General discussion

Locked

What's your experience with Internet loadbalance appliances?

By DXW ·
We have two diff. ISP connections, using three old Cisco 2500 and 2600 routers -- one for each ISP and a third as the loadbalancer behind the two edge routers. It has worked quite well except that
1) it doesn't detect brown-outs and high
latency
2) it doesn't detect a failed link further upstream inside a carrier network.

I am looking for a smarter, low-cost, hardware solution right now. Beside buying higher-end Cisco and implementing their more complex
protocols, I am also considering Linksys RV-082, Astro Corp Powerlink Pro50, Zyxel Zywall 70, xincom XC-DPG502 Twin WAN Router, Alvaco
OPTIQROUTE 2120. Some of these are 200-300 bucks and some at around 1000.

Does anyone has any experience with these devices? How effective is your device in detecting brown-outs and remote link failures? How reliabe is your device?

Any comment will be greated appreciated!

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

hummm

by CG IT In reply to What's your experience wi ...

where have I seen this question before? ah a lurker.

anyways, truth ? RV042 router. the RV082 has to many LAN ports that you end up using it as a switch.

how did you hook up 2500 routers to ISP connection? the serial ports which are the WAN ports aren't ethernet ports and most ISPs will bring in their service via ethernet. The 2600 modular I could see with their ethernet WIC installed but then why use it? Its a pain in the butt to configure the IOS and Access rules.

Dual WAN on load balancing ? naw! you don't gain additional bandwidth like they advertise. Dual WAN for fail over redundancy not load balance.

There are quad WAN routers out there but to me that's just foolish to hook up 4 DSL lines and try to load balance. Might as well get a large pipe T1 or fractal T3.

last but not least failed link upstream? you mean on your side or the ISP side? no router on your LAN is going to detect a bad or high latency router upstream from your network unless you let it talk with outer routers outside your LAN and if you let your router do that with RIP then I can see why you've got slow connection.

Hey, maybe someone tries a DoS attack periodically on your network. Might consider putting Snort on the WAN link to see what's going on.

Collapse -

It's not as bad as you think

by DXW In reply to hummm

Yah, I am a lurker. I was one of the very first members but didn't visit frequently enough to remember my original account and hence no contribution so far (

The set up has worked quite well for us having a AT&T T1 and Timewarener highspeed cable. It happened at least 4-5 times in the past three years when a connection to an ISP was completley lost due to bad weather, bad T1 card, or a big specialized truck ripping the overhead cables off. We never lost our Internet connection because of the redundancy.

Loadbalance is of course not optimal due to the fact that these are two different ISPs with different public IP ranges assigned to us. We couldn't do BGP with our own public IP because we were givenn just a Class C network. However, our Cisco routers are able to "quasi-balance" between the two ISP connection by source-destination pairs. So we do double our bandwidth, except that each application/connection can only take advantage of pipe size of whatever ISP it is switched to. And without higher-end routers and netflow, it's hard to track who goes out through where.

The reason we didn't get a large pipe T1 is because of the more stringent redundancy requirement for diff. ISPs and cost. What we are paying for the T1 and Cable right now is under $1000/month. You can't beat that for a medium-small size company who is very conservative in budgeting.

As to the poorman's internet setup, a 2620 with T1-DSU WIC is connected to AT&T, a 2515 is connected to Timewarner on E0, and a 2514 sits behind them as the loadbalancer using an Ethernet conn. to 2600 and a serial to the 2514. We are a Cisco shop so IOS and protocols config is not a problem.

Performance-wise, we have sporadic problems on our cable side upstream from us, which affects half of our connections when it happens. Cisco has features called Object tracking and Optimized Edge Routing that will probe and track remote router and destination performance through ICMP and connection statistics. But I am always open to a lower-cost solution.

We do have SNORT on the outside and inside and Cisco ASA5000 as firewall.

Collapse -

Dual ISP loadbalancing

by jeremy In reply to What's your experience wi ...

I have achieved loadbalance using a Draytek Vigor 3300 hooked up to 2 standard ADSl router modems (3com Officeconnect).
The Vigor is in the ?300-4000 range.
It works fine but is obviusly cumbersome.
DO any of the solutions you are considering do this all in one box?
THanks

Collapse -

No. Because we have two different ISPs

by DXW In reply to Dual ISP loadbalancing

We have to use each of their address spaces. I tried dual NAT on a single Cisco router. It wouldn't work because if a PC to connecting to a destination through ISP A using ISP A's assigned adderss, when ISP A goes down, the same session will go through ISP B still using ISP A's address. I decided on the three router topology simply because of the low cost on used Cisco devices.

Collapse -

Another solution to dual WAN links for internet

by jfarrell In reply to What's your experience wi ...

