1 Bandwidth-based load-balancing with failover. The easy way. We need more bandwidth.
2 Presenter information Tomas Kirnak Network design Security, wireless Servers, Virtualization Mikrotik Certified Trainer Atris, Slovakia Established 1991 Complete IT solutions Networking, servers Virtualization IP security systems
3 Load-balancing, why? Distributing workload to multiple network links to maximize throughput and minimize latency. Using multiple network links, when properly configured, will also provide redundancy.
4 Bonding Policy routing PCC Bandwidth based Load balancing types
5 Load balancing types Bonding ad LACP
6 + Easy to implement Bonding Automatic redundancy with fail-over - You need to control of both ends of the link
7 Policy routing Load balancing types
8 + Easy to implement Policy routing You have exact control of traffic - Not dynamic Scalability problems
9 Load balancing types PCC per connection classifier
10 PCC + Easy to configure Good scalability - Not aware of link state (bandwidth wise) Not so great with very un-similiar links (4:1)
11 Load balancing types For presentations on these load-balancing methods, please see PL 2010 and PL 2012
12 Load balancing types Bandwidth based If interface ISP1 is over 10 mbit/s; use ISP2
13 Why use bandwidth-based LB + Easily scalable + Takes link status into consideration + You have control over the connections + You decide when the switch to second link happends (on 10mbit link, switch after 50% util.) - Comes with its own problems
14 Implementation considerations There are multiple ways to do bandwidth based load balancing, neither is so easy. MPLS TE Mangle + bit of scripting <-- this presentation PL 2010 and PL 2012
15 Underlying technologies
16 Connections and tracking them
17 What is a connection We can define a connection as a packet flow with the same pair of source and destination IP addresses and ports. In case of UDP, this is would be an UDP stream :49481 <-> :53
18 Mangle Mangle is a facility in ROS which allows us to mark packets or connections, and later use that mark for our purposes. Mangle marks do NOT leave the router.
19 Mangle where to /ip firewall mangle
20 Routing tables A routing table tells the router which next hop to forward packets to, depending on the packets destination IP /0 ->
21 Routing tables part 2 By default all packets are put into the main routing table We can create our own routing tables, and force packets to use them.
29 Topology take 2 In this topology, there are 4 possible traffic flows WAN -> Router Router -> WAN WAN -> LAN LAN -> WAN
30 Taking care of incoming connections When a connection is initiated from the internet through one of the ISPs we need to ensure that this connections is replied through the same ISP (from the same public IP) We need to mark these connections, and then put them in the proper routing table.
31 Router marking WAN -> Router Catch the connection from internet to the router, and mark them. /ip firewall mangle add chain=input connection-mark=no-mark in-interface=isp_1 action=mark-connection new-connection-mark=wan1->ros add chain=input connection-mark=no-mark in-interface=isp_2 action=mark-connection new-connection-mark=wan2->ros
32 Router marking WAN -> Router Then put these connections into the proper routing tables. add chain=output connection-mark=wan1->ros action=mark-routing new-routing-mark=isp1_route add chain=output connection-mark=wan2->ros action=mark-routing new-routing-mark=isp2_route
33 Taking care of the LAN Same principle applies to the LAN. Connections initiated from the internet through one ISP, should be replied to through the same ISP.
35 Incoming connections - done We have ensured that when a connection from the internet to our router, or services inside of our network is established, it works.
36 LAN partially done Connections from the internet to our LAN will now work through both ISPs So what about connections outgoing from our LAN to the internet? These we actually want to load-balance.
37 A sticky connection A sticky connection is a connection, that once established through one interface, will always go out that exact interface. This is required, because when we switch to a second link, we only need to switch new connections. In PCC, this is done automatically. Using our approach however, this has to be done manually.
38 /ip firewall mangle LAN -> WAN mangle add chain=prerouting connection-mark=no-mark src-address-list=lan dst-addresslist=!connected dst-address-type=!local action=mark-connection new-connection-mark=lan->wan add chain=prerouting connection-mark=lan->wan src-address-list=lan action=mark-routing new-routing-mark=isp1_route comment="load-balancing here" Configuring this, we can now manually influence which routing table will our connection from LAN to the internet take.
39 Sticky connections add chain=prerouting connection-mark=lan->wan routing-mark=isp1_route action=mark-connection new-connection-mark=sticky_isp1 add chain=prerouting connection-mark=lan->wan routing-mark=isp2_route action=mark-connection new-connection-mark=sticky_isp2 add chain=prerouting connection-mark=sticky_isp1 src-address-list=lan action=mark-routing new-routing-mark=isp1_route add chain=prerouting connection-mark=sticky_isp2 src-address-list=lan action=mark-routing new-routing-mark=isp2_route This will assure that once a connection is routed through one ISP, it will stay there no matter what.
40 Mangle in GUI
41 What s the final result? We can load balancing manually Connections go out ISP1, then we can switch the mangle rule to ISP2, but connections already using ISP1 will stay there.
