I had the opportunity to test and review the Elfiq LB-800E Link Balancer as part of a TMC Labs review for the September issue of Internet Telephony Magazine. It's an impressive product that does traffic balancing, ISP bonding, Ethernet bonding (EtherChannel), and enables plug-and-play bandwidth redundancy. I thought I'd share my review here. Enjoy!
Elfiq LB-800E Link Balancer
We all know data is critical to just about any business. The real question is how to handle business continuity in the event a data connection is lost. While there are a myriad of ways of handling the loss of a data connection, the simplest method is the usage of a link balancer. A link balancer is a network-based appliance that proactively manages bandwidth from multiple ISP or private links. Should one or more links go down, the link balancer can automatically switch the traffic to the available ISP link(s) until the troubled link returns to normal.
In fact, a link balancer can actually be proactive and perform outbound traffic balancing, distributing traffic across multiple links based on rules you specify. A link balancer can take multiple ISPs from multiple technologies (DSL, T1, fiber, cable) and combine them to ensure business continuity. If there is link saturation or a link failure with an ISP provider, using a link balancer it will automatically make sure the other ISP bandwidth links are there to take over. TMC Labs took a look at the Elfiq LB-800E, a powerful and robust link balancing appliance that was surprisingly easy to setup. To get the best possible real-world experience, we actually hooked up to our production network and configured it to work with our two ISPs and one of our web servers.
Importantly, Elfiq’s line of link balancers support session persistence management because certain types of traffic, such as HTTPS (secure web site access) needs to have its simultaneous sessions use the same link for cookie compatibility. This does not hinder the ability to dynamically balance this type of traffic since sessions going to a different HTTPS destination can go over a different link. Elfiq's persistence simply ensures that sessions going to a given destination remain together, on a per-destination basis. Similarly, you can configure a link balancer to use a primary link and only switch to a secondary link if the primary link reached a high utilization threshold that you preconfigured.
We should mention that in addition to failover and outbound traffic balancing, the Elfiq LB-800E can also perform inbound traffic balancing and failover with no change to your existing internal infrastructure – other than the initial configuration of the Elfiq device of course. One critical component to inbound traffic balancing and failover is Elfiq’s Intelligent DNS (iDNS) module. The Intelligent DNS module will intercept incoming DNS requests for specific services and balance them according to the selected algorithms and parameters defined. Because the LB-800E knows if a link goes down, it can modify inbound DNS requests on-the-fly and point to an alternative IP address. Importantly, iDNS only intercepts DNS queries for records you wish to load balance and provide failover. Any other DNS query is passed onto your existing DNS servers. All you need for failover across multiple links is an IP (ISP1) to IP (ISP2) association for each server you want to failover.
For example, suppose you have a web server www.acme.com whose DNS points to 18.104.22.168 (ISP 1) and you have a backup ISP 2 reconfigured with IP address – 22.214.171.124. Now suppose ISP1 goes down. When outside clients (browsers, VoIP devices, apps, etc.) try and resolve www.acme.com, the Elfiq device will know that ISP1 has gone down, intercept the DNS query via its DNS listener and resolve the DNS to your other data link (ISP2 - 126.96.36.199). That takes care of the external side of things. On the internal side, the Elfiq device sits between your Internet connections and your firewall so it has the ability to modify the packet to make it appear to the firewall as though it came from ISP1 even though it came from ISP2. The packet is then routed by your firewall using its normal rules to reach the destination server or device. When the server responds, it still responds using the same exact default gateway (the firewall). The firewall then sends the response to the Elfiq, which because it maintains session states, it is able to map the IP address back to ISP2’s external IP address.
As you can see, this is done keeping your existing network infrastructure the same. No need to manually change default gateways on servers, no reconfiguration of your firewall(s), and no DNS changes required. The beauty of this is that it’s done proactively and automatically by the Elfiq device with no human intervention.
The LB-800E Link Balancer actually checks the status of each ISP link every few seconds to validate its health – essentially probing predetermined outside sites down for their availability. When a link stops responding to the tests conducted by the Link Balancer, the link is taken off the list of available links and directs traffic to the remaining links. Importantly, the LB-800E continues to test the unavailable link, and when it becomes available with acceptable metrics, it is returned to the list of available links. During an outage the LB-800E will send email alerts and will also alert you when the link returns to being available. Elfiq Link Balancer events and alerts can be sent to a remote syslog server as well.
Besides failover capabilities, another nice advantage of the Elfiq LB-800E is that it enables the use of multiple ISPs concurrently. Instead of having an idle backup data link you pay good money for, you can use all the links to their maximum limit enabling your company to benefit from the additional bandwidth. The Elfiq LB-800E has some powerful customization rules and you can even modify algorithms based on time of day. Another important feature of the LB-800E is its site-to-site resiliency feature. With a Link Balancer at two sites using Elfiq's proprietary SitePathMTPX feature, communication between those sites is protected against link failures or saturation by using alternate paths to ensure connectivity. Using this feature you can load balance VoIP / VPN traffic over a number of links so your remote offices and users don’t lose connectivity during a link outage. This is all done without changing your VPN appliance or firewall configuration.
