SRP541W WAN Load Balancing and NAT

Similar Messages

• WAN Load-Balancing and multi VLAN design

  Hello,
  I need some help to define the design of a specifi LAN-WAN network.
  1) There are 2 independant WAN entries (they have their own ISP-managed router)
  2) I need to load-balanced the requests over the 2 WAN
  3) If possible, the load-balancer must be redundant (GLBP ?)
  4) On the LAN itself, there must be 15 different VLAN
  5) We also need a DHCP solution (also redundant if possible) to provide IP to these VLAN, with unique gateway (the load-balancer)
  What do I need to implement this configuration ?
  And is it possible to configure with as much GUI as possible ?
  Thanks in advance for your help.

  Dear Mike,
  Thank you and welcome to the Small Business Support Community.
  It is possible to configure load balancing with NAT, however in this case, remote internet servers will potentially see sessions from remote hosts behind the SRP541W coming from different source IP addresses (the WAN IP addresses), causing the sessions to be reset unexpectedly.
  The Policy Routing setting you setup is exactly what I would do in your case.
  I hope these answer your question and please do not hesitate to reach me back if there is anything else I may assist you with.
  Kind regards,
  Jeffrey Rodriguez S. .:|:.:|:.
  Cisco Customer Support Engineer
  *Please rate the Post so other will know when an answer has been found.

• WAN load balancing

  Hello
   I have the following issue with a Cisco 2811 router. I have two WAN connection ( fiber and ADSL ) and I want to make WAN load balancing
  so I add two route : 0.0.0.0 0.0.0.0 dialer1 and 0.0.0.0 0.0.0.0 fa1 the problem is with fiber connection (fa1) in this configuration I can't ping WAN 
  from outside or use NAT on this connection. If I change default route's like this it's working but is not WAN load balancing : 0.0.0.0 0.0.0.0 dialer 150
  0.0.0.0 0.0.0.0 fa1. Any idea.

  Hi Richard
  I come back with more details:
  First I try to setup router with WAN failover like this:
  route-map SDM_RMAP_1 permit 1
   match ip address 101
   match interface FastEthernet0/0
  route-map SDM_RMAP_2 permit 1
   match ip address 102
   match interface Dialer1
  access-list 101 permit ip 10.0.0.0 0.255.255.255 any
  access-list 101 permit ip 172.26.60.0 0.0.0.255 any
  access-list 102 permit ip 10.0.0.0 0.255.255.255 any
  dialer-list 102 protocol ip permit
  ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/0 overload
  ip nat inside source route-map SDM_RMAP_2 interface Dialer1 overload
  ip nat inside source static tcp 10.0.0.1 25 x.x.x.x 25 route-map SDM_RMAP_1 extendable
  ip route 0.0.0.0 0.0.0.0 x.x.x.x 150
  ip route 0.0.0.0 0.0.0.0 y.y.y.y track 1 
  interface FastEthernet0/0
   ip address x.x.x.x 
   ip nat outside
   ip virtual-reassembly in
   duplex auto
   speed auto
   no cdp enable
   crypto map SDM_CMAP_1
  interface FastEthernet0/1
   no ip address
   ip mtu 1492
   ip nat outside
   ip virtual-reassembly in
   duplex auto
   speed auto
   pppoe enable group global
   pppoe-client dial-pool-number 1
  interface Dialer1
   ip address negotiated
   ip mtu 1492
   ip nat outside
   ip virtual-reassembly in
   encapsulation ppp
   dialer pool 1
   dialer-group 1
   ppp authentication chap pap callin
   ppp chap hostname ...............
   ppp chap password 7 010109085702121F33434A0014524343
   ppp pap sent-username .......... password 7 0614002D40471D091718160201537E7A
   no cdp enable
   crypto map SDM_CMAP_1
  track timer interface 5
  track 1 ip sla 1 reachability
   delay down 15 up 10
  ip sla 1
   icmp-echo a.b.c.d source-interface y.y.y.y
   timeout 5000
   threshold 40
   frequency 6000
  ip sla schedule 1 life forever start-time now
  And I want to achive the following results:
  All computers from LAN use for internet connection y.y.y.y and if this failed use x.x.x.x and when come back y.y.y.y use this connection.
  And I have one server with few services ( DNS, WWW, MAIL...)  which must use just x.x.x.x connection if this failed dosen't matter if this services not working.
  But with this configuration one thing not working i can't access from outside Mail server , DNS, WWW  with x.x.x.x connection ( IP ) if I change default route like :
  ip route 0.0.0.0 0.0.0.0 x.x.x.x  track 1
  ip route 0.0.0.0 0.0.0.0 y.y.y.y  150
  it's working

