Layer-2 Design: Link Balancers Simplified

Similar documents
White Paper. Complementing or Migrating MPLS Networks

Business Continuity. Proactive Telecom Strategies for Decision Makers

Maximizing WAN-Based Citrix Deployments and Applications

Voice over IP Networks: Ensuring quality through proactive link management

Technology White Paper. Making Cloud Computing Soar with Managed Internet Access

The Hybrid Enterprise. Enhance network performance and build your hybrid WAN

HSIA: From Problem to Profit

Elfiq Networks Vital for Hospitality

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Elfiq Link Load Balancer Frequently Asked Questions (FAQ)

Redundancy for Corporate Broadband

WAN Traffic Management with PowerLink Pro100

Truffle Broadband Bonding Network Appliance

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

A Guide to WAN Application Delivery for the SME Market

SIP Trunking with Microsoft Office Communication Server 2007 R2

For extra services running behind your router. What to do after IP change

Why an Intelligent WAN Solution is Essential for Mission Critical Networks

Virtual Leased Line (VLL) for Enterprise to Branch Office Communications

Avoid Network Outages Within SaaS and Cloud Computing Environments

Data Sheet. V-Net Link 700 C Series Link Load Balancer. V-NetLink:Link Load Balancing Solution from VIAEDGE

ECESSA. White Paper. Optimize Your Network on a Limited IT Budget

Availability Digest. Redundant Load Balancing for High Availability July 2013

Reliable high throughput data connections with low-cost & diverse transport technologies

A Link Load Balancing Solution for Multi-Homed Networks

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP

White Paper. McAfee Multi-Link. Always-on connectivity with significant savings

Application Description

Business Continuity and Disaster Recovery the WAN is a Strategic Component

Edgewater Routers User Guide

Security Technology: Firewalls and VPNs

Managing SIP-based Applications With WAN Optimization

Application and service delivery with the Elfiq idns module

Everything You Need to Know About Network Failover

Firewall Defaults and Some Basic Rules

Best Practices: Pass-Through w/bypass (Bridge Mode)

Whitepaper. StoneGate Multi-Link. Ensuring Always-on Connectivity with Significant Savings

Edgewater Routers User Guide

ICTTEN6172A Design and configure an IP- MPLS network with virtual private network tunnelling

Government of Canada Managed Security Service (GCMSS) Annex A-1: Statement of Work - Firewall

TRUFFLE Broadband Bonding Network Appliance BBNA6401. A Frequently Asked Question on. Link Bonding vs. Load Balancing

Multi-Link - Firewall Always-on connectivity with significant savings

FatPipe Networks

Hosted Voice. Best Practice Recommendations for VoIP Deployments

Application Note - Using Tenor behind a Firewall/NAT

SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab March 04, 2004

Network Services Internet VPN

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

Chapter 9 Firewalls and Intrusion Prevention Systems

A Network Design Primer

NEWT Managed PBX A Secure VoIP Architecture Providing Carrier Grade Service

QoS (Quality of Service)

CMPT 471 Networking II

White Paper: Broadband Bonding with Truffle PART I - Single Office Setups

Firewall Architecture

Barracuda Link Balancer

White Paper: Virtual Leased Line

TRUFFLE Broadband Bonding Network Appliance. A Frequently Asked Question on. Link Bonding vs. Load Balancing

Broadband Bonding Network Appliance TRUFFLE BBNA6401

Configuring IP Load Sharing in AOS Quick Configuration Guide

Broadband Bonding Network Appliance TRUFFLE BBNA6401

Multi-Homing Security Gateway

BLACK BOX. EncrypTight

Cisco AnyConnect Secure Mobility Solution Guide

Networking and High Availability

How Proactive Business Continuity Can Protect and Grow Your Business. A CenturyLink White Paper

SIP Security Controllers. Product Overview

Small, Medium and Large Businesses

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Fault Tolerance, Security, Speed for Private or Public WANs

