Solved Samba, LACP & WireGuard. Question.

[DJones]

I’ve been brainstorming the past few days about how to make Samba which is a single session single tcp connection able to be split across 2-4 LACP layer 3+4 links. I’m quite aware of samba and LACP’s drawbacks when not using RDMA or server side multi-channel connections (RSS). Load balancing with LACP over multiple NIC’s with samba isn’t really possible unless it coming from multiple users. Faster NIC’s is always the best answer, but under constraints you have to think harder.



So I need an opinion before I waste some time. What about using WireGuard locally within your network not routing it to the internet. Encapsulating the tcp connection using a udp VPN tunnel might allow the tcp packets to be spread between all available NIC within the bond. Since the router just see this as udp packets.



Maybe I’m grasping or would WireGuard act the same as sambas single session single connection. LACP is really meant for switch to switch load-balancing/failover of many connections. So I’m thinking I’m sol.



Thoughts?

 

[ZebMcKayhan]

Encapsulating the tcp connection using a udp VPN tunnel might allow the tcp packets to be spread between all available NIC within the bond. Since the router just see this as udp packets.

Wireguard won't allow you to add overlapping AllowedIPs, or atleast it will be prioritized according to specificity. If this was what you try to achieve. Or maybe I misunderstand?

 

[ColinTaylor]

I think the question was "Will WireGuard traffic between two devices over bonded layer 3+4 links use one physical link or two"? Even though the WireGuard traffic is UDP I'm guessing WireGuard is still single stream and therefore will only use one link.

 

[sfx2000]

I'm guessing WireGuard is still single stream and therefore will only use one link.

Has to be because of the encryption...

 

[DJones]

I think the question was "Will WireGuard traffic between two devices over bonded layer 3+4 links use one physical link or two"? Even though the WireGuard traffic is UDP I'm guessing WireGuard is still single stream and therefore will only use one link.

That what I was trying to figure out before diving too deep into attempting to see if Wireguard is a single stream or not. I was hoping to gain throughput at maybe the cost of extra latency. I've scraped the idea thus far and opted to purchase a better 3.2 USB PCIE card for the 5G USB Ethernet adapter on my server. My constriction was that I only have 1 PCIE slot on this servers motherboard it's a older server. I could opt for a better PCIE Ethernet card, but that limits me to the built in USB 2.0 ports. Has 2 Sata so two built in drives, and I use a external bay for a additional 4 drives. This server primarily is used as a NAS.

The USB 3.2 PCIE card was Dead on arrival so I'm using a 3.1 USB PCIE card, and going to pray it works without dropping any connections with the external drives and a external 5G USB Ethernet adapter.

Server has 6 front 1000M Ethernet ports so LACP was my grasping at better speeds.

 

[DJones]

In the event my usb port, drives, and usb Ethernet drop without remounting the usb pcie card then I've used this script with a cron job to check for a ping to my router each hour, and reboot the server should ping fail. This will probably cause the server to reboot if the router reboots daily. But I'm fine with that as well. Modifying ping -cX # X being the number of pings tested increasing this to a large number could outweigh the amount of time it takes for the router to reboot preventing an unintended reboot -c300 is about 5 mins. Or offset the daily router reboot any time past the hour mark that the cron runs.

#!/bin/sh

ping -c5 x.x.x.x #router-ip

if [ $? -eq 0 ]; then
    echo "ok"
else
    reboot
fi