Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Combining / aggregating internet speed on a TZ600 or TZ670

boeboe Newbie ✭
edited July 2022 in Mid Range Firewalls

Hello,


I have a number of clients with a fiber and cable failover. I've set them up for failover previously. I heard talk about aggregation or SD-WAN functionality but know very little about it. If the ISPs e.g. ATT for fiber and Comcast for cable are not aware of eachother and I don't want them to do any sd-wan modifications - can I just somehow combine the speeds e.g. 100x100 and 500x35 to get closer to 600x135?

If you've actually done this please feel free to tell me about your experience. I prefer not to get the ISPs involved or use any 3rd party sd-wan solution. It sounds like it might be possible from what I've read but I don't want to assume anything as the SD-WAN and link aggregation side of the sonicwall is new to me.


Thanks

Category: Mid Range Firewalls
Reply

Best Answers

  • CORRECT ANSWER
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭
    Answer ✓

    Are you talking about aggregating VPN or general internet traffic?

    SD-WAN really applies to VPN, not internet access.

    Failover & LB features in SonicOS for WAN aggregation have been stable and usable since SonicOS 4.

    Set the expected throughput on the WAN interfaces and add them to Failover & LB groups as appropriate. Pick a strategy, you probably want Ratio if you have unequal WANs. You probably want to tick "Source and Destination IP Address binding".

    I don't actually know how it handles asymmetric connections because you cannot choose different ratios for up and down, but it seems to work well enough so I haven't dug into it further.

  • CORRECT ANSWER
    BWCBWC Cybersecurity Overlord ✭✭✭
    Answer ✓

    @boe long story short, you cannot aggregate, this would be packet based load balancing which needs to be addresses by a router in front of the SNWL connecting to a common endpoint (ISP, Bonding Provider). The Load Balancing on a SNWL is session based, therefor you'll always end up in the maximum speed of a single link.

    Viprinet is a provider for these kind of solutions over here, don't know what other markets they operate on.

    --Michael@BWC

  • CORRECT ANSWER
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭
    Answer ✓

    Well, Failover & LB is combining the ISP bandwidth and it offers different strategies to do this as appropriate, so you're already doing this.

    You won't be able to achieve the throughput sum of all the WAN links with a single flow unless you do per-packet LB but like BWC says this needs co-operation with the ISP [or some other solution that combines it on site then sends it out of a DC somewhere], and doing packet-based load balancing on dissimilar WAN links almost always leads to odd performance issues and disappointment.

    But it doesn't really matter that you can only do flow-based aggregation, because as soon as you have more than a few users then you will have plenty of flows that can be balanced across the links and in the end, the link utilisation will tend towards the chosen ratios if you have enough flows for it to balance.

Answers

  • boeboe Newbie ✭

    THanks -


    I'm talking about combining the two for more speed wherever possible.


    I've been using failover and LB for a long time but I'd like to look into combining the ISP bandwidth if possible.

  • boeboe Newbie ✭

    Thanks for your help in educating me. I appreciate it.

  • boeboe Newbie ✭

    I should ask so I know more, why does the sonicwall have an SD WAN section if the isp router is doing all the work?


  • ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    To re-phrase what I said in my first post, Sonicwall SD-WAN is a thing you use between Sonicwall devices over VPNs. It's not relevant for aggregating internet connectivity. It's supposed to be a substitute for MPLS connectivity


    Sonicwall also have some Youtube videos about this as well, although I am not sure if they explain why you would use this rather than just how.

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    SD-WAN is not strictly for Sonicwall VPN connectivity. The link ARKWRIGHT provided actually highlights all of its features which shows it is not limited to 'substituting MPLS connectivity'... the top two features listed are Application-aware routing and Dynamic path selection based on Latency, jitter, and/or packet loss. While it is not aggregation, Sonicwalls SD-WAN features can provide the best connection experience across two or more links based on defined rules. One link over-saturated and causing slow O365 connectivity? SDWAN can route O365 traffic across a less-saturated link to provide a better experience.

    Unfortunately SD-WAN is a catch-all phrase that can mean different things from different vendors.

Sign In or Register to comment.