Global GeoLink

The Elfiq Link Balancer has a real time geographic balancing option that enables you to manage traffic accross sites for your business continuity needs.

The Global GeoLink technology is typically implemented with two sites, an Elfiq Link Balancer at each site and a WAN between the two sites.

The geographic balancing option creates a GeoLink between the two sites. The GeoLink exchanges in real time between the units all site information including metrics, counters and incoming IDNS ressources to load balance. This means that each link balancer has the knowledge of the other site status for algorithm decision making.

 

Another important key element in geographic mode is the geographic policies. Those policies clarify which kind of traffic or IP service is allowed to use another site. For example, in case of a link failure, you would not want to redirect all traffic through the WAN. You could choose to support mail and EDI transfers and not to offer web browsing and FTP services in geographic mode. The policies allow you to define which flows are allowed.

Global Geolink always gives access to mission-critical applications using one of the two sites and a mix of available links (public or private) in a fully secured environment! This is possible because the Elfiq Global Geolink technology ensures traffic always pass through your corporate security firewalls in geographic mode.

Global GeoLink geographic balancing option is available on LB2000 and higher models because it requires two virtual instances of the link balancers (2 VFI) for public/private network security.

NATTP protocol and inter-VFI communication

Global Geolink geographic balancing can balance both incoming and outgoing traffic. Even if one site's internet access is totally down, Elfiq link balancers can redirect both incoming and outgoing traffic for this site trough other locations by rerouting the traffic over the WAN links with NATTP.

NATTP stands for "Network address translation transfer protocol" - This is an Elfiq proprietary protocol that uses it's own protocol number and runs on IP. NATTP is a Layer 4 protocol in the OSI model. It was created as a very efficient way (low overhead) to encapsulate valid traffic and modify it's original path. NATTP is preferable to NAT because it removes any security risks associated with passing public traffic on private links by encapsulating the traffic so that only another Link LB unit can retrieve the data.

 

Outgoing scenario

In an outgoing scenario with a client user at the bottom site trying to access a service on the internet, the session passes through the firewall, and is intercepted by the Elfiq Link Balancer. There is no local link available. A verification of the geographic policies is done to allow the use of a geolink. Data is then encapsulated using NATTP from public to private IP addressing and sent through the geolink.

The other Link LB receives the data, NATs it to local internet IPs and uses it’s balancing algorithms for a link selection. In this example, Link B is selected and the client user at the bottom site is given access to its internet service through an alternate site. When link C becomes available again, new sessions will be established through it but active ones will remain in geographic mode until the inactivity timeout is reached. This is a typical outgoing geographic balancing scenario.
 
 
 

Incoming scenario

 
In an incoming scenario, a remote user needs to access an intranet server in a link failure scenario. Firstly a DNS request is made by the remote user’s application to translate the service name to an IP address.

This DNS request will be intercepted and processed by the Elfiq Link Balancer. A link selection will occur. In this example, Link A is unavailable and link B is saturated. The advanced algorithms verify the GEOGRAPHIC policies. Do the policies allow to provide the service via an alternate site? YES and link C is currently used at 20%. The choice is to use the geographic mode and the DNS resolution is sent to the remote user who will be able to access the intranet server via the alternate site.
 
The intranet server access is intercepted by the remote link balancer, encapsulated from public to private addressing in the geolink. The upper link balancer will then give access to the intranet server via a primary link address and through the firewall for standard security verification.

This completes the incoming geographic balancing scenario. We have seen that the service has been provided to a remote user at the upper site intranet server despite one failed link and one saturated link. This access was made possible using another site and with the best link available!

Consult the Elfiq Link LB GeoLink Webcast for more information.