Cisco RV042G protocol binding questions

[24elements]

I have a Cisco Rv042g Dual Wan Router with 2 DSL lines connected to it.  I want to set it to load balance to utilize the bandwidth of both lines.  I have no problem showing my ignorance.  I do not understand the following in the Protocol Binding setup:

 

SOURCE IP:              FROM ------------------ TO -----------------------

 

DESTINATION IP:    FROM ------------------- TO -----------------------

 

I understand the SERVICE and how to select the interface.

 

Please help!

 

[DrunknMunky Veteran]

Topic Moved

[+John Teacake MVC]

You could try something like this

configure terminal
ip cef
interface ethernet 0
  ip load-sharing per-packet

Make sure that you have two equal cost default routes too.

ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.1
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.2

Then it will load balance per-packet. Probably won't be an equal load since some packets are bigger than others.

 

http://www.dslreports.com/faq/cisco/50.5_Load_Balance_2_ISP_with_Cisco

http://blog.webernetz.net/2014/03/12/basic-isp-load-balancing-with-a-cisco-router/

http://www.dslreports.com/forum/r13140833-Cisco-router-with-load-balancing

[sc302 Veteran]

you are binding a protocol to an interface...you have to do this so that some things don't get messed up in transmission. 

 

Http is no big deal for example, you wouldnt want to bind that....FTP a bit bigger of a deal, you don't want that flip flopping between interfaces being that you auth'd to the ftp server via one ip address and when another attempts it will be denied.  Mail outgoing is another one...you may have your ptr record associated with one ip address, you probably don't want to have it come out of the other so it doesn't get flagged as spam.

 

You know, silly things like that that can break is why that is there...other wise standard web downloads shouldn't be an issue or other communications for that matter....Oh yea, if you have ip phones you def don't want them flip flopping between lines during a phone call...people will be upset.

[24elements]

I basically understand protocol binding. 

 

I do not understand the following in the Protocol Binding setup of the Cisco Dual Wan Router RV042g  On the Protocol Binding page in the router there is a source ip: from and to.  What is the source IP, what does that mean?  From what to what?  What is the destination IP, what does that mean?  From what to what?  I have several workstations that I want to bind a protocol to and know their ip address.  But I just don't understand source ip, from and to, what goes there, and the destination ip, from and to, what goes there?

 

SOURCE IP:              FROM ------------------ TO -----------------------

 

DESTINATION IP:    FROM ------------------- TO -----------------------

 

I understand the SERVICE and how to select the interface.

[sc302 Veteran]

 

http://sbkb.cisco.com/CiscoSB/GetArticle.aspx?docid=214b9e138807474cba39cda82212f509_Adding_Deleting_an_IPv4_access_Rule.xml&pid=2&converted=0

http://sbkb.cisco.com/CiscoSB/GetArticle.aspx?docid=d297d2890f084031a5e906f24727104c_Set_Up_Dual_WAN_Connections_.xml

 

source ip is the source of the communication, the initiator.   When you type in www.anysite.com the pc or interior network is the initiator or source.  Destination would be the ip of where the www.anysite.com is so that is the final target.

 

You need to understand who/what initiates a conversation and when that conversation starts to be able to understand source.

 

Lets use this topic for example

You initiated this topic 24elements

You typed in www.neowin.net.  your internal pc is the initiator or the source here that is starting the communication to www.neowin.net.  so you would put your ip address or range of internal addresses in the source

the destination is www.neowin.net.  you would put the destination ip in the destination range or you would leave it blank to be able to send to all on the internet.

 

You computer started the handshake process to get data, that is the source in this case.

 

 

You need to understand source, the person or network initiating the conversation/dialing the number.

You need to understand destination, the person or network that the computer is trying to communicate with/picking up the phone to answer.

 

networking is back and fourth, someone is always initiating and someone is always answering which is source and destination. 

 

 

[24elements]

 

Quote

 

 

How can you be confused when my questions are explicit!

