elfiq link load balancers

Elfiq LinkLoad Balancers

May 2007Version 2.3

Optimized and Available Networks

Table of Contents

1. Telecommunication Trends

2. Elfiq Link Load Balancer Overview

3. Technical Features

4. Return on Investment (ROI)

5. Conclusion

Telecommunication Telecommunication TrendsTrends

A Few Facts

• High volume of electronic exchanges changing our way of doing business

• IP telecommunication links everywhere: EDI, e-commerce, e-mails, VPN, web services, etc.

• Telecommunications: vital part of any organization nervous system for employees, customers & suppliers

• Revenue increases due to electronic services• Network failures have immediate negative impact on

organizations• Organizations are pre-occupied by their security and

business continuity

Question to Ask :• Do important activities of your business rely on data

telecommunication links ?• Have you experienced link or bandwidth failures ?• Do you have redundancy in your telecommunication links ?• Are you planning to upgrade or change your links ?• Are your telecommunication contracts up for renewal ?• Can your organization operate a complete day with a link

failure ?• What are the true annual direct and indirect costs of link

congestion or failures for your organization?

Telecommunication Trends

• Businesses often have one Internet connection for each type of business need. Typically Web sites/extranet – E-mail and web browsing - VPN & remote users

• When consolidating connections, network managers must ensure that redundancy is preserved

• Physical failures: fiber cuts, faulty cards on a router, etc.

• Logical failures: ISP routing issues, provisioning & configuration

• Both types of failures causes connectivity to fail entirely or severely degrade performance

Source: Multiple internet connections increase performance, create complexity, October 2004

Network Redundancy, Multihoming Scenarios

• Highly available Internet connectivity in 3 ways:– Multiple connections, same ISP point of presence

(POP), some protection from physical failures, recommended only for non mission-critical locations

– Multiple connections, same ISP point but to different POPs, greater protection against physical failures, some protection from logical failures.

– Connections from multiple ISPs, “mission critical” sites, greatest protection against both physical and logical failures.

Source: Multiple internet connections increase performance, create complexity, October 2004

Gartner Group Studies

• Businesses that want to avoid the complexity of a BGP implementation, or are doing more than simple failover or load-sharing should investigate a WAN link load balancer

• Most enterprises have grown accustomed to adding bandwidth in response to growing application demands, building a smarter WAN infrastructure is often a better investment

Source: Enterprises will waste money on bandwith in 2004, 2 décembre 2003

Gartner Group Studies (suite)

• Strategic planning assumptions:– By 2008, investing in bandwidth efficiency solutions will

be the primary WAN upgrade strategy for 75% of enterprises in those four technologies:

• Compression/bandwidth management (NetCelera, Packeteer)• Protocol manipulation – HTTP traffic optimization with proprietary

and Gzip compression (Boostworks, Pivia)• Content Delivery Networks – distributed caches to store content

(Cisco, Kontiki)• Route control (Elfiq Link LB, F5, Internap, Radware)

Source: Enterprises will waste money on bandwith in 2004, December 2003

Note: Some technologies can be combined to improve performance

Elfiq Link Load Balancer Elfiq Link Load Balancer Technology OverviewTechnology Overview

May 2007, Version 2.3

What is an Elfiq Link LB?

• Global Load Balancer or WAN Load Balancer

• Allows simultaneous use of many routed links (Internet or private) from multiple telcos or ISPs

• Load balancing of both incoming and outgoing traffic

• Secured transparent device (inline), no IP address

• Allows maintenance operations during business hours by redirecting traffic

• Maintains IP services availability to your enterprise for business continuity

• Reduces unproductive hours for your organization

Corporate Network

ISP A

ISP B

ISP C

Elfiq Link Load BalancerFirewall

Elfiq Link Load Balancer

Firewall

Corporate Network

Backup dataMaster data

Business continuity/network resilience solution for Disaster Recovery and/or Backup links

Corporate Network

Firewall/VPN

Internet

ISP A

ISP BElfiq Link Load Balancer

Montreal


London

Corporate Network

Firewall/VPN

ISP C

ISP D

What are the typical functions of an Elfiq Link LB?

Corporate Network

FirewallElfiq Link Load Balancer

ISP A’s router

ISP B’s router

ISP C’s router

ISP D’s router

Internet

ISP A

ISP B

ISP C

ISP D

Increase bandwidth and availability with different providers/technologies

ISP A’s router

ISP B’s router

FirewallISP B

network

ISP Anetwork

Internet Corporate Network

ISP D’s router

ISP Dnetwork

ISP Cnetwork

ISP C’s router

ISP A’s router

ISP B’s router

FirewallISP B

network

ISP Anetwork



ISP’s router

ISP networkInternet


Where does it fit in your infrastructure?

FirewallISP B

network

ISP Anetwork


Managementvlan

Outside vlan Inside vlan

Elfiq Link LB(Master)

Elfiq Link LB (Slave)

Firewall

Corporate Network

Concept of GMAC, VFI and Primary Link

GMAC: Gateway mac address of a router, one gmac per link

VFI: Virtual Forwarder Interface is comprised of one inside port and a set of GMACs.

