Hello All, from Ottawa, Ontario, Canada!
Does anyone know if routing and networking protocols, and by extension an actual ‘router’, that allows one to assign one ISP’s services to incoming, and another’s ISP’s services for outgoing communications?
Cheers!
Bill
If I understand your question, this is not difficult with a dual WAN router. Something like this: [Wireless Router] Dual WAN introduction and setup - Failover and Load Balance | Official Support | ASUS Global
That doesn’t seem to match how I understood the question. I interpreted that he wants each WAN to essentially be unidirectional: all outgoing via one WAN and all incoming via the other. This dual-WAN configuration you linked segregates traffic to two WANs by other criteria, and incoming responses would come in via the same WAN connection that sent what’s being responded to.
To the OP:
Because of how TCP/IP addressing works, this isn’t a simple thing to do, and it’s got a good chance of getting you cut off from your connection altogether. Here’s why.
(Standard caveat that I may have inadvertently misstated things or gotten something wrong here. My apologies if this is the case. This is all based on my own background with TCP/IP networking, knowledge I haven’t had to use professionally for a number of years now.)
All nodes on the Internet have unique IP addresses, unless they are behind a NAT (Network Address Translation) router and using private LAN address space (such as the 192.168.X.X addresses most of us will see on our home devices). The LAN addresses are irrelevant to this question; what matters is that the addresses that are exposed to the actual Internet are unique.
All packets are tagged with the IP address from which they originate. This is how the recipient knows where to send the response packet(s). NAT and VPN routers can hide originating IP addresses from recipients by indicating themselves as being the originating source, but those devices still have to know where to forward response packets and so retain the actual originating addresses while communication is taking place. The outgoing packets are always tagged with an IP that they were sent via.
To use two different WANs (i.e. two different ISPs), the interface to each WAN will have a different IP address from the other. This is because each ISP has their own assigned IP address space from which to assign addresses to individual users’ routers. If they could assign the same address to a router as another ISP, you would get IP collisions, and no other nodes will be able to reliably communicate with that router.
So you would need some way of having the packets going out via the outgoing IP address be tagged as originating from the incoming IP address, despite not having actually passed through that node—which is IP spoofing, generally regarded as a fraudulent practice that can get you blocked by your ISP—or a third-party service outside your home network to intercept packets destined for your outgoing IP address and reroute them to your incoming IP address—which is also generally regarded as a form of spoofing.
Ultimately, the question that needs answered here is, for what purpose do you want to segregate traffic in this manner? If it’s a matter of speed, an ISP with better outgoing (upstream) bandwidth than another will usually also have better, or at least comparably similar, incoming (downstream) bandwidth. Since pretty much every connection technology provided equal or better bandwidth for downstream compared to upstream, you are unlikely to gain much bandwidth by segregating outgoing from incoming traffic. It’s all going to be sharing the same bidirectional channels within your home network anyway, and that’s where most bandwidth bottlenecks occur (unless your ISP doesn’t provide a broadband-quality connection, in which case you wouldn’t want to use them for either side of this compared to one that does provide true broadband).
So knowing the “why” would help us determine whether there is something available that would suit your needs without getting you blacklisted.
I’ve actually been looking into multi-WAN routers myself recently. You’re of course right that this is normally difficult to do unless you’ve got multiple connections to the same ISP, and in general this seems like an unusual arrangement. However, if you did want to use different ISPs the way to do it, Peplink-style, is to create a bonded connection to a VPN endpoint, which would then decapsulate and re-encapsulate the traffic over multiple physical lines whilst maintaining a single logical IP address at the VPN provider. Naturally I expect you’re aware that most home customers could never hope to use BGP directly, but this is the next best alternative. I am, myself, looking into getting a cellular backup over a bonded interface, and this sort of arrangement looks to be the way to do it, if my primary (cable) connection goes down. In the end though, I expect common sense will prevail and I’ll simply use a single slow cellular link, and many people are now doing this.
I had no idea what “BGP” is. I found this (and a bunch more) at Cloudfare:
Border Gateway Protocol (BGP) is the routing protocol for the Internet. Much like the post office processing mail, BGP picks the most efficient routes for delivering Internet traffic.
https://www.cloudflare.com/learning/security/glossary/what-is-bgp/
It can be done, but not with cheap routers. And it can be tricky to set up.
The Internet itself is designed around “multi-homing”. most big networks have multiple connections to other networks (whether to ISPs or to other businesses that they choose to peer with). The BGP protocol is used worldwide to manage the dynamic network-network connections that comprise the Internet.
So one thing you could do (and I don’t recommend it, because it’s not easy to do if you’re not an IT/networking expert) is lease a static IP address block from an official registrar (not coming from one ISP’s address space) run BGP on your gateway router, advertising your network as being reachable via all of your upstream networks (various ISPs). You probably won’t be able to get IPv4 address space, but you should be able to get IPv6 space, since there is no shortage of IPv6 addresses.
But again, this kind of multi-homing is going to be overkill for most people, including small businesses.
Another option is to get a so-called “dual WAN” router, as @dsh1705 wrote. These let you connect to two upstream networks (e.g. cable/dsl/fiber modems from two service providers) and configure them as load balancing or active/standby operation.
In the load balancing mode, your outbound network connections will be directed to one or other other link. This will be on a per-connection (TCP session, mostly) basis. It will not attempt to distribute one session’s packets across multiple links because that would break the TCP protocol in many ways, creating outages.
In the active/standby mode, all your traffic will flow over the primary link until it fails, then all traffic will flow over the standby link. When the primary comes back up, the router might immediately switch back, or it might stay on the secondary until it fails (you should be able to select one or the other). One common use for this is to get a cellular modem to act as backup - you won’t want to use it when the primary network is operating, but this will keep you on-line (probably at reduced bandwidth and higher cost) when the primary fails.
But WRT the original question, using one for incoming and one for outgoing, that’s not a typical configuration.
If you have two active connections at once (e.g. the BGP method or a dual WAN router in the load-balance configuration), your network will receive packets sent to your network on either interface (via your own addresses if you use the BGP method or via your ISPs’ assigned addresses if you use the dual WAN router), assuming your firewall configuration doesn’t block them. And you can (or at least should be able to) configure priorities to favor one link over the other for your own outbound connections.
But this is going to be on a per-connection (e.g. TCP session) basis. You absolutely can not do it on a per-packet basis (e.g. receive everything on one link, send everything on another) because doing that will break the TCP protocol, resulting in either dropped packets (lost connections) or out-of-order packet delivery, resulting in massive slowdowns (because TCP will assume this is due to network congestion and slow itself in response).
Consumer satellite Internet access sometimes offer this behavior (outbound packets going over a dial-up or DSL line, and inbound packets arriving over the satellite), but that’s a special case because a single network (run by the satellite provider) is managing the other end of both connections, so everything can be synchronized properly in that situation.
I’m not sure how much of this will help, but I hope it does.
Hello All!
Many thanks for your all replies to my question about setting up two Internet connections, using one for upstream, and the other for downstream.
Wow, you folks are wonderful!
I’m always amazed by the breadth and depth of knowledge on this TidBits mail-list!
Not wanting to break my TCP, I’ll refrain from this endeavor.
Your insights have saved me from wasting time and money on such an undertaking, at least, in an inexpensive manner.
Again, thank you, all!
Bill