Balance 20 URGENT questions

I have a few questions about the peplink balance 20

  •      Can it do both sessions and IP based load balancing (meaning can it maintain the same wan port while specific web session with the IP of your internet banking for example) (without a rule in place) vs a traditional round robin.
    
  •      How many (total number permitted) protocol binding or specific IP to WAN port forwarding rules can you set-up in the router at one given time.
    
  •      What other unique forms of load balancing (algorythms) can it do while maintaining the same WAN for an IP session (for banking an other application compatibility assuming it can) that other load balancers typically cannot.
    

Thank you for your prompt response, we need to purchase a load balancer by Tuesday of this week and are trying to decide between Dreytek, QNO, and Peplink

Your assistance is greatly appreciated,

Hi Seth,

The Peplink Balance features HTTPS persistence so all those sessions will remain on the same WAN connection:
http://www.peplink.com/knowledgebase/utilizing-ssl-persistence-with-e-banking-and-other-secure-websites/

There is no theoretical limit on the number of port forwarding rules you can make.

We are the industry leader in multi-WAN routing solutions and offer seven different algorithms to choose from for the ultimate in granular control:
http://www.peplink.com/knowledgebase/understanding-configuring-outbound-traffic-rules/

Hi Tm,

Thanks for the prompt response:

  1. What about non HTTS but regular HTTP sessions is it possible to make them persistent without rules

  2. There must be some limit the Cisco maxes out at 100 the DrayTek at 60, are you telling me I can bind 1000 individual IPs to specific WAN ports on the Balance 20

  3. So by reading this with the balance 20, I’m really limited to weighted or persistence or enforced or priority, which one of those will give me any benefit in speed of downloads and browsing (and will the persistent HTTPS & HTTP sessions work in that mode)

Thanks

Seth

  1. Yes, you can create multiple persistence rules, based on specific port of your choosing.

  2. Tim is actually referring to port-forwarding of inbound traffic, WAN to LAN.
    Irregardless, there’s no limit on outbound rules that you can create either. From our past experience, the number of rules you create here will affect time for browser to load the UI, or for extreme cases, browser might become non-responsive.

  3. You can configure weight-balance as the default rule. This way, you can utilize all your available WANs for downloads and browsing. By default a persistent HTTPS rule will be created for your when you chose to add custom outbound policy. I’ll recommend keeping it in place, as HTTPS sessions like internet banking require that to work. Of course, max bandwidth here will be based on the WAN used by the particular session.

Will the HTTPS persistence be in place for all HTTPS sessions including the ones you dont have specific rules for?

You can also create a rule to use a specific WAN for an URL or IP address correct (outbound)?

Thanks for all of your help!

As per what you see from the image below, there’s a number of ways to customize your rules. For example,

  • source and destination based on IP address, network or domain name,
  • protocol/port based on pre-defined ones, or custom number using single or range.
  • load-balancing algorithm that’ll apply to the above customized traffic


You can find more via product page or user manual.

I understand, but the question is can you have the HTTPS persistant, specific IP to specific WAN forwarding, and weighted load balancing for all other traffic. All configured together at the same time?

It’s a very specific question, most routers will only allow persistent or weighted, not both simultaneously, is the balance 20 and 30 an exception?

Thanks in advance

Seth

From KY’s response I somewhatunderstand the following. Is it correct?

So it will go in the following steps:

  1. protocol IP forwarding to WAN port outbound rules if exist
  2. persistent if HTTPS session over least uses WAN or (wan available by your algorithm)
  3. if doesn’t meet either of those conditions it will be weighted over multiple WAN ports

Is this correct?

Also is it better to use IP for forwarding specific websites to specific WAN ports or URL (I see your router handles URL as well, that’s unique, which is a better solution in terms of efficiency and effectiveness)?

Thanks again for all of your help

Seth

As follows.

A custom HTTPS persistence rule, for a single source IP, out via a single WAN #1.
Default rule that load-balance traffic equally via WAN #1 and #2.


No can you create a rule for HTTPS persistance for all HTTPS sessions (not a single IP) that’s what I’m trying to avoid.

Hence my step 1, 2, 3 routing plan mentioned in previous post.