Elfiq Link LB’s strength is its easy network integration because it keeps the primary link configuration. No IP address migration is required for existing firewall and

servers.

No reconfiguration of existing firewall or servers!

Elfiq Link LB manages all links transparently according to advanced algorithms

OSI Level 2 integration: The primary link is the only known link for the firewall and servers.

Primary linkISP A

InternalNetwork

Firewall

ServersISP A

ISP B

InternalNetwork

VFIFirewall

Serversgmac 1

gmac2

Primary link

Advanced Algorithms

• Round Robin (RR)• Weight First Algorithm (WFA)• Least Traffic First Algorithm (LTFA)• Equalized Traffic First Algorithm (ETFA)• Weighted Equalized Traffic First Algorithm (WFA-ETFA)• Ordered Preferred First Algorithm (OPFA)• Round Robin No-Gmac (RR-nogmac)• Best SitePath First Algorithm (BSFA)

Algorithms for load balancing all incoming and outgoing traffic or specific to protocol, source IP/port and destination IP

ISP A’s router

ISP B’s router

FirewallISP Bnetwork

ISP Anetwork

InternetClient

Network

www.example.com

`

Client user

DNS server


Outgoing Load Balancing

DNS requestDNS resolutionHTTP Requests

Elfiq Link LB level 2 VFI optimizes network bandwidth

and redundancy according to advanced algorithms.

HTTP replies

Incoming Load Balancing

The IDNS module

Remote ClientRemote DNS

Server

DNS Query: What is the IP of www.example.com

www IN NS virtualdns.example.comDNS Answer: The IP of

www.example.com is 33.33.33.9

Examine example.com zone file for www entry

What is the IP of virtualdns.example.com?

virtualdns IN A 33.33.33.5

Send DNS Query to 33.33.33.5

DNS Query: What is the IP of

www.example.com

Is it inmy IDNS RR

table

Let the requestpass through

Verify which algorithm is

associated with the resource record

Calculate the answer

according to the algorithm

Send the resulting

IP address

NO

YES

Is it for the right virtual DNS server

Let the requestpass through

NOYES

DNS Answer: The IP of www.example.com is 33.33.33.9

Elfiq Link LB

ISP A’s router

ISP B’s router

FirewallISP B

network

ISP Anetwork

InternetClient

Network

Intranet server

DNS server 1DNS server 2

Remote user



DNS request

Link LB IDNS module interception and link selection

DNS resolution

Link B selectedIntranet access

ISP A’s router

ISP B’s router

FirewallISP B

network

ISP Anetwork

InternetClient

Network

Intranet server

DNS server 1DNS server 2

Remote user



DNS request


Link B selectedIntranet access

DNS request

DNS resolution

Elfiq Link Load Balancer Elfiq Link Load Balancer SitePathMTPX TechnologySitePathMTPX Technology

September 2006, Version 2.3

Corporate Network

InternetISP A

Montreal London

Corporate Network

ISP C

Firewall/VPN

Firewall/VPN

Traditional Site to Site VPN implementation

Bandwidth affected bylocal applications

Bandwidth affected bylocal applications

Bandwidth affected byInternet congestion

VP

N B

andw

idth

Time

Max. VPN Bandwidth

Effe

ctiv

e B

andw

idth

Time

Max. Effective

Bandwidth

Corporate Network

Internet

ISP A

ISP B

Montreal London

Corporate Network

ISP C

ISP D

Firewall/VPN

Firewall/VPN

Elfiq Link Load BalancerElfiq Link Load Balancer

SitePathMTPX Technology (BSFA Algorithm)

Primary Path = NO firewall/VPN reconfiguration

Elfiq Link Load Balancer Elfiq Link Load Balancer GeoLink TechnologyGeoLink Technology

September 2006, Version 2.3

ISP A’s router

ISP B’s router


ISP Anetwork

InternetClient

Network

Intranet server

DNS server 1

DNS server 2

ElfiqLink Load Balancer

Remote user

ISP C’s router Firewall

ISP Cnetwork

Internet

Client Network

www.example.com

`

Client user

WAN router

WAN private network

WAN router


Geographic Balancing Option

GEOLINK between sites exchanging link status, statistics, algorithm metrics and IDNS resources

WAN links could also be in redundancy (second VFI)

ISP A’s router

ISP B’s router


ISP Anetwork

InternetClient

Network

Intranet server

DNS server 1

DNS server 2


Remote user


ISP Cnetwork

Internet

Client Network

www.example.com

`

Client user

WAN router

WAN private network

WAN router


Outgoing Geographic Balancing

Link B

selected Encapsulation from public to private addressing in the GEOLINK.

Optional encryption

ISP A’s router

ISP B’s router


ISP Anetwork

InternetClient

Network

Intranet server

DNS server 1

DNS server 2


Remote user


ISP Cnetwork

Internet

Client Network

www.example.com

`

Client user

WAN router

WAN private network

WAN router


Incoming Geographic Balancing


Link A unavailable

Link B saturated

Geo policies allow access via alternate site for this service

Link C at 20%

DNS request

DNS request

DNS requestDNS Resolution

Encapsulation from public to private addressing in the GEOLINK.

