Escolar Documentos
Profissional Documentos
Cultura Documentos
Elfiq Solutions
www.elfiq.com
Page 2 / 14
Table of contents
1 Introduction ........................................................................................................................................................... 4
1.1
Advantages ............................................................................................................................................. 4
1.2
Which types of enterprises are aimed by the Elfiq Link Load Balancer?........................................................ 4
1.3
2 Return on Investments............................................................................................................................................ 5
2.1
Scenario #1: A T1 link vs. multiple DSL links (3 Mbps) with Elfiq Link Load Balancer.................................... 5
2.2
Scenario #2: A T1 link vs. multiple DSL links (4 Mbps) with Elfiq Link Load Balancer.................................... 5
2.3
Installation .............................................................................................................................................. 6
Is it possible to balance different types of links through the Elfiq Link Load Balancer?................................ 10
5.2
What are the types of connections supported by the Elfiq Link Load Balancer? .......................................... 10
5.3
5.4
Does the Elfiq Link Load Balancer give me one global link with the total bandwidth of all individual links
combined? ............................................................................................................................................ 10
5.5
5.6
How does the Elfiq Link Load Balancer manage link redundancy? ............................................................. 10
5.7
Can the Elfiq Link Load Balancer system itself be redundant? ................................................................... 10
5.8
5.9
How will we know if there is a failure to one of the WAN/Internet connections? ........................................ 11
5.10
What happens to applications that require persistent sessions (e.g. video streaming)?............................... 11
5.11
I have an Aliz Link Load Balancer unit, what is the difference with the Elfiq Link Load (Link LB) Balancer? 11
6.2
6.3
How many WAN/Internet links can an Elfiq Link Load Balancer manage? .................................................. 12
6.4
We have 2 WAN/Internet links but our firewall only supports one default gateway. How does the Elfiq Link
Load Balancer manage traffic?................................................................................................................ 12
6.5
6.6
6.7
6.8
6.9
We have multiple links on an Elfiq Link Load Balancer. How can we do maintenance on one of them without
affecting all services? ............................................................................................................................. 13
6.10
6.11
Does the Elfiq Link Load Balancer require access to the routers that face the WAN/Internet links?.............. 13
6.12
Encapsulation on the WAN link is not the same as that on the LAN. Are utilization estimates still accurate?. 13
6.13
6.14
When used in redundancy, how much time does a transfer to the slave system take?................................ 13
6.15
During the state transfer to the slave system, does the slave system need to reevaluate link utilization?..... 13
6.16
Does the Elfiq Link Load Balancer offer the possibility to filter IP traffic? ................................................... 14
6.17
Can the Elfiq Link Load Balancer block IP addresses in real time? ............................................................. 14
6.18
6.19
Page 3 / 14
6.20
Does the Elfiq Link Load Balancer support authentication protocols, such as CHAP, PAP and PPPoE
encapsulation?....................................................................................................................................... 14
6.21
How does the Elfiq Link Load Balancer detect a problem on a WAN/Internet link? ..................................... 14
Page 4 / 14
Introduction
The Elfiq Link Load Balancer (or Link LB) guarantees optimal access to
your network and applications, while optimizing your network access
throughput and reducing the total cost of ownership.
Offered at a competitive price, its integration is quick, easy and
straightforward. No change on network structure, architecture or IP
addressing are required (i.e.: BGP is not required).
Operating at the data link layer (layer 2), the Elfiq Link Load Balancer
does not require any IP addresses. Its practically invisible to the rest
of the network, which makes it a highly secure device.
Robust and flexible, it integrates a real time failover engine, allowing the addition of a second load balancer in a
fault tolerant configuration. The Elfiq Load Balancer's system and configurations resides in FLASH memory on the device,
thus eliminating the use of any mechanical part (e.g. hard disk) and reducing the risk of failure.
On top of being able to adapt to any type of link, the ELFIQ Load Balancer uses advanced load balancing algorithms
for different protocols.
The enterprise model also allows you to create multiple logical groups within the configuration of the Elfiq Link Load
Balancer, which makes it possible to have multiple load balancer instances in a single unit. Each group has its own
configuration, statistics and priorities. For example, you could have the following situation:
1.1
One group for the Internet links and another for the private or internal links
Different groups for IT and administration, each group associated to a different configuration.
