Zyxel Firewall Load Balancer [NAT] - How to Configure Virtual Server Load Balancer

The virtual server load balancer interface is designed to optimize the distribution of local user connections across multiple servers. This load balancing technique helps to reduce the workload on each individual server, enhancing performance and reliability. By distributing the traffic evenly, the load balancer ensures that no single server is overwhelmed, leading to decreased response times and improved user experience. Additionally, this system increases the overall efficiency and scalability of the network infrastructure, allowing it to handle higher volumes of traffic with ease.

Key Benefits:

  • Enhanced Performance
  • Increased Reliability
  • Scalability
  • Efficient Resource Utilization

How does the Virtual Server Load Balancer work?

  • Client Connection: When a client initiates a connection, it directs its request to the virtual server on a specific port.
  • Load Balancing Decision: The request reaches the firewall which then employs a predefined load balancing algorithm to determine the most suitable server from a pool (for instance, Server 1, Server 2, Server 3). Factors considered in this decision might include server load, response time, or session persistence requirements.
  • Forwarding to Chosen Server: Once the decision is made, the firewall forwards the request to the selected server using Network Address Translation (NAT) to ensure the server can properly interpret the request and respond accordingly.
  • Processing by Server: The chosen server receives the request and processes it. This could involve tasks such as fetching data, executing computations, or accessing databases.
  • Reply Back to Client: After processing the request, the server sends its response back to the firewall.
  • Return to Client: Finally, the firewall forwards the server's response to the original client using Source Network Address Translation (SNAT) to ensure that the client receives the response as if it came directly from the virtual server.

Load Balancing rules to follow

  • One real server can belong to multiple load-balancing rules
  • You can only add one interface, IP address, and port to each load-balancing rule
  • Virtual servers and real servers only support IPv4 addresses

Virtual Server Rule Mapping

  • Incoming interface - the interface that the traffic is coming from (usually wan1 (or wan1_PPPoE))
  • External IP - the IP Address of the WAN / outgoing interface of your firewall
  • Service - Select a service-object (a protocol)
  • External Service - The external service (protocol) wanting to be forwarded internally
  • Port - Select a port that needs to be forwarded
  • Protocol Type - Choose between the TCP or UDP port for the port
    External Port - The external port (number) wanting to be forwarded internally
  • Healthy Check Method - The system will check connectivity to see if the NAT rule and load balancer are working properly. Here you can choose between ping, HTTP(S) request, SMTP Helo, DNS Query, and TCP connection depending on what connection type is used to reach the server from the outside

Virtual Server Load Balancing Algorithms

  • Round-Robin - Last in, first out rule, all servers are divided equally (e.g. Server A, B and C will be divided CBACBACBA)
  • Weighted Round Robin - Assigns servers based on specified weight. Servers with a higher weight are assigned before servers with lower weight. (e.g. 4:1 on server 1 & 2 weight means 75% load on server 1 and 25% on server 2).
  • Least-Connection - Assigns the connection to the server with least number of current connections
  • Source Hashing - Assigns the connection based on a static has table e.g. Server A (weight 1) and Server B (weight 2) are mapped like this: 
  • Source_IP_Hash1 = Server B
  • Source_IP_Hash2 = Server B
  • Source_IP_Hash3 = Server A
  • Source_IP_Hash4 = Server B
  • Source_IP_Hash5 = Server B
  • Source_IP_Hash6 = Server A

mceclip3.png

Virtual Server Load Balancing Limits:

ParameterModelLimit
Maximum Number of Load Balancing Rules per Zyxel DeviceVPN50, FLEX100/100W, ATP100/100W 5
Maximum Number of Load Balancing Rules per Zyxel DeviceVPN100, FLEX200, ATP20010
Maximum Number of Load Balancing Rules per Zyxel DeviceVPN300, FLEX500/700, ATP500/700/800, VPN1000  20
Maximum Number of Real Servers Per Load Balancing RuleAll of the above models  4

 

Articles in this section

Was this article helpful?
1 out of 1 found this helpful
Share