elfiq link load balancers
DESCRIPTION
Optimized and Available Networks. Elfiq Link Load Balancers. May 2007 Version 2.3. Table of Contents. Telecommunication Trends Elfiq Link Load Balancer Overview Technical Features Return on Investment (ROI) Conclusion. Telecommunication Trends. A Few Facts. - PowerPoint PPT PresentationTRANSCRIPT
Elfiq LinkLoad Balancers
May 2007Version 2.3
Optimized and Available Networks
Table of Contents
1. Telecommunication Trends
2. Elfiq Link Load Balancer Overview
3. Technical Features
4. Return on Investment (ROI)
5. Conclusion
Telecommunication Telecommunication TrendsTrends
A Few Facts
• High volume of electronic exchanges changing our way of doing business
• IP telecommunication links everywhere: EDI, e-commerce, e-mails, VPN, web services, etc.
• Telecommunications: vital part of any organization nervous system for employees, customers & suppliers
• Revenue increases due to electronic services• Network failures have immediate negative impact on
organizations• Organizations are pre-occupied by their security and
business continuity
Question to Ask :• Do important activities of your business rely on data
telecommunication links ?• Have you experienced link or bandwidth failures ?• Do you have redundancy in your telecommunication links ?• Are you planning to upgrade or change your links ?• Are your telecommunication contracts up for renewal ?• Can your organization operate a complete day with a link
failure ?• What are the true annual direct and indirect costs of link
congestion or failures for your organization?
Telecommunication Trends
• Businesses often have one Internet connection for each type of business need. Typically Web sites/extranet – E-mail and web browsing - VPN & remote users
• When consolidating connections, network managers must ensure that redundancy is preserved
• Physical failures: fiber cuts, faulty cards on a router, etc.
• Logical failures: ISP routing issues, provisioning & configuration
• Both types of failures causes connectivity to fail entirely or severely degrade performance
Source: Multiple internet connections increase performance, create complexity, October 2004
Network Redundancy, Multihoming Scenarios
• Highly available Internet connectivity in 3 ways:– Multiple connections, same ISP point of presence
(POP), some protection from physical failures, recommended only for non mission-critical locations
– Multiple connections, same ISP point but to different POPs, greater protection against physical failures, some protection from logical failures.
– Connections from multiple ISPs, “mission critical” sites, greatest protection against both physical and logical failures.
Source: Multiple internet connections increase performance, create complexity, October 2004
Gartner Group Studies
• Businesses that want to avoid the complexity of a BGP implementation, or are doing more than simple failover or load-sharing should investigate a WAN link load balancer
• Most enterprises have grown accustomed to adding bandwidth in response to growing application demands, building a smarter WAN infrastructure is often a better investment
Source: Enterprises will waste money on bandwith in 2004, 2 décembre 2003
Gartner Group Studies (suite)
• Strategic planning assumptions:– By 2008, investing in bandwidth efficiency solutions will
be the primary WAN upgrade strategy for 75% of enterprises in those four technologies:
• Compression/bandwidth management (NetCelera, Packeteer)• Protocol manipulation – HTTP traffic optimization with proprietary
and Gzip compression (Boostworks, Pivia)• Content Delivery Networks – distributed caches to store content
(Cisco, Kontiki)• Route control (Elfiq Link LB, F5, Internap, Radware)
Source: Enterprises will waste money on bandwith in 2004, December 2003
Note: Some technologies can be combined to improve performance
Elfiq Link Load Balancer Elfiq Link Load Balancer Technology OverviewTechnology Overview
May 2007, Version 2.3
What is an Elfiq Link LB?
• Global Load Balancer or WAN Load Balancer
• Allows simultaneous use of many routed links (Internet or private) from multiple telcos or ISPs
• Load balancing of both incoming and outgoing traffic
• Secured transparent device (inline), no IP address
• Allows maintenance operations during business hours by redirecting traffic
• Maintains IP services availability to your enterprise for business continuity
• Reduces unproductive hours for your organization
Corporate Network
ISP A
ISP B
ISP C
Elfiq Link Load BalancerFirewall
Elfiq Link Load Balancer
Firewall
Corporate Network
Backup dataMaster data
Business continuity/network resilience solution for Disaster Recovery and/or Backup links
Corporate Network
Firewall/VPN
Internet
ISP A
ISP BElfiq Link Load Balancer
Montreal
Elfiq Link Load Balancer
London
Corporate Network
Firewall/VPN
ISP C
ISP D
What are the typical functions of an Elfiq Link LB?
Corporate Network
FirewallElfiq Link Load Balancer
ISP A’s router
ISP B’s router
ISP C’s router
ISP D’s router
Internet
ISP A
ISP B
ISP C
ISP D
Increase bandwidth and availability with different providers/technologies
ISP A’s router
ISP B’s router
FirewallISP B
network
ISP Anetwork
Internet Corporate Network
ISP D’s router
ISP Dnetwork
ISP Cnetwork
ISP C’s router
ISP A’s router
ISP B’s router
FirewallISP B
network
ISP Anetwork
Internet Corporate Network
Elfiq Link Load Balancer
ISP’s router
ISP networkInternet
Elfiq Link Load Balancer
Where does it fit in your infrastructure?
FirewallISP B
network
ISP Anetwork
Internet Corporate Network
Managementvlan
Outside vlan Inside vlan
Elfiq Link LB(Master)
Elfiq Link LB (Slave)
Firewall
Corporate Network
Concept of GMAC, VFI and Primary Link
GMAC: Gateway mac address of a router, one gmac per link
VFI: Virtual Forwarder Interface is comprised of one inside port and a set of GMACs.
Elfiq Link LB’s strength is its easy network integration because it keeps the primary link configuration. No IP address migration is required for existing firewall and
servers.
No reconfiguration of existing firewall or servers!
Elfiq Link LB manages all links transparently according to advanced algorithms
OSI Level 2 integration: The primary link is the only known link for the firewall and servers.
Primary linkISP A
InternalNetwork
Firewall
ServersISP A
ISP B
InternalNetwork
VFIFirewall
Serversgmac 1
gmac2
Primary link
Advanced Algorithms
• Round Robin (RR)• Weight First Algorithm (WFA)• Least Traffic First Algorithm (LTFA)• Equalized Traffic First Algorithm (ETFA)• Weighted Equalized Traffic First Algorithm (WFA-ETFA)• Ordered Preferred First Algorithm (OPFA)• Round Robin No-Gmac (RR-nogmac)• Best SitePath First Algorithm (BSFA)
Algorithms for load balancing all incoming and outgoing traffic or specific to protocol, source IP/port and destination IP
ISP A’s router
ISP B’s router
FirewallISP Bnetwork
ISP Anetwork
InternetClient
Network
www.example.com
`
Client user
DNS server
Elfiq Link Load Balancer
Outgoing Load Balancing
DNS requestDNS resolutionHTTP Requests
Elfiq Link LB level 2 VFI optimizes network bandwidth
and redundancy according to advanced algorithms.
HTTP replies
Incoming Load Balancing
The IDNS module
Remote ClientRemote DNS
Server
DNS Query: What is the IP of www.example.com
www IN NS virtualdns.example.comDNS Answer: The IP of
www.example.com is 33.33.33.9
Examine example.com zone file for www entry
What is the IP of virtualdns.example.com?
virtualdns IN A 33.33.33.5
Send DNS Query to 33.33.33.5
DNS Query: What is the IP of
www.example.com
Is it inmy IDNS RR
table
Let the requestpass through
Verify which algorithm is
associated with the resource record
Calculate the answer
according to the algorithm
Send the resulting
IP address
NO
YES
Is it for the right virtual DNS server
Let the requestpass through
NOYES
DNS Answer: The IP of www.example.com is 33.33.33.9
Elfiq Link LB
ISP A’s router
ISP B’s router
FirewallISP B
network
ISP Anetwork
InternetClient
Network
Intranet server
DNS server 1DNS server 2
Remote user
Elfiq Link Load Balancer
Incoming Load Balancing
DNS request
Link LB IDNS module interception and link selection
DNS resolution
Link B selectedIntranet access
ISP A’s router
ISP B’s router
FirewallISP B
network
ISP Anetwork
InternetClient
Network
Intranet server
DNS server 1DNS server 2
Remote user
Elfiq Link Load Balancer
Incoming Load Balancing
DNS request
Link LB IDNS module interception and link selection
Link B selectedIntranet access
DNS request
DNS resolution
Elfiq Link Load Balancer Elfiq Link Load Balancer SitePathMTPX TechnologySitePathMTPX Technology
September 2006, Version 2.3
Corporate Network
InternetISP A
Montreal London
Corporate Network
ISP C
Firewall/VPN
Firewall/VPN
Traditional Site to Site VPN implementation
Bandwidth affected bylocal applications
Bandwidth affected bylocal applications
Bandwidth affected byInternet congestion
VP
N B
andw
idth
Time
Max. VPN Bandwidth
Effe
ctiv
e B
andw
idth
Time
Max. Effective
Bandwidth
Corporate Network
Internet
ISP A
ISP B
Montreal London
Corporate Network
ISP C
ISP D
Firewall/VPN
Firewall/VPN
Elfiq Link Load BalancerElfiq Link Load Balancer
SitePathMTPX Technology (BSFA Algorithm)
Primary Path = NO firewall/VPN reconfiguration
Elfiq Link Load Balancer Elfiq Link Load Balancer GeoLink TechnologyGeoLink Technology
September 2006, Version 2.3
ISP A’s router
ISP B’s router
FirewallISP Bnetwork
ISP Anetwork
InternetClient
Network
Intranet server
DNS server 1
DNS server 2
ElfiqLink Load Balancer
Remote user
ISP C’s router Firewall
ISP Cnetwork
Internet
Client Network
www.example.com
`
Client user
WAN router
WAN private network
WAN router
ElfiqLink Load Balancer
Geographic Balancing Option
GEOLINK between sites exchanging link status, statistics, algorithm metrics and IDNS resources
WAN links could also be in redundancy (second VFI)
ISP A’s router
ISP B’s router
FirewallISP Bnetwork
ISP Anetwork
InternetClient
Network
Intranet server
DNS server 1
DNS server 2
ElfiqLink Load Balancer
Remote user
ISP C’s router Firewall
ISP Cnetwork
Internet
Client Network
www.example.com
`
Client user
WAN router
WAN private network
WAN router
ElfiqLink Load Balancer
Outgoing Geographic Balancing
Link B
selected Encapsulation from public to private addressing in the GEOLINK.
Optional encryption
ISP A’s router
ISP B’s router
FirewallISP Bnetwork
ISP Anetwork
InternetClient
Network
Intranet server
DNS server 1
DNS server 2
ElfiqLink Load Balancer
Remote user
ISP C’s router Firewall
ISP Cnetwork
Internet
Client Network
www.example.com
`
Client user
WAN router
WAN private network
WAN router
ElfiqLink Load Balancer
Incoming Geographic Balancing
Link LB IDNS module interception and link selection
Link A unavailable
Link B saturated
Geo policies allow access via alternate site for this service
Link C at 20%
DNS request
DNS request
DNS requestDNS Resolution
Encapsulation from public to private addressing in the GEOLINK.
Optional encryption
GEO policies intercept remote site request
Intranet access
GEO policies re-addressing for intranet server
Elfiq Link Load BalancerElfiq Link Load BalancerTechnical FeaturesTechnical Features
Monomode vs Multimode Installation
Monomode Multimode
•Maximize port usage
•Required for failover mode
Elfiq Link LB-500 SMB / LB-1000 - Branch
• Tabletop unit, same physical platform (firmware upgrade)
• 4 x 10/100 Mbits ports• Maximum of 2 / 4 links• Entry level unit • 20 / 45 Mbps throughput• LB1000 includes all enterprise
class features and resiliency:• Tag Load Balancing• Internet Service Verificators (ISV)• SitePathMTPX• VLANS, QoS Diffserv marking
Elfiq Link LB-2000 - Advanced
• Standard 1U rackmount unit (1.75") x 16.8" x 9" • 4 x 10/100 Mbits ports• Maximum of 8 links in multimode• Up to 90 Mbps throughput• Failover mode (2 units) • Geographic load balancing option
Elfiq Link LB-3000 - Enterprise
• Standard 1U rackmount (1.75") x 16.8" x 15" • 4 x 10/100/1000 Mbits and 8 x 10/100 Mbits ports• Up to 400 Mbps throughput per VFI• Failover mode (2 units) • Geographic load balancing option• Up to 5 virtual load balancers (VFIs) with 32 links
each in the same physical appliance
Elfiq Link Load BalancerVFI 0
Elfiq Link Load BalancerVFI 1
Elfiq Link Load BalancerVFI 2
Elfiq Link Load BalancerLB-3000 platform
Monitoring mode (tap) with IDS and shunning
Technical Features• Telco grade carrier class solution, secure no hard disk
• Elfiq Operating System (EOS) and configuration in FLASH memory, easy updates
• Incoming and outgoing load balancing
• Support links at wire speed, no degradation
• Support all WAN routed links: xDSL, Cable, Satellite, WI-FI, E1/T1/E3/T3, Fiber, lan-ex
• No ISP router special configuration required
• Optimizes link performance and detects link saturation and failures in real time to redirect traffic
Technical Features (suite)
• Operating at the data link layer 2• No IP address migration required or reconfiguration of
Firewall & Servers• Transparent secure device, invisible on the Internet• Links can be grouped into multiple virtual link balancers
(VFI) for different types of routed links• Powerful balancing as each Protocol/Port can be load
balanced with a different algorithm• IP filtering, NAT/PAT, Shunning• Support persistency for protocols like FTP or HTTPS
Technical Features (suite)
• Real time failover mode between 2 units• Dedicated management port• Console (CLI) accessed or SSH2• Windows GUI • Syslog and SNMP• XML external API
GUI Interface
Return on Investment Return on Investment (ROI)(ROI)
Return On Investment (ROI)• Direct savings ($):
– Optimizes/increases your multihomed network throughput– Using less expensive links and/or limiting on-demand
bandwidth will reduce WAN costs• Indirect savings ($$$):
– Minimizes the productivity losses due to link failures or application performance degradation
– Keeps the best availability and application response time to your users, customers and partners
– Protects your enterprise revenue & investments– Integrates into your business continuity and disaster recovery
plans
SMB ROI: E1/T1 vs Elfiq Link LB-1000 or LB-2000 coupled with 2 or 3 DSL/Cable links
Download Upload Annual costs Savings
1 x E1/T1 link 1,5 Mbps 1,5 Mbps 15 000$
2 x DSL/Cable 8 Mbps 1,4 Mbps 4 800$ 10 200$
3 x DSL/Cable 12 Mbps 2,1 Mbps 7 200$ 7 800$
Payback period: 6-12 months
ROI : Indirect Savings• Number of users: 1000
• Cost of 1 hour of downtime: 7 500$*
• Cost of 1 hour of degraded link (performance issue): 2 500$
• Planned number of hours of downtime per year : 4
• Planned number of hours of degraded link per year : 24
• Lost productivity per year: 105 000$***
• Average revenue per business hour: 20 000$
• Expected percentage of lost revenues: 50%
• Lost revenue per year: 140 000$
* Based on an average salary (50 000$) and 15 minutes of loss of productivity per hour** Could be security attack, ISP logical error or saturated link*** 7 500$ x 4 + 2 500$ x 24
ConclusionConclusion
Elfiq Link Load Balancers’ Advantages
• Operating at data link level 2
• Link load balancing at wire speed
• Invisible on the network, very secure device
• No IP address migration to your infrastructure
• Easy installation with the primary link concept, reducing integration costs and time
• SitePath technology
• Geographic option
www.elfiq.com
1-888-GO-ELFIQ (America)
+44 (0) 207 193 5053 (Europe)