OVH's SOHO router aggregates and encrypts four DSL connections

24.09.2015
What has four Internet connections but only one RJ45 socket That was the riddle French hosted services provider OVH posed before its customer conference held on the outskirts of Paris Thursday.

The answer is OverTheBox, a way for SOHO users to aggregate services from up to four ISPs, whether cable, ADSL, VDSL, SDSL or fiber, and put them behind a single static IP address with extensive denial-of-service protection.

Load-balancing routers are nothing new, but this one makes it possible to use existing network hardware and provides load-balancing and fault tolerance using Multipath TCP should some of the connections fail.

There are three elements to OverTheBox: the software, which OVH is releasing under the GPL open source license; the hardware it runs on, and a service providing bandwidth and encryption for the aggregated channel.

Although OverTheBox only has one port, users will still have the same rats' nest of Ethernet cables snaking around the office – plus one more. That said, the set-up guide is pretty simple, as long as you can read French.

OverTheBox takes advantage of the fact that the modems supplied by most ISPs contain multiport routers and a DHCP host. By daisy-chaining those routers together, plugging the OverTheBox somewhere in the middle and connecting PCs and printers into the remaining ports, it's possible to create a LAN on which the OverTheBox takes over as the DHCP server for the LAN, aggregating the WAN links and creating a single encrypted VPN to a server in an OVH data center.

That connection is encrypted, OVH CTO Octave Klaba told attendees with a grin. That's because data center operators are exempt from certain provisions of the mass surveillance law French legislators passed over the summer, while ISP traffic can be subject to warrantless tapping. Systematically encrypting that traffic keeps it away from the eyes of law enforcers and spies unless they get a warrant.

OVH's reference hardware for OverTheBox is Intel's Next Unit of Computing (NUC), in this case a paperback-sized device with a 1.46GHz Atom processor, 2GB of RAM, three external USB ports, VGA, HDMI, audio in/out, a power jack and of course one Gigabit Ethernet port. OVH will sell you one for €149 (US$166), ready configured with the open-source software, a fork of OpenWRT.

The company also charges €9.99 a month to terminate the encrypted VPN on a server in its datacenter, where it will benefit from a static IP address and the DDoS protection afforded by the company's 4T bps of bandwidth -- a pipe attackers will find hard to flood with traffic.

If you don't want to buy the NUC from OVH you can put the software on any commodity PC with a network card, Klaba said. Equally, if you want to terminate the VPN connection elsewhere you can choose a local service provider, he said.

OVH has four datacenters in France and one in Canada; it plans to open 12 more, in locations including Germany, the U.K., the U.S. and Asia, he said.

Peter Sayer

Zur Startseite