Currently I have bonded ADSL2+, with the ISP supplied modem bridged to my RouterOS box.

The DSL Sync speed is

42Mbit/s downstream
4.6Mbit/s upstream

Currently running routerOS 5.7RC7 Demo (l1) on an Alix 2D3 (X86 500mhz Geode, 128mb cf card 256mb ram)
Also doing IPv6 tunnelling via HE.net and have various Rules configured in the firewall including anti P2p/L7 rules (Mangle rule adds you to an address list with triggers another ruleset that blocks everything execpt http/https for 10mins)

The Alix is handling the throughput fine although I want to upgrade routerOS to L4 to use Radius and define some traffic shaping queues.

So the question I wanted to ask is do I licence X86 on an Alix (I've got another alix with a 2GB cf card in that currently has pfSense on it, if I was going to buy routerOS X86 i'd wipe that one and put it on there instead just to be sure I don't run out of space on the CF card)

Or would I be better off just buying a router board and if so which one?
Was looking at the 750/750G or 450 but not sure if they'd be powerful enough once I start adding Traffic queues, radius.etc

Off topic, but how did you bond the 2? adsl lines into one? Did the provider provide the configuration or was it only configured from your side only? Sorry to drop in.

My ISP offers a bonded service where they Bond 2 Adsl2+ lines using ATM layer bonding (G998.1 based I believe) the ISP provided router (Comtrend Nexuslink 5631) handles the DSL (including the bonding), and can be configured to act as an Ethernet > DSL bridge.

As since my ISP uses RFC1483/2684 bridged LLC all I have to do is configure my Assigned IP's on the "WAN" interface on RouterOS, as far as routerOS is concerned it has a set of routed IP's configured on an Ethernet interface, it knows nothing of the DSL or it's bonding.

I have in the past played around with MLPPP based bonding on another ISP using an RB750 (Sadly I killed my original RB750 and no longer have it.) and a pair of netgear DG834x routers configured as bridges. I found that RouterOS seemed to have some issues around MLPPP in that if the 2nd line dropped out you'd get terrible packetloss rendering the connection unusable (The PPP session didn't drop ).

I suspect the RB wasn't able to see that the 2nd line had dropped, as the physical ethernet interface between itself and the DSL modem would have still be up I assume the LCP echos were still coming through on the other line or something (Don't know enough about PPP to be able to speculate in any more detail than that). <- That was a year or so ago though so it may work better now.

I believe if the ISP didn't support it you could probably VPN off to somewhere with sufficient bandwidth to handle the aggregates throughput and then do the bonding at the VPN concentrator, I suspect it may be possible with 2 routerOS boxes but have never actually tried it. This option would probably have the highest amount of overheads however.

1) I would recommand to use Routerboard hardware, because Router OS is not garanteed to work flawlessly on other hardware. Even on Routerboard, the story show that ennoying bugs can survive quite a long time before correction. (see the IPv6 advertisements problems).

2) I would not recommand to use bonding with tunnels. Firstly because MTU will be lowered, and second because packets will not arrive in the right order, causing TCP slowdowns.

Even if it can works, Linux Bonding has not been designed for this. It has been designed clearly for LAN use between switches or servers.

Wan bonding should be better at ATM level or eventually MLPPP level if the client is well implemented and compatible with the server implementation.

There is no opensource server MLPPP implementation directly compilable for Linux; i think that partialy for this reason, Router OS can't do server MLPPP. And for this reason as well, MLPPP is not a widely tested and strong solution.

Except if you have a provider who bought the expensive router option to do it ; MLPPP it's not easy to get in the field.

In our country (FRANCE), there are only two providers (France Telecom and SFR) owning 99% of the country ADSL architecture; they have old ATM networks and they deliver through L2TP to tiers 3 providers so it's not possible to have MLPPP neither IPoA, MER, ATM bonding and other advanced things because all tiers 3 providers depends from them.

It's even not possible to have ADSL2+ annex M, neither EFM links, and we are still waiting for a promised global FTTH network but still not began to deploy.

The better we can have in France for ADSL links is IPoA (IP over ATM) with the provider FREE but only for home users.

Here ADSL PPPoE (or PPPoA if you have a modem router or an ATM Forum link between the modem and the router) is the only option, except if you are in a rare location where another provider has some fully degrouped (private) DSLAMs.

With SDSL links, it's easier to have bonding, because the two main providers do allow you to get trafic delivered through ATM to other tiers 3 providers so they can do the bonding at ATM level, and configure an ATM router for your site. SDSL modems have an E1 port, so you can get ATM from them to connect to a router.

1) Shame really as I already own about 3 Alix 2D3's

Is there a specific RB that's best to get?

2) MLPPP on the RB750 did work (Think it was a Cisco RAS at the other end) apart from the aforementioned issue when one of the lines dropped sync, throughput was fine when it worked, which was most of the time (My lines didn't re-sync very often), It was fairly trivial to fix it when it went wrong, simply dropping the PPP sessions and restarting it would fix it.

3) Re: the Tunnelled bonding, I suppose it depends if the Lowered MTU and out of order packets causes enough of a problem to cause a significant degradation of service. I know someone who did OVPN based bonding of 2x 3.5Mbit/s using zeroshell and it worked reasonably well I think when all the overheads were taken into account he got around 7.2Mbit/s or so.

Tried the same thing with my lines and found I couldn't hit more than 10Mbit -15Mbit/s throughput, although I'm not sure whether it was a lack of CPU power at one of the endpoints, timing issues or just lack of bandwidth. (The other end was a VM running on vmware on a server supposedly connected to a 100Mbit/s port)

I might try to setup some tunnel based bonding with routerOS even if it ends up being for no other reason than just to see if I can do it and to see how well it works (or doesn't work as may be the case)

Thanx for the info! I wil have to look at the mlppp option.