Advantages
The use of the Elfiq Link Load Balancer provides numerous advantages. Among the most important are:
Elfiq Link Load Balancer saves time and money while optimizing the use of your WAN/Internet links.
Elfiq Link Load Balancer allows the use of multiple WAN links simultaneously in a way that is completely
transparent to the users.
Elfiq Link Load Balancer optimizes bandwidth usage, therefore eliminating costs related to the failure or lack of
performance of WAN/Internet links.
Elfiq Link Load Balancer can eliminate the costs of expensive links by replacing them with multiple less
expensive links, without reducing your overall performance. In certain cases it could even improve it! As an added
value, the use of the Link LB will give you an excellent level of redundancy.
1.2
Which types of enterprises are aimed by the Elfiq Link Load Balancer?
If you answer yes to at least one of the following questions, the Elfiq Link Load Balancer is aimed at your company.
1.
2.
3.
Does a rupture of Internet access generate a loss of productivity or revenue in your company?
4.
Does a drop in Internet access performance generate a loss of productivity or revenue in your company?
1.3
Available modes
The Elfiq Link Load Balancer is offered in both as an optimized 1U rack mountable case, as well as a tabletop unit. The
Elfiq Link Load Balancer 2000 and 3000 models can also be coupled in failover mode to provide physical redundancy of
the units.
In autonomous mode, no fault tolerance is provided. This means that only one Elfiq Link Load Balancer balances all the
traffic.
In failover mode, the advanced fault tolerance feature is activated. Two Elfiq Link Load Balancer units are required in this
configuration. The second Link LB is in standby mode and will take over the tasks of the primary balancer in case of
failure. Failover is done in real time and is completely automatic.
For the Link LB 2000 and 3000 models, a real time dispersed geographic balancing option is available to balance the load
between different sites, such as alternate or replication (mirror) sites.
Page 5 / 14
Return on Investments
Usage of the Elfiq Link Load Balancer can reduce bandwidth costs by up to 50%. The simultaneous use of multiple
more affordable links eliminates the need for more costly links, such as T1, fiber or T3 links, all the while assuring
redundancy and optimizing the bandwidth.
The Link LB therefore minimizes the impact on critical applications, since the bandwidth usage is optimized.
As mentioned, an advanced real time fault tolerance function is also available. It makes it possible to configure two
Elfiq Link Load Balancer systems in a way that the second unit operates in standby mode, ready to automatically take
over in case of hardware or software failure on the master unit. In such a case, the load transfer from one unit to the
other is completed within a few seconds and completely transparent to the users.
As opposed to the vast majority of available load balancers on the market, the Elfiq Link Load Balancer operates at the
data link layer of the OSI model (layer 2). This allows it to be very secure and almost invisible on the network, since
no IP addresses are required. Its integration is also very simple and only requires a minimal external intervention, or in
some cases, none at all.
In most cases, the savings realized by the use of the Link LB will make up for its purchase cost in less then a year.
Some scenarios are presented in the following paragraphs in order to demonstrate the savings that can be realized thanks
to the Link LB. Please note that prices are approximate market prices, in dollars. Many factors can influence real prices
(company needs, Internet service provider, terms of contract, geographic location, industry type, etc.).
2.1
Scenario #1: A T1 link vs. multiple DSL links (3 Mbps) with Elfiq Link Load Balancer
T1 Link:
DSL/Cable/Satellite Link:
Upload Bandwidth
1 T1 Link
1,544 Mbps
1,544 Mbps
15 000$
2 DSL Links
6,000 Mbps
1,280 Mbps
5 820$
9 720$
3 DSL Links
9,000 Mbps
1,920 Mbps
7 920$
7 080$
2.2
Annual Costs
Annual savings
Scenario #2: A T1 link vs. multiple DSL links (4 Mbps) with Elfiq Link Load Balancer
T1 Link:
DSL Link:
Annual costs:
2.3
Download Bandwidth
Upload Bandwidth
1 T1 Link
1,544 Mbps
1,544 Mbps
Annual Costs
Annual savings
2 DSL Links
8,000 Mbps
1,600 Mbps
7 680$
7 320$
3 DSL Links
12,000 Mbps
2,400 Mbps
11 520$
3 480$
15 000$
Page 6 / 14
3
3.1
Physical installation of the Elfiq Link Load Balancer is the simplest on the market. All you need to do is plug in two
Ethernet cables and traffic will automatically start to flow through the balancer. Afterwards, you will be able to create
balancing rules to tailor the load balancing to your needs. Since the Link LB operates at the data link level (layer 2) of the
OSI model, no IP addresses need to be configured, except for the management interface.
