[DRBD-user] DRBD over VPN

Alex linux at vfemail.net
Thu Oct 16 10:08:02 CEST 2008

Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.

> I know the solution is quite hazardous, but so far has been working
> better than I expected. The big issue is that it's very unstable,
> because it's suffering network leaks. Sometimes it can go straight
> without problems for weeks, sometimes it fails every other hour.
> I should now have set up a quite safe configuration that will restore
> service upon reboot, but now I would like to know if there are some fine
> tuning I'm missing to better overcome those problems.
>

Replace ADSL with other symmetrical broadband service (eg: SHDSL, FO, etc) 
which offer UPLOAD = DOWNLOAD. ADSL by default has DOWNLOAD != UPLOAD and 
DOWNLOAD >> UPLOAD, being suitable for HOME USE not for production (home 
users are happy to surf on web, to download movies, etc which it mean 
DOWNLOAD). You need UPLOAD too, in order to mirror data between endpoints. 
Also, you need small latency/delays and constant jitters (small values are 
better) which on ADSL is not a priority, so again you should look forward to 
another type of service and a new SLA with your provider to guarantee you WAN 
connections between your VPN endpoints.

> I've recently done some changes on VPN config (TCP in favour of UDP for
> instance), but still I receive a lot of "PingAck did not arrive in time"
> errors.
>

again, latency/delay/jitters... and you need qos too... between your VPN 
endpoints, qos is done by your ISP or your connection is "best effort".... 
also, you need qos on your tunnel in order to be sure that some packets 
arrive in better condition then other.

> I also have the chance to set up another adsl at each place, being then
> able to bond two VPN connections together: can this improve DRBD
> connection's reliability?

no... your idea is focused on effect and is not curing the cause.

> Actually I preferred to dedicate a whole VPN to DRBD, letting other
> stuff go on the other connection.
>

Yes, this is good in general and maybe, will save you to implement qos on your 
tunnel...

> Here follows my DRBD config:
>

doesn't matter drbd.config. your problem is related to Layer 2- 4 OSI model... 
DRBD is an application which run on upper layers ...

Regards,
Alx

More information about the drbd-user mailing list