Re-route packets using L7 classification and Dual-WAN

Lochnair · Jun 4, 2014, 5:53 PM

Right now we have a 2 Mbit / 300 Kbit ADSL connection which is not close to fast enough. So we found an offer from one of the local resellers of Tooway that can give us up to 20 Mbit / 6 Mbit. The problem is that it's a satellite connection meaning the latency will be very high. Though most applications will perform fine either way things like VoIP, online gaming, etc. is gonna suffer hard.

So after reading about policy based routing and Layer7 classification it seemed like a possibility to route applications like Skype through the ADSL connection using L7, but a post in this forum made this little dream of mine seem pretty impossible.

@jimp:

Not possible. The packets are already flowing upon a given path by the time L7 has a chance to classify the traffic. At that point it's impossible for it to re-route the connection since it's already established.

Is there any way that I can actually get this to work, or am I out of luck?

Thanks in advance,
Lochnair

jimp · Jun 4, 2014, 7:54 PM

You're out of luck. My previous message was accurate. It's not possible to make routing decisions based on L7 because the session is already established before it can be classified.

Lochnair · Jun 5, 2014, 2:50 PM

Dang it, that's what I expected, but still. Got another question though, I read about traffic shaping and how you can prioritize traffic, but how does that work when using Dual-WAN?

Edit: Yeah I knew it was accurate, but what I tried to ask if there was another way to re-route traffic when the ports change dynamically.
Edit 2: I read on Wikipedia on how connection establishment works, so if I understand correctly the that handshake is the reason this won't work?

jimp · Jun 9, 2014, 3:33 PM

You are correct about the handshake. The two hosts have already established a connection from IP#1 to IP#2. To re-route the connection would break that as your other WAN doesn't have the same IP address, but a different one. You cannot move an established TCP connection from one IP address to another.

It's a chicken-and-egg problem:

You can't decide the routing without classifying the traffic. You can't classify the traffic without seeing the payload traffic. You can't see the payload traffic without the connection being established first. And you can't switch an established connection between WANs.

So all you can do is choose to once the L7 shaper has identified the traffic is:
1. Put it into another QoS queue
2. Block it

Lochnair · Jun 9, 2014, 4:50 PM

3G/4G came up as an alternative to satellite recently using a good directional antenna, so that means response time isn't that much of a concern if it works out well. But for future reference I've come up with two possible solutions:

Route all traffic with ports over 1024 through ADSL
Route all UDP traffic with ports over 1024 through ADSL

In addition possibly find applications that doesn't require low response time and route them specifically over satellite.
On another hand UDP is a connectionless protocol, shouldn't L7 work fine then? Because the applications we're using that requires low response time uses UDP.