configure WAN load balancing



Similar documents
Configure WAN Load Balancing

Allow Public and Private Address Access to Servers at a Service Provider Client Site. What information will you find in this document?

How To Configure some basic firewall and VPN scenarios

The network configuration for these examples is shown in the following figure. Load Balancer 1. public address

Configure A Secure Network Solution For Schools. What information will you find in this document?

Configure the Firewall VoIP Support Service (SIP ALG)

Chapter 51 WAN Load Balancing

What information will you find in this document?

What information will you find in this document?

Chapter 52 WAN Load Balancing

This How To Note describes one possible basic VRRP configuration.

Configure Policy-based Routing

How To Behind A Dynamically-Assigned Public IP Address

Apply Firewall Policies And Rules

IOS NAT Load Balancing for Two ISP Connections

IOS NAT Load Balancing with Optimized Edge Routing for Two Internet Connections

Enabling NAT and Routing in DGW v2.0 June 6, 2012

Configuring IP Load Sharing in AOS Quick Configuration Guide

Chapter 51 Server Load Balancing

Product VioCall Express Connect. VioCall Express Connect VoIP Solution for SMB/SME Market

Use 802.1x EAP-TLS or PEAP-MS-CHAP v2 with Microsoft Windows Server 2003 to Make a Secure Network

How To Configure Some Basic OSPF Routing Scenarios. Introduction. Technical Guide. List of terms

Vocia MS-1 Network Considerations for VoIP. Vocia MS-1 and Network Port Configuration. VoIP Network Switch. Control Network Switch

How To. Configure E1 links. Introduction. What information will you find in this document?

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

How To Configure A Vyatta As A Ds Internet Connection Router/Gateway With A Web Server On A Dspv.Net (Dspv) On A Network With A D

LAN TCP/IP and DHCP Setup

How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

Case Study Ministry of Agriculture, France

AlliedWare TM OS How To. Create a VPN between an Allied Telesis Router and a Microsoft Windows XP 1 Client, Without Using NAT-T.

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Solution Profile. Branch in a Box

Solutions Guide. Secure Remote Access. Allied Telesis provides comprehensive solutions for secure remote access.

How To Create A VPN Between An Allied Telesis Router And A Microsoft Windows XP 1 Client, Without Using NAT-T

Evaluation guide. Vyatta Quick Evaluation Guide

AlliedWare TM OS How To. Create a VPN between an Allied Telesis Router and a Microsoft Windows 7 Client, with or without NAT-T.

Troubleshooting and Maintaining Cisco IP Networks Volume 1

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Skills Assessment Student Training Exam

How do I configure multi-wan in Routing Table mode?

Firewall Defaults and Some Basic Rules

Chapter 37 Server Load Balancing

Configure Allied Telesis and Cisco routers to interoperate over L2TP

Quick Note 53. Ethernet to W-WAN failover with logical Ethernet interface.

Document No. FO1101 Issue Date: Work Group: FibreOP Technical Team October 31, 2013 FINAL:

Knowledgebase Solution

AlliedWare Plus OS How To. Configure QoS to prioritize SSH, Multicast, and VoIP Traffic. Introduction

What information you will find in this document

Packet Tracer 3 Lab VLSM 2 Solution

Session Title: Exploring Packet Tracer v5.3 IP Telephony & CME. Scenario

White Paper Copyright 2011 Nomadix, Inc. All Rights Reserved. Thursday, January 05, 2012

Configuration Example

Installation of the On Site Server (OSS)

Multi-Homing Security Gateway

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

x900 Switch Access Requestor

Application Description

How To Load Balance On A Cisco Cisco Cs3.X With A Csono Css 3.X And Csonos 3.5.X (Cisco Css) On A Powerline With A Powerpack (C

Application Notes for Configuring a SonicWALL VPN with an Avaya IP Telephony Infrastructure - Issue 1.0

IP Addressing A Simplified Tutorial

Configure Microsoft Windows XP ** Virtual Private Network (VPN) client interoperability with NAT-T support

Load Balancer. Introduction. A guide to Load Balancing.