• 2 ISP load balancing and redundancy

  Hello!!
  Our small company has about 40 branches spreaded within city. Branches are connected by optic wire supplied by our ISP. So in ISP our branches are located in one VLAN. From every branch we created VPN tunnel to our server room in central office. Central office is like a cetner point. If optic wire fails to central office, there would no VPN tunnels and no network to all branches. Moreover, all the traffice goes through central office.
  Now we decided to pave one more optic line to our central office. And that will increase bandwidth and redundancy.
  Private network topology: There are no default gateways and ip-addresses. For examle, at first branch I will plug computer directly into media converter and at the second branch plug another computer to the media converter. After that this two computers became in one network. And can assign any ip addresses to them.
  What I have: our firewall do enough work, don't want to overload it. But we have some free ports in our new cisco 3750. The question is how to do load balancing and redundanccy? Can it do load balancing according to traffic? And how load balance incoming traffic? For example, connection was established from branche's router, how this router will choose through which line make connection? By the way, at all branches we use noisy cisco
  3700 series routers.

  Sorry for upping 1 year old threat.
  We talked to our Network Provider. They said "these two cables are coming from two different places, so there is no way to use etherchannel. You must use active-standby solution."
  Relying on STP we just put two cables into 3750 stack. But with default STP settings, connection was very unstable, many packet losses and disconnections. So we found easy solution with "flex links", making one interface backup of the other. And only now I recognized that this is not a failover solution. Because, if network beyond media converter will down, link from media converter to switch would still up.
  What could I do to make our L2 WAN redundant? Are there any additional STP settings.

• ISA570-Load balancing and Losing packets

  I am load balancing two isp's.  One isp is fine, but the other I have very high packet loss when pinging the corresponding wan interface from any machine located outside our network.  During the packet loss, I cannot https to our firewall from outside our network, but I can rdp using a different address on that same isp and ping another machine located inside our network, it seems only the wan interface is having the issues.  Our isp uses icmp to our wan interface and they started noticing the loss the other day, again the other isp loses no packets.  I have no issues with clients losing connection from that isp so it looks like it is an issue from outside in only on that wan interface.  
  I have a spare ISA and that is experiencing no packet loss when using another ip from the problem isp on it's wan interface.  The isa's have the same configuration and when I tried moving completely to the backup isa it continued with the same issue.  Upgraded to a later firmware, still the same issue.  I even took a laptop and put it on our switch that is before the isa and gave it a static public address and I can ping it with no problem from the outside.  I can also ping from the laptop to the wan port of the prod isa that is losing packets and it replies as it should, which I assumed would lose packets if it were the isa having issues, but it didn't.
  I know this has nothing to do with Cisco security services as on the backup firewall it was still losing packets when we moved the connections over to it.  
  I can ping from inside my network to the public wan address with no loss when outside machines are having problems.
  I can ping the problem wan address from a laptop or from isa(IP = 64.x.x.42) to isa(IP = 64.x.x.45) with no packet loss.  
  This is a head scratcher and I need some real help here.

  Never figured this one out.  However,  I was able to figure out how this starts. A couple of weeks ago we had an issue with an ISP and we disabled that interface during the day and re-enabled at the end of the day and thats when we noticed ICMP breaks to other ISP..  I don't know why but the ISP we renabled we can ping just fine, but the other one always has issues.  The only fix is to enable link failover detection and both WAN interfaces become pingable again.
  Now, we use load balancing and one issue we are experiencing is that randomly both WAN interfaces go down and I can confirm this with a ping utility we use off site that pings both WAN interfaces and also each ISP gateway they are connected to.  When this happens the ISP's gateways are reachable and neither WAN interface on the ISA are.  I am still on .15 version of the firmware, because there were too many issues with newer releases.  Is this a known issue?

• LRT224 Load Balancing and Link Failover

  Hi, I am new to this forum. I have recently set up the LRT224 with two different ISP's. I am having problems configuring the Load Balance and Link Failover.
  When I have Load Balance selected only one ISP (WAN 1) is active, the other (WAN2, ISP modem) remains inactive. Why is Load Balance only engaging one ISP?
  When I have Link Failover selected, even with attempts and seconds configured to one second, and WAN1 has packets lost, it doesn't switch over to WAN2.
  I am not tech savey but any help will be greatly appreciated so that I can get both ISP's active with Load Balance or at least have Link Failover work almost instantly. Thanks.