So HTTPS persistance for all source IPs

and weighted load balancing for all non HTTPS unless there is a rule for the specific IP or URL in place

I have some specific questions:

Because I need a specific IP for some websites I access.

And the question was can you set things in the following order:

  1. IP or URL (protocol) forwarding to a specific WAN port

  2. HTTPS persistance for all HTTPS sessions not specific IPs

  3. weighted load balancing for all traffic that doesnt meet the above criteria

Thanks again

Seth

Just replace the source from “IP Address” to “Any” will do.
Edit: You can use Enforce rule for this as well, to force all HTTPS traffic out of a specific WAN.

  1. A custom rule using Enforced algorithm.
    2,3. Refer to the above and my previous post.

So then it’s not possible to force only specific HTTPS IP’s or URLS to go to a specific WAN port, while just having normal HTTPS persistence with load balancing across your other WANS for all of your other HTTPS URLs or IPs?

Say I have eight specific HTTPS URL’s that must be accessed via WAN2, I cannot singularly force those specific URL’s to WAN2 and spread the rest with persistence across the other WANS?

Also you say that you support unlimited singular IP or URL to individual WAN forwarding rules, in practical reality that’s not possible, as there are over a billion unique IP’s. Cisco supports 100, Draytek 60, in practical purposes without causing strain on the router do you think the balance 20 and 30 would comfortably support 1000 outbound protocol forwarding rules, or 500, or 250 ( I probably would not need more than 250 maybe I could use 500, I’m just trying to understand the realistic real world use case and not a hypothetical scenario )

So then in this case it could work as follows:

  1. IP or URL (protocol) forwarding to a specific WAN port (because this will include HTTPS URLS too)

  2. HTTPS persistance for all HTTPS sessions not specific IPs

  3. weighted load balancing for all traffic that doesnt meet the above criteria

Another option is some routers provide session or IP based load balancing, where you could opt to have every unique browser session HTTPS or HTTP maintained on the port it originated on, can the balance 20 and 30 operate in this fashion? If so could I keep step 1 in place forwarding specific IP’s or URLs and or protocols to specific WANs for their sessions (is there a benefit to using IP over URL i noticed in your demo your router supports both)? In this scenario would I see any benefit in speed while downloading from the load balancing or no because the session would be restricted to the WAN port. Would I see a speed benefit in downloading multiple files or torrents?

Sorry just trying to be real specific because your answers are quite thorough but they are missing the essence of my question.

Your assistance is greatly appreciated,

Seth

So then it’s not possible to force only specific HTTPS IP’s or URLS to go to a specific WAN port, while just having normal HTTPS persistence with load balancing across your other WANS for all of your other HTTPS URLs or IPs?

Say I have eight specific HTTPS URL’s that must be accessed via WAN2, I cannot singularly force those specific URL’s to WAN2 and spread the rest with persistence across the other WANS?

Also you say that you support unlimited singular IP or URL to individual WAN forwarding rules, in practical reality that’s not possible, as there are over a billion unique IP’s. Cisco supports 100, Draytek 60, in practical purposes without causing strain on the router do you think the balance 20 and 30 would comfortably support 1000 outbound protocol forwarding rules, or 500, or 250 ( I probably would not need more than 250 maybe I could use 500, I’m just trying to understand the realistic real world use case and not a hypothetical scenario )

So then in this case it could work as follows:

  1. IP or URL (protocol) forwarding to a specific WAN port (because this will include HTTPS URLS too)

  2. HTTPS persistance for all HTTPS sessions not specific IPs

  3. weighted load balancing for all traffic that doesnt meet the above criteria

Another option is some routers provide session or IP based load balancing, where you could opt to have every unique browser session HTTPS or HTTP maintained on the port it originated on, can the balance 20 and 30 operate in this fashion? If so could I keep step 1 in place forwarding specific IP’s or URLs and or protocols to specific WANs for their sessions (is there a benefit to using IP over URL i noticed in your demo your router supports both)? In this scenario would I see any benefit in speed while downloading from the load balancing or no because the session would be restricted to the WAN port. Would I see a speed benefit in downloading multiple files or torrents?

Sorry just trying to be real specific because your answers are quite thorough but they are missing the essence of my question.

Your assistance is greatly appreciated,

Seth

Another point of confusion is I am not refering to inbound traffic or source IPs, I’m referring to utbound traffic and destination IPs

Thanks for the clear explanation.
I understand a lot better now.

