With the increasing hardware performance of computers and internet devices and the explosive growth of Internet applications, the demand for Internet bandwidth is also higher. Even if the network only provides Internet access services for Intranet users, as long as it has a certain scale, it generally chooses multi-carrier links to achieve Internet access.
The choice of Multi-link egress is to improve the overall bandwidth and network reliability of the network; the choice of multiple carriers is to solve the problem of poor access speed across carriers in China.
In such a network environment, the egress gateway device, whether it is a router, firewall, or a professional link load device, must have the following features:
● 1. accurately monitors link health, promptly discovers faulty links, and stops data forwarding of these links to improve network reliability.
● 2. Load Balancing of link traffic. Only by balancing and sharing the traffic of each link can the egress link bandwidth be fully utilized to avoid congestion on individual links due to unbalanced traffic distribution.
● 3. A good user experience on the Internet allows the user to select the fastest network link for Internet access, improving the network access speed.
However, in the actual network environment, as an Outbound link load balancing device, the above 1st items are met, and there are basically no problems with all kinds of products, however, it is very difficult to meet both the 2nd and 3rd items. Let's first look at the common link load methods.
A. Source Route and policy route, as the most common method to implement link load for routers and firewall devices, are easy to configure and in A stable network environment, it can easily achieve load balancing of traffic on various links, but it cannot improve users' online experience. Users are bound to a specific egress link, and there is still a problem of slow cross-carrier access.
B. Round-Robin and Weighted Round-Robin. The effect is similar to that of aand users access the Internet from different links. If the egress device does not have the session persistence function or the session persistence configuration is incorrect, abnormal access to online banking, online games, and other applications may occur.
C. The ISP address exactly matches the destination address accessed by the user with the ISP address pool, so that the traffic accessing the telecom address goes through the telecom link, and the traffic accessing the UNICOM address goes through the UNICOM link. This can increase the access speed of users. However, links are often unevenly allocated. during peak periods, some links are full of bandwidth while others are idle, during peak hours, users' online experience may also deteriorate due to link occupation.
D. Link response speed detection: detects the response speed of each link based on the target address accessed by the user, and selects the link forwarding traffic with the fastest response. The effect is similar to that of C. Users may experience better online experience and link load during peak periods.
However, in a specific environment, the effect is poor. For example, in a college network, when students watch live sports events in a certain period of time, the bandwidth of a certain link may be quickly filled up, causing congestion on the link, however, live video transmission is poor. This is because the link speed test is not performed for each access. If the test is performed for each access, the time consumed by the test must be greater than the network latency;
Periodic detection often results in different network environment changes from the initial detection results during the cycle. If the applications that watch the live video of the event appear in a centralized manner during the cycle, the traffic of a link increases rapidly, as a result, traffic distribution is not balanced, and even the access speed of the application is affected.
To overcome the limitations of the above solution, A10 provides a new Outbound Link load solution, the solution combines precise ISP address matching with DNS server load to achieve load balancing on the outbound traffic link. We know that precise ISP address matching is the most direct way to improve user experience. The problem is that the link traffic load is not balanced, the reason for unbalanced traffic distribution is due to DNS resolution.
One of the reasons is that large data centers and large sites in China use multi-carrier links to access the Internet, or establish independent data centers for different carriers. Therefore, if you use DNS servers of different carriers for the same domain name, the IP addresses resolved may be completely different.
P2P software has a greater impact on the uneven distribution of link traffic. The following provides a set of analysis data to fully illustrate the impact of the carrier DNS on P2P Traffic Routing. The following table shows the analysis data obtained by downloading the packet capture information of the same resource from different operators.
When the PC runs the thunder software, thunder initiates over 30 domain name resolution requests related to thunder, including the plugin.x17.xunlei.com member login domain name, and the returned domain name resolution IP address is consistent with the operator of the DNS configured by the user.
When the download task is enabled, the performance is even more obvious. Of the 20 IP addresses that provide the maximum P2P download data volume, the IP addresses of other carriers are almost invisible. This leads to the fact that P2P Traffic is almost completely forwarded from the user's DNS operator link in a multi-carrier link environment, resulting in uneven link traffic distribution, it can be seen that the selected DNS server has a great impact on the outbound traffic load.
Since DNS resolution can affect the distribution of link traffic, we can also use this to achieve balanced distribution of link traffic. Based on precise ISP address matching, we configure Server Load balancer for your DNS service through the A10 Server Load balancer device, distribute users' DNS requests to the DNS servers corresponding to each link in Weighted Round Robin mode, and control the traffic distribution of each link through the weight ratio. In this way, the ISP address can be precisely matched to improve the user's online experience, and avoid the problem of unbalanced traffic distribution during the link detection period.
This solution is also very convenient for users. Users can continue to use the original DNS configuration without any configuration changes. In the DHCP environment, you can even allocate a virtual DNS server address like 100.100.100.100 to the user.
The following provides a test example to describe how to configure DNS resolution Weighted Round Robin (WRR) for AX devices in the solution and the results achieved in the actual environment. First introduce the test environment: The test network has two outlets: 1500 m Unicom link and M Telecom link. There are about online users during peak periods.
The user uses the ISP address for exact matching. Because the bandwidth of the Telecom link is larger, the user first allocates the telecom DNS to the Intranet user through DHCP, if traffic distribution is not balanced, the China Telecom DNS is replaced with the China Unicom DNS. the problem persists.
It is the figure captured when the user configures the unicom dns after the AX device goes online.
During this period, nearly 300 users of the user network used the DNS, but there were still a lot of idle connections during the peak period, and the UNICOM link was fully occupied after.
We configure DNS round robin query on the AX device:
Configure the real DNS server of China Telecom and China Unicom and use the default udp port for health monitoring.
Slb server ctc_dns 1.1.1.1
Port 53 udp
Slb server cuc_dns 2.2.2.2
Port 53 udp
Configure the DNS server group and select the Weighted Round Robin method.
Slb service-group dns_group udp
Method weighted-rr
Member ctc_dns: 53
Member cuc_dns: 53
UDP port 53 requests configured to 100.100.100.100 are allocated to dns_group for processing and source address conversion. snat_group includes the nat address pool of China Telecom and China Unicom.
Slb virtual-server to_dns 100.100.100.100
Port 53 udp
Source-nat pool snat_group
Service-group dns_group
No-dest-nat
Here we add two precise static routes. the destination address is the dns server of the carrier and the next hop is the gateway of the corresponding link of the dns. The purpose of this configuration is to allow fast access to the dns request itself.
Ip route 1.1.1.1/32 a1.b1. c1.d1
Ip route 2.2.2.2/32 a2.b2. c2.d2
After completing the above configuration, we change the dns address in the dhcp server of the user network to 100.100.100.100, and observe the network traffic distribution of the user. Basically, the link load balancing is achieved, as shown in the following figure:
We can see that the two links are basically full during the peak period. The reason for the heavy load on the UNICOM link is that a small number of user dns instances are not updated on the day of configuration, and no detailed weight ratio adjustment is made.
Although it is not a perfect solution, however, it can be called an outbound link load solution that is most suitable for domestic network environments. It features simple principles, easy configuration, and low resource consumption of devices, it can fully meet the three requirements of the link load solution mentioned at the beginning.