Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 14 replies
  • Answers 4 answers
  • Subscribers 29 subscribers
  • Views 30042 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Load balancing multipath and online banking

SimonBuckmaster

Since installing our XG125 our users have been having intermittent issues with online banking services. They would work one day but not the next, a reboot of the XG would fix things temporarily, but the problem always come back (HTTPS scanning is off, btw).

After spending lots of time troubleshooting I have a theory about what is happening, but would like to know if someone can confirm.

We have two WAN connections (2M SDSL/4M Fibre) and the XG is load balancing between them, as was our previous appliance, a Cisco SA-540. I think that the XG may be splitting traffic for a given user between both connections and that this is causing SSL/HTTPS problems with the banking sites. I have set up a test user with a network policy excluding them from load balancing and the issue seems to have gone away for that user.

What I would like to know: is it possible to set load balancing to act at a host level rather than a traffic level? That is to say balance the LAN IPs accessing the internet across both WANs, but not split the traffic from each host? It would seem that this was how the Cisco used to work since we never had issues with online banking before.

Any help would be greatly appreciated, thanks in advance!

Simon



This thread was automatically locked due to age.
  • 0 in reply to sachingurung

    Hello  

    Can you provide me with the release notes as I am not able to find bug resolution fror this issues in v17, MR1, or MR2.

     

    Currently we are on XG210 v17 MR2 facing session timeout issue when WAN loadbalancing is enabled for the following URL?

     

    https://onlineservices.tin.egov-nsdl.com/etaxnew/tdsnontds.jsp

     

    Regards, Ronak.

  • +1 in reply to Ronak Sheth

    Hi Ronak, 

    It was fixed in the v17 Beta release but it is by default disabled. I was not able to find the information added in the release notes; I will check why with the concerned team over this.

    You can take SSH to the XG and run the following command in Device Console,

    console> set routing wan-load-balancing session-persistant connection-based ip-family all

    Let me know if that helps.

    Thanks

  • 0 in reply to Ronak Sheth

    Ronak Sheth said:

    Can you provide me with the release notes as I am not able to find bug resolution fror this issues in v17, MR1, or MR2.

    Hi Ronak,

    the issue is tracked internally in two tickets. One for v15 (NC-9349) which is rejected as we are now on v17.0. The other one is NC-9892 which was a feature improvement and never made it on the changelog. I can confirm that this was merged into SF 17.0 Beta1 (17.0.0.32).

  • 0 in reply to sachingurung

    Hi ,

     

    Thanks for your responce. Yes issue has been resolved and are there any adverse effoct of the setting as it is set to disable by default? Can you help to understand how will WAN load balancing new connection? Also let me know the dfference between Weighted Round Robin and Session Persistent - Connection Based?

     

    Regards, Ronak.