Nightfall
My Goal Is To Deny Yours
Premium,MVM
join:2001-08-03
Grand Rapids, MI
 ·Site5.com
 ·AT&T Midwest
 ·Comcast
| reply to Matt
Re: Dual-WAN Router - Traffic Control?
Matt,
I have done this before. In one example, I had HTTPS traffic flowing through one of the two connections. Mainly because load balancing HTTPS traffic is hard to do. Most secure sites remember one IP address for a transaction or when you are filling out a form. Having that data load balance may trip the security and cause a HTTPS error.
So it is possible yes. 
--
My domain - Nightfall.net |
|
Leathal
Premium
join:2002-02-09
Toronto, ON | that's why Matt needs to find a router that does IP binding on the load balancing if he want's to still be able to use NLB. Something which the linksys doesn't support...
Leathal |
|
Nightfall
My Goal Is To Deny Yours
Premium,MVM
join:2001-08-03
Grand Rapids, MI
·Site5.com
·AT&T Midwest
·Comcast
| said by Leathal  :that's why Matt needs to find a router that does IP binding on the load balancing if he want's to still be able to use NLB. Something which the linksys doesn't support... Leathal Actually, the Linksys RV082 does support that. I have set that up before and its not hard to setup.
--
My domain - Nightfall.net |
|
Leathal
Premium
join:2002-02-09
Toronto, ON
| said by Nightfall :said by Leathal :that's why Matt needs to find a router that does IP binding on the load balancing if he want's to still be able to use NLB. Something which the linksys doesn't support... Leathal Actually, the Linksys RV082 does support that. I have set that up before and its not hard to setup. You shouldn't have to setup anything other than enabling it which is how it's done in the industry. The firewall itself should be smart enough to know how to use it otherwise you have a problem.
Leathal |
|
Matt
Take me down to the paradise city
Premium
join:2003-07-20
Jamestown, NC
·North State Commun..
| said by Leathal :said by Nightfall :said by Leathal :that's why Matt needs to find a router that does IP binding on the load balancing if he want's to still be able to use NLB. Something which the linksys doesn't support... Leathal Actually, the Linksys RV082 does support that. I have set that up before and its not hard to setup. You shouldn't have to setup anything other than enabling it which is how it's done in the industry. The firewall itself should be smart enough to know how to use it otherwise you have a problem. Leathal According to the manual, the RV042 supports this too. It's a simple firewall setting.
As far as "enabling it" since when did Zywall and Sonicwall obtain the ability to read minds? How do they know I want my streaming radio station to go out over WAN2 instead of WAN1? Why hasn't this technology been paraded? I think you're confusing my question with sticky sessions. They are two different things. |
|
Nightfall
My Goal Is To Deny Yours
Premium,MVM
join:2001-08-03
Grand Rapids, MI
·Site5.com
·AT&T Midwest
·Comcast
| said by Matt :According to the manual, the RV042 supports this too. It's a simple firewall setting. As far as "enabling it" since when did Zywall and Sonicwall obtain the ability to read minds? How do they know I want my streaming radio station to go out over WAN2 instead of WAN1? Why hasn't this technology been paraded? I think you're confusing my question with sticky sessions. They are two different things. Thats correct Matt.
Setting this up in the Linksys unit is so easy. In fact, you do have to setup a rule like this in ANY ROUTER that you want to have the flow of one specific kind of traffic go through one connection.
If you don't set this up, then the load balancing does as it was designed to do which is use the connection that is the least utilized. This can be bad in terms of secure connections like HTTPS which is why all secure connections should go through one of your two connections. Switching it over is a simple drop down selection in the router if you have a line outage.
All dual WAN routers I have setup have this ability and are just as easy to implement.
--
My domain - Nightfall.net |
|
Leathal
Premium
join:2002-02-09
Toronto, ON
1 edit | reply to Matt
said by Matt :According to the manual, the RV042 supports this too. It's a simple firewall setting. As far as "enabling it" since when did Zywall and Sonicwall obtain the ability to read minds? How do they know I want my streaming radio station to go out over WAN2 instead of WAN1? Why hasn't this technology been paraded? I think you're confusing my question with sticky sessions. They are two different things. It's simple you are confusing the basic principle of how IP binding works.
IP binding takes the destination IP address and binds it to the WAN port it connects through initially until the session is closed.