  Hi @BSue2015,
  If both WAN1 and WAN2 are already getting IP Addresses from your ISPs then we can say that Load Balance is working. To check it further, do a speed test by going to http://www.speedtest.net. Dual WAN connections are doubling the amount of available full speed connections due to the load balancing. The speed should have its maximum throughput even if you have several users on the network.

• VPN load balancing and ASA !!!

  Hi netpros,
  I have a couple of questions about this and hope you might be able to assist me.
  1.- Are VPN load balancing and failover (Active/Active) mutually exclusive ..? I mean they can't be used at the same time correct ..?
  2.- How does the ASA handle the return traffic from the Internal LAN towards the remote client .. Because the cluster only requires ONE public virtual IP address, which will work for incoming packets .. but what about the return traffic which has knowledge of the DHCP scope's default gateway IP address only .. ? How gets the returned packet redirected from the default gateway IP address to the respective ASA internal IP address .?
  3.- VPN load balancing only applies to remote clients using easy VPN technology (easy vpn client, hardware client , pIX using easy vpn client etc ) and does not work with static LAN-LAN tunnel .. correct ..?
  Your comments are much appreciated

  Hi Gilbert ..
  1.- Thanks I wanted to make sure.
  2.- I know that .. my question is in regards the return packets .. for example if I have the below IP schema:
  ASA1: Public 20.20.20.20
  Private 192.168.1.1
  ASA2: Public 20.20.20.21
  Private 192.168.1.2
  Cluster virutal IP: 20.20.20.10
  Default gateway for segment 192.168.1.0 is 192.168.1.1
  Let's say that a vpn client tries to connect and the cluster instructs the client to connect to ASA2 20.20.20.21. The packets reach the internal server at 192.168.1.100. The internal server then sends the return packets back to the client by forwarding them to its default gateway which is 192.168.1.1 (ASA1). Here is my question .. how does the cluster handles this because the return packet are supposed to be directed to ASA2 192.168.1.2
  3.- Any idea about this one ..?
  Cheers,

• Load balancing and rfc metadata repository in reciever rfc communication ch

  hi.
  i want to know the purpose of load balancing and rfc meta data repository in RFC communication channel.
  and can u send me any examples on this load balancing.
  waiting for your response.
  bye.
  regards.
  seeta ram.

  Hi Seeta Ram,
  Load distribution is handled by the message server (there is one message server in an SAP System). When a user logs on, the message server assigns him or her to the application server that currently has the <b>smallest load</b>.
  Well now you can understand that we use load balancing for better performance by distributing the work to different processes to balance or maintain the work load in SAP system.
  For more information refer to this link
  http://help.sap.com/saphelp_nw04/helpdata/en/28/75153a1a5b4c2de10000000a114084/content.htm
  Regards
  Sumit Bhutani

• Advantages of using a webserver inbetween a load balancer and application servers

  I am building out a new weblogic domain.
  I am wondering which one of these configuration to go with:
  1. Load balancer > weblogic servers
  2. Load balancer > web server > weblogic servers
  Could someone tell me what are the specific advantages of having web servers inbetween a load balancer and application servers (besides caching static data content and acting as a proxy)?
  Thanks in advance
  Srini

  Other than hosting the static content, nothing much really.   We have our load balancer go straight to WL for applications without static content and route to web server if there is static content.   Easy enough to do it both ways, best of both worlds.

• For a true load balancing and high-availability OHS, OPMN, and mod_oc4j

  i have read this link of Enabling Clustering on oc4j9.0.4 standalone app server
  http://www.oracle.com/technology/docs/tech/java/oc4j/htdocs/getstart.htm#1015479
  To test the clustering, start up the load balancer by executing "java -jar loadbalancer.jar".
  C:\OC4J_EXTENDED\j2ee\home>java -jar loadbalancer.jar
  In a future release of Oracle Application Server, loadbalancer.jar will be
  desupported. Because of this, we strongly suggest that you discontinue your use
  of loadbalancer.jar in this release. Under high loads, loadbalancer.jar may not
  function properly. For a true load balancing and high-availability solution,
  please move to use OHS, OPMN, and mod_OC4J. For more information, please see
  http://otn.oracle.com/products/ias/ohs/content.html
  Balancer initialized...
  what load balancer should i use for web clustering
  <frontend host="balancer-host" port="balancer-port" />
  balancer-host=localhost
  balancer-port=80
  for all nodes i mentioned same host and port in http-web-site.xml.Is it correct?
  i completed all the steps and run http://localhost:6666/session/SessionServlet
  i hit 3 times
  in the different browser http://localhost:7777/session/SessionServlet
  instead of coming 4 it starting from 1 only.