HOSTED VOICE Bring Your Own Bandwidth & Remote Worker. Install and Best Practices Guide

How To Configure A Vyatta As A Ds Internet Connection Router/Gateway With A Web Server On A Dspv.Net (Dspv) On A Network With A D

The Case for Enterprise Ready Virtual Private Clouds

FatPipe Networks

Whitepaper. A Practical Guide to ISP Redundancy and Uninterrupted Internet Connectivity

Content Scanning for secure transactions using Radware s SecureFlow and AppXcel together with Aladdin s esafe Gateway

Essential IT Guide: Ensuring Highly Available Access to Business-critical Applications

Chapter 8 Router and Network Management

Chapter 3 Security and Firewall Protection

Load Balancing Bloxx Web Filter. Deployment Guide

EdgeMarc 4508T4/4508T4W Converged Networking Router

Intelligent Load Balancing: Enforced Balance

Application Note Secure Enterprise Guest Access August 2004

High Performance VPN Solutions Over Satellite Networks

Technical papers Virtual private networks

Unifying the Distributed Enterprise with MPLS Mesh

Overcoming the Performance Limitations of Conventional SSL VPN April 26, 2006

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?

GPRS / 3G Services: VPN solutions supported

PREPARED FOR ABC CORPORATION

Allstream Converged IP Telephony

Disaster Recovery White Paper

Steelcape Product Overview and Functional Description

Ranch Networks for Hosted Data Centers

EXINDA NETWORKS. Deployment Topologies

Building integrated services intranets

ETM System SIP Trunk Support Technical Discussion

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

November Defining the Value of MPLS VPNs

Transcription:

Technology White Paper Layer-2 Design: Link Balancers Simplified Build Smarter Networks

Table of Contents 1. Executive Summary... 3 2. Overview of the Problem... 3 3. Layer-2 Design Principles... 4 4. Layer-2 Key Benefits... 4 5. Layer-2 Benefit: Maximum Uptime on Single Units or Failsafe s Failsafe... 5 6. Layer-2 Benefit: Point to Point Resilience... 6 7. Layer-2: Elimination of Points of Failure and Return on Investment... 6 8. Conclusion... 6 2009 Elfiq Networks. All rights reserved 2

1. Executive Summary Internet uptime for organizations has become critical in the past decade, and failures and saturation are the two key issues that must be dealt with in this context. Solutions have evolved over the years to provide the ability to manage multiple ISPs concurrently in many forms, delivering mixed results depending on the approach. This document outlines Elfiq s innovative Layer-2 integration model that meets and exceeds organizational requirements for maximum uptime and complements the Building Smarter Networks white paper available at. 2. Overview of the Problem The ability to manage multiple concurrent ISPs has evolved considerably in the past decade, where routers were the devices commonly used to handle this task. Routers in this context would use two carrier links connected through the Border Gateway Protocol (BGP), making it costly, complex and out of reach for most small to medium sized organizations, and requiring ISP collaboration to deliver a complete project. It is worth noting that not all ISPs offer their customers BGP capabilities. This method is still in use today, but many organizations have moved away from it for the reasons mentioned above. One has to consider that BGP has been designed for connectivity between carriers and large data depots, not the average business. BGP is also maintenance intensive, where routers have to be tested on a regular basis, often manually, to ensure maximum uptime. Security is also a serious concern, where security issues that can be exploited by the black hat community are found on a regular basis, requiring vigilance from BGP administrators. A new class of devices was designed to meet this new customer requirement: Link Balancers. These devices enable any organization to utilize multiple concurrent carrier links by using NAT (Network Address Translation), thus simplifying the task for telecom and network managers and creating an opportunity for organizations to utilize any ISP link without requiring ISP collaboration. These new devices were designed with the idea of migrating the WAN infrastructure to the requirements of the unit, under the operating principles of the 4 th layer of the OSI networking model. This approach means that downtime has to be planned accordingly, since link balancers act as proxies on the network for Internet access. Following are the key issues organizations need to be aware of: - WAN downtime required to install these products can be costly and is a source of errors that can cause more downtime to the organization since a temporary network must be put in place to accomplish the task of network migration. - Layer-4 products terminate sessions by themselves and restart them, causing traffic performance degradation. - If not designed correctly, Layer-4 devices do not support session persistence, causing sessions to break due to the fact they change ISP links during transactions between endpoints. Some examples of commonly found issues include: o HTTPS sessions cancelled because cookie s source IP destination has changed o SIP VoIP sessions cancelled because source destination has changed and control session cannot recognize the new ISP link used o FTP sessions cancelled because control session has changed IP address. 2009 Elfiq Networks. All rights reserved 3

