RV042 load balancing problem

Answered Question
Mar 3rd, 2010

We have two network connections coming into the office. One is a private WAN and the other is an internet WAN. We have a RV042 Router configured for load balancing. On Wan1 we have our private WAN which includes Exchange, and 6 VPNs. On WAN2 we have a Public IP, and workers from home. Both connections are 5Mg T1s and both have the ability to reach the internet but only wan2 has a public IP (76.x.x.x) were as WAN1 has a private IP. (10.x.x.x).

Now were the problem lies is our new web based Payroll system does not support load balancing. We have to shutdown one side when we want to do payroll (turn load balancing off.)

Now is there a way to make our payroll computers only use one side? modify host file maybe? Or force a certain MAC address to only use WAN1 OR is there a better router that can Accomplish this?

Any help would be appreciated

Peter Labelle

I have this problem too.
0 votes
Correct Answer by alissitz about 6 years 9 months ago

I do not have a RV042 and have had to reference the admin guide:

http://www.cisco.com/en/US/docs/routers/csbr/rv042/admin/guide/RV042_V10_UG_C-WEB.pdf

I hope these comments are helpful. Perhaps you can comment and let me know if this works for you. Check the load balancing and protocol binding section.  These changes are disruptive ... please assume some outage during the change.  Not a long outage, but just the same remote sessions might be dropped during.

For outgoing you can use protocol binding. This might pose some problems with the client VPN ... can you try this after hours?

For incoming, how do the clients and remote PCs know about the accounting software?  Are you advertising this IP via one link or the other?

If you are, then you can have a preference via one of the links.  If you are not advertising this IP then you will not be able to ensure a preference to one service provider over the other.

Do please check the admin guide and let me know your thoughts.  Kindest regards and HTH,

Andrew Lissitz

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
alissitz Wed, 03/03/2010 - 08:49

I do not have a RV042 and have had to reference the admin guide:

http://www.cisco.com/en/US/docs/routers/csbr/rv042/admin/guide/RV042_V10_UG_C-WEB.pdf

I hope these comments are helpful. Perhaps you can comment and let me know if this works for you. Check the load balancing and protocol binding section.  These changes are disruptive ... please assume some outage during the change.  Not a long outage, but just the same remote sessions might be dropped during.

For outgoing you can use protocol binding. This might pose some problems with the client VPN ... can you try this after hours?

For incoming, how do the clients and remote PCs know about the accounting software?  Are you advertising this IP via one link or the other?

If you are, then you can have a preference via one of the links.  If you are not advertising this IP then you will not be able to ensure a preference to one service provider over the other.

Do please check the admin guide and let me know your thoughts.  Kindest regards and HTH,

Andrew Lissitz

labellepeter Wed, 03/03/2010 - 10:31

For incoming, how do the clients and remote PCs know about the accounting software?  Are you advertising this IP via one link or the other?

The computers that use the accounting software can be staticly assinged their ip. and they are on our side of the router. The software is web based. So if i bind said computer 10.240.116.X source IP (IP of users computer) to the destination ip (IP of 3rd party web based Payroll system) on port 443 (https) using interface Wan1.

This should force payroll computer to only use Wan1 for any HTTPS and their server should respond to WAN1 because the packet originated from WAN1. bypassing load balancing for said computer on port 443.

Does this make sence to ?

If so I will try this to night.

Peter Labelle

alissitz Wed, 03/03/2010 - 12:59

Hello,

It does make sense.

The only concern I have is related to redundancy.

Protocol bindings for outgoing traffic will be dropped if the interface goes down and the traffic will flow from the other interface.  This way you will not blackhole traffic ...we are good although I would suggest to do some testing.

Humm ... thinking about it, we have heard many times of HTTPS traffic having issues with the same session responding from multiple IPs.  Some applications cannot handle this and thus do not work.  I think protocol binding will help.

Will you be able to test this as well as some basic redundancy tests?  Like disconnect one wan link and re-test the application ...

HTH,

Andrew Lissitz

labellepeter Thu, 03/04/2010 - 07:15

Hi Andrew

Ok I statically assigned IPs to our 3 computers that do our payroll. Then using Protocol Binding under the system management screen. I bound 3 Internal IPs (source IP) to the 8 external IPs (destination IP) belonging to our payroll company so when we use the HTTPS Service it is forced to go through WAN2.

Works Well

Thanks for the tip

Peter Labelle

I ran in to this problem at a client where we had an RV042.  Different scenario though.  We had 2 static IP from 2 different ISP's.  We had an accounting program that used HTTPS on port 443 hosted at a different location.  We had to bind outgoing port 443 to WAN1 to prevent disconnect problems.  This caused a problem in case that internet connection went down.

What we did was create a service on the RV042 for TCP port 4433 and binded the traffic to WAN2.  On the side hosting the accounting package we created a rule in that router to translate all public port 4433 requests to internal 443 requests.

On the workstations we had to leave 2 desktop shortcuts one that pointed to 443 and one to 4433.  That way if one link doesn't work they can just use the second link.

It's not the best solution but at least it works until they ok a swap out to a router that supports better binding.

I'm not provided this as a solution but maybe it can spark an idea of a workaround.

I know a company called Xincom use to make a dual wan router that was decently priced that supported strict binding per internal ip address.  The build quality wasn't the best and they use to die all the time but maybe their new units are better.  When they worked though they were very good and I never had a problem.       

Actions

This Discussion

Related Content