Cisco Dual WAN RV082 load balancing?

[mxnerd]

Anyone has experience of this device?

We just added CBeyond T1 with Voice service (we keep existing PBX system) to improve the internet upload speed and reduce phone bill. We still keep existing AT&T DSL service, however.

I'm wondering if I can install RV082 and improve the download speed.

Existing DSL download is 3.0Mbps and I don't want to waste it just sitting there, since the T1 with voice will slow down when employees are talking on the phones, and even if no one is talking, users notice reduced download speed.

Anyone has experience with this device? Existing LAN (one SBS 2003 server & 15 machines) is behind Endian community version firewall (an IPCop Derivative), I want to keep Endian as proxy filter server. How hard is it to make the whole thing work? Will some apps get affected (like Skype)?

Thanks for all advices.

 

[kevnich2]

Yeah I have the RV042 version of that, great router actually. You can do one of two things - put it in load balance mode or failover. For you, it sounds like you want to be using load balancing. You can put in the speeds of both connections and it'll automatically load balance the connections depending on what is currently going through. You may want to also bind certain pc's to one or the other internet connection. You'll just have to play with the settings until you find your sweet spot on how internet performance is.

 

[Emulex]

yeah that is just a linksys router - i'd go for something a bit larger to integrate all of your firewall needs in. when you replace that dsl line with a comcast business $99/month for 50/10 you will see that router crumble as you push DS3 speeds through it.

Also you need to remember alot of B2B systems and some older SSL sites will freak the heck out if you have bouncing ip's. banks too. so you need to have more precise binding of ports (out).

ie:
(outbound) SSL bind to WAN1, strict (always), unless link down
(outbound) * ports (10.1.1.250-252, all ports, all protocols) bbind to wan1 strict unless link down (because that T-1 will be 100x higher reliability than dsl)

maybe push ftp to wan2 by default - keep the leeching down.

You'll want a device with a long NAT period - can handle full 60k+ nat.

Also i'd suggest adding http/https protocol to locate downed services. We use a highly redundant website on each link (two different links) to augment ping timeout - with SSL if you start to get 20-30% loss due to a peering issue, whatever - it will become unusable and it would be better to down the firewall wan port than make everyone in the office miserable. This of course happens when you are on vacation in europe 🙂

I suggest a device that allows inbound port forwarding with at least 256 (many come only with 32) - In case the vpn is borked. keep in mind you need to set one on each WAN because you'll probably only need it when your primary is down.

cbeyond has extremely high uptime i've been using them for well since day 1 in atlanta. Having the dual T-1 option the $1495 plan with 7000minutes and other free services is extremely cheap - we lost a line card and i was busy - eh the cbeyond T-1 is slow - dude showed up a day later to fix the problem i was like no kidding didn't even know it was an issue.

But it is sloooow. With comcast business as a backup - you can let folks leech ftp,http on a 22 or 50 meg link and do the hardcore business on the T-1's.

I've use a comparably priced EDIMAX USA product for 5 years. They were about the same price. I've outgrown it, but for the money i could afford to buy two - keep one cold standby with the same config - the linksys RV line will change quickly - once you config one of these puppies its quite a large config and you will be very sad to realize how different the new/other products are - when yours dies.

get two cheapo switches and throw them in between the cbeyond and DSL pass-through ethernet ports to the dual-wan rig - that way you can have external network devices (utorrent,ftp,web) on the outside - or snort boxens. Or use one cheap switch and vlan it in two segments. it will come in handy one day 🙂 when you need to pass the real ip through

 

[mxnerd]

Thanks kevnich2 & Emulex.

I think I have some misconception about load balancing. I thought that load balancing is link aggregation (sum up all WAN ports for download), but it seems not.

Emulex, the business is in downtown LA, so no cable or fiber available, and thanks for sharing CBeyond experience and router setup.

So I think the RV082/RV042 can only do load balancing, which means just that, traffic balancing. So the max download speed is not 1.5Mbps (if no one is talking) + 3.0Mbps = 4.5Mbps, but 3.0Mbps from DSL part. RV082 just try to balance port usage.

Please clarify, thanks again.

 

[Emulex]

best to think of it has a router with nat - that can change the OUTPUT route between the two choices (1.5 or 3.0) but in reality you probably want to have an established connection sit on one wan since the inbound routing you have no control of.

if you start a http download on the 1.5 and it gets too busy - it will stay too busy. the router will then say well its busy over here so the next traffic will go out the 3.0 dsl link so your next download http will pull in all it can from the 3.0 .

bittorrent and other accelerators can open up multiple connections which could aggregate bandwidth to 4.5 - but single connections - no.

inbound wise a socket must follow back on the same path link as it goes out since you do not have any AS routing capability (portable ip's, bgp4 , big ole router) - that's just not going to happen with cbeyond and your dsl.

It's pretty cool to see how often your reliable link (cbeyond) stays up versus the unreliable dsl. with comcast business i see issues about 2-3 times a week. with cbeyond (dual t-1 bonded) i see issues maybe 2-3 times a year.

 

[mxnerd]

Thanks Emulex. I do found I have another question.

Since RV082 will be behind the Cisco IAD (Integrated Access Device), how much bandwidth should I reserve for WAN1 (T1)? Since the voice traffic only goes through the Cisco IAD, I guess RV082 has no idea part of the traffic is already taken by voice if anyone is talking, right?

So maybe I should tell RV082 only 1.5Mbps - 80Kbps x7 voice lines (max) is available on WAN1?

Regards,

 

[mxnerd]

We went ahead and bought RV082. Installed & configured it during weekend. It seems doing round robin load balancing between Cbeyond T1 & AT&T DSL in bridge mode just fine.

I was able to continue to use SBS 2003 Remote Work Place after configuring port forwarding. https traffic also works fine after telling it go through T1 only.

I have to put one credit card machine behind the AT&T DSL modem + Trendnet router to get it work.

Endian firewall is not used at this time. Wonder if putting it behind RV082 (which does have simple content filtering)and adding another layer will make it too complex. Maybe will try that later.

Will see what happen in the coming week.

 

[Emulex]

you know the IAD has a nat ethernet port too. It would use the router ip address. so if you wanted to do a guest wifi router and not have them have access to your network at all. or something.

In either case you can can put a switch between the RV082 and IAD if you want to put some boxens or routers or whatever to use specific ip's that belong to each network.

ie mail servers.

Very common to use a pair of smtp *nix boxens and then have a exchange server behind the RV082 firewall with a pop3 fetcher. Then users only can vpn in to get their mail and little bit safer than putting windows machine on internet to fend for itself.