locked
Configuring ISP redundancy RRS feed

  • Question

  • Hi.

    I've configured this but it doesn't seem to be working. This is what i've done:

     

    1. Configured both external NICs statically with the information provided by the ISPs (two different providers, different subnets and gateways)

    2. Completed the ISP redundancy wizard using load balancing and assigned 50% to both links (they are both 4 Mbps, symmetric links).

    3. Assigned the same static metrics for both the gateway and the interface (1).

     

    I didn't set up the static routes for DNS since i'm using a public DNS and don't really care on which link it goes out.

     

    Am i missing something? If i start a download using a download manager with multiple connections the load does not get split up between both links. Also, checking a website that gives my IP i only get the IP of one of the links.

     

    Thanks in advance!

    Wednesday, May 12, 2010 8:02 PM

Answers

All replies

  • Have you tried from multiple different machines? Wondering if this is an affinity issue.

     

    Have you seen an instance where it ever used the other ISP?

     

     

    Wednesday, May 12, 2010 8:56 PM
    Answerer
  • Hi, i've tried from the Forefront machine and another one and the same thing happens. I have in fact seen activity on both links using the task manager but it doesn't seem like it's balancing the load.

    I even tried forcing 90% to one link and it still went out the other one. Both links are up.

    Does TMG balance on a per-connection basis (multiple connections to the same server go out through different links) or does it maintain sticky connections (all subsequent connections to the same server go out through the same link)? Is this configurable?

    These are the external routes:

     

    Active

     

    0.0.0.0          0.0.0.0     200.x.x.1    200.x.x.x    257

    0.0.0.0          0.0.0.0    201.x.x.9   201.x.x.x    257

     

    Persistent

    0.0.0.0          0.0.0.0     200.x.x.1  Default

    0.0.0.0          0.0.0.0    201.x.x.9  Default

     

     

     

    Wednesday, May 12, 2010 9:43 PM
  • Wednesday, May 12, 2010 9:47 PM
  • Thanks Jason.

    My configuration is the same as those pictures, however here's an interesting line from the bottom of that page:

    "If the network relationship is configured as route, ISP-R will not function. This is important because traffic originating from the TMG firewall itself will not be processed by ISP-R, as the network relationship between the Local Host network and the External network is route."

    That would explain why i see no change when testing from the TMG firewall. I will test further using another machine.

    Wednesday, May 12, 2010 10:25 PM
  • Yep, testing for a remote web proxy client would be recommended...
    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Thursday, May 13, 2010 8:29 AM
  • I would get several test web proxy clients and start downloading big files on each. There are some bandwidth speed test sites that are good for this.
    Friday, May 14, 2010 2:17 PM
    Answerer