Multi-Gateway Routing & Load Balancing
Posted by , Last modified by Jim Giseburt on 27 June 2017 10:56 AM
CIPAFilter’s Multi-Gateway Routing and Load Balancing technology allows the CIPAFilter to be directly connected to two or more internet connections. Once connected and configured, the CIPAFilter will split traffic flowing through the unit between these connections in a weighted manner which can be configured. In addition, there are two modes in which the CIPAFilter can operate, a destination-based mode and a source-based mode. Both of these modes support failure detection.
Modes of Operation
In destination-based mode, the CIPAFilter will split outbound internet traffic across the available interfaces based upon the destination that the traffic is attempting to reach. Basically, each time the CIPAFilter determines a new destination needs to be reached, it selects an interface for that destination. This interface and destination combo is then cached and remembered, meaning that any traffic attempting to reach the same destination in the future will leave from the same interface.
In source-based mode, the CIPAFilter will split outbound internet traffic across the available interfaces based upon the source the traffic is originating from. When a device with an IP address attempts to send traffic to the internet, the CIPAFilter chooses one of the internet connections for that device to use. Until that device stops communicating with the internet, the device will continue to use the same internet connection.
Internet Connection Setup
Each individual internet connection must be directly connected to the CIPAFilter on its own interface. This interface may be either a physical interface, or a virtual interface connected via VLANs. Once connected, add a new entry on the “Multi-Gateway Load Balancing” tab of the “Routing” page of the CIPAFilter’s web interface. The following is a description of the parameters for this entry:
A simple human-readable comment. This can be any identifier. Changing this field will not affect the function of the entry.
The gateway this entry should use.
The target for the ping watchdog to use for failure detection. Enter “0.0.0.0” to disable the watchdog for this entry. For more information, see the section on failure detection.
This is the interface which the internet connection is connected to. This interface should already be configured on the IP Settings page to have connectivity to the gateway associated with this entry.
The relative weight to assign to the entry. This weight is used to calculate the statistical probability of the interface being used over another interface. For example, suppose there are two entries. Entry A has a weight of 1, and Entry B has a weight of 2. In this scenario, Entry B will be used by the CIPAFilter twice as much as Entry A.
CIPAFilter’s Multi-Gateway Routing implementation supports failure detection by a ping watchdog. When a configuration entry has a watchdog target that is not 0.0.0.0, then that target will receive an ICMP echo request, also known as a ping. As long as the target continues to reply, the CIPAFilter will treat that connection as a working connection and continue to use it for traffic. However, when the CIPAFilter stops receiving replies, it will shut down that internet connection. If there are other available internet connections, the CIPAFilter will attempt to use those connections instead. Please note that the watchdog target must be unique per internet connection.
Ping Watchdog Settings
The following are some configurable settings pertaining to the ping watchdog:
Number of successful pings before bringing gateway up
When the ping target has not responded and the gateway has been brought down, this is the number of consecutive pings which must be successful before the CIPAFilter will begin using the associated connection again.
Number of consecutive failed pings before bringing gateway down
When the ping target stops pinging, this is the number of consecutive pings which must fail before the CIPAFilter will stop using the associated connection.
Number of seconds to wait between pings
After a ping is sent, this is the number of seconds to wait before sending another one.
Deadline to wait for before counting ping as failed
When a ping is sent, this is the number of seconds to wait before counting that ping as being failed.
Defining Specific Routing Paths
CIPAFilter’s Multi-Gateway routing has the ability to tie specific subnets to specific connections. It also has the ability to always route specific destinations over specific connections. Defining either type of specific rule will affect traffic regardless of the Multi-Gateway Routing Mode.
Specific Connection Routing
Each entry in the table identified for “Specific Connection Routing” defines a subnet and an interface. Any traffic originating from the source subnet will be sent out of the internet connection corresponding with the identified interface.
Specific Routing For Destinations
If you require all traffic destined for a specific network to be routed out of a given connection, this can be achieved using the routing table on the “Basic Routing” tab of the Routing page on the CIPAFilters web interface. Simply define the subnet of the destination network and then define the gateway for that network as the gateway corresponding to the internet connection which you would like to use. The CIPAFilter will then always use the internet connection corresponding with that gateway when attempting to contact that network.
It is important to note the limitations of CIPAFilter’s Multi-Gateway Routing and Load Balancing feature. While this feature does allow the use and balance of multiple internet connections, it does not balance those connections based on bandwidth. In destination-based mode, it balances based on the number of destinations assigned to a given internet connection. In source-based mode, it balances based on the number of internal IP addresses using the internet. In both these scenarios, it is possible that bandwidth usage between the connections will be asymmetric.