1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RV042 load balancer in front of web server issues

Discussion in 'Networking Issues' started by tomt84, Feb 26, 2007.

  1. tomt84

    tomt84 Guest

    Hi all

    We have an RV042 loadbalancer connected to our two ADSL connections.

    We host some servers, including a web server (MS IIS 6.0 on Windows Server 2003) behind the load balancer. One of those servers serves as our NAT gateway, which our office LAN is behind. Those servers all talk to the load balancer via 1:1 NAT, which appears to work fine.

    However we've run into a performance issue, which I suspect is down to the load balancing arrangement. It only affects certain remote client sites, not all.

    Let's say the client has a WAN IP of 1.2.3.4, and our two public IPs are 2.1.1.1 and 3.1.1.1 (from two different ISPs).

    The client does an HTTP GET to our website, which resolves to 3.1.1.1.

    The webserver sends a reply back to the client. Now I have a feeling that this reply is being sent out from (and with a source IP of) either 2.1.1.1 or 3.1.1.1, randomly.

    Depending on the behaviour of the client's firewall/router/NAT, it is either associating these packets with the wrong source address with the session and accepting and forwarding them to the client, or not associating them and dropping/rejecting them.

    In the former case, there is no performance penalty and the site works as expected. In the latter case, performance is horrible as the client waits for a timeout and retransmission with (by chance) the correct/expected source IP address.

    On the test sites we have available, sites with linux boxes as NAT routers seem to have the former behaviour, but sites with residential gateway type boxes (eg linksys wag354g) have the latter behaviour.

    Is there a known fix here or are we just going to have to ditch the RV042?

    We need the RV042 for VPN endpointing too (again, this is a bit of a hack because we need the VPN to terminate on the inside of our office LAN, but as-is it terminates out in the 1:1 NAT subnet, which is tricky). Any suggestions here?
     
  2. d__l

    d__l Network Guru Member

    I don't think your suspicion is correct. None of the RV series routers have inbound load balancing.

    I've never tested on an RV042, but on an RV082 if the HTTP GET arrives on 3.1.1.1, the reply will leave on 3.1.1.1. So with a DDNS hostname pointing to a second WAN, you will limit all return traffic to that WAN connection. I use this as a "feature" and not a handicap to to keep external accesses to netcams on line 2 from interfering with the speed of outbound connections on line 1.
     

Share This Page