chun

HOWTO: Q-Balancer, Initial Setup and Configuration

Answer / Solution

SUMMARY This HOWTO contains information on initial configuration of the Xrio Q-Balancer. It will guide you through the standard steps that are taken in a typical Q-Balancer installation. CONSIDERATIONS A firewall is present and configured with an IP address within the range of one of the ISP links; this is to become the transparent link. The transparent link is to be available with a minimum of 8 public IP addresses, this is a /29 or 255.255.255.248 subnet. The default gateway for the firewall should remain to be set to the router. As IP devices will remember the MAC addresses of each connected device (ARP) you will need to reboot (or clear the ARP cache) on both the router and the firewall. IMPORTANT INFORMATION To assist with the configuration it might be beneficial to complete the following information. Link 1 Link 2 Link 3 Name Name Name Subnet Subnet Subnet Router IP Router IP Router IP Q-Balaner IP Q-Balaner IP Q-Balaner IP Firewall IP CONFIGURATION STEPS 1. Connect your management PC to the last port on the Q-Balancer with a cross-over cable. The management PC should be running Microsoft Windows and Internet Explorer 6 or later with a screen resolution of 1024x768. 2. Under Networking Connections, choose Properties on your Local Area Network Connection and change your IP address to 172.31.3.2, with a subnet mask is 255.255.255.0. No other information is required. 3. Open Internet Explorer and enter http://172.31.3.1:4000. The default username and password is root and 123. 4. The first page to be displayed is the Link Configuration page. This is where you will enter all information about your Internet links. Click in the bottom right corner to create the first link. Choose as we are creating a physical Internet connection, it will appear in the table at the top of the screen. At the bottom of the screen you will see that we can now enter the properties associated with this connection. 5. Now enter the specific properties for this connection. Interface Choose the physical port that this particular ISP is connected to. Name Enter a name for this ISP connection; this will help identify it throughout the management interface. Subnet The Q-Balancer controls how traffic flows in the subnet, enter this is slash notation like in the example. Gateway Enter the Router IP that you completed at the beginning of this article. System IP The System IP is the IP address that is assigned to the Q-Balancer itself. This is used for remote management and Network Address Translation purposes. Target IP Usually this is set to a DNS server or a well-known router IP which the Q-Balancer will contact to verify connectivity. Down/Up Enter the download and upload speeds for this link, this is used only for visual purposes and does not restrict/control the bandwidth. 6. Next, choose . You will now see the entered properties in the table above. 7. Repeat steps 4 through 6 for each ISP link you have. 8. From the menu of the left, now choose Link Setup à Link Check. We can specify how the Q-Balancer uses the previously specified Target IP. The recommended option is By Ping and Trace Route as this will contact the first few routers within the ISP network the check if the link is stable. Usually the default Time Out and Interval values are sufficient. 9. Next, choose Link Setup à Link IP Binding from the menu and enter the System IP for each link that you specified in the Link Config screen. These IP addresses will be used in following configuration screens. 10. From the left menu, now choose Outbound Pool Configuration. Here we can create pools of links and assign different load balancing algorithms to them. Click the button at the bottom right of the screen to add a new pool. Next, in the enable column select the links you want to appear in the pool and assign a weight. NOTE: In our example, ISP1 has a download speed of 1024Kbps whereas ISP2 has 512Kbps. Here we would set a weight of 2 to ISP1 and 1 to ISP2. Choose a Balance Algorithm to assign to this pool. NOTE: It is recommended to use Weighted Round Robin IP Persistent for the main traffic flow as this is the safest algorithm. It will remember which route a connection took to a destination by source IP. This is useful for browsing secure sites such as online banking, to maintain the same source IP address. Choose the button in the bottom right of the screen to save the pool. 11. Now on the LAN Setup à Transparent Setting screen, we need to assign our primary link as the transparent link. With the primary link (ISP1) highlighted, turn the radio button to On, and choose the port you wish to pass this ISP link through to. NOTE: This will be the port that you connect into the firewall. It is recommended to use the second to last port for this if possible, leaving the last port for management purposes if required. Click , the status for the transparent link should now become On. Finally choose Pass Through IP Registration for Proxy ARP, where we can specify which IP addresses we will pass through to the LAN side. Choose the tab that relates to your transparent link, enter the IP address to pass through, and then click . NOTE: Usually you will only need to register the IP address that the firewall will use, however if you have more devices using public IP addresses on your network, you will need to register them here. 12. We now need to create policy to specify how traffic will flow through the Q-Balancer. Choose Policy Setup à Policy Configuration from the left menu. A default rule will already have been created, this will allow any traffic originating from our firewall to connect anywhere on the Internet. This needs to be changed slightly to use the pool we created in step 10. Click the to the right of the Anywhere rule. At the bottom of the screen you will see that we can now enter the properties associated with this policy. In the 5 column, we can select the pool, which is currently set to BALANCE. Change this to Pool 1 that we created previously, you can click the button to view information about the selected pool. Click to update the rule. 13. We need to create some rules to allow contact to the Q-Balancer from the outside. Choose Server Mapping from the menu on the left. With the first ISP link selected, now select the Q-Balancer’s System IP that you previously added in Step 9. Whilst holding down the control key on your keyboard, select maintain, ping and ssh from the Services list, check the To Q-Balancer checkbox and then the button. Repeat these steps for each ISP link you have. 14. Finally we need to apply the configuration. It is important to note that the above steps are not committed to the device until we have transferred the configuration on-screen to the running config. From the menu on the left, choose Update. The configuration is now applied, however to save the configuration permanently we must save it to the boot configuration. At the top of the screen, click the button under Configuration Management. Now select boot from the list and then click . This configuration is now permanent. NOTE: Remember that this process needs to be followed when making any changes to the device. Configuration should now be complete. MONITORING AND DIAGNOSTICS Now we have created our configuration, we need to check to see that all WAN links are contactable. From the menu of the left choose Analysis Tools à Link Status , then from the top of the screen choose Real-Time Traffic. If all links are with a blue background, then all links are available and functioning. However, if any of the links appear red in the background, the particular link is having trouble either contacting the router or the target IP you specified in the Link Configuration screen. In which case, check connectivity and refer back to this screen. As the final step, as mentioned in the considerations section of this article, please reboot your router and firewall to clear previously cached ARP addresses.