Optional encryption

GEO policies intercept remote site request

Intranet access

GEO policies re-addressing for intranet server

Elfiq Link Load BalancerElfiq Link Load BalancerTechnical FeaturesTechnical Features

Monomode vs Multimode Installation

Monomode Multimode

•Maximize port usage

•Required for failover mode

Elfiq Link LB-500 SMB / LB-1000 - Branch

• Tabletop unit, same physical platform (firmware upgrade)

• 4 x 10/100 Mbits ports• Maximum of 2 / 4 links• Entry level unit • 20 / 45 Mbps throughput• LB1000 includes all enterprise

class features and resiliency:• Tag Load Balancing• Internet Service Verificators (ISV)• SitePathMTPX• VLANS, QoS Diffserv marking

Elfiq Link LB-2000 - Advanced

• Standard 1U rackmount unit (1.75") x 16.8" x 9" • 4 x 10/100 Mbits ports• Maximum of 8 links in multimode• Up to 90 Mbps throughput• Failover mode (2 units) • Geographic load balancing option

Elfiq Link LB-3000 - Enterprise

• Standard 1U rackmount (1.75") x 16.8" x 15" • 4 x 10/100/1000 Mbits and 8 x 10/100 Mbits ports• Up to 400 Mbps throughput per VFI• Failover mode (2 units) • Geographic load balancing option• Up to 5 virtual load balancers (VFIs) with 32 links

each in the same physical appliance

Elfiq Link Load BalancerVFI 0



Elfiq Link Load BalancerLB-3000 platform

Monitoring mode (tap) with IDS and shunning

Technical Features• Telco grade carrier class solution, secure no hard disk

• Elfiq Operating System (EOS) and configuration in FLASH memory, easy updates

• Incoming and outgoing load balancing

• Support links at wire speed, no degradation

• Support all WAN routed links: xDSL, Cable, Satellite, WI-FI, E1/T1/E3/T3, Fiber, lan-ex

• No ISP router special configuration required

• Optimizes link performance and detects link saturation and failures in real time to redirect traffic

Technical Features (suite)

• Operating at the data link layer 2• No IP address migration required or reconfiguration of

Firewall & Servers• Transparent secure device, invisible on the Internet• Links can be grouped into multiple virtual link balancers

(VFI) for different types of routed links• Powerful balancing as each Protocol/Port can be load

balanced with a different algorithm• IP filtering, NAT/PAT, Shunning• Support persistency for protocols like FTP or HTTPS

Technical Features (suite)

• Real time failover mode between 2 units• Dedicated management port• Console (CLI) accessed or SSH2• Windows GUI • Syslog and SNMP• XML external API

GUI Interface

Return on Investment Return on Investment (ROI)(ROI)

Return On Investment (ROI)• Direct savings ($):

– Optimizes/increases your multihomed network throughput– Using less expensive links and/or limiting on-demand

bandwidth will reduce WAN costs• Indirect savings ($$$):

– Minimizes the productivity losses due to link failures or application performance degradation

– Keeps the best availability and application response time to your users, customers and partners

– Protects your enterprise revenue & investments– Integrates into your business continuity and disaster recovery

plans

SMB ROI: E1/T1 vs Elfiq Link LB-1000 or LB-2000 coupled with 2 or 3 DSL/Cable links

Download Upload Annual costs Savings

1 x E1/T1 link 1,5 Mbps 1,5 Mbps 15 000$

2 x DSL/Cable 8 Mbps 1,4 Mbps 4 800$ 10 200$

3 x DSL/Cable 12 Mbps 2,1 Mbps 7 200$ 7 800$

Payback period: 6-12 months

ROI : Indirect Savings• Number of users: 1000

• Cost of 1 hour of downtime: 7 500$*

• Cost of 1 hour of degraded link (performance issue): 2 500$

• Planned number of hours of downtime per year : 4

• Planned number of hours of degraded link per year : 24

• Lost productivity per year: 105 000$***

• Average revenue per business hour: 20 000$

• Expected percentage of lost revenues: 50%

• Lost revenue per year: 140 000$

* Based on an average salary (50 000$) and 15 minutes of loss of productivity per hour** Could be security attack, ISP logical error or saturated link*** 7 500$ x 4 + 2 500$ x 24

ConclusionConclusion

Elfiq Link Load Balancers’ Advantages

• Operating at data link level 2

• Link load balancing at wire speed

• Invisible on the network, very secure device

• No IP address migration to your infrastructure

• Easy installation with the primary link concept, reducing integration costs and time

• SitePath technology

• Geographic option

www.elfiq.com

1-888-GO-ELFIQ (America)

+44 (0) 207 193 5053 (Europe)

elfiq link load balancers

Documents

logical failures

bandwidth failures

preservedphysical failures

multiple internet connections

link failure

data telecommunication

telecommunication contracts

greatest protection