Tweet
[request] Dynamically adjust tunnel endpoint based on VPN load level threshold
The Arista/Untangle TunnelVPN could be better. There are public implementations that continuously sample the OpenVPN tunnel load (as provided by the VPN service provider) to adjust the OpenVPN tunnel endpoint to use a less loaded server. NordVPN would probably pay for co-development for partnership or branding rights -- your marketing team will know.
What's the problem? Why is this needed?
Arista's Tunnel VPN tunnels die periodically or the service being run over them fails due to lack of tunnel capacity. The VPN service provider (e.g. NordVPN) has multiple clients sharing a server with server loads varying minute-by-minute. If a single server (e.g. at NordVPN) hosting the opposite end of the Arista Tunnel VPN becomes heavily loaded and your service is streaming video to that shared server, then there are dropped frames and eventually dropped connections. In the worst case, the service provider's server hangs and my Arista Tunnel VPN drops the connection. Hopefully the Arista/Untangle TunnelVPN resumes, but often enough it doesn't.
Having a continouous sample of the service provider's server load (via API) gives an opportunity to reset the Tunnel VPN to use a different service provider endpoint. This is a minor service disruption (a few dropped video frames) vs a service outage.
The following sample code for the key function using NordVPN as the example:
Stepping back, the complete implementation is available here as a docker implementation to provide the complete context. Feel free to experiment and play with it to adapt what is needed for an improved Arista/Untangle TunnelVPN.
A huge thank you when implemented on Arista/Untangle.
What's the problem? Why is this needed?
Arista's Tunnel VPN tunnels die periodically or the service being run over them fails due to lack of tunnel capacity. The VPN service provider (e.g. NordVPN) has multiple clients sharing a server with server loads varying minute-by-minute. If a single server (e.g. at NordVPN) hosting the opposite end of the Arista Tunnel VPN becomes heavily loaded and your service is streaming video to that shared server, then there are dropped frames and eventually dropped connections. In the worst case, the service provider's server hangs and my Arista Tunnel VPN drops the connection. Hopefully the Arista/Untangle TunnelVPN resumes, but often enough it doesn't.
Having a continouous sample of the service provider's server load (via API) gives an opportunity to reset the Tunnel VPN to use a different service provider endpoint. This is a minor service disruption (a few dropped video frames) vs a service outage.
The following sample code for the key function using NordVPN as the example:
Code:
#!/bin/bash
. /app/date.sh --source-only
nordvpn_hostname=$(cat /tmp/nordvpn_hostname)
server_load=$(curl -s $SERVER_STATS_URL$nordvpn_hostname | jq -r '.[]')
#Check serverload value is not empty
if [ -z "$server_load" ];then
echo "$(adddate) ERROR: No response from NordVPN API to get server load. This check to restart OpenVPN will be ignored."
exit 1
fi
#Check serverload with expected load
if [ $server_load -gt $LOAD ]; then
echo "$(adddate) WARNING: Load on $nordvpn_hostname is to high! Current load is $server_load and expected is $LOAD"
echo "$(adddate) WARNING: OpenVPN will be restarted!"
pgrep openvpn | xargs kill -15
else
echo "$(adddate) INFO: The current load of $server_load on $nordvpn_hostname is okay"
fi
A huge thank you when implemented on Arista/Untangle.
Comment