This article originally appeared in the Sept. 2011 issue of INTERNET TELEPHONY
We all know data is critical to just about any business. The real question is how to handle business continuity in the event a data connection is lost. While there are myriad ways of handling the loss of a data connection, the simplest method is the usage of a link balancer. A link balancer is a network-based appliance that proactively manages bandwidth from multiple ISP or private links. Should one or more links go down, the link balancer can automatically switch the traffic to the available ISP link(s) until the troubled link returns to normal.
In fact, a link balancer can actually be proactive and perform outbound traffic balancing, distributing traffic across multiple links based on rules you specify. A link balancer can take multiple ISPs from multiple technologies (DSL, T1, fiber, cable) and combine them to ensure business continuity. If there is link saturation or a link failure with an ISP provider, a link balancer automatically will make sure the other ISP bandwidth links are there to take over.
TMC (News - Alert) Labs took a look at the Elfiq LB-800E, a powerful and robust link balancing appliance that was surprisingly easy to set up. To get the best possible real-world experience, we actually hooked up to our production network and configured it to work with our two ISPs and one of our web servers.
Importantly, Elfiq’s line of link balancers support session persistence management because certain types of traffic, such as HTTPS (secure website access), need to have its simultaneous sessions use the same link for cookie compatibility. This does not hinder the ability to balance dynamically this type of traffic, since sessions going to a different HTTPS destination can go over a different link. Elfiq's persistence simply ensures that sessions going to a given destination remain together, on a per-destination basis. Similarly, you can configure a link balancer to use a primary link and only switch to a secondary link if the primary link reached a high utilization threshold that you preconfigured.
In addition to failover and outbound traffic balancing, the Elfiq LB-800E can perform in-bound traffic balancing and failover with no change to your existing internal infrastructure – other than the initial configuration of the Elfiq device, of course. One critical component to in-bound traffic balancing and failover is Elfiq’s Intelligent DNS module. The iDNS module will intercept incoming DNS requests for specific services and balance them according to the selected algorithms and parameters defined. Because the LB-800E knows if a link goes down, it can modify in-bound DNS requests on the fly and point to an alternative IP address. Importantly, iDNS only intercepts DNS queries for records you wish to load balance and provide failover. Any other DNS query is passed on to your existing DNS servers. All you need for failover across multiple links is an IP (ISP1) to IP (ISP2) association for each server you want to failover.
For example, suppose you have a web server www.acme.com whose DNS points to 184.108.40.206 (ISP 1) and you have a backup ISP 2 reconfigured with IP address – 220.127.116.11. Now suppose ISP 1 goes down. When outside clients (browsers, VoIP devices, apps, etc.) try and resolve www.acme.com, the Elfiq device will know that ISP 1 has gone down, intercept the DNS query via its DNS listener, and resolve the DNS to your other data link (ISP2 - 18.104.22.168). That takes care of the external side of things.
On the internal side, the Elfiq device sits between your Internet connections and your firewall so it has the ability to modify the packet to make it appear to the firewall as though it came from ISP 1 even though it came from ISP 2. The packet is then routed by your firewall using its normal rules to reach the destination server or device. When the server responds, it still responds using the same exact default gateway (the firewall). The firewall then sends the response to the Elfiq appliance, which because it maintains session states is able to map the IP address back to ISP 2’s external IP address.
As you can see, this is done keeping your existing network infrastructure the same – no need to manually change default gateways on servers, no reconfiguration of your firewall(s), and no DNS changes required. The beauty of this is that it’s done proactively and automatically by the Elfiq device with no human intervention.
The LB-800E Link Balancer actually checks the status of each ISP link every few seconds to validate its health – essentially probing predetermined outside sites for their availability. When a link stops responding to the tests conducted by the Link Balancer, the link is taken off the list of available links and directs traffic to the remaining links. Importantly, the LB-800E continues to test the unavailable link, and when it becomes available with acceptable metrics, it is returned to the list of available links. During an outage the LB-800E will send e-mail alerts and will also alert you when the link returns to being available. Elfiq Link Balancer events and alerts can be sent to a remote syslog server as well.
Besides failover capabilities, another nice advantage of the Elfiq LB-800E is that it enables the use of multiple ISPs concurrently. Instead of having an idle backup data link you pay good money for, you can use all the links to their maximum limit, enabling your company to benefit from the additional bandwidth.
The Elfiq LB-800E has some powerful customization rules, and you can even modify algorithms based on time of day. Another important feature of the LB-800E is its site-to-site resiliency feature. With a Link Balancer at two sites using Elfiq's proprietary SitePathMTPX feature, communication between those sites is protected against link failures or saturation by using alternate paths to ensure connectivity. Using this feature you can load balance VoIP/VPN traffic over a number of links so your remote offices and users don’t lose connectivity during a link outage. This is all done without changing your VPN appliance or firewall configuration.
