Six key issues for correct selection of Multi-Wan routes

Source: Internet
Author: User
Tags vpn router

In general, in the face of the purchase of Multi-WAN routers, many business friends only pay attention to the word "multiple" in the Multi-wan, but they do not know that there are many kinds of Multi-Wan routes, some or even completely different things. In addition, the function configuration of Multi-Wan routing also has many joints. Looking at the many functions listed on the package, but not clear the meaning of the above, the disadvantage is second, the important thing is that it does not play its due role, it will mistake the big thing.

When selecting a multi-WAN router correctly, pay attention to the following key issues:

1. Define the multi-Wan Route type and know what products to buy:

Multi-Wan routing can be divided into several categories based on applications. There are three common categories in the market: one is the "one-to-many" type, and the other is the "Bandwidth aggregation" type, the third is "IP balancing.

"One-to-multiple-network" Multi-WAN routers are mainly used for broadband access by different carriers, such as a Netcom, a telecom, or an education network. It is a multi-WAN application type selected for the WAN Port Based on the destination IP address. It is mainly used to solve the bottleneck of Inter-access between China Netcom, China Telecom and other access providers. Generally, multi-Wan products with "dedicated for internet bars" belong to this type of products and are also used in CERNET and some specific occasions.

The "Bandwidth aggregation" Multi-WAN router is mainly used for the purpose of increasing network access bandwidth. One more broadband, doubled the bandwidth, and doubled the speed. This is the "Bandwidth aggregation" function. It is based on the number of sessions per PC and automatically allocates them to idle lines,

The "IP balanced" Multi-WAN router is equivalent to two single-WAN routes. Besides using the same gateway and the same management policy, the effect of multi-WAN connections is basically not very beneficial. This type of router is called "fake multi-wan ". Currently, this type of routing rarely exists independently. However, this feature still exists in some routing configurations. If you do not select the "IP balancing" feature, it is equivalent to buying an "IP balanced" router. We will also discuss this issue in detail below.

Except for the third type of "fake multi-wan", the first two routes have their specific purposes, and their use effects are quite different. However, there is also an exception. There is a new type of router that uses the fourth generation of Multi-Wan technology. By automatically identifying the broadband type, the two can be organically combined. This is more suitable for scenarios where "one channel, multiple networks", and "Bandwidth convergence" are required, such as the access environment of two Telecom lines and one Education Network.

In short, users need to know that multi-Wan routing is different. When purchasing a route, they must first make sure they have bought the right product based on their own environment and purpose.

2. select an appropriate index with a server load, which is generally twice as high as the following:

All router purchases involve a specific amount of incoming traffic to ensure that the router can carry the network processing load of a specific scale. Generally, the number of machines that manufacturers advertise is the theoretical number of machines, which will be compromised in actual use. To ensure use, we usually need to purchase a vro with around 2 times the actual number of computers. Otherwise, network problems are often caused by insufficient processing capabilities.

Nowadays, more and more vro management functions are available, and some protocols and behavior management greatly consume vro processing resources. For example, the function of configuring BT, msn, and QQ on a vro may consume 1-times the hardware resources of the vro. This tells us that if the behavior management function of the vro is enabled, therefore, the theoretical number of routers to be purchased must be 3-4 times that of the actual number of computers. Otherwise, the behavior management function of the router will be used at the cost of greatly reducing the network speed, and the "no-Speed Management" will not be worth the candle ".

3. Be sure to check the hardware configuration and reject non-transparent information:

When purchasing an enterprise router, you must check the hardware configuration of the router, especially the CPU of the router. Just like a PC, it is impossible for a high-speed processing capability without a high-performance CPU. At present, most professional routers use Intel IXP series dedicated network processors, to meet the needs of enterprises to use at least MHz.

As an early MIPS and ARM processing chip, it is generally used on home routes such as SOHO. MIPS and ARM enterprise routers have limited network load capacity. Generally, they are used in ultra-small network environments with less than 20 machines. The price of these routers is generally less than 1000 yuan, and more than 1000 yuan is definitely a huge profit.
If you refuse to disclose the type and frequency of the vro processor, and the price is higher than 1000 yuan, this is a typical upgraded SOHO route, which has serious cost-effectiveness problems. Pay special attention to it.

Therefore, to be a savvy user, Do not be deceived by a profiteer. Check the CPU of the router.

4. differentiate between true and false multi-wan, and be alert that two lines are not as fast as one line:

As mentioned above, multi-Wan applications with "Bandwidth convergence" are currently the main application methods of multi-Wan. they connect to one more broadband and increase the bandwidth by doubled. This is the purpose of most enterprises to choose multi-Wan routes, this is "Bandwidth aggregation ".