  can i use this loadbalancer.jar or not?
  how to mod_oc4j in standalone app server

• Load balancing and High Availability topology

  Our Forms 6i client-server application currently runs on Citrix farm of 20 Windows 2000 boxes (IBM Blade Servers 2 CPU and 2 Gig Memory).
  Application supports 2000 users.
  We are moving to AS 10g r2, forms 10g and the goal is to use same hardware, 20 Windows boxes (or less), for intranet web deployment.
  What will be our best choices for application Load balancing and High Availability?
  Hardware load balancer, Web Cache, mod-oc4j? Combinations?
  Any suggestions, best practices, your experience?

  Gerd, I understand, that you are running 10g web forms through the browser, but using Citrix for deployment. This means that in addition to Application Server and Forms runtime sessions, it will be separate browser session opened for each user. What the advantage of this configuration?
  Michael, we are aware, that Citrix is not supported by Oracle as a deployment platform. That only means that prior contacting Oracle Support we have to reproduce the problem in standard environment. It was never been a problem to reproduce problem :) We were using Citrix as a deployment platform for Forms 6i client/server for 4 years, but now we are forced to upgrade to 10g.
  We are familiar with various Load balancing options available. The question is which option is the most "workable" in our case.

• Load balancing and Failover

  Hello,
  We are wondering how load-balancing and failover of tpcall() work with
  WTC:
  The scenario:
  We have one WLS Domain and two Tuxedo Domains. The Tuxedo Domains offer
  the same set of services.
  In the bdmconfig.xml, we specify connection_policy as 'ON_STARTUP' for
  both Remote Tuxedo Domains. We also Import (T_DM_IMPORT) the same
  Tuxedo Service from both Tuxedo Domains.
  Questions:
  1. Is there any load-balancing of the tpcall between the two Domains? If
  so, is it round-robin? If round-robin, what determines the order?
  2. If it is ONLY Failover, what determines the order of the tpcall? And,
  is the Failover automatic? Or do we need to code for retry on failure?
  3. ON_DEMAND vs ON_STARTUP: Does ON_DEMAND drop the connection to the
  remote domain upon tpterm? And does ON_STARTUP use a pool of
  TuxedoConnection objects?
  4. Are there any configuration parameters for
  'max_number-of_connections? What determines how many simultaneous
  connections can be made?
  Thanks,
  Suresh Mohan.

  Hi Suresh,
  The following are my answers to your questions.
  Suresh Mohan wrote:
  Hello,
  We are wondering how load-balancing and failover of tpcall() work with
  WTC:
  The scenario:
  We have one WLS Domain and two Tuxedo Domains. The Tuxedo Domains offer
  the same set of services.
  In the bdmconfig.xml, we specify connection_policy as 'ON_STARTUP' for
  both Remote Tuxedo Domains. We also Import (T_DM_IMPORT) the same
  Tuxedo Service from both Tuxedo Domains.
  Questions:
  1. Is there any load-balancing of the tpcall between the two Domains? If
  so, is it round-robin? If round-robin, what determines the order?Yes there is a load balancing between two remote Tuxedo TDomain Gateways.
  The algorithm is random, not RR. Over time this should give equal
  opportunities to both remote TDomain.
  >
  2. If it is ONLY Failover, what determines the order of the tpcall? And,
  is the Failover automatic? Or do we need to code for retry on failure?The load balancing is always there. The failover is automatic. When a
  connection to a remote TDomain encountered a problem (ie network) the remote
  domain will be put on retry open connection (in ON_STARTUP) and the load
  balancing will not select it until the connection re-established.
  However, the tpcall() that encountered the error will not be retried to send
  to different destination. It is up to the application to decide whether it
  want to resend. Any requests called after the error will not select the
  failed Remote TDomain.
  >
  3. ON_DEMAND vs ON_STARTUP: Does ON_DEMAND drop the connection to the
  remote domain upon tpterm? And does ON_STARTUP use a pool of
  TuxedoConnection objects?TPTERM() only terminate your application session to WTC. WTC still maintain
  a secured T-session to remote Tuxedo TDomain. WTC does not use a pool of
  TuxedoConnection Objects, the object stored in the JNDI refers to WTC.
  >
  4. Are there any configuration parameters for
  'max_number-of_connections? What determines how many simultaneous
  connections can be made?No. As described in #3, there is no need to use connection pool in WTC. WTC
  uses session and virtual circuit design concept as Tuxedo TDOMAIN, the
  logical pool is created/destroyed dynamically. That is the reason why you
  can have a lot of TPACALL() outstanding at the same time. (The limitation is
  the availability system resource.)
  >
  >
  Thanks,
  Suresh Mohan.Regards,
  Hong-Hsi :-)

