Hello,
I have Office1 with two WAN links.
Also i have vpn-tunnel to Office2.
Нow can i load-balance vpn-tunnel traffic over two WAN links?
set up one EoIP on each link, and use bonding.
If you then lose the link performance? I ask because fragmentation is? Because we need to let the VPN and EoIP tunnel an bonding everuthing?
A much better solution is to use ECMP load-balancing over the VPN links.
If you balance on L2 (using EoIP), you will get huge problems with out-of-order packet delivery, fragmentation, and a lot of other things.
Using ECMP also has its disadvantages (very similar to LACP), but overall, is a better solution.
How can i use ECMP with IPsec VPN-tunnel?
You cant use it with IPSec in tunnel node.
You need to manipulate the routing table, which IPSec tunnel mode policies do not use.
Use IPSec in transport mode with a different tunneling protocol (like GRE or L2TP), which will give you an interface, and you can do whatever you like using the routing then.
How ECMP checks the current link load before send the traffic to this link?
There is no load checking. ECMP simply routes each packet over one of the available gateways in a round-robin fashion.
There is a catch however - routing decisions are cached by the kernel, so actually, ECMP is more like per-connection balancing, over all available gateways for the particular ECMP route.
>>There is no load checking.
Per-connection balancing without load checking its not true load-balancing.
Which of these (http://wiki.mikrotik.com/wiki/Load_Balancing) balancing techniques can do load checking?