Link load balancing can actually do this.

Link load balancing can actually do this.

Enterprises generally lease multiple ISP links to avoid network availability risks caused by single ISP link failure and solve network access problems caused by insufficient network bandwidth. How to properly use multiple ISP links does not cause resource waste, but also improves the quality of network services. This article will focus on analyzing several methods of link load balancing, and explain the implementation of Load Balancing Based on the technical characteristics of hillstone network security gateway.

The link load balancing technology can be summarized into several methods:

The first is link aggregation. Its value lies in its ability to facilitate the transition from low-end interfaces to high-end interfaces. For example, one-way 2G traffic can be aggregated using three Gigabit Links, the cost is lower than the direct use of the 10g interface. Compared with a single link, an aggregation link has higher reliability.

In terms of link aggregation, hillstone network is mainly implemented by configuring the aggregation interface to connect to the aggregation Interface Group of the ISP router on the hillstone network security gateway. One aggregation interface of hillstone network security gateway can contain multiple physical interfaces, these physical interfaces are evenly distributed to collect interface traffic and support LACP to achieve dynamic link aggregation.

The second type is equivalent multi-path routing. Its value lies in accessing the same destination IP address or CIDR Block and having multiple egress ports (that is, multiple next hops). To make full use of Link resources, configure the same routing priority. When the ECMP algorithm is enabled, the traffic load can be shared to multiple links.

At this point, hillstone uses the security gateway to select routes based on a quintuple, source IP address, or source IP address + Destination IP address. At the same time, it also supports adjusting the proportion of traffic forwarded on each link through the route weight.

The third is ISP routing. Its value lies in the slow speed of mutual access between addresses of different ISPs. Therefore, when an intranet user accesses a service on the Internet, if you use the same ISP address as the service after converting the intranet user source address, the user experience will be improved.

In this regard, the security gateway of hillstone network has preset ISP network segment address information. When the Intranet accesses the Internet, the system determines the Next Hop Based on the ISP attribution of the destination address, you can use the IP address of the same ISP during source address conversion.

The fourth is application traffic direction: the costs of different links are different. Low-value application traffic is forwarded from low-cost links, and high-value applications are forwarded from high-cost links, in order to optimize the use of Link resources.

The hillstone network security network first identifies the application traffic type when handling application traffic direction, and then directs the application traffic to the corresponding link through a policy route so that different application traffic goes through different links, in this way, the link traffic load is optimized.

The fifth is equivalent multi-path application traffic direction. It needs to enable the ECMP algorithm when the same application is redirected to multiple equivalent links to achieve load sharing and full utilization of Link resources.

When dealing with equivalent multi-path application traffic direction, hillstone network security gateway first identifies the application traffic type and then directs the traffic to the corresponding link through policy routing, different Application traffic goes through different links to optimize the link traffic load. The system also supports configuring multiple policy routes for the same application with different lines. The ECMP algorithm is used to share the load of specific application traffic on multiple links.

The sixth type is dynamic outbound detection. The static load balancing algorithm can only achieve load balancing of traffic on multiple links and cannot truly improve user experience, the ultimate goal is the link forwarding from which traffic can make the user experience better.

When multiple links exist between the Intranet and the Internet, the Intranet access traffic can be intelligently shared across multiple links through the dynamic detection function of the hillstone network security gateway. When an intranet user initiates an access request to an Internet target address for the first time, the system detects the traffic that matches only the default route on the eligible links, static routes are generated for interfaces with relatively fast responses. Subsequent packets are directly forwarded based on routes and will not be detected. If the generated static routes are not hit for a certain period of time, they will automatically become aging.

The seventh type is bandwidth/latency-based Dynamic switching. In a complex traffic environment, no algorithm can guarantee absolute load balancing. There may be a high load on a link, and the new session traffic still follows this link. Bandwidth/latency-based Dynamic switching can solve this problem.

In this case, hillstone Network Security Gateway monitors the traffic bandwidth/latency of each interface in real time. When the traffic bandwidth/latency of an interface exceeds the configured threshold, the traffic for the new session will not be forwarded from this interface, but will go through other interfaces. When the traffic bandwidth/latency of this interface falls below the normal value, the traffic of the new session can be forwarded from this interface.

The eighth type is the inbound SmartDNS. The value is that address mutual access between different ISPs is slow. Therefore, when an Internet user accesses a service on the Intranet, if you use the same ISP address as the Internet user before converting the destination address of the Intranet Service, the user experience will be improved.

When there are multiple links between the Intranet and the Internet, the inbound SmartDNS function of the hillstone network security gateway can intelligently share the Internet access traffic on multiple links. First, you must change the external address publishing method of the enterprise intranet server to domain name assignment, that is, when a DNS server on the Internet user side requests the customer's intranet server domain name resolution from the Enterprise Domain Name Service Provider's DNS server, it returns the domain name delegated server address (hillstone network security gateway ). The security gateway of hillstone network provides the ISP address segment information on the Internet user side, and determines which Internet interface address of hillstone network security gateway is returned based on the request source, or, based on the route generated by the dynamic detection of the Origin Site, determine which Internet interface address is returned to the hillstone network security gateway. Hillstone network security gateway then uses the destination address translation (DNAT) function to help Internet users access enterprise intranet servers.

It is reported that hillstone network SLB solutions are widely used in education, enterprises, and other industries.