• Discussion on load-balance and load-sharing

  Hi, I found a article, which discuss the difference between load-balance and load-sharing. I think the explanation is pretty good, please see below. But I still have a question: how can we decide to choose one the both balance in the production environment ?  Thank you
  "In short, load balancing tries to distribute traffic evenly over multiple paths, whereas, load sharing intends to do it (for the lack of a better term) equally.  True load balancing is difficult to achieve.  For example, let's say there were two links (100 mbps and 300 mpbs) and a router needed to send out 600 mbps of traffic.  Load balancing would distribute the traffic evenly, sending 300 mbps on each link.  On the contrary, load sharing would divide the traffic equally based on the available resources, sending 200 mbps on the slower link and 400 mbps on the faster one. "

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  That's not how Cisco uses the terms, and generically they are often used almost interchangeably.
  Cisco uses load balancing as the catch all for how a single L3 device routes across multiple paths to the same destination.  Equal metrics or equal actual load distribution are not required.  Most often, load balancing will be discussed with ECMP, but unequal path loading balancing will include Cisco's proprietary IGPs, such as EIGRP.
  Cisco uses load sharing when using multiple paths when a single L3 devices doesn't normally route across multiple paths or multiple L3 devices are involved.  Cisco load sharing discussions usually revolve around BGP.
  Generically, I would say load balancing has more of a dynamic aspect to it, i.e. something is trying to actively balance traffic across multiple paths, while load sharing might mean multiple paths are utilized but not actively dynamically balanced.
  I'm unsure what's your question with a production environment.

• Load Balancing and Failover with 10G Standard Edition

  Hi,
  I am new to Oracle Replication and need some help setting up replication for load balancing and failover. Is this possible using Oracle 10G Standard Edition? I plan on having all updates done on the master site and both databases will be for reads. In case of failure of the master site, I would need to be able to failover to the other database.
  Also, if anyone knows of any documention for Basic Replication in 10G, please let me know.
  Thanks.

  Simple nnapshot replication of data would require significant manual effort to configure to load balance or failover. One the load balancing side, you would generally be limited to to static load balancing-- assigning half the users to one machine and the other half of the users to the other machine, regardless of who is actively using the machine. Failover would be a significant manual effort, particularly to bring the failed machine back into the cluster. You would be implementing the guts of multi-master replication.
  Frankly, if you actually have a system which is valuable enough to need load balancing and disaster recovery, I'm going to wager that it will be far cheaper even in the short run to buy more boxes and/or enterprise edition licenses than to try to implement this sort of thing yourself. In the long run, it will be far cheaper, since it will be far easier to maintain. Building all this yourself would probably be penny wise and pound foolish.
  Justin
  Distributed Database Consulting, Inc.
  http://www.ddbcinc.com/askDDBC

• Load balancing and RFC problem

  Hi!
  I have a problem regarding load balancing and RFC's. We use the follow function in librfc32.dll (from VB6) for RFC calls: RfcOpenExt It's working fine no problem, but from now on we will have to use the this funcion due to load balancing: RfcOpenExtV3
  The only difference between the two functions is the parameters. RfcOpenExtV3 has 5 additional parameters:
  intLoadBalance1, strLbHost1, strLbSysName1, strLbGroup1, intSapGui1
  I asked our tech guys for the details so that I can set up the parameters (double check everything) and the RfcOpenExtV3 doesn't working. Return value is zero.
  Have somebody faced with this issue before?
  Thanks in advance!

  Hi,
  1. Probably this  link may help.
  [http://help.sap.com/saphelp_nw04/helpdata/en/22/042f18488911d189490000e829fbbd/content.htm]
  Especially see the function parameters on this page,
  which are the bottom.
  regards,
  amit m.