Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Options

Failover & LB --> RoundRobin vs Ratio

I've read all of the published whitepapers and a lot of the community's discussion, but don't have a clear understanding of the differences and/or use case for these two LB Group Types. Additionally, looking for guidance as to 'Use Source and Destination IP Address binding' as well.

Firewall: NSA2700
Firmware: SonicOS 7.1.1-7051
ISP 1: 1Gbps Fiber (ATT)
ISP 2: 1Gbps Fiber (Cogent)

Currently we have two (2) 1Gbps fiber lines coming in from two separate ISP's. Originally, the second was brought in as a backup, but wanted to explore utilizing both. Based on this, what is the suggestion then as far as an LB setup and why? Additionally, should the 'Source/Destination' be checked for use on either and/or why wouldn't you want this checked? …and finally, speaking strictly as to the nuances between these two options, it seems from reading through this forum that setting the ratio to 50%/50% vs RoundRobin would yield the same result?

Thanks in advance to anyone who has any thoughts regarding.

Category: Entry Level Firewalls
Reply

Answers

  • Options
    DTIronmanDTIronman Newbie ✭

    …Oh, and as I'm new to this forum, I wasn't sure if this should be posted within the 'Entry Level' or 'Mid Level' categories…but same question would stand regardless if for one of my NSA's or TZ series, so perhaps someone could buy be a clue as to where or how questions like this should be posted moving forward. …and apologies if this was not posted in the correct category.

  • Options
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    It barely makes any difference which forum you put it in because the software and configuration options are almost identical from TZ270 to SM9700 [or whatever the biggest one is]. So TBH, the problem here is that the forums are split by subjective firewall size rather than what task you are trying to achieve!

    I assume you mean source/destination binding. I always enable this and think it should be the default. Some websites and applications get confused and annoyed when you log in and then randomly change what IP address you are coming from. It does reduce the maximum theoretical effectiveness of the F&LB.

    The difference between round-robin and equal ratio balancing is that round-robin always puts each flow down each connection in turn, and with ratio balancing the firewall is tracking how much bandwidth is in use on each interface at a time, in order to try and achieve the ratio you specify.

    Nowhere in the documentation does it say how asymmetric WANs are handled. The F&LB settings screen makes no reference to the configured interface bandwidths, so that suggests to me that it doesn't.

  • Options
    DTIronmanDTIronman Newbie ✭

    Thanks for the response…but then to better understand, would either Ratio (50/50) or RoundRobin effectively double our throughput like port aggregation? In our case this would be taking our dual 1Gbps WAN lines and make an effective 2Gbps available to the office. I'm still trying to understand the pros/cons of either, and/or how each is internally working and what the best option is for us. Additionally, I'm assuming each works as a basic failover if either of the WAN's go down, but also looking for clarification on this.

    Originally, we were setup on RoundRobin, but when one of our WAN lines started having major latency issues, it caused half the office to basically not have internet access. In this scenario would ratio (50/50) have acted differently and/or is there something else that could be put in place to automatically resolve such an issue in the future.

    Thanks again for any thoughts.

  • Options
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    You need to configure logical probing on each interface. It's physical by default. Logical probing would mean that an interface is taken out of the group when the internet is unreachable through it. Physical means it's only withdrawn if the ethernet link is down. Better than nothing, I guess! Which LB strategy you use won't make any difference if the F&LB doesn't "know" not to use an interface.

    The ratio load-balancing balances flows "statistically", the more flows/users you have, the better you can achieve the full 2Gbps of throughput. Worst-case scenario is 1 flow from one client, that can never be balanced across two links and could only achieve 1Gbps.

Sign In or Register to comment.