Datagram-based network layer: forwarding; routing. Additional function of VCbased network layer: call setup.

AlliedWare TM OS How To. Use DHCP Snooping and ARP Security to Block ARP Poisoning Attacks. Introduction. Related How To Notes

VCStack - Powerful Simplicity. Network Virtualization for Today's Business

Configure A Secure School Network Based On 802.1x

Broadband Phone Gateway BPG510 Technical Users Guide

How To. Configure Microsoft Windows XP ** Virtual Private Network (VPN) client interoperability without NAT-T support.

Solutions Guide. Ethernet-based Network Virtualization for the Enterprise

How To Configure InterVLAN Routing on Layer 3 Switches

MINIMUM NETWORK REQUIREMENTS 1. REQUIREMENTS SUMMARY... 1

Tested Solution: Network Configuration and Inventory Management using Upgrade Manager

Firewall Load Balancing

Table of Contents. Cisco How Does Load Balancing Work?

Packet Filtering using the ADTRAN OS firewall has two fundamental parts:

CCT vs. CCENT Skill Set Comparison

ETRX2 and ETRX357 Wireless Mesh Networking Modules. Application Note Accessing Modules over the Internet

How Subnets Work in Practice. Fred Marshall Coastal Computers & Networks

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise hours teaching time

ICS 351: Today's plan. IP addresses Network Address Translation Dynamic Host Configuration Protocol Small Office / Home Office configuration

Link Load Balancing :50:44 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

UIP1868P User Interface Guide

Configuring Static and Dynamic NAT Simultaneously

WAN Failover Scenarios Using Digi Wireless WAN Routers

Voice Over IP. MultiFlow IP Phone # 3071 Subnet # Subnet Mask IP address Telephone.

Create a VPN between an Allied Telesis and a NetScreen Router

Configuration Guide. How to Configure SSL VPN Features in DSR Series. Overview

Configuring Allied Telesyn Equipment to Counter Nimda Attacks

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

Edgewater Routers User Guide

1 PC to WX64 direction connection with crossover cable or hub/switch

Configuring Network Address Translation (NAT)

Interconnecting Cisco Network Devices 1 Course, Class Outline

Avaya P330 Load Balancing Manager User Guide

Starting a Management Session

Transcription:

How To configure WAN load balancing Introduction With the increasing use of the Internet to service core business functions comes the need for reliable WAN connectivity. A specific aspect of this requirement is for reliable connectivity to particular destinations. A simple and effective method of achieving this is to provide alternative network connections via different Internet Service Providers (ISPs). In this way an outage limited to one network will not result in a loss of connectivity to the essential sites. When a router simultaneously connects to multiple WAN links, the WAN load balancer tries to distribute the router traffic equally across each network interface. Although you can achieve connectivity via multiple WAN interfaces using routing protocols such as RIP and OSPF and BGP, these protocols usually choose their routing paths based on routing metrics rather than on dynamic load conditions. Thus a router with two WAN ports each connected to different ISPs would route most of its traffic via the port offering the best metric. Although this method is functional in providing alternative connectivity in the event of an ISP network failure, under normal operating conditions this method wastes the bandwidth available via the alternative port. WAN load balancing overcomes this limitation. Which product and software version does this information apply to? WAN load balancing is available for the following products in software version 2.7.4: AR44x/450, AR725/AR745, AR750 routers, and Rapier series switches. WAN load balancing is excluded from all switch platforms that have Layer three switching features, with the exception of Rapier series switches, due to their ability to house a WAN connection via an optional NSM. C613-16064-00 REV A www.alliedtelesyn.com

