Link load balancing provides an efficient, cost-effective, and easy-to-use solution to maximize utilization and availability of Internet access while minimizing cost.
To improve reliability of Internet access, many enterprises lease two ISP links connecting the internal network to the Internet. One of the links acts as a backup while the primary link is being utilized. This solution improves reliability by providing backup capacity for use during ISP link failures. However, it does not maximize utilization of all available capacity. Additionally, failover to the backup link after primary link failure is disruptive to the traffic and affects application performance.
Figure 1: Redundant Internet connectivity with a backup ISP link
One alternative to keeping backup links idle is the use of Border Gateway Protocol (BGP), which supports the ability to utilize multiple ISP links simultaneously with multi-homing. But BGP is complex to manage and requires special expertise and active cooperation of the ISPs. In spite of the complexity and the challenges, BGP does not provide an efficient solution. There is no mechanism in BGP to optimize utilization on all the links and to effectively balance the load between in-bound traffic flows. Lack of client connection knowledge and slow convergence cause application-level disruptions during link failure.
For enterprise customers that want to avoid the challenges of BGP routing without the wastefulness of idle backup ISP link, link load balancing offers a powerful solution with quick return on investment. Link load balancers balance in-bound and out-bound traffic efficiently among all available ISP links using intelligent traffic management. Links are selected using load-balancing methods based on critical performance metrics -- such as bandwidth limit, link weight, bandwidth cost and ISP pricing model -- which have a direct positive impact on the business.
Enterprise customers no longer have to rely on low-risk, high-cost ISP services to provide reliability. They can aggregate bandwidth of multiple links from different ISPs, which not only reduces cost but also improves overall reliability and availability of access. Because all the links are utilized simultaneously, failure risk associated with any one link is eliminated. Losing a link merely results in reduced available bandwidth and not in the loss of access availability and performance. Applications are fully transparent to link failures and restoration, and continue operating, although with changed bandwidth capacity.
Figure 2: An enterprise using a link load balancer
Link load balancers use intelligent checks to monitor the health and performance of ISP links and dynamically switch traffic to healthier and better performing links. Some products use the physical state of "next-hop" link to determine health. More advanced link load balancers feature sophisticated health checks beyond the next hop link and use end-to-end proximity measures and service response time to determine the best link to service any given application transaction.
Network and application security is a critical enterprise need, and link load balancers are ideally positioned at the intersection of the internal and external network to provide security. Using source Network Address Translation (NAT) forces return traffic to use the same ISP link as forward traffic for session persistence and consistent performance. Source NAT provides security by allowing internal network addresses to be private and completely invisible to external users. Additionally, some link load balancers use their Layer 4-7 network and application intelligence to thwart Denial of Service attacks by blocking traffic from malicious clients without adversely impacting performance for legitimate clients.
As Enterprises deploy link load balancers to remove performance bottlenecks and weak "links" from their Internet access infrastructure, it is important to ensure that link load balancers do not become single points of failure. Products that support high-availability (HA) configuration deliver a fully fault-tolerant solution that is highly appropriate for an enterprise's mission-critical needs. In the HA mode, two link load balancers operate as Active and Standby, with session synchronization and transparent sub-second failover. When one device fails, there is no impact to existing connections, because the other device becomes operational with full knowledge of all existing connections and continues servicing application traffic.
Gopala Tumuluri is a Product Marketing Manager at Foundry Networks, a maker of Internet routers, Layer 2 switches and traffic management products located in San Jose, Calif. He can be reached at firstname.lastname@example.org.
This was first published in March 2004