This week I’ve been spending a bit of time installing a Barracuda link balancer 330 for a client for whom RSCC provide IT support in Stevenage, so I thought I’d share a few thoughts on it, as there doesnt seem to be a lot in the way of real-world reviews on the web.
In this particular case the clients old Fatpipe Warp had finally given up the ghost, and as there was no need for the more advanced features of the fatpipe (such as the mesh vpn), this solution ticked all the boxes at a far lesser cost.
The most important thing for any prospective purchasers to understand is exactly what the unit will do, and more importantly, what it won’t.
The link balancer 330 will take any 3 ethernet inputs – such as routers, ethernet modems, isdn modems etc, and can be configured to either load balance, or to use one or more routes as a backup for the main route.
It can perform both outbound load balancing over the links, and inbound load-balancing by using it’s internal DNS server. By delegating a domain to the 330, incoming requests to that domain can be routed to any of the 3 inputs.
In the UK, one of the greatest IT problems SME’s face is the limited upstream bandwidth permitted by ADSL connections. Leased lines or etherstream etc overcome this issue, but at a considerable cost. What is important to understand with the link balancer is that 3 * 1mbps upstream adsl links does NOT EQUAL 3mbps upstream bandwidth (a common misconception). Any single session is limited to the speed of a single link. It can however improve things greatly, by ensuring the link used is not heavily loaded with other sessions.
Configuring the unit is pretty straight forward via the web interface, but it does require a bit of planning, a reasonable knowledge of IP & DNS and there are some gotchas to be aware of. In my case, we weren’t using the built in firewall to any great degree, as we use a Cisco ASA behind the unit, but it does contain a basic firewall if required. In this case, as the Cisco only supports one subnet on it’s external interface, it was necessary to use NAT on the Barracuda.
The unit can use PPPOE, DHCP or static IP to configure each link – however there are some gotchas. For the DNS to funcion it is neccesary to use a static IP on each required link. Whilst PPPOE in the real world can be used with a static IP, the same
doesn’t apply in Barracuda world, if using PPPOE with a static IP (or range of IP’s), the interface simply does not let you configure the DNS, so no inbound load balancing. This means I have a couple of Draytek 120’s sitting on the shelf…
You’ll probaly want your routers or modems to operate in a no-nat manner, which will rule out many cheaper routers. Currently We are using a couple of Draytek 2820’s and a old Cisco 837 (Which I’ll replace when I get round to it as the old firmwares are becoming a bit of a liability.)
I came up against a bit of a glitch when installing. It seems under certain circumstances, inbound port forwards on the primary IP of the link interfaces can really mess up outbound traffic. For example, if port forwarding 25 from the 330 to an internal server, any OUTGOING requests to any IP on port 25 would be looped back to the internal server. This seemed to be an intermittent issue – sometime correcting itself after a reboot, sometimes not.
Fortunately I had a /29 subnet on the adsl connections to use, and assigning an additional IP from the range to the interface and using that for NAT/port forwarding worked fine. Suprisingly support had not come across this issue before. We were fortunate to have this option – I’d certainly want an answer from barracuda before attempting an install with only one ip for each link available.
Overall, once the unit is up & running it seems to work quite nicely. You can use policy routing to ensure certain protocols or destination IP’s are routed out of certain lines; so far we haven’t had to need to use this, as it seems quite sensible in its routing choices – no problems with SSL websites which often had to be manually specified for routing on the old fatpipe unit.
Costwise the unit comes in at around the 2k mark, though Barracuda like you to buy some add-ons. The first is the ‘energiser’ updates. This is compulsory for the first year and seems to be little more than an occasional firmware update. As the units do not do anti-spam or AV, there shouldn’t really be much to update, so there’s not really much there to justify the cost – bug fixes should be free. Barracuda would also like you to buy an ‘instant replacement’ warantee, which may be more valuable in a mission-critical situation.
Overall it seems to do a reasonable job, though I’d still prefer a 10mbps leased line. It does add considerable complexity to the network, and is not something I would recomend as a self install without a fair bit of networking knowledge.
I’ll update this post once in a while if any more issues come to view.
Hi Richard
Very interesting post – just trying in vain to configure a 330 with two DSL lines at the moment. I’m using Draytek Vigor 120 DSL modems for the lines, but can’t for the life of me get the PPPoE connections on the Barracuda to come up – have you any tips?
I can get it to work using the 120s through a 2110 router, but that just seems overkill – surely the 330 should be able to connect through the 120s?
Hi David
Sorry I missed this post, I hope you have it sorted now. Though I am sure you have already tried, it the main ‘links configuration’ page it needs to be set to type pppoe, and a few lines down you have the bit for the username and password. Theres not really a lot more to it than that and it seemed to come up pretty quickly. Maybe worth a call to Barracuda if it’s not doing it for you.
The 120’s definitely work directly connected, but my issue was that then the built in DNS server could used, as this can only be assigned to a ‘static’ interface.
Hi Richard, I purchased the exact same link ag 330 and want to leave my asa 5510’s in place on both of my connections. Can you tell me better how you set the wan 1 and wan 2 as well as the lan link. I have a core switch that is my default gateway for my pc’s and each of my asa’s has an IP that I tell my core router to push traffic out , like 0.0.0.0 goes to one asa, while a certain ip will go out the other asa. I just cant figure out for the life of me what ip’s im supposed to put in the wan fields and the lan field. I really just need transparency on the links going out- and inbound I have about 8 servers that need specific rules from one of the inbound internet connections going into a server, such as email. Can you give me a quick idea as to what to put in these fields, and how to configure the static routes inbound for email etc… thanks!