The Link LB is installed between Internet/WAN routers and the external firewall.
The Elfiq Link Load Balancer is completely independent from the other systems, as well as Internet service provides. The
Link LB does not use BGP (Border Gateway Protocol) and does not require an ASN (Autonomous System Numbers)
either. Since it operates at the data link layer (layer 2) of the OSI model, no network or sub network changes are
required.
The Elfiq Link Load Balancer can be perceived as a black box that is transparent to the rest of your network.
Page 7 / 14
Link LB events and alerts are sent to a remote syslog server on your network through the management interface. A basic
syslog server has been included in the graphical user interface management console, should you need one.
All Elfiq Link Load Balancer statistics are also available via SNMP from the management interface. Elfiq is a registered
organization at the Internet Assigned Numbers Authority, (IANA, http://www.iana.org) at the MIBS SNMP enterprise level.
The OID number reserved to Elfiq is 19713.
A simple to use application programming interface (API) is also available (XML API) for the configuration and
management of your Link LB.
Page 8 / 14
The following grid compares the implementation of an Elfiq Link Load Balancer compared to a typical use of BGP protocol:
Elfiq Link Load Balancer
BGP
Traffic Management
Choice of best link
No.
No.
Link redundancy
Bandwidth increase
No.
Traffic prioritization
No.
Statistics
No.
Extremely complex.
Configuration changes
Physical redundancy
None
Page 9 / 14
Need of an AS number
No.
Security
Around 12000$
Costs
Hardware
Links
Outsourcing
No costs
Extended warranty
None
Others
No other costs
AS Number
Page 10 / 14
5
5.1
Technical FAQ
Is it possible to balance different types of links through the Elfiq Link Load
Balancer?
Yes, you can use many possible combinations of links. Some basic examples include: a T1 link from one Internet service
provider (ISP) and an xDSL link from another ISP, or two cable links from the same ISP and one xDSL link from a
different ISP.
5.2
What are the types of connections supported by the Elfiq Link Load Balancer?
The Elfiq Link Load Balancer offers standard Ethernet interfaces as interconnection points. Therefore, dedicated links,
xDSL, cable, Frame Relay and ISDN are all supported as long as a router encapsulates or converts the link traffic to
Ethernet before it passes through the Link LB.
5.3
The Link LB can manage links of equal, different or asymmetric (different download and upload speeds) speeds just
as well. Links of different speeds are managed transparently through the Link LB, which also guarantees that the most
effective link is used for each given situation.
5.4
Does the Elfiq Link Load Balancer give me one global link with the total bandwidth
of all individual links combined?
No. The Elfiq Link Load Balancer shares traffic between all available WAN/Internet links. This increases total bandwidth
but not the maximum throughput of a single IP session.
5.5
The Link LB offers a very high level of performance, as it can simultaneously manage multiple 100mbps links. The
enterprise model also supports gigabit links.
5.6
How does the Elfiq Link Load Balancer manage link redundancy?
Combining WAN/Internet links from multiple providers makes it possible to achieve a redundancy level of nearly 100%.
If one of the links should go down, traffic will be automatically and transparently redistributed to the other active
links. Additionally, in order to provide optimal link utilization, Elfiq Link Load Balancer can detect network and/or physical
failures that might occur on a link.
The Link LB also eliminates the use of the BGP protocol for link redundancy, thereby eliminating all the high costs
associated with it. Please see section 4, differences between BGP and the Elfiq Link Load Balancer for more information.