- Layer-4 products require an IP address on each port used, which introduces two concerns: o For the most part, Link Balancers are Linux-based, and if the product used has an exploitable IP security defect, the Link Balancer can be compromised and used to gain entry to the network through an unplanned entry point. In a nutshell, Layer-4 devices are an improvement over the BGP approach and enable accessibility but introduce a new set of management concerns that need to be addressed. 3. Layer-2 Design Principles Elfiq Networks founders planned the product architecture differently after reviewing available products and methods on the market and took a fresh new approach to bringing ISP link management to organizations. Aiming for wire-speed performance, a simplified non-intrusive approach and enhanced security, the core design is based on Layer-2 interceptions of inbound and outbound traffic circulating on the Elfiq Link Balancer. The main product architecture design item is the Primary Link concept. To operate in a true transparent inline fashion, adding the Elfiq product must not cause any WAN design change, and the unit will act as the original ISP link prior to installation of the Elfiq unit. That way, no gateway or router reconfiguration is required to deploy the Elfiq Link Balancer. Should the Elfiq product be removed from the environment for any reason, the only action required to return the network to its previous state is to connect the original ISP router to the corporate firewall. This level of simplicity is unique to Elfiq Networks. When handling traffic between the ISPs and the Elfiq Link Balancers, the ISP s router/modem (known as a GMAC or Gateway MAC) is used to handle the traffic as the unit operates on the 2 nd layer of the OSI model. The Elfiq Link Balancer needs to know the router/modem s Ethernet address (MAC address) to communicate and perform its balancing tasks, contrary to the router/modem s IP address as is the case with Layer-4 Link Balancers. In a context where two ISPs for two firewalls are merged, the same principles apply where the unit can support two primary links. This is commonly found in environments where bandwidth previously used independently by two systems is merged onto an Elfiq Link Balancer. 4. Layer-2 Key Benefits Elfiq s Layer-2 approach has significant benefits over other methods of handling ISP circuits, including: - Primary Link: There is no need to modify the configuration of the existing network components to integrate the unit into the network, minimizing deployment and operating costs, downtime and, most importantly, risk while deploying the device. 2009 Elfiq Networks. All rights reserved 4

