RV082 load balance theory

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by mopiko, Mar 10, 2009.

  1. mopiko

    mopiko Guest

    I was just wondering if anyone can fill me in with a couple of doubts.

    We all do know that the real load balancing technique is by using the complex BGP methods correct?

    I would like to know if u know the technology behind linksys in making this happen. Is it a purely hacked? if so, in what ways?

    I was wondering if the linksys RV082 does load balancing via per-destination or per-packet round robin.

    Really curious to know whats the theory behind it.
    If u can help out.

    Sorry for taking your time
  2. aver5

    aver5 LI Guru Member

    load balancing on RV082 is crap even I use rv082 ( 15 installed) ...
    it is based on round robin so you can't use it with protocol like ssh https etc ...
    and aslo some http application
    you can only block some node on your lan to a specific wan or all lan for a protocol to a specific wan . but it's sound bad when a link fall down and some protocol are mapped on it
    the only solution about load balacing that I know working is "persistant" session :
    it's work nice if you have lot off nodes on your lan ... each connection from a node to a remote site is made via a wan interface ( depending %use at the connection ) thsi connection stay on this interface until is closed
    so it's not a total dynamic load balancing but more you have node and connection from lan to wan better is your load balancing.
    unfortunately Linksys don't choose this kind of strategy on they RVXXX routeurs
  3. d__l

    d__l Network Guru Member

    I don't know why people keep saying that the RV082 can't handle ssh https. I've NEVER had one problem with an https connection through dual DSL lines.
  4. mcato

    mcato LI Guru Member

    Here's an example of the problem and a weak work-around suggested elsewhere in the forum.
    1. A users starts a HTTPS session with a bank, payroll processor, etc. For sake of argument lets say the RV0xx is currently using WAN1.
    2. In the middle of the session, the RV0xx decides that WAN2 has more available capacity and switches to WAN2, which of course has a different external IP address.
    3. The website determines that the session is now from a DIFFERENT originating IP and treats it as a security breach, or maybe just gets confused. The result is the website shuts down the session, usually with messages that are cryptic to the number-crunching user who started the session (but that's a different story).

    A workaround:
    Bind all HTTP/HTTPS traffic to WAN1. Of course, if WAN1 goes down, no one gets internet access and they wonder why they're paying for two ISPs.

    Amplifying aver5's concern, the RV0xx load balancing was fine in the days of casual browsing to static webpages. In today's security concious, software-as-a-service era, it is not robust.

    IMHO, the load-balancing algorithm should be:
    1. Determine which WANx port has best capacity an put a session on that port.
    2. Keep a session on the original WANx port until that port goes down, even if the other WAN port gets freed-up capacity.
    3. If the capacity gets poor, the number-cruncher still has the opportunity to log off gracefully (if slowly) from the secure site. They can then try again and the RV0xx can put the session on the WANx port with the higher capacity.
  5. d__l

    d__l Network Guru Member

    mcato, I think most people with an RV082 or RV042 are have heard of the problem and know why in theory it occurs, BUT I also think most installations do not have the problem. IOW, only a few Rvxxx installations have to resort to binding the HTTPS protocol to one of the WAN ports and this isn't a problem for the vast majority of installations, otherwise you would see post after post here complaining about the problem. So I can only conclude that the installations without the problem are operating the RVxxx correctly OR those installations with the problem have defective units.
  6. mcato

    mcato LI Guru Member

    So you're saying since only few are having a problem we should shut up. Not likely. The forums are here to share knowledge which saves others time. The problem exists, it's not immediately obvious, it causes client angst.

    If you don't understand why people keep saying it doesn't work (your post of 04-21-2009, 06:39 PM) try asking questions. For example, in your situation, is one ISP significantly slower than the other, so that a load balancing event is unlikely?

    One simple solution would be for dual-wan failover to NOT shut down the secondary WAN (forces it to in System Summary). This would allow VPN GW-to-GW tunnels to use the secondary WAN (you have to specify a WAN port in the tunnel setup) without causing a problem in determining which traffic goes out which WAN port.
  7. d__l

    d__l Network Guru Member

    No, I'm not saying that anyone should shut up, but that people should explain what they have tried that doesn't work. Most people complain about it, opt out of working for a solution by binding protocols to a particualr WAN port which defeats the purpose of a dual WAN router, and that's that.

    I have completely unbalanced DSL lines at 6016/768 and 768/384 yet my router is always load balancing between the two. So much so that it becomes annoying when downloading a large file and the router selects the slower WAN port when both are free of sessions rather than biasing to the faster line.

    Oh well, the fact is my RV082 works just fine on HTTPS which is the most common complaint.
  8. Sfor

    Sfor Network Guru Member

    I've noticed the problem with https session breaking through the load ballancing quite long after the router installation. Not every https portal is affected, so the problem is not visible at the first sight.

    In case of the RV042 there is yet another nuisance. Both WAN ports can have different DNS servers set. But, the load ballancing sends DNS requests through wrong WAN ports completely ignoring which DNS server is bound to which WAN port. It is necesary to bind certain DNS servers to WAN ports manualy, or to use some provider independant DNS servers, instead.
  9. d__l

    d__l Network Guru Member

    OK! After three years of operation on dual WANs with an RV082, I think I've noticed my first problem with https. This was on a site with no previous problems. The site has controlled access (password) and then you fill out a form and submit it. Submission of the form would take me back to an empty password entry page indicating to me that it was trying to go through the other WAN IP on a different session and that the web site was no longer recognizing me after the session had switched. This happened repeated.

    To solve the problem, I temporarily opened another browser tab to a "simple" website, e.g. one that would open only one session, prior to submitting the form. Once the second WAN had been "committed" to the other web site's connection and been "locked out of" the next browser connection, the form submitted properly through the original WAN IP.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice