Diapositive 1
Download
Report
Transcript Diapositive 1
Optimized and Available Networks
Elfiq Link
Load Balancers
May 2007
Version 2.3
Table of Contents
1.
2.
3.
4.
5.
Telecommunication Trends
Elfiq Link Load Balancer Overview
Technical Features
Return on Investment (ROI)
Conclusion
Telecommunication
Trends
A Few Facts
• High volume of electronic exchanges changing our
way of doing business
• IP telecommunication links everywhere: EDI, ecommerce, e-mails, VPN, web services, etc.
• Telecommunications: vital part of any organization
nervous system for employees, customers & suppliers
• Revenue increases due to electronic services
• Network failures have immediate negative impact on
organizations
• Organizations are pre-occupied by their security and
business continuity
Question to Ask :
• Do important activities of your business rely on data
telecommunication links ?
• Have you experienced link or bandwidth failures ?
• Do you have redundancy in your telecommunication links ?
• Are you planning to upgrade or change your links ?
• Are your telecommunication contracts up for renewal ?
• Can your organization operate a complete day with a link
failure ?
• What are the true annual direct and indirect costs of link
congestion or failures for your organization?
Telecommunication Trends
• Businesses often have one Internet connection for each
type of business need. Typically Web sites/extranet –
E-mail and web browsing - VPN & remote users
• When consolidating connections, network managers must
ensure that redundancy is preserved
• Physical failures: fiber cuts, faulty cards on a router, etc.
• Logical failures: ISP routing issues, provisioning &
configuration
• Both types of failures causes connectivity to fail entirely or
severely degrade performance
Source: Multiple internet connections increase performance, create complexity, October 2004
Network Redundancy, Multihoming Scenarios
• Highly available Internet connectivity in 3 ways:
– Multiple connections, same ISP point of presence
(POP), some protection from physical failures,
recommended only for non mission-critical
locations
– Multiple connections, same ISP point but to
different POPs, greater protection against physical
failures, some protection from logical failures.
– Connections from multiple ISPs, “mission critical”
sites, greatest protection against both physical
and logical failures.
Source: Multiple internet connections increase performance, create complexity, October 2004
Gartner Group Studies
• Businesses that want to avoid the complexity of a
BGP implementation, or are doing more than
simple failover or load-sharing should investigate
a WAN link load balancer
• Most enterprises have grown accustomed to
adding bandwidth in response to growing
application demands, building a smarter WAN
infrastructure is often a better investment
Source: Enterprises will waste money on bandwith in 2004, 2 décembre 2003
Gartner Group Studies (suite)
• Strategic planning assumptions:
– By 2008, investing in bandwidth efficiency solutions will
be the primary WAN upgrade strategy for 75% of
enterprises in those four technologies:
• Compression/bandwidth management (NetCelera, Packeteer)
• Protocol manipulation – HTTP traffic optimization with proprietary
and Gzip compression (Boostworks, Pivia)
• Content Delivery Networks – distributed caches to store content
(Cisco, Kontiki)
• Route control (Elfiq Link LB, F5, Internap, Radware)
Note: Some technologies can be combined to improve performance
Source: Enterprises will waste money on bandwith in 2004, December 2003
Elfiq Link Load Balancer
Technology Overview
May 2007, Version 2.3
What is an Elfiq Link LB?
• Global Load Balancer or WAN Load Balancer
• Allows simultaneous use of many routed links
(Internet or private) from multiple telcos or ISPs
• Load balancing of both incoming and outgoing traffic
• Secured transparent device (inline), no IP address
• Allows maintenance operations during business
hours by redirecting traffic
• Maintains IP services availability to your enterprise
for business continuity
• Reduces unproductive hours for your organization
What are the typical functions of an Elfiq Link LB?
Increase bandwidth and availability with different
Business continuity/network resilience solution for Disaster
providers/technologies
Recovery and/or Backup links
Master data
Backup data
ISP A
ISP A
ISP A’s router
ISP B
Corporate
Corporate
Network
ISP B
Network
ISP B’s router
Elfiq Link Load Balancer
Elfiq Link Load Balancer
Firewall
Internet
Corporate
Network
Elfiq Link Load Balancer
Firewall
Firewall
ISP C
ISP C
ISP C’s router
ISP D
ISP D’s router
Montreal
ISP A
ISP C
London
Internet
Corporate
Network
Firewall/VPN
Elfiq Link Load Balancer
ISP B
Corporate
Network
ISP D
Elfiq Link Load Balancer
Firewall/VPN
Where does it fit in your infrastructure?
ISP A
network
Internet
Internet
ISP
network
ISP B
network
ISP A’s router
ISP’s router
Corporate
Network
Elfiq
Elfiq
Firewall
Link Load Balancer
Balancer
Corporate
Network
Firewall
ISP B’s router
Elfiq Link LB
(Master)
ISP C
network
ISP A
network
Internet
ISP C’s router
ISP D
network
ISP B
network
Corporate
Network
ISP D’s router
Outside vlan
Management
vlan
Elfiq
Link LB (Slave)
Inside vlan
Firewall
Concept of GMAC, VFI and Primary Link
gmac 1
Primary
Primary link
link
ISP A
Servers
Internal
Network
ISP B
gmac2
No reconfiguration of
Firewall
VFI
Elfiq Link LB manages all
GMAC: Gateway
mac address
of a router,
one
gmac per link
existing firewall
or
links
transparently
servers!
according to
advanced algorithms
VFI: Virtual Forwarder Interface is comprised of one inside port and a set of GMACs.
OSI Level
2 integration:
primary link
only known
link for
the firewall and
Elfiq
Link LB’sThe
strength
is isitstheeasy
network
integration
servers.because it keeps the primary link configuration. No IP
address migration is required for existing firewall and
servers.
Advanced Algorithms
•
•
•
•
•
•
•
•
Algorithms for load
balancing all
incoming and
outgoing traffic or
specific to protocol,
source IP/port and
destination IP
Round Robin (RR)
Weight First Algorithm (WFA)
Least Traffic First Algorithm (LTFA)
Equalized Traffic First Algorithm (ETFA)
Weighted Equalized Traffic First Algorithm (WFA-ETFA)
Ordered Preferred First Algorithm (OPFA)
Round Robin No-Gmac (RR-nogmac)
Best SitePath First Algorithm (BSFA)
Outgoing Load Balancing
DNS server
ISP A
network
ISP A’s router
Internet
ISP B
network
ISP B’s router
DNS resolution
HTTP
HTTPRequests
replies
Elfiq
Link Load
Balancer
DNS request
Client
Network
Firewall
www.example.com
Client
user
Elfiq Link LB level 2 VFI optimizes network bandwidth
and redundancy according to advanced algorithms.
Incoming Load Balancing
The IDNS module
DNS Query: What is the
IP of www.example.com
Examine example.com
zone file for www entry
DNS Answer: The IP of
www.example.com is 33.33.33.9
www
IN NS virtualdns.example.com
Remote DNS
Server
Remote Client
What is the IP of
virtualdns.example.com?
DNS Answer: The IP of
www.example.com is 33.33.33.9
virtualdns IN A 33.33.33.5
Send the
resulting
IP address
Elfiq
Link LB
Calculate the
answer
according to
the algorithm
Is it in
my IDNS RR
table
DNS Query: What
is the IP of
www.example.com
NO
Let the request
pass through
NO
Let the request
pass through
YES
Verify which
algorithm is
associated with the
resource record
YES
Is it for the right
virtual DNS server
Send DNS Query to
33.33.33.5
Incoming Load Balancing
Link LB IDNS module
interception and link DNS server 1
selection
DNS server 2
ISP A
network
Internet
DNS resolution
request
ISP B
network
ISP B’s router
Remote user
Client
Network
ISP A’s router
Elfiq
Link B selected Link Load
Intranet access
Balancer
Firewall
Intranet server
Incoming Load Balancing
Link LB IDNS module
interception and link DNS server 1
selection
DNS server 2
DNS request
Internet
ISP A
network
DNS request
ISP B
network
ISP B’s router
Remote user
Client
Network
ISP A’s router
Elfiq
Link Load
LinkDNS
B selected
resolution
Intranet access
Balancer
Firewall
Intranet server
Elfiq Link Load Balancer
SitePathMTPX Technology
September 2006, Version 2.3
Traditional Site to Site VPN implementation
Bandwidth affected by
Internet congestion
Montreal
London
Firewall/
VPN
Firewall
/VPN
Internet
ISP A
Bandwidth affected by
local applications
Bandwidth affected by
local applications
Max. VPN
Bandwidth
VPN Bandwidth
Corporate
Network
ISP C
Time
Corporate
Network
SitePathMTPX Technology (BSFA Algorithm)
Primary Path = NO firewall/VPN reconfiguration
Firewall/
VPN
Montreal
ISP A
ISP C
London
ISP D
Elfiq Link Load Balancer
Firewall
/VPN
Internet
Elfiq Link Load Balancer
ISP B
Corporate
Network
Max.
Effective
Bandwidth
Effective Bandwidth
Corporate
Network
Time
Elfiq Link Load Balancer
GeoLink Technology
September 2006, Version 2.3
Geographic Balancing Option
DNS server 2
DNS server 1
ISP A
network
Client
Network
ISP A’s router
Internet
Elfiq
Link Load Balancer
ISP B
network
Firewall
ISP B’s router
WAN router
Remote user
Internet
Intranet server
WAN private
network
WAN router
ISP C
network
ISP C’s router
www.example.com
Elfiq
Link Load Balancer
Client
Network
Firewall
Client
user
GEOLINK
WAN links
between
sites
could also
be in
exchanging
redundancy link
status,
(second VFI)
statistics,
algorithm
metrics and
IDNS resources
Outgoing Geographic Balancing
DNS server 2
DNS server 1
ISP A
network
Elfiq
Link Load Balancer
ISP B
network
Firewall
Link B
ISP B’s router
Remote user
Client
Network
ISP A’s router
Internet
selected
Encapsulation
from public to
WAN private private
network
addressing in
the GEOLINK.
WAN router
Internet
Intranet server
WAN router
ISP C
network
ISP C’s router
www.example.com
Elfiq
Link Load Balancer
Client
Network
Firewall
Client
user
Optional
encryption
Incoming Geographic Balancing
Link
GEO
LBpolicies
IDNS module
reinterception
addressingand
for intranet
link
DNS server 1
selection
server
DNS server 2
DNS request
ISP A
network
Client
Network
ISP A’s router
DNS request
Internet
ISP B
network
DNSDNS
Resolution
request
Elfiq
Link Load Balancer
Firewall
Link A unavailable
ISP B’s router
Link B saturated
Remote user
WAN router
Geo policies allow
Intranet server WAN private
access via
alternate site for
network
this service
Link C at 20%GEO policies intercept
remote site request
Internet
WAN router
ISP C
network
Intranet access
ISP C’s router
www.example.com
Elfiq
Link Load Balancer
Client
Network
Firewall
Client
user
Encapsulation
from public to
private
addressing in
the GEOLINK.
Optional
encryption
Elfiq Link Load Balancer
Technical Features
Monomode vs Multimode Installation
Monomode
Multimode
•Maximize port usage
•Required for failover mode
Elfiq Link LB-500 SMB / LB-1000 - Branch
• Tabletop unit, same physical
platform (firmware upgrade)
• 4 x 10/100 Mbits ports
• Maximum of 2 / 4 links
• Entry level unit
• 20 / 45 Mbps throughput
• LB1000 includes all enterprise
class features and resiliency:
•
•
•
•
Tag Load Balancing
Internet Service Verificators (ISV)
SitePathMTPX
VLANS, QoS Diffserv marking
Elfiq Link LB-2000 - Advanced
•
•
•
•
•
•
Standard 1U rackmount unit (1.75") x 16.8" x 9"
4 x 10/100 Mbits ports
Maximum of 8 links in multimode
Up to 90 Mbps throughput
Failover mode (2 units)
Geographic load balancing option
Elfiq Link LB-3000 - Enterprise
•
•
•
•
•
•
Standard 1U rackmount (1.75") x 16.8" x 15"
4 x 10/100/1000 Mbits and 8 x 10/100 Mbits ports
Up to 400 Mbps throughput per VFI
Failover mode (2 units)
Geographic load balancing option
Up to 5 virtual load balancers (VFIs) with 32 links
each in the same physical appliance
Elfiq Link Load Balancer
VFI 0
Elfiq Link Load Balancer
VFI 1
Elfiq Link Load Balancer
VFI 2
Elfiq Link Load Balancer
LB-3000 platform
Monitoring mode (tap) with IDS and shunning
Technical Features
• Telco grade carrier class solution, secure no hard disk
• Elfiq Operating System (EOS) and configuration in FLASH
memory, easy updates
• Incoming and outgoing load balancing
• Support links at wire speed, no degradation
• Support all WAN routed links: xDSL, Cable, Satellite, WI-FI,
E1/T1/E3/T3, Fiber, lan-ex
• No ISP router special configuration required
• Optimizes link performance and detects link saturation and
failures in real time to redirect traffic
Technical Features (suite)
• Operating at the data link layer 2
• No IP address migration required or reconfiguration of
Firewall & Servers
• Transparent secure device, invisible on the Internet
• Links can be grouped into multiple virtual link balancers
(VFI) for different types of routed links
• Powerful balancing as each Protocol/Port can be load
balanced with a different algorithm
• IP filtering, NAT/PAT, Shunning
• Support persistency for protocols like FTP or HTTPS
Technical Features (suite)
•
•
•
•
•
•
Real time failover mode between 2 units
Dedicated management port
Console (CLI) accessed or SSH2
Windows GUI
Syslog and SNMP
XML external API
GUI Interface
Return on Investment
(ROI)
Return On Investment (ROI)
•
•
Direct savings ($):
– Optimizes/increases your multihomed network throughput
– Using less expensive links and/or limiting on-demand
bandwidth will reduce WAN costs
Indirect savings ($$$):
– Minimizes the productivity losses due to link failures or
application performance degradation
– Keeps the best availability and application response time to
your users, customers and partners
– Protects your enterprise revenue & investments
– Integrates into your business continuity and disaster recovery
plans
SMB ROI: E1/T1 vs Elfiq Link LB-1000 or LB-2000
coupled with 2 or 3 DSL/Cable links
Download
1 x E1/T1 link
Upload
Annual costs
Savings
1,5 Mbps
1,5 Mbps
15 000$
2 x DSL/Cable
8 Mbps
1,4 Mbps
4 800$
10 200$
3 x DSL/Cable
12 Mbps
2,1 Mbps
7 200$
7 800$
Payback period: 6-12 months
ROI : Indirect Savings
•
•
•
•
•
•
Number of users: 1000
Cost of 1 hour of downtime: 7 500$*
Cost of 1 hour of degraded link (performance issue): 2 500$
Planned number of hours of downtime per year : 4
Planned number of hours of degraded link per year : 24
Lost productivity per year: 105 000$***
• Average revenue per business hour: 20 000$
• Expected percentage of lost revenues: 50%
• Lost revenue per year: 140 000$
* Based on an average salary (50 000$) and 15 minutes of loss of productivity per hour
** Could be security attack, ISP logical error or saturated link
*** 7 500$ x 4 + 2 500$ x 24
Conclusion
Elfiq Link Load Balancers’ Advantages
•
•
•
•
•
Operating at data link level 2
Link load balancing at wire speed
Invisible on the network, very secure device
No IP address migration to your infrastructure
Easy installation with the primary link concept,
reducing integration costs and time
• SitePath technology
• Geographic option
www.elfiq.com
1-888-GO-ELFIQ (America)
+44 (0) 207 193 5053 (Europe)