Yes it’s possible.

  1. Custom rule #1, specific destination IP (or domain name if you’re using specific URL), protocol pointing to TCP 443, algorithm using Enforced and WAN of your choosing.
  2. Custom rule #2, any source, any destination, protocol pointing to TCP 443, algorithm using weight balance.
  3. Default rule

Also possible.

  1. Custom rule #1-8, same as the above, using domain name each with a specific URL), protocol pointing to TCP 443, algorithm using Enforced and WAN2.
  2. Custom rule #9, any source, any destination, protocol pointing to TCP 443, algorithm using weight balance.
  3. Default rule

Practically I’m not too sure why you need to specify the outbound traffic of up to 500 public IP. Perhaps you can share more on this, or maybe explore if there’s a way to group them into small group of subnets, instead of /32 IP addresses.

Yes, you’ll need to add in the 2 rules stated below. Of course, the HTTPS rule will be conflicting the 2nd rule we have above, so it depends on how you want to route your HTTPS traffic.

  1. Custom rule #1, any source, any destination, protocol TCP 80, algorithm using persistence, by source.
  2. Custom rule #2, any source, any destination, protocol TCP 443, algorithm using persistence, by source.

If you download a big file directly from a browser, it will stick to a single WAN, so no benefit in speed. For traffic like torrents which utilize multiple sessions, yes there will be an increase if you load-balance via both WANs.

So now let’s see if I understand a little better, as long as i set my custom IP or URL forwarding rules with a higher priority than the persistence rules, they will be executed first?

If opted not to use persistence for port 80 or regular HTTP sessions would I see an increase in download speeds for large files because they would be spread across the WANs?

I currently have the Cisco RV042 and I have 100 protocol binding IP to WAN forwarding rules in place and I’m migrating because I need more. I access a lot of websites that require specific IP’s to access them and that is the reason for the large number of protocol bindings. They are totally unique IP’s so they can not be broken down into groups. Realistically, what do you think would be the most I would want to use with the balance 20 or 30 without causing the interface to slow down to a crawl and problems to start to occur (is 250 unrealistic please be blunt and honest)? Also is there any benefit to IP over URL, I notice that you support both?

Thank you for you for the clarity in your answers this time. I’m not very technical so it’s much easier for me to understand.

I have a balance 20 in my hands now that was given to me, it’s 3-4 years old and I’m trying to update it to the latest firmware and it won’t update. Has the hardware changed and new firmware not suitable for the previous iterations. I submitted the serial # of the device in my support ticket, if you could look at that and advise me I’d greatly appreciate it.

This balance 20 only supports IP’s your live demo supports IPs and URLs does the current balance 20 firmware support both too or is that only on larger models?

Finally there is no way to enable the router for best application compatiblity mode or most application compatibility mode AND add custom rules you MUST choose one or the other correct?

Thanks again

Seth

So now let’s see if I understand a little better, as long as i set my custom IP or URL forwarding rules with a higher priority than the persistence rules, they will be executed first?

This is correct, the rules are executed firewall-style from top to bottom.

If opted not to use persistence for port 80 or regular HTTP sessions would I see an increase in download speeds for large files because they would be spread across the WANs?

Only if you are using a Download Manager or if it is torrent traffic, otherwise it will only come back on the same WAN the request went out on.

I currently have the Cisco RV042 and I have 100 protocol binding IP to WAN forwarding rules in place and I’m migrating because I need more. I access a lot of websites that require specific IP’s to access them and that is the reason for the large number of protocol bindings. They are totally unique IP’s so they can not be broken down into groups. Realistically, what do you think would be the most I would want to use with the balance 20 or 30 without causing the interface to slow down to a crawl and problems to start to occur (is 250 unrealistic please be blunt and honest)? Also is there any benefit to IP over URL, I notice that you support both?

Honestly it is hard to put an exact number on it. I have never heard of any one needing so many different custom rules. URL would be better because if the destination IP changes you would not need to change it.

We will follow up with you via the support ticket regarding the firmware update.

Finally there is no way to enable the router for best application compatiblity mode or most application compatibility mode AND add custom rules you MUST choose one or the other correct?

You are correct, you must choose one.