My Google Alert today informed me that there was an article on ISA Load Balancing over at the www.mcpmag.com Web site, so I had to check it out.
The article discusses various ways you an implement load balancing in an ISA firewall environment. Methods discussed include DNS round robin, ISA CARP arrays, Windows NLB and of course, RainWall.
The article was reasonably well done, but there were some nagging errors. The author states the following about NLB:
- NLB only works on one ISA interface at a time and that you can only load balancing incoming or outgoing requests
- NLB doesn’t check service status
- NLB doesn’t check NIC status
- NLB is difficult to configure
While this is all true for the Windows NLB service, its definitely not true for ISA firewall integrated NLB that’s included with ISA 2004 Enterprise Edition. With ISA 2004 EE integrated NLB, you can have:
- Bidirectional affinity (allows NLB to be enabled on all interfaces)
- Service awareness (if the ISA firewall services are down, then the node is removed from the NLB array
- NIC awareness (if the NIC is down, NLB will be aware that the node isn’t responding and remove it from the array)
- Easy to configure (ISA 2004 EE NLB is a simple wizard)
I should note that this article is correct regarding ISA 2004 Standard Edition. ISA 2004 SE does not support NLB and therefore RainWall is required to provide NLB support for ISA 2004 SE firewalls.
The author is correct that RainWall is very easy to configure. In addition, RainWall provides better performance and scales better than the Windows NLB or ISA EE integrated NLB. Even more, RainWall integrates with RainConnect to provide by “box” failover and load balancing and link failover and load balancing.
Check out the article at http://www.mcpmag.com/reviews/products/article.asp…ID=487
Thomas W Shinder, M.D.
MVP — ISA Firewalls