The Elfiq Networks QoS feature lets you grant priority to critical data, such as email, VoIP or VPN traffic and supports QoS diffserv marking. The Quality of Service module lets you set policies for ports, protocols and applications, allowing you to give lower priority to non-critical activities such as streaming radio or gaming. Importantly, should one link fail, which means less overall available bandwidth, the QoS module will apply new user-defined rules to the other links to guarantee bandwidth for all critical services. Although we didn’t test this feature, the Link LB offers filtering on IP, ICMP, TCP and UDP protocols.
The web admin was very easy to navigate and configure the various settings. It has a series of wizards that guide you in the configuration of your device. It also has a batch command screen where you can copy/paste several commands into the screen and execute them all at once. It’s a nice way of quickly changing the configuration or even installing a completely new configuration to the unit. It’s also useful for backups. You can output the current config and then if you need to migrate to a new unit you can simply paste the configuration into the batch command screen. The Elfiq web page also shows cumulative statistics and SNMP support allows you to pull statistics from the Elfiq device.
The reporting capabilities are pretty good. We really liked the dashboard view, which showed overall bandwidth consumption for each link.
You can view current upload/download statistics per link real-time, last 4 hours, last 24 hours, last 3 days, and last 7 days, as seen here:
The built-in probe lets you see active IP sessions bandwidth usage on a per link basis, link usage and history, reports on a per IP address, application/port basis. The probe lets you see the current top 30 sessions (“top talkers”), which you can then sort by column headings, including the link port, top in kilobytes, top out kilobytes, and more. (elfiq-probe-sessions.jpg) You can also see both the inside and outside IP address for each session and the port number (80, 443, 21, 3389, etc.) to determine traffic type. You can also export the chart data as a .csv file for importing into a reporting package or Excel.
The line of Elfiq Link Balancers let you choose different algorithms for each traffic flow you want (ACL based), which includes the following algorithms: Round Robin, Weight, Least Traffic, Equalized Traffic, Order Preferred, Equalized Traffic First within Weight, Best SitePath First, Round Trip Time (fastest path in ms), and multiplexing (MTPX). Each method has its advantages. WFA (Weight First Algorithm) is an interesting option. It prefers the lowest configured weight conditional to saturation. In our setup, Optimum Lightpath fiber was assigned a weight of ‘2’, which is less than weight of ‘5’ for the Cablevision line. What this does is keep all traffic on the primary link and only if the primary saturates (or fails), then spill over into Cablevision link. Sample outgoing load balancing rules:
Significantly, the device has a LAN failsafe feature, in the event of equipment failure, allowing you to power off the Elfiq and your firewall will still communicate with its default gateway through the inactive Elfiq unit. These ports are labeled in groups of two as “Bypass” on the unit to make it clear that there in actual physical connections between each pair. Depending on the model number you can have multiple bypass pairs.
During one of our tests, we took one of our ISP links down to see if our test web server would switch over to the secondary link. The Elfiq device sent us an email alert and we attempted to connect to the web server. Initially, we could not connect, but that was because our DNS has already cached the IP address to the primary (now offline) ISP link. We flushed our DNS cache and then we successful in connecting to the web server over the secondary link. It was doing exactly as promised – ensuring business continuity by automatically switching to a secondary ISP link and we were quite impressed.
- Maximum throughput Full Duplex: 480 Mbps
- Maximum number of sessions: 64,000
- Maximum number of new sessions per second: 12,000
- DHCP, PPPoE, Dynamic MTU/MSS support, 802.1Q (vlan)
- Speed of network interfaces (Mbps) 10 / 100 & 10 / 100 / 1000
Because the Elfiq LB-800E is Layer 2, it eliminates the use of the BGP protocol for link redundancy and eliminates the high costs associated with it. The Elfiq Link Balancer can actively manage sessions between multiple links, it can use all the links concurrently and can failover between links very quickly. Conversely, BGP is often used to re-route whole ranges of IP addresses, a lengthy process requiring hardware and human resources. The Elfiq Link Balancer saves time and money while optimizing the use of all your WAN/Internet links. The Elfiq Link Balancer can eliminate expensive links by replacing them with multiple less expensive links, without reducing performance and adding in additional redundancy to both. We almost never give perfect scores (5) for every rating, but this is a polished product that is feature-rich and easy to use. We really liked that this device required virtually no changes to the network infrastructure. Add in its native support for QoS policies, session persistence, and is VoIP SIP-aware capabilities, and we had no doubts in awarding the Elfiq LB-800E an Internet Telephony Editors’ Choice Award.