- Firewalls do not require a separate or duplicated set of rules per ISP, simplifying the process of deploying a Link Balancer - Security: The Layer-2 approach means the Elfiq Link Balancers do not have IP addresses on their WAN ports. With this approach, security threats and scans will not be able to detect the Elfiq unit, and the firewall device will respond. This removes a security component to be managed as part of the infrastructure. - Lower costs: Besides the simplicity of the Primary Link, no additional IP addresses need to be acquired to deliver the unit s capabilities. - LAN Failsafe: Another exclusive Elfiq feature, this enables the unit to act as a bypass relay should it lose power. (see section 5) - SitePathMTPX: seamless point to point resilience without endpoint reconfiguration (see SitePathMTPX white paper on ) 5. Layer-2 Benefit: Maximum Uptime on Single Units or Failsafe s Failsafe An often unplanned source of downtime is equipment failure what if the Link Balancer fails? This is a common strategic mistake, and it is not often taken into account that if the bandwidth management device fails, the entire organization loses access to resources. Elfiq s products have no moving parts except for fans (gigabit-capable models only) and have an average mean time between failure of seven years to ensure that customers have the most reliable equipment possible, but equipment can still fail. Elfiq Networks is the only vendor with a strategy to address this critical issue, either via the use of high-availability units or the use of the LAN Failsafe feature. High-availability units are the preferred uptime strategy, but many organizations do not have the budget for two units, and this is where LAN Failsafe becomes critical. All models in the E Series and the LB-3000 include this feature, which consists of a pair (or more) of bypass ports. In the event the Elfiq Link Balancer loses power, two ports will become a closed relay, which will enable traffic to flow to and from the Internet to the firewall(s) until the problem is solved. When a power failure occurs, the firewall and router of the Primary Link will resynchronize their ARP tables to restore connectivity between the gateway(s) and the Primary Link(s), restoring the flow of traffic as it was prior to implementing the Elfiq Link Balancer. This innovative feature means organizations that cannot purchase high-availability units can enjoy maximum uptime on a budget. It is worth noting that when the Elfiq Link Balancer loses power and LAN Failsafe is enabled, all balancing functions are inoperative. 2009 Elfiq Networks. All rights reserved 5

6. Layer-2 Benefit: Point to Point Resilience When multiple sites are connected through VPNs, and Elfiq Link Balancers are present at each endpoint, the SitePathMTPX feature may be used to further enhance connectivity. Since Elfiq s Layer- 2 approach does not require any modifications to gateways such as VPN servers, ISP multiplexing can be enabled in the same context for uptime and performance enhancement. Please refer to the Elfiq SitePathMTPX white paper on for further details. 7. Layer-2: Elimination of Points of Failure and Return on Investment One of the main benefits of Elfiq s Layer-2 approach is the ability to reduce points of failure and thus significantly increase return on investment on a bandwidth management project. The following points are addressed by Elfiq s innovative approach: 1. Seamless transparent integration: Since no WAN device migration is required, the risk of error planning and deploying the project is significantly reduced. 2. The use of multiple concurrent carriers will prevent downtime and enhance performance if planned properly, and the Elfiq product will not require reconfiguration of ISP links or the collaboration of ISPs. 3. LAN Failsafe: Should the Elfiq Link Balancer lose power, connectivity to the Primary Link is restored in seconds, ensuring uptime while the issue is handled. 4. Use of low-cost ISPs: xdsl or cable modems are handled by Elfiq s products and generate significant cost savings while delivering incremental throughput. 5. VPN Resilience: SitePathMTPX will keep VPN tunnels running even when an ISP failure occurs, without having to restart the VPN tunnel. 6. Compatibility: Elfiq s Layer-2 approach enables universal compatibility with other products such as WAN accelerators and traffic shaping devices. 8. Conclusion Elfiq Networks creative and innovative Layer-2 implementation to deliver bandwidth and ISP management provides an unprecedented level of connectivity, simplicity and uptime, which other platforms cannot achieve. While delivering superior technological value, the cost savings and return on investment generated provide a positive experience for any organization requiring incremental bandwidth and the use of multiple ISP circuits. 2009 Elfiq Networks. All rights reserved 6

Produced by Elfiq Networks Elfiq Networks is a technology leader and innovator in the field of WAN link management and balancing. With successful installations in over 50 countries, Elfiq s Link Balancer products help organizations of any type and size perform more competitively every day with the ability to use multiple Internet and private links easily and securely. For more information on Elfiq Networks products and technologies, please contact: Elfiq Networks 1155 University, #712 Montreal, Quebec, H3B 3A7 Canada Telephone: 888-GO-ELFIQ / 514-667-0611 Internet: Email: info@elfiq.com June 2009 Copyright 2009, Elfiq Networks (Elfiq Inc.). The contents of this document are protected by copyright. Any modification of this document, in any shape or form, is prohibited. Any redistribution, publication or derivation of the contents of this document without written authorization from Elfiq is also prohibited. All rights reserved. 2009 Elfiq Networks. All rights reserved 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information