WAN load balancer sessions The WAN load balancer does not perform balancing on a packet-by-packet basis. Instead, the items being balanced are so-called WAN load balancer sessions. Unique WAN load balancer sessions are distinguished solely based on source IP, destination IP and higher layer protocol, e.g. TCP. Therefore, if a load balancer session has been established, and packets come along which differ from previous packets of the session only in the value of source and/or destination port numbers, then they will still be considered to belong to that same WAN load balancer session. So, even though the packets belong to a new TCP session, they belong to the same WAN load balancer session. That is, WAN load balancer sessions are a different concept to TCP sessions. Once identified, a WAN load balancer session will always be routed via the same WAN load balancer resource, i.e. gateway until that session expires. Only traffic that is identified as a new separate WAN load balancer session, i.e. different IP address or protocol, will be routed via a different WAN load balancer resource (gateway). The behaviour described above is desirable because many Web servers and other servers have security requirements that need to identify the continuity of a user session by source IP address. Given that usually, the WAN load balancer is used in conjunction with firewall and NAT, it becomes important to ensure the WAN load balancer always uses the same output interface (load balancer resource) and therefore, the same NAT translation for any given WAN load balancer session. It would be undesirable for the same user to suddenly connect in from a different source IP address just because a protocol port number had changed, if they did, the server's identification of the user could be lost. The load balancer manages its sessions (creating, deleting, etc.) by starting a timer for each new session created. Each timer is refreshed when a packet for its particular session passes through the load balancer. When a particular timer reaches its orphantimeout value, its associated session is deemed to be orphan and is closed. So, this effectively idles out WAN load balancer sessions. Load distribution methods There are two load distribution methods that can be configured: round robin and weighted lottery. When a new WAN load balancer session is identified, one of these methods will be used to determine which WAN port to use. The default method is round robin. For more information on these load distribution methods refer to your software reference. configure WAN load balancing 2

How WAN load balancing operates with a firewall It is not necessary to configure the router as a firewall in order to apply WAN load balancing, although the two features have been designed to operate together, and the load balancing operation operates more effectively when used with a firewall running network address translation (NAT). In many practical cases you will need the firewall NATing feature in conjunction with the WAN load balancer. The diagram shown in Figure 1 on page -4 in the following section shows the relationship between the load balancer and the firewall functions within the router. You will need to refer to this when following the configuration examples. An important aspect to note is that by using firewall NAT, the returning packets are very likely to take the same path (via the same ISP) as the data sent, and therefore achieve a degree of load balancing for the return path. configure WAN load balancing 3

Configuration examples The following examples describe how to configure WAN load balancing for bench testing. Example A: WAN load balancer with firewall NAT Refer to Figure 1 when looking at the following configuration examples. Example A uses WAN load balancing in conjunction with firewall NAT. Figure 1: Using load balancing in conjunction with firewall NAT 10.80.0.254 10.80.0.253 Target Server 1 Internet appropriately Target Server 2 routes back to correct source address Bench Test (Simulated Internet) Internet VLAN 1 10.80.0.1 VLAN 1 10.80.0.2 WAN Load balancer resource ISP 0 eth0 148.15.1.5 Two default routes eth0 184.17.9.143 WAN Load balancer resource ISP 1 Gateways eth0 148.15.1.10/27 AR750 eth1 184.17.9.140 WAN load balancer with firewall and NAT VLAN 1 192.168.1.254 Office 192.168.1.1 192.168.1.5 The WAN load balancer/firewall shown has two public interfaces, eth0 148.15.1.10 and eth1 184.17.9.140, which are configured for both network address translation (NAT) and for WAN load balancing. NAT had been defined such that 148.15.1.10 corresponds to ISP 0 and 184.17.9.140 corresponds to ISP 1. Two upstream network devices are shown which represent gateways to two separate Internet Service Providers. Each new WAN load balancer session will be sent to one of these WAN ISPs, using the load distribution method selected. Below is shown the configuration steps for each of the network devices. configure WAN load balancing 4

Private Side Users These PCs are configured for the 192.168.1.x network with a gateway address of 192.168.1.254 To configure your WAN load balancer! Define a system name: set system name="wlb"! Enable IP: Enable IP and assign your public side WAN addresses which must be valid for their separate destination ISPs: enable ip add ip interface=eth0 ip=148.15.1.10 mask=255.255.255.224 add ip interface=eth1 ip=184.17.9.140 mask=255.255.255.0! Define your private IP address: This represents the gateway address to be used by your private side LAN users: add ip interface=vlan1 ip=192.168.1.254! Disable multipath IP routing: For WAN load balancing to operate it is necessary to disable multipath IP routing: disable ip route multipath! Define your WAN default routes: Define your WAN default routes using appropriate next hop addresses for their separate destination ISPs: add ip route=0.0.0.0 mask=0.0.0.0 interface=eth0 next=148.15.1.5 add ip route=0.0.0.0 mask=0.0.0.0 interface=eth1 next=184.17.9.143! Create your firewall policy: enable firewall create firewall policy="wlb" configure WAN load balancing 5

