bestov.io

In the previous installment of the series, we analyzed the problem of near-istantaneous Internet connection failover without breaking existing connections for live video streaming. The solution we devised consists in setting up L2 GRE tunnels to a fixed gateway with a very reliable internet connection (think a dedicated machine in a datacenter), and using the Linux Bonding Driver’s link monitoring functionality to manage the failover for us. Now we are going to try and make it work...

Last week, a friend of mine posed the interesting problem he was facing at the company he’s working at of streaming video reliably from multiple commodity Internet connections. Since this is my kind of thing, I decided to give it a go. After discussing the problem a bit, we came up with the following requirements: It should be implemented at the network level, to work with any streaming software and/or device It should provide near-instantaneous (or even no-interruption) failover to allow for seamless live streaming It should be portable (i...

Today I migrated an IPsec (with IKEv1) site-to-site setup from a pfSense machine to a Debian machine. Since the pfSense machine was still the Internet gateway for the network, IKE and ESP packets still had to go through it. Now, I recalled something about firewalls not playing too nice with IPsec, so I researched a bit, and I concluded I needed some very specific SNAT rules. (I also realized that IPsec was not really meant for what we’re using it for, but over the course of many years enough functionality was kludged together RFCs were written to make it work and industry has adopted it quite widely...