From what I have understood, PCC is a method to mathematically extract a marker from a combination of parameters (addresses and ports, src-dst) and use this marked packed to be routed over a specific WAN connection.
The problems begin when a specific protocol (i.e. https) requires a tigth port/address association between sent and received packet (thus a src_address PCC is required)
Most of us use PCC for load balancing between more WAN connections (and many , me included, think to use PCC to SUM the available bandwidth of all WAN connections, but perhaps, we are wrong)
Said so, reading from wiki is stated :
src-address: The source address of a client will always be the same, so all traffic from a particular client will always match the same PCC matcher, and will always be put on the same link.
So , using src-address, for a single client on LAN there will be no way to use more than one link for internet traffic
Also for a number of clients (ip addresses) is possible that a great number of them will use a link and few of them use another link and in the worst case none will be matched by PCC to use a particular link.
To minimize worst szenario use more fileds from header to get higher variation of the hash value.
Other possible load balancing strategy are
NTH, Bandtwidth Based
to SUM Bandwidth you need either support from your ISP for Bonding Protocol or an external Router / VM in a DataCenter to confgiure bonding with tunnels.
Thanks for reply
I supposed that…unfortunately no bonding possibilities are offered by ISP
But…I’m asking myself how can I accomplish this (and yes it’s ok) with systems like PfSense or pieces of hardware like Lancom routers (you’ll know as they’re german).
It seems no breaking issues are present in multiple wan sharing with those devices…
A thought…can I insert an ACCEPT rule in mangle before all the rules to deliver traffic TO https port directly to a single wan without being marked ? should it work ??
I use PCC and it works very well, even with HTTPS. Very few sites have a problem with it, assuming that you have two matching WANs. For the few sites that have issues, I simply add their IPs to an address list, and route them through a single WAN. The times that PCC has NOT worked well, is when I’ve tried it with two different ISP’s and two different WAN types. (i.e. 50x5 Cable & 2x.5 DSL)
I use only Mikroikt Routers to accomplish that. Currently i bond 4 DSL Lines. First you need an external Point as Gateway which able to provide your expected maximal Bandwitdh. Therfore I installed a Mikrotik Router in a Datacenter which provide Colocation.
Next you connect tunnels thru your different ISP Lines to that Gateway. Than configure / route all internet traffic thru the gateway and spread the traffic over the ISP tunnels.
Unfortunately I can work only “at my home” , not ISP or datacenter, so I’ll go for using PCC the best way it can offer…
Any user reading here can suggest me a practical example on how to bypass the PCC load balancing mechanism for the only HTTPS traffic ?? (which firewall rule and where to place it)