! Define the firewall interfaces: add firewall policy="wlb" interface=vlan1 type=private add firewall policy="wlb" interface=eth0 type=public add firewall policy="wlb" interface=eth1 type=public! Define the firewall enhanced NAT relationships: add firewall policy="wlb" nat=enhanced interface=vlan1 gblinterface=eth0 add firewall policy="wlb" nat=enhanced interface=vlan1 gblinterface=eth1! Enable the WAN load balancer and define its resources: WAN load balancer resources define the available WAN interfaces to separate ISPs: enable wanlb add wanlb resource=eth1 add wanlb resource=eth0 To configure the WAN load balancing resource gateway (Ethernet 0) Typically these devices are provided and will be configured by the respective ISPs. The following configurations simulate the upstream routing of the ISPs, for bench testing purposes. The configurations are: ISP 0 enable ip add ip interface=eth0 ip=148.15.1.5 mask=255.255.255.224 add ip interface=vlan1 ip=10.80.0.1 mask=255.255.0.0 ISP 1 enable ip add ip interface=eth0 ip=184.17.9.143 mask=255.255.255.0 add ip interface=vlan1 ip=10.80.0.2 mask=255.255.0.0 The ISP will use a default route or routing protocol method for access to the Internet beyond. For the bench test this is not necessary. configure WAN load balancing 6

Example B: WAN load balancer without firewall NAT To configure WAN load balancer without firewall NAT, simply use the same WAN load balancer configuration as above and omit the firewall configuration steps. Obviously you need to consider carefully if the upstream routes correctly refer back to the LAN subnet behind your WAN load balancer. If you are connecting to the Internet this means that the LAN will have valid Internet addresses, or that address translation occurs upstream of the WAN load balancer. If you want to bench test a WAN load balancer without firewall solution, then you need to add routes back to the WAN load balancer LAN on the target servers and to the WAN load balancer resource router configurations. configure WAN load balancing 7

Verification of WAN load balancer When verifying the operation of the WAN load balancer, you should be able to confirm the load distribution behaviour as noted above, i.e. once identified, a WAN load balancer session will always be routed via the same WAN load balancer resource i.e. gateway. Only traffic that is identified as a new separate WAN load balancer session, for example, a different IP address or transport protocol, will be routed via a different WAN load balancer gateway. To verify the activity of the WAN load balancer session, use the following command:. show wanlb session WAN Load Balancer Sessions Resource Source IP Destination IP Prot Expiry ----------------------------------------------------------- eth0 192.168.1.5 10.80.0.253 TCP 294 eth1 192.168.1.1 10.80.0.254 TCP 524 ----------------------------------------------------------- To verify the WAN load balancer resource configuration, use the command: show wanlb resource WAN Load Balancer Resources Resource Status State --------------------------------------------------------- eth0 ENABLED UP eth1 ENABLED UP --------------------------------------------------------- USA Headquarters 19800 North Creek Parkway Suite 200 Bothell WA 98011 USA T: +1 800 424 4284 F: +1 425 481 3895 European Headquarters Via Motta 24 6830 Chiasso Switzerland T: +41 91 69769.00 F: +41 91 69769.11 Asia-Pacific Headquarters 11 Tai Seng Link Singapore 534182 T: +65 6383 3832 F: +65 6383 3830 www.alliedtelesyn.com 2005 Allied Telesyn Inc. All rights reserved. Information in this document is subject to change without notice. All company names, logos, and product designs that are trademarks or registered trademarks are the property of their respective owners. C613-16064-00 REV A

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information