Editor’s Note: We often get asked if our NetEqualizer product line can do load balancing. The answer is yes. maybe if we wanted to integrate in one of the public domain load balancing devices freely available. It seems that to do it correctly without issues is extremely expensive. In the following excerpt, we have reprinted some thoughts and experience from a user who has a wide breadth of knowledge in this area. He gives detailed examples of the trade-offs involved in bonding multiple WAN connections.
When bonding is done by your provider it is essentially seamless and requires no extra effort (or risks to the customer) . It is normally done using bonded T1 links, but also can come in the form of a bonded DSL. The technology discussed below is applicable to users who are bonding two or more lines together without the knowledge (help) of their upstream provider.
As for Linux freeware Load Balancing devices. They are NOT any sort of true bonding at all. If you have 3 x 1.5 Mbit lines, then you do NOT have a 4.5 Mbit line with these products. If you really want a 4.5Mbit Bonded line, then I’m not aware of anyway to do it without having BGP or some method of co-ordinating with someone upstream on the other side of the link. However, what these multi-WAN-routers will do is try to equally spread sessions out over the three lines so that if your users are collectively doing 3Mbit of collective downloads, that should be about 1Mbit on each line. For the most part, it does a pretty good job.
It does it by a fairly dumb round robin NATing. So, it’s much like a regular NAT router – everyone behind it is a private 192.168 number (which is the 1st downside) – and it’ll NAT the privates to one of the 3 Public IP’s on the WAN ports. The side effect of that is broken session, where some websites (particularly SSL) that will complain that your IP address has changed while you’re inside the shopping cart or whatever.
To counteract that problem, they have ‘session persistence’ which tries to track each ‘Session Pair’ and keep the same WAN IP in effect for that ‘Session Pair’. That means that the 1st time one of the private IP:port accesses some particular public ip:port, the router will remember that and use that same WAN port for that same public/private pair. The result of this is that ‘most’ of the time, we don’t have these broken sessions, but the downside of this is that the fairness of the load balancing is offset.
For example, if you had 2 lines connected..;
- User1 comes to speakeasy and does a speedtest – the router says ‘speakeasy is out WAN1 for evermore’.
- User2 comes and looks up google, and the router says ‘google is out WAN2 for evermore’
- User3 goes to Download.com and the router decides ‘Download.com is on WAR1’.
- User4 goes to smalltextsite.com (WAN2)
- User5 goes to YouTube (WAN1)
And so on. With session persistence turned on, User300 will get SpeakEasy, Download.com and YouTube across WAN1 because that’s what it originally learned to be persistent about.
So, the tradeoff is if you don’t use the session persistence, then you’ll have angry customers because things break. If you do use
persistence, then there may be an unbalancing.
Also, there is still some broken sites, even with persistance on. For example, some online stores have the customer shopping at www.StoreSite.com and when they checkout it transfers their cart contents to www.PaymentProcessor.com, which may flag an IP security violation. Any time the router see’s different IP’s out in the public side, it figures it can use a new WAN port and doesn’t know it’s the same user and application. There are a few game launchers that kids load a ‘launcher’ program and select a server to connect to, but when they actually click ‘connect’, the server complains because the WAN addresses have changed.
In all honesty, it’s works quite well and there are few problems. We also can make our own exception list, so in my shopping cart example, we can manually add ‘storesite.com‘ and ‘paymentprocessor.com‘ to the same WAN address and that’ll ensure that it always uses the same WAN for those sites. That’s requires users complain first before you’d even know there’s a problem, and requires some tricks to figure out what’s going on, but the exception list can ultimately handle these problems if you make enough exceptions.