5.7
Yes. Two Link LB systems can be used in redundancy. In this scenario, one Elfiq Link Load Balancer system is configured
to be the master and the other, the slave. The master system does all the balancing, while the slave system is in standby
mode. Should the master system become unavailable because of software or hardware issues, the slave system will
automatically take over within a few seconds.
The transition from the master system to the slave system is completely transparent and does not require any manual
intervention. Once the failed system is replaced (the old master), it will now become the new slave system. It will
therefore synchronize itself with the new master and will be in standby mode.
In a master/slave configuration, the slave system does not require any system configuration. As soon as it is linked to the
master system, the slave will automatically fetch its entire configuration from the master system. No other products on
the market offer this level of simplicity.
5.8
Yes, the Link LB monitors each of the WAN/Internet links in order to detect logical or physical problems. In the case of a
failure on one of the links, the traffic will transparently be redistributed to the other links.
Page 11 / 14
5.9
In the case of a service rupture on one of the links, a syslog event will be sent to the syslog server preconfigured in the
Link LBs configuration. Optionally, an SNMP alert can also be sent.
When a service rupture occurs, traffic is redirected to the other links. Most TCP applications will automatically retransmit
the few packets that were lost during the transition. This will therefore make the loss of a link practically transparent to
users and applications.
5.10 What happens to applications that require persistent sessions (e.g. video
streaming)?
The Elfiq Link Load Balancer natively supports the configuration of persistent sessions. If an application requires the use
of the same link for the entire session, the Elfiq Link Load Balancer can ensure that this requirement is met.
5.11 I have an Aliz Link Load Balancer unit, what is the difference with the Elfiq Link
Load (Link LB) Balancer?
Both are the same product.
Page 12 / 14
6
6.1
Advanced FAQ
How is incoming traffic balanced?
Incoming traffic balancing is based on primary and secondary DNS entries that point to the clients environment. Each
sessions establishment or incoming protocol transaction will make a name resolution before establishing the session. The
role of the Elfiq Link Load Balancer is to intercept those DNS queries and to respond based on link availability and other
pre-configured factors.
Every service provided over the WAN/Internet links contains virtual DNS entries known as IDNS Resource Records (IDNS
RR), and every IDNS RR entry is associated with an outgoing GMAC (WAN router). Many virtual DNS entries can be
created in the Link LB in order to answer all incoming DNS queries.
6.2
Outgoing traffic balancing gives users and systems behind the firewall to have simultaneous access to multiple
WAN/Internet links. All outgoing connections exit with addresses that have been translated through NAT or by a
predefined address, such as a proxy. With the Elfiq Link Load Balancer, definitions of groups of IP addresses, known as
poolIPs, allow real time dynamic outgoing access to a predefined WAN/Internet link. A network address translation (NAT)
is then done intended for WAN/Internet link.
6.3
How many WAN/Internet links can an Elfiq Link Load Balancer manage?
The Elfiq Link Load Balancer uses a concept similar to an Ethernet bridge called Virtual Forwarder Interface (VFI). A VFI is
an association of an input and output Ethernet interface. The enterprise model can support up to 5 VFI. Each VFI can
support between 2 and 64 links depending of the Elfiq Link Load Balancer model.
6.4
We have 2 WAN/Internet links but our firewall only supports one default gateway.
How does the Elfiq Link Load Balancer manage traffic?
Since the Link LB operates at the data link layer of the OSI model (layer 2), it is practically invisible to the network. It
detects, caches and manages the MAC addresses of the different WAN routers. Since the firewall only supports one
default gateway, the Link LB will route the appropriate packets to the chosen router.
The Link LB registers all the MAC addresses of the external routers and stores each of them under a GMAC.
If one of the routers fails to answer ARP requests, the balancer will automatically answer them for it and redirect the
packets to one of the available GMACs, as chosen in the configuration. Therefore, everything is transparent to the
firewall.
6.5
No, it is not always required to use network address translation. In fact, its possible to prevent the manipulation of
certain protocols, such as IPSEC HA. You can also associate multiple IP addresses (aliases) with each server located in the
demilitarized zone (DMZ). The remaining problem depends on the complexity of the firewall configuration.