"Bandwidth aggregation" is provided by the Session load balancing function. In addition, the appearance of "Weight Round robin" and "Traffic" in Xinxiang vro。 is similar. These methods ensure real multi-Wan aggregation.

However, the "IP balancing" function does not play the role of "Bandwidth convergence". When you enable this function on a PC, there will be a phenomenon that two lines are not as fast as one line, so it is called "fake multi-wan ".

Why does some routers already have the Server Load balancer function, but still need "IP balancing? This is because security checks are required for online banking, QQ, MSN, and some games. At this time, because multiple Wan routes use several lines to access the Internet at the same time, security checks cannot pass, these applications will reject your access and cause a disconnection.
However, this is not the case where multiple Wan routes cannot be used. A few routes can still solve this problem. For example, Xin Xiang routing uses the "Identity binding" technology to solve this problem. It automatically identifies the application and immediately binds it to the line of the first request, security check requirements of the other party. At the same time, other applications are still "Bandwidth aggregation" without sacrificing the overall application effect.

The provision of "IP balancing" is actually a helpless action for a route to make up for its technical defects. Therefore, when purchasing a vro, you need to pay special attention to whether the "Server Load balancer" configuration page in the vro has the "IP balancing" option. If yes, you need to be cautious.

5. If too many management functions affect the routing performance, you should consider improving the hardware:

At present, many vrouters have internet behavior management functions, such as one-click blocking of BT, QQ, and MSN. This is very useful and meets the management requirements of some enterprises. However, the implementation of this function is very tricky.

There are two ways to manage internet behavior in a vro: one is to block the IP address of the destination server, and the other is to block the IP address of the destination server.

The first method is simple but unreliable. The IP address blocking technology is used to prevent full and effective management functions, which are often omitted, leading to invalid management. This is easy to identify by checking. Take blocking QQ as an example: After the QQ block of the vro is enabled, you cannot log on to QQ. At this time, you can log on through QQ proxy and select QQ proxy server. If you can log on to the vro, it means that the behavior management of the vro is a virtual configuration, and it must adopt a simple processing technology to block the IP address of the target server.

The second method adopts the High-level protocol blocking method, which is the most reliable but costly. The router confirms the access application category by specifying the features. This blocking is thorough. However, due to the adoption of a variety of protocol inspection methods, this is a high requirement on the router's hardware platform, generally low-end CPU is basically not competent, at least the intel ixp series or above, at the same time, a high algorithm design is required for the router.

If you need the internet behavior management function, you need to find out the technical implementation method of the router. The first method is not reliable and is not recommended. At the same time, we need to appropriately improve the requirements for hardware capabilities, and pay more for purchasing funds. Purchasing such a product generally has little impact on forwarding efficiency when the load on the server is not heavy.

6. Firewall and VPN configurations in routing are extremely low performance. You should carefully consider them according to the application and wallet:

Some enterprises want to buy a multi-WAN router to ensure that there are powerful firewalls and high-speed VPN functions at the same time. This is a "less expensive, more work" mentality. At this time, it is understandable. But is there such a cheap thing in the world?

First, as a multi-Wan VPN Router, because the router has done a lot of Multi-Wan aggregation processing, internet behavior management, some firewall processing, if the VPN function is added, so the VPN efficiency is very low. Generally, there are two main problems with the Multi-Wan VPN Router: 1. the VPN processing efficiency is extremely low, generally 10% of the normal value; 2. the VPN tunnel entries are extremely low, the number of VPN tunnels is not supported. It can be said that the VPN function of a Multi-WAN router is worse than that of a low-end VPN of about 200 yuan.

Second, the firewall function of the municipal multi-WAN router is software firewall, so do not have too much hope for the fire wall Report of the Multi-WAN router. Otherwise, tens of thousands or even hundreds of thousands of professional firewall manufacturers will be shut down. According to tests, currently, the technology-leading Xinxiang multi-Wan routing adopts a dedicated filter-window firewall technology, and only achieves the effect of 10% of professional firewalls. The firewall capabilities of other multi-Wan routing software are even less than 1% of those of professional firewalls.

Vrouters integrated with VPN and firewall are called "secure routers", which are products for very small-scale and shy enterprises. For example, for small branches and online sales outlets of large enterprises, the choice of such products depends on whether it is such an application environment.
For most enterprise networks, we recommend that you do not select this "Security Router ". The correct solution is to enable the VPN penetration function in the router, provide support for the VPN protocol, and then select a professional VPN device, which can greatly improve the processing efficiency, at the same time, the overall cost is not increased. Firewall, if your attack is sporadic, sporadic, and Small-energy, the router can barely cope with it. However, when you are often attacked by a large number of attacks, you can only select a professional firewall to achieve the effect, greatly cutting the cost is inevitable.

Related Articles]

  • Huawei 3Com AR 18-2X multi-Wan port Broadband Router

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.