Configure RV042 For Use In Data Center with 2 Servers

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by MarlboroMan, May 1, 2007.

  1. MarlboroMan

    MarlboroMan Network Guru Member

    I am looking for some advice on the best way to configure my RV042 for use with two servers that are going to be use in a data center type environment to host gaming servers. In the past I have had issues with the servers being hacked, so this time I around I would like to put a RV042 in front of them. I will manage the RV042 remotely. I also would like to be able to use Windows RDP to manage the servers.

    Both servers have dual NICs and I would like to continue to use them separate so that I can host two gaming server sessions per server, per static IP address. So each NIC will have a separate static local IP and be plugged into the RV042.

    I will use the port forwarding function of the RV042 to forward the correct TCP/UDP ports to the correct static IP address for the server. I would also want to configure the RV042 to be able to port forward RDP to the correct server as well.

    When it comes to the configuration of the RV042, I have two options. I can either get two IP addresses from my hosting company and configure the RV042 to load balance, or I can go with using just one port. How well would the load balancing work in a configuration like this? Would the performance of the load balancing give the servers more throughput and better performance? How stable is the load balancing on the RV042 and how well does it really work?

    In the end I need something that is stable, high throughput, and is reasonably secure.

    I welcome your thoughts and suggestions. – Thanks!
  2. ifican

    ifican Network Guru Member

    Someone that owns an RV will have to tell you definitively however, i have heard a lot of rumblings that the load balancing feature just plan doesn't work well.
  3. pablito

    pablito Network Guru Member

    Load balancing isn't exactly the cat's meow but can be useful. It is however about the internal users balancing the load. It isn't about inbound connections to the servers.

    Balancing inbound connections does work just fine and doesn't involve any tricks on the router. It is really a DNS trick. Create a DNS entry that points to two or more IPs (your two public IPs). Users will then get one IP or the other on a round robin basis. This balances the load across the two WAN ports.

    So, would resolve to & (your WAN port IPs).
  4. MarlboroMan

    MarlboroMan Network Guru Member

    So, in my situation this really isn't going to buy me anything.

    If each server has two NIC, two public IP addresses, and is hosting two gaming servers, each gaming server has their own denicated IP address and NIC, so in this situation that is going to yeild the best performance.

    After a discussion with my hosting guys at the data center today, I am not sure that I am going to get any better performance adding the RV042 to the configuration. In fact the RV042 could be slowing things down a bit, depending on what kind of performance you can get out of it under heavy traffic.

    They are telling me that as long as I use a good software firewall and lock everything down, I should be ok and get the best performance.

    In the end these gaming servers do a lot of bandwidth, so performance is the issue. I just figured that with the load balancing of the RV042, it would give me protection and performance. I am starting to think that this might not best route to go.
  5. pablito

    pablito Network Guru Member

    A hardware firewall trumps a software firewall every time. Why slow down the server with firewall duties? Just lock it down as any server should be and let a real firewall do the access.
  6. MarlboroMan

    MarlboroMan Network Guru Member

    It would have a lot of port forwarding rules which could slow the RV042 down? Right??
  7. pablito

    pablito Network Guru Member

    Not really. that is what the firewall is built to do. Of course you need to setup the rules in the best way. There are multiple ways to achieve the same result. Having the server analyze each packet (software firewall) will slow the server down. A real firewall should be able to handle reasonable work, if it can push data faster than available bandwidth then no problem. If your bandwith on the WAN side is 100MBs then perhaps you'll have issues but normal bandwidth should work just fine.
  8. MarlboroMan

    MarlboroMan Network Guru Member

    Okay, that is what I needed.

    I will give it a try with the RV042 and see what the performance is like.

  9. YeOldeStonecat

    YeOldeStonecat Network Guru Member

    2x NICs won't give you any performance advantage for a game server.

    I've built, and run/supported, quite a few game servers. And I don't mean little home rigs that run a server for 10 from a home connection, I mean honking game servers that sit in a data center of a fat connection running many games at the same time.

    A single server grade NIC is fine. I mean a good upper end Intel Pro, or 3COM 990svr or higher NIC. A NIC you'll find on a server motherboard, or purchase for over a hundred bucks. It will run circles around a 19 dollar desktop NIC. Easily handle the high concurrent load.

    The last game server I was running...just a duallie P3....she ran 3x Battlefield servers at the same time. bf'42 vanilla, Desert Combat, and BF Vietnam. At times she' be hosting nearly 100 players total...and pushing over 12 megs solid through the NIC under full load.

    SCSI hard drives, far superior concurrent use performance and low CPU utilization.

    Your operating system should be stripped of most of the services, unbind networking services from TCP/IP, have very strong Administrator password. A default install of Windows Server will load TOO MANY services which you do not need. You can disable many of them, which not only helps secure your server, but it will run lighter. You don't need or want IIS for example. A game server should do nothing but serve up games. This is your biggest safety net...I've had a few servers hang out there wiiiiiide open in this setup. Long as they're stripped down and locked down..they can be quite secure.

    Server grade low system impact antivirus, such as NOD32.

    Open/port forward only the minimum of ports necessary to make your game services available to the public, and for your remote access programs. (RDC and usually a second safety backdoor like UltraVNC)

    Many data centers will customize ACL's for your servers anyways. That Cisco 7200 router your server may be behind will have the horsepower, and you don't need another NAT to be behind. So ask them. I'd never...ever..want a system performance killing software firewall on a gaming server.

    You don't even want to consider load balancing. Game are session based. New IP...everybody is dropped.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice