publish versin host monitoring and outbound load balancing(0915113656)
TRANSCRIPT
![Page 1: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/1.jpg)
D-Link TSD 2009 workshop
D- Link Net- Defends F irewall Training ©Copyright 2009. By D-Link HQ TSD Benson Wu
![Page 2: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/2.jpg)
D-Link TSD 2009 workshop
Firewall Products
9:00~11:00 2hr Anti-spam and Anti-Virus
11:00 ~ 11:10 10 mins Coffee Break
11:10 ~ 12:40 1hr 30 mins Policy Based Route
12:40 ~ 13:40 1hr Lunch
13:40 ~ 15:10 1hr 30 mins Host Monitoring
15:10 ~ 15:30 20 mins Coffee Break
15:20 ~ 17:00 1 hr 30 mins Outbound Route Load Balancing
Finish
2
![Page 3: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/3.jpg)
D-Link TSD 2009 workshop
3
Host Monitoring
![Page 4: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/4.jpg)
D-Link TSD 2009 workshop
4
Host Monitoring
•Overview
•What is Route Failover
•The key points of the route failover mechanism
•How to deploy the route failover mechanism
•The methods of route failover mechanism
•Link Status
•ARP Request
•Host monitoring
•The Host Monitoring Methods
•How to check the status of routing table
Hands-on
•Setting and debugging
Q&A
Outline
![Page 5: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/5.jpg)
D-Link TSD 2009 workshop
5
What Is Route Failover ?Route Failover Mechanism can uses the Route Monitoring Function to check
the availability of routes and switches traffic to an alternate routes if the preferred route failed.
ISP1 ISP2
WAN1 WAN2
GoogleGoogle
0.0.0.0/0 wan1, Metric=10,
0.0.0.0/0 wan2, Metric=20,
MAIN Routing Table
PrimaryBackup
![Page 6: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/6.jpg)
D-Link TSD 2009 workshop
6
The Key Points Of Route Failover Mechanism• How the route failover to process traffic.
• Multiple routes failover.
• Re-enable the routes.
![Page 7: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/7.jpg)
D-Link TSD 2009 workshop
7
How the route failover mechanism to process traffic
WAN1 WAN2
ISP1 ISP2
GoogleGoogle
![Page 8: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/8.jpg)
D-Link TSD 2009 workshop
8
Multiple routes failover
ISP1 ISP2
WAN1 PPPoE
PrimarySecondary
ISP3
WAN2
Third
![Page 9: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/9.jpg)
D-Link TSD 2009 workshop
9
Re-enable the routes
Net-Defends firewall will Continue to check the status of the disabled route.
If the disabled route is available again, the Net-Defends firewall will enable this route.
![Page 10: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/10.jpg)
D-Link TSD 2009 workshop
10
How To Deploy The Route Failover
Manual add routing entries and setup the metrics.
Enable the route failover function in preferred routes.
• Add Interface group for traffic failover to alternate interface
• Add IP Rules for traffic failover to backup routes.
![Page 11: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/11.jpg)
D-Link TSD 2009 workshop
11
• Manual add routing entries and setup the metrics
ISP2
WAN1:
IP:1.1.1.1/24
GW:1.1.1.2
WAN2:
IP:3.3.3.1/24
GW:3.3.3.2
ISP1
![Page 12: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/12.jpg)
D-Link TSD 2009 workshop
12
Enable the route failover function in the primary routes
![Page 13: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/13.jpg)
D-Link TSD 2009 workshop
13
• Add Interface group for traffic failover to alternate interface
![Page 14: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/14.jpg)
D-Link TSD 2009 workshop
14
• Add IP rules to allow traffic failover to backup interfaces
![Page 15: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/15.jpg)
D-Link TSD 2009 workshop
15
The Methods Of The Route Failover Mechanism
Interface link status method
Monitor gateway using ARP method
Host monitoring method
![Page 16: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/16.jpg)
D-Link TSD 2009 workshop
16
Interface link status methodMonitor the link status of the physical interface.
DFL-Series
Router
wan1:1.1.1.1/30
1.1.1.2/30
Router
5.5.5.2/30
wan2:5.5.5.1/30
0.0.0.0/0 wan1, Gateway: 1.1.1.2, Metric=10, Route Failover Enabled 0.0.0.0/0 wan2, Gateway: 5.5.5.2, Metric=20
![Page 17: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/17.jpg)
D-Link TSD 2009 workshop
17
Monitor gateway using ARP methodIf a gateway IP has been specified in a route, the Net-Defends firewall can use ARP request to check the status of the gateway.
This method can avoid the gateway crashed.
ISP1
PPPoE
DFL-Series Router
wan1:1.1.1.1/30 1.1.1.2/30
ARP Request
ARP Reply
0.0.0.0/0 wan1, Gateway: 1.1.1.2, M=10 MAIN Routing Table
0.0.0.0/0 wan2, Gateway: 3.3.3.2, M=20
![Page 18: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/18.jpg)
D-Link TSD 2009 workshop
18
The restriction of the Link status and ARP request methods
Remote node connection fail.
DFL-Series
Router
wan1:1.1.1.1/30
1.1.1.2/30
Router
5.5.5.2/30
wan2:5.5.5.1/30
0.0.0.0/0 wan1, Gateway: 1.1.1.2, Metric=10, Link state/ARP request 0.0.0.0/0 wan2, Gateway: 5.5.5.2, Metric=20
![Page 19: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/19.jpg)
D-Link TSD 2009 workshop
Host monitoring method• To provide more flexible ways to monitor routes status.
• Host monitoring using more reliable methods to check the status of routes.
19
DFL-Series
Router
wan1:1.1.1.1/30
1.1.1.2/30
Router
5.5.5.2/30
wan2:5.5.5.1/30 Google Web Site74.125.67.100
![Page 20: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/20.jpg)
D-Link TSD 2009 workshop
20
Methods of the host monitoring
• ICMP Host Monitoring
• TCP Host Monitoring
• HTTP Host Monitoring
![Page 21: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/21.jpg)
D-Link TSD 2009 workshop
21
ICMP Host MonitoringNet-Defends firewall uses ping request to remote hosts to check the status of route.
DFL-Series Router1.1.1.1/30 1.1.1.2/30
Google Web74.125.67.100
Ping Request
Ping Reply
![Page 22: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/22.jpg)
D-Link TSD 2009 workshop
22
ICMP Host Monitoring Configuration Example
WAN1 WAN2
ISP1 ISP2
![Page 23: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/23.jpg)
D-Link TSD 2009 workshop
23
ICMP Host Monitoring Configuration ExampleGrace Period:This is the time after startup or after reconfigurationof the Net-Defends firewall which Net-Defends firewall will wait before starting Route Monitoring.
Minimum Number of Hosts Reachable:This is the minimum number of hosts that must be consider to be accessible before the route is deemed to have failed.All:all monitored targets must detectable, or this route will be disabled.None: at lease one of monitored targets must detectable, or this route will be disabled.Specific:the specific number of monitored targets must detectable, or this route will be disabled.
![Page 24: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/24.jpg)
D-Link TSD 2009 workshop
24
ICMP Host Monitoring Configuration ExamplePolling Interval:The interval in milliseconds between polling attempts. The default setting is 10,000 and the minimum value allowed is 100 ms.Reachability Required:You can enable the Reachability Required in some monitored targets. If Net-Defends firewall determines that any host with this option enabled is not reachable, Route Failover is initiated.Sample:The number of samples are used for calculating the Percentage Loss and the Average Latency. This value cannot be less than 1.Max Poll Fails:The maximum permissible number of polling attempts that fail. If this number is exceeded then the host is considered unreachable.
Max Average Latency:Average Latency is calculated by averaging the response times from the host. If a polling attempt receives no response then it is not included in the averaging calculation.
![Page 25: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/25.jpg)
D-Link TSD 2009 workshop
Host Monitoring Sample List
25
ICMP Host Monitoring Configuration Example
1. ICMP request, Result=Ok, Latency=700ms2. ICMP request, Result=NG 3. ICMP request, Result=Ok, Latency=700ms
4. ICMP request, Result=NG 5. ICMP request, Result=Ok, Latency=700ms 6. ICMP request, Result=NG 7. ICMP request, Result=Ok, Latency=700ms 8. ICMP request, Result=Ok, Latency=700ms 9. ICMP request, Result=Ok, Latency=700ms10. ICMP request, Result=Ok, Latency=700ms
![Page 26: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/26.jpg)
D-Link TSD 2009 workshop
Host Monitoring Sample List
26
ICMP Host Monitoring Configuration Example
1. ICMP request, Result=Ok, Latency=700ms2. ICMP request, Result=Ok Latency=700ms3. ICMP request, Result=Ok, Latency=700ms
4. ICMP request, Result=Ok, Latency=700ms 5. ICMP request, Result=Ok, Latency=700ms 6. ICMP request, Result=Ok, Latency=700ms 7. ICMP request, Result=Ok, Latency=700ms 8. ICMP request, Result=Ok, Latency=700ms 9. ICMP request, Result=Ok, Latency=700ms10. ICMP request, Result=Ok, Latency=700ms11. ICMP request, Result=Ok, Latency=700ms
![Page 27: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/27.jpg)
D-Link TSD 2009 workshop
27
TCP Host MonitoringNet-Defends firewall uses specified TCP protocol to check the status of routes.
Any reply from the monitored target will be identified by DFL firewall.
DFL-Series Router1.1.1.1/30 1.1.1.2/30
Google Web74.125.67.100
TCP 80 port Handshaking Sync
TCP 80 port Handshaking Sync Ack
FTP Server220.13.8.24
TCP 21 port Connect Request
TCP 21 port Connect Reply
![Page 28: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/28.jpg)
D-Link TSD 2009 workshop
28
TCP Host Monitoring Configuration Example
WAN1 WAN2
ISP1 ISP2
![Page 29: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/29.jpg)
D-Link TSD 2009 workshop
29
TCP Host Monitoring Configuration Example
![Page 30: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/30.jpg)
D-Link TSD 2009 workshop
30
HTTP Host MonitoringNet-Defends firewall uses HTTP protocol to check the status of routes.
Only specified HTTP patterns in the reply will be identified by Net-Defends firewall.
DFL-Series Router1.1.1.1/30 1.1.1.2/30
HTTP Server74.125.67.100
HTTP Request
Specified HTTP patterns Reply
![Page 31: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/31.jpg)
D-Link TSD 2009 workshop
31
HTTP Host Monitoring Configuration Example
WAN1 WAN2
ISP1 ISP2
![Page 32: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/32.jpg)
D-Link TSD 2009 workshop
32
HTTP Host Monitoring Configuration Example
![Page 33: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/33.jpg)
D-Link TSD 2009 workshop
33
HTTP Host Monitoring Configuration Example
Setup the monitored target’s URL
Setup the web page’s source code in here
![Page 34: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/34.jpg)
D-Link TSD 2009 workshop
34
HTTP Host Monitoring Configuration Example
![Page 35: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/35.jpg)
D-Link TSD 2009 workshop
35
HTTP Host Monitoring Configuration Example
![Page 36: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/36.jpg)
D-Link TSD 2009 workshop
36
HTTP Host Monitoring Configuration Example
![Page 37: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/37.jpg)
D-Link TSD 2009 workshop
37
HTTP Host Monitoring Configuration Example
• You can setup the expected response like:<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
• You can’t setup the expected response like:<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
![Page 38: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/38.jpg)
D-Link TSD 2009 workshop
38
Check The Route Failover Status
Check the routing table.
![Page 39: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/39.jpg)
D-Link TSD 2009 workshop
39
Check The Route Failover Status
Check the routing table.
![Page 40: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/40.jpg)
D-Link TSD 2009 workshop
40
Check The Route Failover Status
Check the routing table via CLI.
![Page 41: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/41.jpg)
D-Link TSD 2009 workshop
41
Check The Route Failover Status
Check the host monitoring status.
![Page 42: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/42.jpg)
D-Link TSD 2009 workshop
Hands On
42
![Page 43: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/43.jpg)
D-Link TSD 2009 workshop
Example of Host Monitoring
43
ISP1 ISP2
WAN1:
IP:1.1.1.1/24
GW:1.1.1.2
PC1: 192.168.1.50
LAN: 192.168.1.1/24
PC2: 192.168.1.101
WAN2:
IP:3.3.3.1/24
GW:3.3.3.2
HTTP/FTP server5.5.5.5
Outgoing TrafficObjective:
• The primary default gateway is the WAN1 default gateway, if the WAN1 default gateway is unavailable, the default gateway will change to WAN2.
• Please try to setup the route failover function to link state/ARP request/host monitoring, to check what’s different between each other.
• The monitored target of the host monitoring is 5.5.5.5.
Outgoing Traffic
![Page 44: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/44.jpg)
D-Link TSD 2009 workshop
Example of Host Monitoring
44
1 Set the object of IP4 address
![Page 45: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/45.jpg)
D-Link TSD 2009 workshop
Example of Host Monitoring
45
2
![Page 46: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/46.jpg)
D-Link TSD 2009 workshop
Example of Host Monitoring
46
3
![Page 47: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/47.jpg)
D-Link TSD 2009 workshop
Example of Host Monitoring
47
4
![Page 48: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/48.jpg)
D-Link TSD 2009 workshop
Example of Host Monitoring
48
5 Create a WAN1 gateway route.
![Page 49: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/49.jpg)
D-Link TSD 2009 workshop
Example of Host Monitoring
49
6 Configure the Route Monitoring Function.
![Page 50: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/50.jpg)
D-Link TSD 2009 workshop
Example of Host Monitoring
50
7
![Page 51: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/51.jpg)
D-Link TSD 2009 workshop
Example of Host Monitoring
51
8 Create a WAN2 gateway route entry for secondary gateway routing.
![Page 52: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/52.jpg)
D-Link TSD 2009 workshop
Example of Host Monitoring
52
Note.Why we don’t need setup the route failover function in the WAN2 default route ?
9
Because the WAN2 default route is a backup route, the traffic only go through WAN2 when the WAN1 default route is fail. So we only need setup the route failover monitoring function in the WAN1 default route.
![Page 53: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/53.jpg)
D-Link TSD 2009 workshop
Example of Host Monitoring
53
10 Add a interface group.
![Page 54: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/54.jpg)
D-Link TSD 2009 workshop
Example of Host Monitoring
54
11 Add IP-Rules for traffic go through WAN2 interface.
![Page 55: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/55.jpg)
D-Link TSD 2009 workshop
Example of Host Monitoring
55
11 Add IP-Rules for traffic go through WAN2 interface.
![Page 56: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/56.jpg)
D-Link TSD 2009 workshop
56
Outbound Route Load Balancing
![Page 57: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/57.jpg)
D-Link TSD 2009 workshop
57
Outbound Route Load Balancing
•Overview
•What is Outbound Route Load Balancing
•How to deploy the RLB Function
•RLB Behaviors
•RLB Algorithms
Hands-on
•Setting and debugging
Q&A
Outline
![Page 58: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/58.jpg)
D-Link TSD 2009 workshop
58
What is Outbound Route Load Balancing ?
Outbound Route Load Balancing is the ability to distribute traffic over multiple routes based on a number of predefined distribution algorithms.
ISP1 ISP2
WAN1 WAN2
0.0.0.0/0 wan1 , Metric=10
0.0.0.0/0 wan2 , Metric=20
MAIN Routing Table
GoogleGoogleGoogleGoogle
![Page 59: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/59.jpg)
D-Link TSD 2009 workshop
59
How to deploy Outbound RLB
Manual add identical routing entries.
Enable RLB.
![Page 60: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/60.jpg)
D-Link TSD 2009 workshop
60
Manually add identical routing entries for RLB.
ISP2
WAN1:
IP:1.1.1.1/24
GW:1.1.1.2
WAN2:
IP:3.3.3.1/24
GW:3.3.3.2
ISP1
![Page 61: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/61.jpg)
D-Link TSD 2009 workshop
61
Enable RLB.
![Page 62: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/62.jpg)
D-Link TSD 2009 workshop
62
Outbound RLB behaviors
RLB engine auto lookup the identical routing entries.
RLB engine grouping the identical routing entries into RLB engine.
RLB engine using specify algorithm to design traffic go which way.
• Outbound RLB Flowchart
![Page 63: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/63.jpg)
D-Link TSD 2009 workshop
63
Auto lookup the identical routing entries in the routing table.
Identical routing entires
Identical routing entries
![Page 64: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/64.jpg)
D-Link TSD 2009 workshop
Outbound RLB Engine
64
Grouping the identical destination routing entries into RLB engine.
Group 1
Group 2
![Page 65: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/65.jpg)
D-Link TSD 2009 workshop
65
Using specified algorithm to design traffic go which way.
ISP1
ISP2
WAN1
WAN2
GoogleGoogleGoogleGoogle
RLB Group
RLB
![Page 66: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/66.jpg)
D-Link TSD 2009 workshop
66
Outbound RLB Flowchart
Outgoing traffic
Lookup dst-network in main
routing table
Matching RLB routing entries
Yes
No
Yes
Dropped by “Default Access Rule”
NoRLB
Algorithm
WAN1
WAN2
Interface
src_IP src-_IF destination dest-_IF
192.168.1.9 lan1 http://google
Outbound Route Load Balancing Engine
WAN1 or WAN2
![Page 67: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/67.jpg)
D-Link TSD 2009 workshop
67
Outbound Route Load Balancing Algorithms
• Round Robin Algorithm
• Destination Algorithm
• Spillover Algorithm
![Page 68: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/68.jpg)
D-Link TSD 2009 workshop
68
Round Robin Algorithm• Successive routes are chosen from the matching routes in a
Randomly.
• If the matching routes have unequal metric, then routes with lower metric are triggered more often.
Outgoing traffic
RLB Round Robin Algorithm
MAIN
Routing Table
M=10
M=10
WAN1
WAN2M=20
![Page 69: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/69.jpg)
D-Link TSD 2009 workshop
69
The restriction Of Round Robin Algorithm
RLB Round Robin Algorithm
M=10
M=10
WAN1
WAN2M=20SSL ServerSSL Client
![Page 70: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/70.jpg)
D-Link TSD 2009 workshop
70
Destination Algorithm• Destination is similar to Round Robin, but provides the “stickiness”
• The unique destination IP addresses always get the same route from a lookup
Outgoing traffic
RLB Destination Algorithm
MAIN
Routing Table
M=10
M=10
WAN1
WAN2
Destination Stickiness Table 1. Face book wan22. Google wan1
Face book
To Google
To Face Book
To Face BookTo
![Page 71: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/71.jpg)
D-Link TSD 2009 workshop
71
Destination Algorithm• How to setup the Round Robin and Destination Algorithms
![Page 72: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/72.jpg)
D-Link TSD 2009 workshop
72
Spillover AlgorithmThe first matching route's interface is repeatedly used until the Spillover Limits of that route's interface are exceeded for the Hold Timer.
Outgoing traffic
RLB Spillover Algorithm
MAIN
Routing Table
M=10
M=20
WAN1
WAN2
Spillover Parameters* Utilization Limit: 1Mbps* Hold Time: 10 Seconds
![Page 73: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/73.jpg)
D-Link TSD 2009 workshop
73
Spillover Algorithm
How to setup the spillover algorithm
![Page 74: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/74.jpg)
D-Link TSD 2009 workshop
74
Spillover Algorithm
How to setup the spillover algorithm
![Page 75: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/75.jpg)
D-Link TSD 2009 workshop
75
Route Load Balancing Algorithm ResetAfter Net-Defends firewall reconfiguration/reboot.
After a high availability failover.
![Page 76: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/76.jpg)
D-Link TSD 2009 workshop
Hands On
76
![Page 77: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/77.jpg)
D-Link TSD 2009 workshop
Example of Route Load Balancing
77
ISP1 ISP2
WAN1:
IP:1.1.1.1/24
GW:1.1.1.2
PC1: 192.168.1.50
LAN: 192.168.1.1/24
PC2: 192.168.1.101
WAN2:
IP:3.3.3.1/24
GW:3.3.3.2
HTTP/FTP server5.5.5.5
Objective:
2. There are two Internet links, ISP1 and ISP2. All traffic is outgoing via ISP1 and ISP2 load balancing.
3. Try to configure the RLB instance objects to Round Robin/Destination/Spillover , to check what’s difference between each other.
![Page 78: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/78.jpg)
D-Link TSD 2009 workshop
Example of Route Load Balancing
78
1 Set the object of IP4 address 2 Add two default route
![Page 79: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/79.jpg)
D-Link TSD 2009 workshop
Example of Route Load Balancing
79
3 Add wan1, wan2 Interface Group
4 Add a IP-Rule entry
![Page 80: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/80.jpg)
D-Link TSD 2009 workshop
Example of Route Load Balancing
80
5 Add a Round Robin or Destination Route Load Balancing Instance. Check the RLB status.
![Page 81: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/81.jpg)
D-Link TSD 2009 workshop
Example of Route Load Balancing
81
6 Add a Spillover Load Balancing Instance
![Page 82: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/82.jpg)
D-Link TSD 2009 workshop
Example of Route Load Balancing
82
7 Add a Spillover Settings
![Page 83: Publish versin host monitoring and outbound load balancing(0915113656)](https://reader036.vdocuments.net/reader036/viewer/2022062313/559867651a28abc32f8b4869/html5/thumbnails/83.jpg)
D-Link TSD 2009 workshop
Thank you
83