1

Hi,

I’m currently managing a network with around 80 staff, which is linked up with 2 Internet lines (different ISPs). Each line pumps around 79.99 Mbps download, 15 upload.

These are connected with a dual WAN router, which allows me to bond/bridge the connections together, doubling the Internet speed.

However, this solution is not very reliable right now - Internet seems unstable/dropping. (Especially when a file is added to Dropbox and all machines sync the file at the same time).

Can anyone think of a better solution? E.g, should I introduce 2 routers, and split the load that way? (First router would be on .1.1 and other on .2.1).

Should I introduce 2 more lines and a Quad WAN router and bridge all the lines?

If anyone can point me in the right direction to correcting the issue, that would be great!

Thanks in advance.

4 Spice ups
2

pay for a proper fiber leased line…esp at that user number, the draytek is also probably suffering with the usercount/line usage

Drop Dropbox and re-evaulate your architecture, youve gone past the garage stage and now need to look at plying with the big boys toys - 365/g-suite and some next level kit like Unifi or a full on Sophos XG210 or similar sized firewall

1 Spice up
3

If there is interoffice connectivity needs you may also want to look at an SD-WAN solution. Martin is correct, get rid of all of the consumer grade crap including any switching that may be sub par.

4

In the least, sign up for the fastest provisioned speed. 80Mbps is pretty much the bottom tier on the scale around here. Our office has 105/7 for 7-10 people and that isn’t enough. If I wanted it, I could get up to 1 Gbps at work or home but I know that around 300-400 Mbps I’d be paying for capacity my equipment can’t use since it requires a DOCSIS 3.1 cable modem to bond that many channels.

5

Well it seems to me you should get an internet line with more UPLOAD speed if you are going to be uploading a lot of docs like a business class internet with for example 75 up/75 down. 15mbps is not too fast…

One thing I can say about your setup is this sometimes depending on how the redundant internet is setup… the internet connections could be “flapping” or going from one to the other, on and off. This is because they PING some device downstream and if the PING doesn’t come back in time, it will turn the other internet on… intermittently… So make sure it isn’t doing that… If it is… the traffic will keep getting different gateways… need to use different DNS servers, etc. so it slows things down in theory (compared to just a faster line).

Again, what I think you should do is get a faster primary internet line… and then use a secondary line to back it up (failover) but don’t do the bonding… unless it is going to the same ISP.,

1 Spice up
6

I’m not familiar with Draytek, but are I’ve had similar issues when the data gets maxed out, and it turned out to be a firewall/router that had extra services running on it being overloaded. One thing I do with my my data lines now is monitor the usage (I throw it on an extra screen so I can take a peek at it whenever I need it), so I can see if the bandwidth is maxed out, and also set throttling on high-bandwidth locations so it doesn’t affect everyone else.

7

Good ideas… He should get the ISP to provide him with a report on bandwidth… To see what is being maxed out. if it is one line, both lines… or maybe the router cant handle the packets.

A firewall or router just from 3-4 years ago wasn’t designed to handle 75mbps… links. They max out around 30mbps… and a new router/firewall may be in order…

But again, you wont know until you get some reports. Another good reason for business class internet…

8

How are you “bonding” the two connections? A stateful round robin is probably what you want.

Are connections fully dropping/throwing errors, or just a little slow? If you’re getting failed/dropped connections, it could be a problem with your dual WAN configuration, you might need to introduce some form of QoS, or you may be hitting the limits of your firewall hardware, and just need something more robust.

I’ve done 100 users on 75/15 no problem, including as many VoIP phones. If you have the right firewall/switches/“network gear” and QoS, things will only be slow when you are transferring large files, but web pages load quickly and connections don’t just drop/timeout.

1 Spice up
9

Scratching my head at the comments above about upgrading the internet connection and upgrade internal switches without first finding out what the problem is and avoiding saying something I shouldn’t. We can’t determine what the actual load is until the peak can be determined with a functional connection, eh?

Like Mike said you really need to dig into the cause of the internet drops before throwing more gasoline on the fire, and when I see a channel bonding / balancing router / firewall in the equation it’s almost always my first suspect. When it works load balancing and channel bonding is a thing of magic. When it doesn’t you can beat your head bloody trying to resolve it, and I’ve had so much trouble with this type of technology via too many brands to count I call it guilty until proven innocent. Mike’s great advice to simplify the algorithm to a basic round robin is one way to reduce the variables. Or, take it to the extreme and just run the interfaces by subnet and split the network.

I’m not sure of your level of experience, but there should be an error log on the unit that could indicate the problem. Also, when I suspect I need more bandwidth the first thing I check is the router / firewall first during peak times and just look at the graph, or CLI command. ISPs always want to sell you more band width.

As per above One Drive really starts to turning into a cement truck at rush hour with that many users.

"A firewall or router just from 3-4 years ago wasn’t designed to handle 75mbps… links. "

Beg to disagree. Only low end consumer router and firewalls from 3-4 years ago couldn’t handle this type of link. Most of the smaller true SMB gear has no problem with it. The advantage with that older gear is a lot of it lacked load balancing features that allow yourself to shoot yourself in the foot.

10

I would say, with caution, that UTM features break-down this assessment. I went from a sonicwall that was great at any speed I could get at the WAN, to crapwling at 50 Mbps when licensed and running all the UTM features at once. So, assuming UTM features and a high speed WAN, you really need to go with “enterprise” gear, not “SMB” gear, very very generally speaking.

11

Sounds like you have the right setup to try an SD-WAN router. Start with a trial first before you decide if it’s the right fit. The WAN monitoring software should be able to give good insight into what is actually happening on your network.

12

Time for dedicated pipe with symmetrical speeds.

Also time to drop, Dropbox, and use a file server and real backups. Clouds are great for lots of things, but putting all your data in the cloud in a haphazard way like this is more than just a security problem its a strain on your ability to manage it (as you are seeing).

Proper local file server, have the file server synchronize off hours if necessary to the cloud.

Time for real backups as well. 80 folks sharing a pipe requires a more strategic cost/benefit analysis of infrastructure. With even the lightest use of large (over 100 meg) files, that pipe can get clogged easy.