 

Here's my questions again from my original post.................

 

What is the source IP, what does that mean?  From what to what?  What is the destination IP, what does that mean?  From what to what?

 

SOURCE IP:              FROM ------------------ TO -----------------------

 

DESTINATION IP:    FROM ------------------- TO -----------------------

 

You did provide some helpful info defining the source and destination.  Thanks for that.  But I can do without your smart ass attitude.

 

[sc302 Veteran]

I apologize for being a smart ass had a bad day today.

 

 

anyway, I don't know your network or where the source is so I don't know what you should put in there. I can't  be specific when I don't know what is initiating and what is receiving. If you host something like a website on your network the source would be the Internet.   More than likely the source is your LAN ip range or a LAN single ip. And destination in most cases should be blank or 0.0.0.0 0.0.0.0

 

but you can specify a specific destination like a host you connect to constantly.  

 

Again this changes depending on who initiates the conversation.   I don't have that information for you. You must understand that for yourself. 

 

 

A single ip is written

192.168.1.100 to 192.168.1.100

 

A range is written

192.168.1.100 to 192.168.1.254

[The Evil Overlord]

paging @BudMan

for an extra set of eyes

 

edit

 

not to undermine sc302 in any way

[24elements]

There is a single user on the lan that I want to bind https to.  If her lan Ip is 192.168.1.20, so the source ip would be 192.168.1.20 to 192.168.1.20 and the destination ip would be 0.0.0.0 0.0.0.0.  Am I correct?   Does the destination IP of 0.0.0.0 0.0.0.0 mean ALL https websites?

[Xahid]

On 8/26/2016 at 2:20 AM, 24elements said:

I have a Cisco Rv042g Dual Wan Router with 2 DSL lines connected to it.  I want to set it to load balance to utilize the bandwidth of both lines.  I have no problem showing my ignorance.  I do not understand the following in the Protocol Binding setup:

 

SOURCE IP:              FROM ------------------ TO -----------------------

 

DESTINATION IP:    FROM ------------------- TO -----------------------

 

I understand the SERVICE and how to select the interface.

 

Please help!

 

If you just want to utilize the bandwidth of both lines, you need to configure the Router as follow.

 

1st step is configure the both ports WAN/DMZ and than make sure you have selected the load balance (auto mode) in dual wan pane.

 

 

[+John Teacake MVC]

5 hours ago, 24elements said:

There is a single user on the lan that I want to bind https to.  If her lan Ip is 192.168.1.20, so the source ip would be 192.168.1.20 to 192.168.1.20 and the destination ip would be 0.0.0.0 0.0.0.0.  Am I correct?   Does the destination IP of 0.0.0.0 0.0.0.0 mean ALL https websites?

No, That means that ANY IP that your device doesn't know about (0.0.0.0) ... Shove the traffic to here....

[+BudMan MVC]

Why do you think you need to do protocol binding?  Clicking the load balance auto.. And what is not working? https?  Protocol binding is only needed if you want specific type of traffic to only use 1 of your wan links vs load balance where you have no idea which link would be used.

 

Example of this would be if you want your bit torrent traffic to always use wan2, etc.  But to be honest click the auto mode and your done..

 

I too am confused at how source IP and dest IP is not clear??  I can understand not knowing what is the way to put in any as your dest with the 0.0.0.0 this should be in their docs to be honest, but a quick look doesn't state that.. Pretty ###### documentation

 

Protocol Binding

Protocol Binding requires this interface to be used for specified protocols, source, and destination addresses. It allows an administrator to bind specific outbound traffic to a WAN interface. This is commonly used when the two WAN interfaces have different characteristics, or where certain traffic from LAN to WAN must go through the same WAN interface.

To add or edit table entries, click Add or Edit and enter the following:

 • Service—Service (or All Traffic) to bind to this WAN interface. If a service is not listed, you can click Service Management to add it. For more information, see Adding or Editing a Service.