So if you are requesting a audio stream from di.fm through your winamp and the firewall talks to DI's servers on WAN2 initially it will automatically bind the IP to WAN2 until the session is closed. Not having IP binding enabled allows the load balance to randomly decide which WAN port it will request additional information from automatically.
Basically you have to remember, what goes out must come in. In the case of HTTPS connections servers bind your incoming connection to your IP address (like Nightfall said) if you are not binding the IP address on your firewall then the load balance "may" decide to use the opposite WAN port on the next request and the session will be terminated by the destination server.
Leathal |
|
Matt
Take me down to the paradise city
Premium
join:2003-07-20
Jamestown, NC
·North State Commun..
| That is called sticky connections. You may refer to it as IP binding, although I would disagree as that implies something completely different to me.
I was asking if I could tell the router to send all traffic out a specific WAN port. For example, if I ALWAYS wanted my streaming radio connection to go out WAN2 rather than load balance it and randomly assign it to a WAN port. You are misunderstanding what I am asking for. |
|
Leathal
Premium
join:2002-02-09
Toronto, ON
1 edit | said by Matt :That is called sticky connections. You may refer to it as IP binding, although I would disagree as that implies something completely different to me. I was asking if I could tell the router to send all traffic out a specific WAN port. For example, if I ALWAYS wanted my streaming radio connection to go out WAN2 rather than load balance it and randomly assign it to a WAN port. You are misunderstanding what I am asking for. I don't think you can do that without having load balance turned on because if you disable load balancing the 2nd WAN becomes a backup WAN which most firewall don't allow normal or otherwise configured traffic to pass-through it because it's in stand by mode.
And what you have load balance turned you have to make sure IP binding (as sonicwall calls it) sticky session is enabled.
Leathal
|
|
Matt
Take me down to the paradise city
Premium
join:2003-07-20
Jamestown, NC
·North State Commun..
| said by Leathal :I don't think you can do that without having load balance turned on because if you disable load balancing the 2nd WAN becomes a backup WAN which most firewall don't allow normal or otherwise configured traffic to pass-through it because it's in stand by mode. You can do that. That is what I said I looked up in the Linksys RV042 manual.
I decided to go about it a different way that doesn't even require a load balancing router (because I don't want load balancing) by just manipulating my routing tables. |
|
Nightfall
My Goal Is To Deny Yours
Premium,MVM
join:2001-08-03
Grand Rapids, MI
·Site5.com
·AT&T Midwest
·Comcast
2 edits | said by Matt :said by Leathal :I don't think you can do that without having load balance turned on because if you disable load balancing the 2nd WAN becomes a backup WAN which most firewall don't allow normal or otherwise configured traffic to pass-through it because it's in stand by mode. You can do that. That is what I said I looked up in the Linksys RV042 manual. I decided to go about it a different way that doesn't even require a load balancing router (because I don't want load balancing) by just manipulating my routing tables. The straight scoop is that you can accomplish this in the Linksys model. You don't need to go out and buy a Zyxel or Sonicwall like Lethal has said. Load balancing on or not, you can specify the traffic to go out one interface or the other. Heck, when I had a dual WAN connection, I had all the FTP traffic going out the second connection. I disconnected the second connection and about 3 days later was trying to figure out why my FTP sessions weren't working. I literally had to go into the router and turn off that rule.
Ah well.
--
My domain - Nightfall.net |
|
tubbynet
reminds me of the danse russe
Premium
join:2008-01-16
Chandler, AZ
·Cox HSI
 ·Callcentric
 ·Sprint Mobile Broa..
·FrontierNet Intern..
1 edit | said by Nightfall :The straight scoop is that you can accomplish this in the Linksys model. You don't need to go out and buy a Zyxel or Sonicwall like Lethal has said. thats true, but nothing looks sexier than a cisco isr sitting on the desk passing packets 
mmmm....loves me some dynamic policy nat...
[edit]
additionally, with cisco devices you could set up ip-sla to monitor your outgoing interfaces with something like a set of pings. if the pings are dropped by one interface, it will report as down to the router and take all traffic that was exiting the interface that went down and push it out the interface that is still standing.
q.
--
"...if I in my north room dance naked, grotesquely before my mirror waving my shirt round my head and singing softly to myself..." |
|
