Multi-channel bundling of VPN routers challenges broadband

Now there are still a lot of VPN Router applications, and the market demand is also very high, so I studied the VPN Router's questions about VPN multi-channel bundling, here I will share with you, I hope it will be useful to you. VPN (Virtual Private Network) technology is of great help and considerable economic significance for large cross-regional enterprises to use ERP, MRP and other information management systems simultaneously, however, due to traffic restrictions, VPN Router technology is also facing a problem of "in short supply" of network bandwidth.

Many enterprises now use the ADSL Network access method. Due to technical limitations of the ADSL line, the uplink speed of a single line can only reach several hundred kb, if some enterprise information systems with a large data volume require two-way information flow and fast upload and download speeds, then a single ADSL may not work. Therefore, a technology that can not only change the original ADSL line, but also effectively improve the performance of the VPN Router system is eager to use multi-channel bundling, which is now very mature in China.

Benefits

Multi-line bundling technology not only helps users greatly increase bandwidth and network speed, but also enhances system stability and facilitates network operation and maintenance. Currently, most VPN Router systems use a line at the headquarters to handle data volumes from several or even dozens of branches and mobile users. Especially in asymmetric lines similar to ADSL, the uplink bandwidth is originally narrow, resulting in overwhelmed data volume at the headquarters. To solve the bandwidth imbalance problem, some enterprises have to apply for high-speed dedicated lines at their headquarters, which is costly. VPN routers support line binding in different ways. Users can apply for Multiple Dynamic IP addresses for ADSL Internet connections, or apply for ADSL and other broadband lines or even wireless connections. Through the multi-line Firewall/NAT module, multiple lines can also access the Internet, doubling the speed of accessing the Internet.

Another advantage of multi-line bundling is that if a single line is interrupted, the entire system will be paralyzed. The stability of the VPN Router system depends on the stability of the line itself. Through multi-line bundling technology, especially for lines in different ways, data can be seamlessly switched to other normal lines when any line fails, ensuring the continuous and reliable operation of the entire system. Excellent VPN routers further implement QOS Management for multiple Internet lines, and intelligently allocate loads based on bandwidth conditions of different lines to maximize bandwidth utilization.

Problem

On the surface, multi-line bundling seems to be an ideal technology, but there are still many difficulties to implement it. Data must be transmitted on multiple lines at the same time. How can we ensure that the same business data is still not affected when it is distributed to different lines? For example, when sending video data, there are too many Internet lines. at the receiving end, the Data Transmission sequence must be accurate and valid, and can be restored to the status before sending. Line interruption and recovery are also a problem that must be solved. Once a line fails, the data carried must be seamlessly switched to other lines without affecting the business. Similarly, after the line is restored, you must be able to establish a VPN tunnel on the new line and re-adjust the load balancing policy. Due to the diversity of Internet connection methods, users tend to apply for lines from different carriers to further enhance system stability, there will be different ways of Internet lines (such as ADSL, broadband, DDN, etc.) need to be able to bundle and stack bandwidth.

Combination

You can bind multiple lines on a VPN Router in multiple ways: Multiple ADSL lines, multiple optical fiber lines, and optical fiber lines. This bundle is a bandwidth addition bundle, rather than backing up lines. Some products have the following parameters: Multi-channel bundling is supported, and mutual backup is also supported ......" In fact, this sentence should be separated, because two ADSL lines cannot implement mutual backup when using the multi-channel binding mode, just as the Raid 1 backup cannot be implemented when two hard disks are accelerated using RAID 0.

From the perspective of actual application, after the two lines are bundled, the upstream and downstream traffic cannot reach the effect of 1 + 1 = 2. The same applies to more than 2 lines, the reason is roughly as follows: when each data packet is transmitted, it must first select one of the lines. The selection process is the scheduling and allocation process of the VPN Router, the VPN Router allocates each packet to a line according to certain conditions (this condition is usually not fixed) according to the preset algorithm. This process will occupy the processor resources of the VPN Router, it takes a certain amount of time. Of course, the time consumed is very short, but the time consumed by a large number of data packets is considerable. In addition, the processing capability of low-end VPN routers is still relatively limited, therefore, the consumption of such resources cannot be ignored. If you bind two 2 m lines and a 4 m line for comparison, you will find that the two 2 m lines bound will not be faster than the 4 m line, one important factor is the scheduling of data packets on the VPN Router, which delays the data forwarding time.

The size of the RAID0 array depends on the hard disk with a small size, because the data is read and written on both hard disks at the same time; there is a similar situation in the multi-channel bundling of VPN routers-if the bandwidth of the two lines is different, that is, a larger and a smaller one, the situation will be complicated. Because if the route still distributes data packets to two lines at a ratio of, it will cause the line with a large bandwidth to be sent when the bandwidth is small, therefore, a line with a large bandwidth needs to wait for a line with a small bandwidth, which will reduce the efficiency. Therefore, many VPN routers that support Asymmetric Multi-Channel bundling allow you to set the proportion of VPN Router scheduling allocation, for example, when you connect a 1 Mbit/s ADSL to a 2 Mbit/s ADSL, you can set this ratio to so that the bandwidth of the two lines can be fully utilized. Of course, because the ratio of data distribution is not perfect:, and the actual traffic of the two lines is not accurate:, broadband resources are still not fully utilized, therefore, the actual effect after the two ADSL lines are bound at 1 m and 2 m is still less than that of the 3 m line.

If the two lines are bundled, the bandwidth obtained during the download and upload operations is actually different, because when the two lines are uploaded, data is transmitted simultaneously, which can be understood as 1 + 1 = 2; however, when downloading, the other party does not know which line you have bound and cannot control the transmission of data packets, therefore, each time the packets from the other party are sent, one of the lines undertakes the receiving task. In this case, the effect of bundling two 1 M lines is about 1 M, that is, 1 + 1 = 1. Therefore, it is not correct to simply consider the multi-channel bundling as the superposition of bandwidth.

Security

When multiple lines are connected at the same time, the LAN also faces multiple channels connected to the Internet. This provides more opportunities for various network attacks and viruses. Therefore, many VPN routers are directly integrated with professional firewall functions, which not only supports bundling multiple lines of the Internet, it can also intelligently and dynamically allocate bandwidth to defend against attacks from multiple lines. Because many VPN routers have a very large network structure, the internal members' permissions are very complicated, therefore, some excellent VPN Router products can strictly and in detail limit accessible resources accessed by members to eliminate these security risks. For example, the Sinfor DLAN solution can set different access permissions for each user. For example, some users can only access the inventory system of the headquarters, but cannot access the financial system, different VPN users can set access permissions for different resources to avoid security risks caused by excessive VPN Router user permissions.