42 Automating based on bandwidth
43 Switching back
44 Final result Connections routed through ISP1, until its link is at 5mbit/s. After this limit all new connections will go through ISP2 until the ISP1 link is under its limit. Automated, bandwidth-based load balancing.
45 Easy Failover If the gateway can t be pinged, all routes using this gateway will become invalid.
46 A different approach This approach will not work if the link failure happens after the gateway. Recursive route lookup, netwatch etc.
47 Thanks for listening Tomas Kirnak
48 Find me after the presentation for any questions.
Author: Seth Scardefield 1/8/2013 pfsense VoIP QoS Guide This guide will walk you through configuring the traffic shaper in pfsense to prioritize VoIP traffic. This is a very basic configuration intended
Quality of Service in wireless Point-to-Point Links MikroTik User Meeting, St. Louis, MO, USA, September 19-20 2013 menschen.computer.netzwerke Bottenbacher Str. 78 57223 Kreuztal Tel: +49.2732.55856-0
Scalable Linux Clusters with LVS Considerations and Implementation, Part I Eric Searcy Tag1 Consulting, Inc. firstname.lastname@example.org April 2008 Abstract Whether you are perusing mailing lists or reading
Ecessa Proxy VoIP Manual Table of Contents Introduction...1 Configuration Overview...2 VoIP failover requirements...2 Import VoIP Authentication...3 Add a user manually...3 Setup...3 Hosted setup...3 Example
Net Integration Technologies, Inc. http://www.net itech.com Net Integrator Firewall Technical Overview Version 1.00 TABLE OF CONTENTS 1 Introduction...1 2 Firewall Architecture...2 2.1 The Life of a Packet...2
Appliance Administration Manual v6.21 This document covers all required administration information for Loadbalancer.org appliances Copyright 2014 Loadbalancer.org, Inc. Table of Contents Section A Introduction...7
Elfiq Link Balancer (Link LB) Quick Web Configuration Guide Elfiq Operating System (EOS) - Version 3.5.0 and higher Document Version 2.0 -January 2012 Elfiq Networks (Elfiq Inc.) www.elfiq.com 1. About
Load Balancing Microsoft IIS Deployment Guide rev. 1.4.2 Copyright 2015 Loadbalancer.org, Inc. 1 Table of Contents About this Guide... 4 Appliances Supported... 4 Microsoft IIS Software Versions Supported...
The recognized leader in proven and affordable load balancing and application delivery solutions White Paper 7 Easy Steps to Implementing Application Load Balancing For 100% Availability and Accelerated
Barracuda Load Balancer Administrator s Guide Version 2.3 Barracuda Networks Inc. 3175 S. Winchester Blvd. Campbell, CA 95008 http://www.barracuda.com Copyright Notice Copyright 2004-2008, Barracuda Networks
Linux Virtual Server Administration 5.0 Linux Virtual Server (LVS) for Red Hat Enterprise Linux 5.0 ISBN: N/A Publication date: Linux Virtual Server Administration Building a Linux Virtual Server (LVS)
Mediatrix 4400 Digital Gateway VoIP Trunking with a Legacy PBX June 21, 2011 Proprietary 2011 Media5 Corporation Table of Contents Table of Contents... 2 Introduction... 3 Mediatrix 4400 Digital Gateway
I nt er netload Bal anc i nggui de Peplink Balance Internet Load Balancing Solution Guide http://www.peplink.com Copyright 2010 Peplink Internet Load Balancing Instant Improvement to Your Network Introduction
Linux Virtual Server Administration RHEL5: Linux Virtual Server (LVS) Linux Virtual Server Administration: RHEL5: Linux Virtual Server (LVS) Copyright 2007 Red Hat, Inc. Building a Linux Virtual Server
Single Pass Load Balancing with Session Persistence in IPv6 Network C. J. (Charlie) Liu Network Operations Charter Communications Load Balancer Today o Load balancing is still in use today. It is now considered
ZyWALL 5 Internet Security Appliance Support Notes Version 4.02 Dec. 2006 INDEX Application Notes...12 Seamless Incorporation into your network...12 Using Transparent (Bridge Mode) Firewall...12 Internet
DEPLOYMENT GUIDE Version 1.2 Deploying the BIG-IP System v10 with Microsoft IIS 7.0 and 7.5 Table of Contents Table of Contents Deploying the BIG-IP system v10 with Microsoft IIS Prerequisites and configuration
Release Version 3 The 2X Software Server Based Computing Guide Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless
Tech Note: TechNote - Deploying CPPM with F5 BIG-IP Local Traffic Manager (LTM) Version Date Modified By Comments 0.1 July 2014 Danny Jump Early Draft Version 0.2 / 0.3 07/11/2014 Con Stathis Added sections
1 How to Scale out SharePoint Server 2007 from a single server farm to a 3 server farm with Microsoft Network Load Balancing on the Web servers. Back to Basics Series By Steve Smith, MVP SharePoint Server,