 • Source IP and Destination IP—Internal source and the external destination for the traffic that goes through this WAN port. For a range of IP addresses, enter the first address in the first field and the final address in the To field. For a single IP address, enter the same address in both fields.

To enable the protocol binding, check the box to enable this rule, or uncheck the box to disable it.

To Edit the settings, select an entry in the list. The information appears in the text fields. Make the changes, and click Save.

To Delete an entry from the list, select the entry to delete, and click Delete. To select a block of entries, click the first entry, hold down the Shift key, and click the final entry in the block. To select individual entries, press the Ctrl key while clicking each entry. To de-select an entry, press the Ctrl key while clicking the entry.

[sc302 Veteran]

10 hours ago, 24elements said:

There is a single user on the lan that I want to bind https to.  If her lan Ip is 192.168.1.20, so the source ip would be 192.168.1.20 to 192.168.1.20 and the destination ip would be 0.0.0.0 0.0.0.0.  Am I correct?   Does the destination IP of 0.0.0.0 0.0.0.0 mean ALL https websites?

That would bind https to a isp interface. But that would be correct if you wanted to do that. I don't know if you would need 0.0.0.0 or to simply leave it blank. Try blank first. 

[24elements]

I know you guys are going to think I'm brain dead because of such little detail here describing the initial problem but when I was using load balance on the Cisco several users were having issues accessing websites like they could pull the site up on their desktop but when they would do anything like clicking on a picture they would receive a message that the session had timed out.  So I set the Cisco to failover and the internet works fine for these users in failover.  But now I want to use load balance for the speed and it's my understanding if I bind the protocol to these users ip addresses on the local lan binding will correct that problem.

[sc302 Veteran]

Binding will bind it to a specific ip/isp. It will allow for secure communications to function properly but it will break load balancing. 

 

The issue is with security.  

 

Security will break/https will break when the ip changes.  It basically says I didn't authorize this transaction on this ip, I am stopping this right now...then your session breaks. 

[24elements]

I'm confused.  Use binding?  Use load balancing?

[sc302 Veteran]

If load balancing, you will have to bind https to a isp port.  HTTPS cannot be load balanced.  There are other protocols that will break when load balancing, when you run into them you will need to bind those protocols to a Isp port. 

 

 

[+John Teacake MVC]

11 hours ago, sc302 said:

If load balancing, you will have to bind https to a isp port.  HTTPS cannot be load balanced.  There are other protocols that will break when load balancing, when you run into them you will need to bind those protocols to a Isp port. 

 

 

I thought HTTP could be load balanced with Sticky Sessions. I have seen this done on a Cisco ACE load balancer....I think anyway this is a different thing and I am too hungover for it :-p

[+BudMan MVC]

yes you can do http/https with sticky sessions or also called session affinity, etc. etc.  There are lots of different methods of making sure when you load balance that the traffic going to where you wanting it to go comes from the same IP.  As sc302 so correctly points out from a security standpoint you have an issue.

 

Anything that requires auth or uses some sort of session monitoring to allow something, ie like logged into some website as user billy might have issues if create a session from ip address A and then at same time also having session from IP B, etc.  Which is very possible with load balancing..  Fancier load balancing can help with this stuff by doing doing what JT mentions as "sticky"..  Seems this low end consumer/smb router doesn't have such features??  Well they do but seems you have to do it by hand by creating a protocol binding..

 

One way you could handle this when trying to leverage your full 2 isp pipe is bind half your users for https to wan 1 and the other half to wan 2..  So in your binding use source IP range that covers half your scope.  Say you have 200 users  and your dhcp is .50 to .250, then bind half of those to your wan1 and the other half to wan2 for https.  Could do the same thing for http or ftp or any other protocols where you could have problems with server having problem with source IP changing

 

To be honest if you need more bandwidth, get a fatter pipe   It will make your life easier.  Use your 2nd wan as failover or maybe you have vpn users they could use wan 2, etc.