More load balancing woes on the RV0x

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by pablito, Oct 28, 2006.

  1. pablito

    pablito Network Guru Member

    More load balancing woes on the RV0x (fixed)

    This load balancing thing is a real problem. I finally installed the RV082 at a location with a cable modem and ADSL. The basic functions including VPN, port forwarding, and QOS are working great. The speed is wonderful. However, session based activity including this site isn't right. I login and a moment later it appears I'm not logged in. Back and forth it goes. If I bind every protocol that this would affect to one port I won't have any load balancing or failover at all.

    Anyone have another trick or workaround that might work? I wonder what happens if I make two protocol bind rules for each protocol port, one for each WAN port. I suspect I'll be stuck on that one port (1st one in the list) but would it failover to the other WAN port when the first port goes down? I wouldn't mind giving priority to one port or the other but if it doesn't failover to the other then this isn't going to cut it.
  2. pablito

    pablito Network Guru Member

    Quick update.
    Creating a protocol bind rule twice (one per WAN port) doesn't do much, it goes to WAN2 no matter what order I set.

    However, binding to one WAN port and then bringing that port down does in fact cause the traffic to continue over the other WAN port. That at least allows me to set priority to one port and still have failover protection. I can for example login to this site without appearing to come from two IPs. I'm not getting the full benefit of load balancing but at least I still have failover and can make use of both ports. I'll live with that for now.

    {as he wipes egg off face and goes out for actual food finally}
  3. d__l

    d__l Network Guru Member

    I'm surprised that you have so much problems with the load balancing without resorting to binding. With dual DSL, I see nothing of the sort that you are experiencing. Perhaps there is something about balancing two different broadband types that is sensitive to the differences such as latency.

    What are the speeds of the connections? Did you enter the connection speeds into the router at the same ratio?
  4. pablito

    pablito Network Guru Member

    Load balancing RVx fixed

    Without doing any binding there are all sorts of problems with certain kinds of activity. An easy example is using this very linksysinfo forum. The default load balancing causes you to appear as logged out on alternating page refreshes. If you are *not* seeing this problem then I would guess that you have "remember me" checked and/or your login name and password saved in the browser. I don't save passwords. A bank login could be a problem as well.

    I now have my rules setup that are working very well. By simply binding to one port you are setting a "preference" to that port but you still get fault tolerance. No more double login and session problems.

    The different ISP types aren't an issue. That is working very well.
    An overview of my setup at a small business that has net to net VPNs, client VPNs, VOiP, and serves a small web and email server:

    10M/700K cable modem - WAN1
    5M/800K ADSL - WAN2
    bandwidth settings to match.

    Bind SMTP to WAN2 (WAN1 ISP blocks SMTP)
    Bind VOiP to WAN2 (will failover to WAN1)
    Bind internal desktop IPs to WAN1 (will failover to WAN2)

    net to net IPSEC VPNs over WAN2 with failover to WAN1.

    Inbound serving (SMTP & HTTP etc) on WAN2.

    QOS high priority to VOiP and client based VPNs (NAT-T). Low priority to SMTP (internal server handles mail queue in/out).

    Firewall rules for good protection.

    This is all working very well and I get a good balance of WAN port usage and good fault tolerance. I'm getting the full speed from both ISPs. I was able to load up both WANs at the same time to the advertised maximum limits and still had perfect VOiP and VPN performance.

    Long night but I'm happy now...
  5. moi2

    moi2 LI Guru Member

    Looks great - A little envious at my end.

    Do you get any issues with VOIP calls dropping at all? Or do you listen to online radio and does that drop and need reconnecting while you have load balance configured?
  6. pablito

    pablito Network Guru Member

    I wish I had this setup too... That 10M cable modem service actually gets 10M. The DSL gets the 5M/800K as advertised.

    So far no problem with VOiP even during a large download over either WAN. Since there are two VOiP units I don't use forwarding or port triggering, the units do a keep alive. I do a port binding for the VOiP IPs to use WAN2 and a QOS of high priority. WAN2 is also the port I use for net-net VPNs and for inbound web and email serving. I do a port binding for SMTP to WAN2 for the outbound mail.

    The desktops port bind to WAN1 and a QOS of high priority for their point to point Cisco UDP based VPNs. This way if they are enjoying the 10M download speeds it won't slow down the work they are doing over VPN or drop the VOiP calls.

    So far it works very well. Things that are still not perfect:
    DHCP, the options are too limited so I use an internal server for DHCP serving.
    DNS resolution for clients is too slow and doesn't cache well so I use the internal server for DNS.
    SNMP, my mrtg config file becomes invalid whenever a WAN or VPN changes or the unit is rebooted. This makes it pointless to gather long term traffic analysis.
  7. zorglubxx

    zorglubxx Network Guru Member

    I load balance two 20M connections, one cable and one adsl. I did have to bind the ip address of my bank's web site to one WAN port but I think that's because when it was going through the adsl connection my modem was having problems with ssl and nat. Otherwise I dont have problems with sites like this one but it's true that I do use the remember password feature. Never had problems with Skype which I use all the time or the different messenger services. Sometimes AOL tells me I was logged on from one ip and now from another but it just switches over by itself. Otherwise quite a nice router. I wish there were a few more dns options though.
  8. d__l

    d__l Network Guru Member

    Well it sounds like you aren't really having a load balancing problem as much as a non-automated, site authentication problem. The router may be handling the load balancing as it is supposed to, but your browser isn't authenticating automatically because you chose not to do so.

    Other load balancing routers have methods other than WRR load balancing that might work better for you.
  9. markn455

    markn455 LI Guru Member

    I am unable to get my RV016 to handle VoIP properly with both WANs active. Any guidenance on how to configure the binding or whatever to get VoIP to always use the same WAN port? It keeps dancing around causing some calls to work and others to have one way audio etc.
  10. pablito

    pablito Network Guru Member

    Determine the ports used on your VoIP and bind them to the desired WAN. That has worked for me for several months now. A few posts up is what I did, the post is a bit outdated now but would still work.
    (my VoIP uses UDP ports)
  11. markn455

    markn455 LI Guru Member

    This is what I need to try. Did you do all the ports or just the 5060? If you can let me know a couple of the settings . I am not certain where you do the binding. Any clue?
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice