I’ve always wondered if it was possible to take a bunch of cell phones in Access Point mode and bond them together to create a high availability network without using a routing protocol. The TL;DR is yes you can by using Silver Peak’s SD-WAN solution.
In this write up I’ve created two sites, one hub and one spoke. The spoke site will route all traffic, even generic internet access, through the Spoke Silver Peak Edge Connect VM, which will then be encapsulated into X # of VPN tunnels to the hub site’s Edge Connect VM.
It should be pointed out that while the Spoke site will be utilizing two Apple iPhones in Access Point mode, any internet connection could be used. A Hotspot device, DSL Line, cable modem, a Starbucks across the street or the other Starbucks across the street.
1. Let’s discuss the setup of the Spoke.
The spoke site’s internal network consists of two devices on the 192.168.11.0/24 subnet:
Ubuntu server - .100
VoIP phone - .50 (more on this later).
The equipment for providing network connectivity consists of four devices (2 PIs are currently not in use due to lack of cell phones and other events making social gatherings bad):
2 x Raspberry PI 4s (4 gig)
PIs will NAT all outbound traffic behind whatever IP is assigned to the wireless NIC.
The PIs wireless NIC is operating as a WiFi client and not as an access point.
2 x iPhones in with the Access Point enabled.
2. Now lets discuss the Hub
The hub site’s internal network consists of one device on the 192.168.10.0/24 submet:
Ubuntu server - .100
There is also a Silver Peak Orchestrator but I will not be going into that just yet.
- It should also be noted that in this lab in bound UDP port 12000 is mapped from the internet to the hub Silver Peak Edge Connect VM via the Check Point Firewall.
- All tunnels are required to be started from the Spoke, as there is no way for the hub to initiate a connection to the Spoke due to the NAT happening on the Raspberry PIs.
3. Explanation of High Availability with regards to SD WAN.
Now that we have a general understanding of the lab setup, let’s discuss the SD WAN feature we're using. In the current setup the Spoke Silver Peak VM is configured for High Availability Link Bonding. This is basically network layer Raid 5.
What does that mean?
Silver Peak creates X VPN tunnels per internet connection.
Silver Peak monitors the quality of the VPN tunnel using latency, jitter and loss and picks the best one to route traffic through.
Silver Peak also starts sending parity packets down the unused VPN tunnel.
If packet loss is detected from the VPN tunnel picked from bullet 2, then the parity packet is used to recreate the dropped packet and traffic is dynamically moved to the next good VPN tunnel.
4. Seeing SD WAN real time.
Now let see everything in action. First I will use GNS3 to prevent packets (yellow pause icon) from crossing the network between the Edge Connect device and the top most PI. The left window contains the Spoke site, the right window contains the Hub. In a different window I've started a ping from the Spoke Ubuntu to the Hub Ubuntu.
Notice no ping packets are dropped which are being sent every half a second.
Next let’s see what happens when I pause the second internet connection.
Again, as you can see no ping packets were missed.
Now just to make sure we’re on level ground I’ll pause both which will show the pings stop being received by the hub on the right window.
5. Conclusion
As you can you can see Silver Peak has a pretty interesting product. By monitoring the network quality of VPN tunnels and sending parity packets Silver Peak has created a High Availability VPN solution that can't be replicated with traditional VPN solutions.
For any question or concerns about setting up Silver Peak, another SD-WAN solution, or any of the tools used in this post at your business/home, please reach out to us at contact@spikefishsolutions.com. We’d be happy to answer any questions or concerns you may have.
Stay safe!
Follow us on Twitter/Instagram: @teamspikefish