6.6
Yes. Outgoing traffic balancing uses access lists to manage persistent connections. Therefore, it is possible to individually
select protocols and destinations that will be treated as persistent. The Elfiq Link Load Balancer manages persistence at
the protocol level, from its data link layer (layer 2) position in the OSI model.
6.7
Persistence is the ability to use the same link once a session has been established, for a given protocol. For example, the
FTP protocol has multiple simultaneous sessions on ports 20 and 21. In those cases, the client will be able to establish
other parallel sessions while always using the same link.
The Elfiq Link Load Balancer only supports persistence for outgoing connections, as it is impossible to control incoming
connections.
Please note however that any persistent sessions will need to be reestablished in the case of a link failure.
Page 13 / 14
6.8
NAT means Network Address Translation. This type of manipulation is used to mask IP addresses so all packets can be
redirected to a different destination. The Elfiq Link Load Balancer supports NAT in incoming, outgoing and hybrid mode.
PAT is derived from NAT, and means Port Address Translation. Besides being able to translate IP addresses, PAT can also
manage port redirection. The Elfiq Link Load Balancer also supports PAT for incoming traffic. The FTP protocol is also
supported with the following variants: PORT, PASV and EPASV.
6.9
We have multiple links on an Elfiq Link Load Balancer. How can we do maintenance
on one of them without affecting all services?
All you need to do is deactivate the corresponding GMAC. This way, your configuration is not unmodified and the Link LB
will continue to balance all the traffic on all the other links, except the one that has just been deactivated.
6.11 Does the Elfiq Link Load Balancer require access to the routers that face the
WAN/Internet links?
No, the Elfiq Link Load Balancer manages transmitted packets and estimates link utilization per GMAC by itself since
access to the service providers routers in order to read statistics is usually blocked for security reasons.
6.12 Encapsulation on the WAN link is not the same as that on the LAN. Are utilization
estimates still accurate?
Yes. By default, tests have proved that the link utilization estimates are very accurate. However, if increased accuracy is
needed, a setting can be changed at the GMAC level in order to normalize encapsulation according to the type of link.
6.14 When used in redundancy, how much time does a transfer to the slave system take?
The transfer should be completed within four seconds.
6.15 During the state transfer to the slave system, does the slave system need to
reevaluate link utilization?
No. The state of each GMAC is replicated in real time to the slave system.
Page 14 / 14
6.16 Does the Elfiq Link Load Balancer offer the possibility to filter IP traffic?
Yes. The Link LB offers filtering on IP, ICMP, TCP and UDP protocols.
6.17 Can the Elfiq Link Load Balancer block IP addresses in real time?
Yes, the Link LB allows real time shunning in the enterprise model. However, IDS detections must be done on a separate
system. An API is available to integrate Elfiq Link Load Balancer with various Intrusion Detection Systems including Snort,
ISS, NetRanger and others. APIs are based on an easy-to-use elementary language based on XML.
In this scenario, a port needs to be configured in tapping mode to provide the IDS probe with a copy of the aggregation
of all IP packets to monitor.
6.20 Does the Elfiq Link Load Balancer support authentication protocols, such as CHAP,
PAP and PPPoE encapsulation?
No, the Link LB is intended to be used for link capacity management. The only layer 2 protocol that is supported is
Ethernet. PPPoE authentication and encapsulation must be done by the router, which is usually provided by the service
provider. However, this functionality is being evaluated and could be integrated into a future version of Elfiq Link Load
Balancer.
6.21 How does the Elfiq Link Load Balancer detect a problem on a WAN/Internet link?
The Link LB checks the status of each of the WAN links every 3 seconds. During that time, TCP sessions are conducted
for each of the destinations configured using GMAC.
Therefore, every 3 seconds a SYN, SYN-ACK, RST sequence is done on each GMAC, to the destination of the next hop for
that link. The response time (RTT) to this hop is then calculated.
If the first hop does not answer, the Link LB will try to contact the second hop. If the second one does not answer, the
GMAC is automatically deactivated and the network traffic is dynamically redistributed to the other links.