Which of the following is NOT a method of Load Balancing with VPN-1/FireWall-1?

Which of the following is NOT a method of Load Balancing with VPN-1/FireWall-1?

Domain Load Balancing

Round Robin

Server Load

Round Trip

Quantum Load Balancing


Load Balancing Algorithms
Now that you’ve learned about the methodologies the logical server/firewall
uses to route traffic, you need to consider the algorithms used to decide which
server in the server farm will get the load-balanced connection. Check Point
provides five algorithms for the logical server; the administrator decides which
of these algorithms to use. The algorithms are called server load , , round trip , , round robin , , random , and domain
. We’ll describe these algorithms next.

The server load algorithm, shown in Figure below, works in conjunction
with a load agent that runs on each server in the server farm. The load agent
is a small program that communicates to the firewall how busy the machine is.
The machine with the lightest load is sent the next packet.

You can download this load agent from Check Point’s website (only available for Solaris) or write one using the OPSEC APIs provided by Check Point on the OPSEC website ( www.opsec.com ). The load agent uses UDP port 18212
by default. The firewall checks the load on each server at the configured time
and passes the connection to the server that has the lightest load.
The round trip algorithm uses ping to decide which server gets the
request, as depicted in Figure below.The round trip algorithm is much simpler
than the server load algorithm, but not as intuitive-it cannot measure the
load on the servers. Therefore, the round trip algorithm’s decision is based
solely on network factors rather than the server load. When you use round
trip, the server with the least traffic will answer first. The server with the
most traffic will be too busy to answer, and the packet will be delivered to
the machine that answers first. The drawback to using the round trip method is that the server
closest to the firewall usually gets the connection. The round robin algorithm, shown in Figure
below, is not very intelligent.

This algorithm begins with the first server in the server farm and gives it the
first connection. The second connection goes to the second server in the
server farm, the third goes to the third, and so on. When the algorithm
reaches the bottom of the list, it starts over.
Next in the list of load balancing algorithms is random. Do you remember
the method you used to choose teams when you were a kid? Eenie, Meanie,
Minie , Mo ! That is the same method the firewall uses. The random algorithm
is illustrated in Figure below

Last is the domain algorithm. With this algorithm, the firewall chooses
the closest server based on domain names. Figure below shows an illustration
of the domain algorithm in action.

There is an issue with the domain algorithm. Check Point doesn’t recommend
using it, because it creates a noticeable delay for requests due to the
required reverse DNS lookups. In today’s e-business environment, any delay
experienced by users accessing your website could be disastrous. This algorithm
was originally designed for clients in Europe and the rest of the world, where
they use country names at the end of their URLs (such as
) Forexample, in Figure above, if a client in the U.K. is trying to connect to a website for
a global company based in France , the initial connection goes to the logical
server in France . At this point, the closest server is in France , and it would be
“logical” to send the connection to the server in France . Unfortunately, the
domain algorithm will send packets back to the client in the U.K. and redirect
them to the server located in the U.K. , wasting precious time in the connection
setup. This is an effective method only if all your servers are located in Europe
and the client is also located in Europe .
To sum up, Check Point offers five algorithms-but in our opinion, only
one is a true load balancing method. The server load algorithm is the only
method that takes into account the actual load on each server. The rest of the
algorithms don’t consider how busy each server is in the server farm. As the
administrator, you should check out all methods of load balancing (both
Check Point and non-Check Point) before deciding which one is best for
your situation.

Leave a Reply

Your email address will not be published. Required fields are marked *