Ethernet Tunnel Bonding can work but it depends largely from :

- type of trafic (UDP can flow easier than TCP) - out of order packets problem

- if the two links have exactly the same speed it works better (never the case with ADSL links)

I tried tunnel bonding, failover or balanced mode, but finally it was not usable in the field (because of lack of monitoring tools, Router OS does not have SNMP OIDs or script tools to monitor and manage tunnels in Bonding mode) and complex to setup.

I ended up using PPTP tunnels with static or dynamic routing. It does allow to keep a 1500 MTU thanks to the MRRU option.

The key advantage of tunnel bonding is that you can get very fast switching in failover mode, if you choose ARP link monitoring with a fast rate.

Tunnel bonding in failover mode does allow to keep a VoIP call online almost without noticeable audio dropout during a link failure.

I studied this in the field during two monthes before i decided to not use it because of complexity, ethernet tunnel overhead, unavailable tunnel monitoring and MTU problems.

For professional bonding results, i think it's better to use ATM inverse mux, or recent IP technologies like GMPLS. But unfortunately this need expensive hardware and provider support...

Here in Greece most providers don't know the difference between pppoa and pppoe(In one case I asked for SIP server passwords and ips and they faxed me the web password for their online customer care). So I am looking for a way (if possible) to bond 2 adsl lines with minimal or, better yet, no configuration from the provider side. As far as I have searched, that is impossible.

Here in Greece most providers don't know the difference between pppoa and pppoe(In one case I asked for SIP server passwords and ips and they faxed me the web password for their online customer care). So I am looking for a way (if possible) to bond 2 adsl lines with minimal or, better yet, no configuration from the provider side. As far as I have searched, that is impossible.

You can't do a true bonding.

But you have two other choices :

Do a pseudo bonding, using a rent server somewhere in a Datacenter. You will end your Bonding tunnels here and NAT your final machine here. This work. I tried it.
This is far less than ideal... The link between your provider, this server, and Internet needs to be rock solid or you will get no benefit at all.
In this case, you'll need to NAT your LAN machine address to the address of your Datacenter server.

Quite complicated setup.. Nevertheless can be fun to try.


The other simpler solution is to use load balancing. But it is not true bonding. Targets do see two differents source IP adresses, it works only with some friendly protocols. It never work for VoIP or HTTPS except if you lock each connection to a single link using connection tracking (can be done inside Router OS).

Whilst this is a nice discussion about bonding.etc and I'm quite happy to continue on with it can we get back to the original question for a moment?

Which was actually about what would be best suited to doing ~40Mbit/s throuhput and will be able to handle radius.etc

Don't really want to spend any more than I have to as this is for my home network, main reason for upgrading is to get Radius support becuase my housemates tend to give out the WPA-PSK (Although there's not really a need to thesedays since I recently added unsecured public AP)

A 450G will do just fine what you're trying to do. A 750G would as well, but I personally am ALWAYS willing to spend more to get more RAM - no one ever complains about having too much memory available - and a physical console port for when I inevitably screw things up to the point that I need that. I also like buying RouterBOARDs simply because I like buying an entire stack from a vendor as it more or less guarantees compatibility for the next couple of years.

That said, the Alix board should also work just peachy and will save you $55 over list price.

It's a question of preference. Are you looking for insurance that it'll continue to work with OS upgrades, or to save money.

A 450G will do just fine what you're trying to do. I also like buying RouterBOARDs simply because I like buying an entire stack from a vendor as it more or less guarantees compatibility for the next couple of years.
That said, the Alix board should also work just peachy and will save you $55 over list price.

And I have a couple of spares

How are you booting the Alix boards? Licenses are tied to the media they are installed on. If you can't swap the drive to a different board you cannot use that board as a spare. Edit: saw you use a CF card. CF card failure still kills you.

Edited my previous post some, by the way.

How are you booting the Alix boards? Licenses are tied to the media they are installed on. If you can't swap the drive to a different board you cannot use that board as a spare. Edit: saw you use a CF card. CF card failure still kills you.

Edited my previous post some, by the way.

I would hope that Mikrotik realise that drives to fail and accept that as a valid reason for asking for a replacement key

The Flash on a routerboard could die in much the same way as a CF card could die.

http://wiki.mikrotik.com/wiki/Manual:Al ... cement_Key

It is a special key which is issued by the Support Team if you accidently lose the license, and the Mikrotik Support decides that it is not directly your fault. It costs 10$ and has the same features as the key that you lose. Note that before issuing such key, the Mikrotik Support can ask you to prove that the old drive is failed, in some cases this means sending us the dead drive.

So yes, they will replace, but may ask for you to send in the drive, and probably won't treat it as a priority issue. What I meant is that you can't just have a spare board sitting there to copy and paste a license into and it'll be up 5 minutes after you need it.

http://wiki.mikrotik.com/wiki/Manual:Al ... cement_Key

It is a special key which is issued by the Support Team if you accidently lose the license, and the Mikrotik Support decides that it is not directly your fault. It costs 10$ and has the same features as the key that you lose. Note that before issuing such key, the Mikrotik Support can ask you to prove that the old drive is failed, in some cases this means sending us the dead drive.

So yes, they will replace, but may ask for you to send in the drive, and probably won't treat it as a priority issue. What I meant is that you can't just have a spare board sitting there to copy and paste a license into and it'll be up 5 minutes after you need it.

Could run the Demo edition for the core features temporarily or plug-in some other router to get my internet connection back up, worst case is I get moaned at because someone can't get on Facebook for a little while.

Having a RB won't help in that scenario anyway as unless I had several of them i'd still be stuffed it failed.

Ended up buying a Licence for L4 X86

I think it was partly due to "I want it now" syndrome.