Network load balancing, 4 network load balancing – Kerio Tech Firewall6 User Manual

Page 62

Advertising
background image

Chapter 6

Internet Connection

62

Note:

1.

Probe hosts must not block ICMP Echo Requests (PING) since such requests are used to test

availability of these hosts — otherwise the hosts will be always considered as unavailable.

This is one of the cases where the primary default gateway cannot be used as the testing

computer.

2.

Probe hosts must be represented by computers or network devices which are permanently

running (servers, routers, etc.). Workstations which are running only a few hours per day

are irrelevant as probe hosts.

3.

ICMP queries sent to probe hosts cannot be blocked by the firewall’s traffic rules.

6.4 Network Load Balancing

If at least two Internet links are available, WinRoute can divide traffic in parts sent by either of

them. The benefits of such solution are evident — Internet connection throughput gets better

(i.e. speed of data transmission between the LAN and the Internet increases) and response

time gets shorter for connections to servers in the Internet. If special traffic policy is not

defined (so called

policy routing

— see chapter

7.5

), then individual links are also backed-up

mutually (see also chapter

6.3

) — in case of failure of one of the lines, the traffic is routed via

another.

Note:

1.

Network load balancing is applied only to outbound traffic via the default route. If the

routing table

(see chapter

18.1

) defines a route to a destination network, traffic to the

network will always be routed through the particular interface.

2.

Network load balancing does not apply to the traffic of the firewall itself. This traffic is

processed directly by the operating system and, therefore, the standard

routing

is applied

here (the default route with the lowest metric value will always be used).

Requirements

The computer hosting WinRoute must have two network interfaces for connection to the In-

ternet, i.e. leased (Ethernet, WiFi) or persistently connected dial-up links (CDMA, PPPoE). Usual

dial-ups (analog modem, ISDN) are not suitable, because it is not possible to dial on demand

in the network load balancing mode.

This connection type also requires one or more network cards for connection of individual

segments of the LAN. Default gateway must NOT be set on any of these cards (cards for the

LAN)!

In case of dial-ups (CDMA, PPPoE), it is also necessary to define corresponding telephone con-

nection in the operating system. It is not necessary that login data for telephone connections

are saved in the system, this information can be specified directly in WinRoute.

Advertising
Popular Brands
Popular manuals