The Elfiq Networks QoS feature lets you grant priority to critical data, such as e-mail, VoIP or VPN traffic, and supports QoS DiffServ marking. The quality of service module lets you set policies for ports, protocols and applications, allowing you to give lower priority to non-critical activities such as streaming radio or gaming. Importantly, should one link fail, which means less overall available bandwidth, the QoS module will apply new user-defined rules to the other links to guarantee bandwidth for all critical services. Although we didn’t test this feature, the Link LB offers filtering on IP, ICMP, TCP and UDP (News - Alert) protocols.
The web admin was very easy to navigate and configure the various settings. It has a series of wizards that guide you in the configuration of your device. It also has a batch command screen where you can copy/paste several commands into the screen and execute them all at once. It’s a nice way of quickly changing the configuration or even installing a completely new configuration to the unit. It’s also useful for backups. You can output the current config and then if you need to migrate to a new unit, you can simply paste the configuration into the batch command screen. The Elfiq web page also shows cumulative statistics and SNMP support allows you to pull statistics from the Elfiq device.
The reporting capabilities are pretty good. We really liked the dashboard view, which showed overall bandwidth consumption for each link. You can view current upload/download statistics per link in real time, for the last four hours, the last 24 hours, the last three days, and the last seven days. The built-in probe lets you see active IP sessions’ bandwidth usage on a per link basis; link usage and history; and reports on a per IP address, application/port basis. The probe lets you see the current top 30 sessions (“top talkers”), which you can then sort by column headings, including the link port, top in kilobytes, top out kilobytes, and more. You can also see both the inside and outside IP address for each session and the port number (80, 443, 21, 3389, etc.) to determine traffic type. And you can export the chart data as a .csv file for importing into a reporting package or Excel.
The line of Elfiq Link Balancers lets you choose different algorithms for each traffic flow you want (ACL based), which includes the following algorithms: round robin, weight, least traffic, equalized traffic, order preferred, equalized traffic first within weight, best sitepath first, round trip time (fastest path in ms), and multiplexing. Each method has its advantages. Weight first algorithm is an interesting option. It prefers the lowest configured weight conditional to saturation. In our set up, Optimum (News - Alert) Lightpath fiber was assigned a weight of 2, which is less than weight of 5 for the Cablevision line. What this does is keep all traffic on the primary link and only if the primary saturates (or fails) does it spill over into the Cablevision link.
Significantly, the device has a LAN fail-safe feature. In the event of equipment failure, it allows you to power off the Elfiq and your firewall will still communicate with its default gateway through the inactive Elfiq unit. These ports are labeled in groups of two as bypass on the unit to make it clear that there are actual physical connections between each pair. Depending on the model number, you can have multiple bypass pairs.
During one of our tests, we took one of our ISP links down to see if our test web server would switch over to the secondary link. The Elfiq device sent us an e-mail alert, and we attempted to connect to the web server. Initially, we could not connect, but that was because our DNS has already cached the IP address to the primary (now offline) ISP link. We flushed our DNS cache, and then we were successful in connecting to the web server over the secondary link. It was doing exactly as promised – ensuring business continuity by automatically switching to a secondary ISP link, and we were quite impressed.
Elfiq LB-800E Link Balancer
Maximum throughput Full Duplex: 480mbps
Maximum number of sessions: 64,000
Maximum number of new sessions per second: 12,000
DHCP, PPPoE, Dynamic MTU/MSS support, 802.1Q (vlan)
Speed of network interfaces (mbps) 10 / 100 & 10 / 100 / 1000
Because the Elfiq LB-800E is Layer 2, it eliminates the use of the BGP protocol for link redundancy and eliminates the high costs associated with it. The Elfiq Link Balancer can actively manage sessions between multiple links, it can use all the links concurrently, and can failover between links very quickly. Conversely, BGP is often used to re-route whole ranges of IP addresses, a lengthy process requiring hardware and human resources. The Elfiq Link Balancer saves time and money while optimizing the use of all your WAN/Internet links. The Elfiq Link Balancer can eliminate expensive links by replacing them with multiple less expensive links, without reducing performance and adding in additional redundancy to both. We almost never give perfect scores (5) for every rating, but this is a polished product that is feature-rich and easy to use. We really liked that this device required virtually no changes to the network infrastructure. Add in its native support for QoS policies, session persistence, and its VoIP SIP-aware capabilities, and we had no hesistancy in awarding the Elfiq LB-800E an Internet Telephony (News - Alert) Editors’ Choice Award.
Tom Keating is Vice President and Chief Technology Officer at Technology Marketing Corporation, and Executive Technology Editor/SEO Director for TMCnet.com. To read more of Tom’s articles, please visit his columnist page. He also blogs for TMCnet here.
Edited by Stefania Viscusi