Help with this issue for a client (one ISP for up, and one for down)

clwolf · ‎02-01-2019

Hi.

I have a unique issue with a client. They want for normal days (First part)

1 ISP that is used for upload only (Wan1)

1 ISP that is used for download only (Wan2)

Best method to set this up?

Then, on streaming days they want to switch it to (second part)

WAN 1 dedicated to up/down for two IPs (streaming devices...can be MAC address as well)

WAN 2 dedicated to up/down for all else.

if this can be a manual schedule we set up. great.

Thoughts? I know how to do the second part, but not have it change easily to the first part. I am not sure how to setup the first part.

Thanks,

CL

lobstercreed · ‎02-01-2019

Off the top of my head there is a glaring flaw in their first requirement: all traffic, whether upload or download, is initiated by the client (internally), right? So there is no way to distinguish between the two unless there are particular hosts or applications that are used for "upload" vs "download".

Or is the "upload" traffic actually coming from other users on the Internet accessing their files? Like on an FTP server or something?

If it's the way I assumed, then I don't really think you can do this, period. *Maybe* if you break NAT, but then you'd basically be spoofing the IP address of ISP 2 out the ISP 1 interface and they'd probably get pretty mad about that. Are you doing BGP or anything, or just NAT-ing using the two wan interface IPs?

clwolf · ‎02-01-2019

Understood. I couldn't figure out a way to say if it was upload or download from the client side, and wanted to make sure I wasn't missing anything.

They are simply doing two wan interfaces that are NATed. NO BGP. I think just enabling SD-WAN for them, and then force the two streaming devices to only use WAN2 via a policy route is the best I can do.

lobstercreed · ‎02-01-2019

Sounds right, although there would need to be some manual tweaking on "streaming days", right? Just because you force the streaming devices out one WAN doesn't mean the other devices won't use it according the SD-WAN load balancing then too unless you manually tweak the balance on those days. Probably need some traffic shaping on top of this...

clwolf · ‎02-01-2019

Yes, my guess is I would have to change the the weight to 100 and 0 for the other devices so they essentially use WAN2 only. We shall see what the client thinks. Before they had WAN2 I had traffic shaping for the streaming devices for guaranteed bandwidth.

just an fyi.

WAN 1 = Fiber, 50M x 50M

WAN 2 = Cable, 200M x 10M

Thanks

lobstercreed · ‎02-01-2019

Hmm, I certainly see why they want the upload to go out WAN 1, ha. Are there particular applications or users that do a lot of uploading? Like is it always FTP, or could it be OneDrive/GoogleDrive sync (over HTTPS), etc?

clwolf · ‎02-01-2019

hmm, I see where you are going. All users, but I believe they upload strictly through Box over HTTPS. They are a media production company, so they have very large files.

lobstercreed · ‎02-01-2019

If you're on new enough code (I think 5.6 or later) you could try using the Box-Web Internet service definition in your SD-WAN rules and tell it to go out only the wan 1 interface for that type of traffic. (I thought you could do that with policy route, but it appears not.)

clwolf · ‎02-04-2019

They are on 5.6. I was even thinking they should go to 6.

clwolf · ‎02-15-2019

Think this does any good?