Load Unbalanced Routing

So when you buy a load balancing router, what do you actually expect it to do? Maybe I just expected too much from it as a solution to my distinctly unbalanced connectivity requirements. But even if the outcome is typically a lack of adequate refreshment, I suppose it's nice to live in hope with a "glass half full" approach. Though, in my case, "network half full" seems more appropriate.

After my recent shuffling of accounts with Internet Service Providers, I now have two connections to the Net. One is through cable and provides 20 Mbit downstream and 1 Mbit upstream. The other is through ADSL and (on a good day) offers 2 Mbit down and 750 Kbit up. They're both linked to my internal network through a LinkSys RV042 load balancing router. So, in theory, I can get great performance combined with automatic failover should one of the connections fail.

However, this arrangement seems to cause more problems than it solves. Some sites, including my personal email provider, treat requests from different IP addresses as coming from different sources. My cable and ADSL connections are very different IP addresses, and my email provider's load balancer and security mechanism don't allow requests from both IP addresses to access the same authenticated session. I guess this is done to mitigate "man in the middle" attacks, but it means that I'm continually prompted for credentials when using Outlook or OWA.

The solution is to force all HTTPS requests to go through one of my two connections rather than being load balanced, and the obvious choice is to use the faster connection. To do that I can set up protocol bindings in the router, but it just raises a heap of new issues. For example, the Protocol Bindings configuration section consists of controls where you specify the service type (such as HTTPS), the source IP address range, and the destination IP address range. There's also an Enable checkbox which, for some reason, is unchecked by default. So if you just enter the values and click the button to add the binding, it doesn't work unless you remember to select it again and check the Enable box.

And then you need to figure out whether adding one binding will still allow all other services and IP addresses to route to one or both of the external connections. There's nothing in the router manual to indicate whether you need to add more bindings for these, or how you can create a rule that excludes some services and IP addresses but includes the rest. And there's no indication either of whether the order of the bindings makes any difference. As there's no "Move up" and "Move down" buttons, I have to assume it doesn't.

So I Binged for help, but all I can find are some non-relevant half-examples. The Cisco forum people keep saying that "you can use protocol bindings to resolve this issue" but never actually show you how. From the number of posts complaining that protocol bindings don't work, I can only guess that most people, like me, can't figure out how to configure them properly.

But I carried on and created a binding to route all HTTPS requests to my email provider through one connection. Except that I have no idea what destination IP address range to specify. I can get the IP address currently allocated to my email server using nslookup, but I can't get the range because their DNS server won't accept requests to list them all. And they seem reticent about providing the information in response to my emails. In the end I decided to route all HTTPS request through one connection rather than just requests to their servers.

So, having resolved that issue I can now enable load balancing secure in the knowledge that I can still get at my email, as well as benefitting from using both connections for everything else. The router is also configured with the throughput rates for each connection and is clever enough to spread requests across them based on the capacity of each one, so more requests go to the cable connection than the ADSL connection. This is good because there is a monthly download limit on the ADSL line, whereas the cable connection is unlimited.

Unfortunately it doesn't actually speed things up in many cases. When I open a web page, the requests for the associated images and other content are load balanced and so, in theory, the entire page loads more quickly than when using just one connection. However, the router doesn't know how big each of these images or resources is, so it may send the request for very large ones over the slower connection; which means the page load is actually slower than using just the faster connection. And it's quite possible that a request for, say, a streaming video file may be routed through the slower connection (whereas I'd want it to go through the faster one) because I can't set up protocol bindings for different content types.

Load balancing is, of course, designed to work over connections that have the same capacity and bandwidth, so I guess I can't expect it to do anything different. In the end I've gone back to using the router in failover mode only on the faster cable connection. At least I can be sure I won't exceed the bandwidth limits on the ADSL connection unless the cable connection fails altogether, though what my ISP will think when my bandwidth usage is zero each month I can't guess. Or whether my ADSL modem will still work when it doesn't have regular traffic it can use to configure connection rates and error checking. And it still feels like I'm wasting a connection that I'm paying for.

But at least I've got a valid reason for being a bit unbalanced...