We use a single Enterasys XP2400 switch router and have it connected to three dedicated WAN T1 links to our ISP. We have the XP2400 setup with ethernet port which are VLANed for our DMZ traffic that goes to our firewall inside interfaces and then ports that are VLANed for the outside interfaces to our firewall outside leg. The serail ports to the T1 WAN lnks are setup to do a gatelist which allows traffic to be handled by flow (source address) to each of the assigned interfaces that connect to each of the three assigned serail ports on the XP2400. The gatelist performs a round-robin which does evenly load-balance the traffic between each of the serial ports. If we lose any one of the T1 lnks the traffic is passed to one of the other active T1 links and the connection to the user is not lost. I have tested this by pulling down a 140meg web download from one of our vendor support sites and then I intentionally killed one fo the T1 WAN links to see how the traffic was handled. It switched over to one of the other T1 WAN links automatically with no loss of data or broken connection.

The beauty of this was that we just assigned the IP address to the interface for each T1 that our ISP gave us and then added the gatelist option which lets you add the gateway address to each of the serial interface addresses and that was pretty much it. The whole programming process in the Enterasys XP2400 took about 8-10 minutes total and I was done. No convoluted Cisco commands ,and the gatelist option minumizes the latency in handling the traffic in and out of the WAN serial ports because we have it setup to handle traffic by flow and not by every single packet. In the Cisco world our ISP wanted us to setup using Cisco defaults which is by my understanding per packet. What this means is that with per-packet, every single packet is sent out a different WAN serial port in a sequential order. This means a lot of work for the CPU having to build flows for every packet and a lot of highly unnecessary latency and traffic overhead.

But with our Enterasys gear it is done on a per flow basis, meaning that it takes the source IP address at the start of the session and puts that info in the source address table when the each session, FTP, or other download starts. Then it keeps you on the same WAN link until you start another session which builds another flow. It makes a big difference in the amount of CPU not being used to build flows all the time.

As for the multiple ISPs, I think that it is well over-rated to have two different ISP providers. It is not usually the ISP that fails but the connection to the ISP. It is all a matter of how you request your multiple WAN links to be provisioned. You need to request diverse physical paths and ask that your WAN links are not provisioned in the same common telco central office equipment between when it leaves your location until it gets to the ISP routers.

Most decent ISPs can provide you with this for no additional cost. It is just a matter of how they work the order at your request. On my companies ISP provider there is no common T1 WAN facility failure point and we requested the circuts to be ordered that way. Since we have redundant paths into our building and the other end at the ISP has redundant equipment then we have minimized the chance of a total internet outage, barring a major catastrophe at out ISP which is not likely given the architecture of the ISPs network.

In any case, there are better and easier solutions out there to a convoluted Cisco arrangement. And by far for much less money out of you or your companies pocket. I wish I could speak to the other devices you mentioned but I have not used them so I do not want to provide you with any mis-information. I hope the above helps in your future planning. The main idea here is to keep it as simple as possible and not cloud it up with a huge amount of special proprietary configurations like in a Cisco environment.

Regards;
Jim

Collapse -

What a wonderfully detailed solution

by DXW In reply to Another solution to dual ...

Appreciate the great details. We use Cisco because it's our defacto standard for equipment here and we have in house Cisco knowledge and thus feeling more comfortable with it. However, we are very frugal too. That's why we are looking for and comparing low-cost solutions :))

We originally intended to choose two different ISPs because of redundancy concern. You brought up a good point that it can be practically achieved through redundant paths to the same ISP. At the present time, we only have one entry point and one CO for AT&T in our area. We went with TimeWarner also to save some additional dollars at that time.

Cisco does loadbalance either per packet or per flow (Source-Destination pairing). This is handled through Cisco Express Forwarding. I have not seen significant CPU usage for it yet. Beside the ramifications of per packet, we have to use per flow because of NATting for two different public IP rangers.

Thanks a lot!!!

Collapse -

Load Balancing Solution-PepLink

by anilkool In reply to What's your experience wi ...

Here is the ideal solution i have seen in use..from PepLink,HongKong. www.peplink.com

Its low cost and higly reliable and good features and have a local distributor in India too..LUMINALTO-BANGALORE(ANIL CELL 9886177725) with their HO at Hyderabad.

Chk it out..

Collapse -

Try this vendor.

by r_reid In reply to What's your experience wi ...

Try Multi-tech.
They have some experiance with what you are looking for.
They have a line of hardware that just might meet your requirments.
Also when you go to check out the hardware, give them a call and request a tech.
Hope this is helpful.

Collapse -

Thank you for recommending these other solutions!

by DXW In reply to What's your experience wi ...
Back to Networks Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums