ADSL router fails. So, if an ADSL router dies, the only option is to remove it from the XML file.

 

Code is here, forgive me for it being inside a word doc. RouteRandom.vbs

Blog at WordPress.com.