How to keep one WAN up at all times regardless of packet loss?

chitchat

Hi,

In a Multi WAN setup, how do we keep one WAN up at all times? We have a primary WAN that is up most of the time. Our backup WAN is a dirty line that often has high packet loss, but only for short periods of time, however the packet loss causes the backup WAN to be marked down. Having packet loss events of 95% on this line is just normal for this line. We would rather just have that WAN stay up all the time rather than cycle down and up even for a short amount of time, leading to a possibility that the primary WAN could go down and the system would not have the backup WAN to flip over to. Is there a way to keep the backup WAN persistenly up?

Thanks for any help!

SteveITS

@chitchat There are settings in the gateway settings area to control packet loss etc thresholds: https://docs.netgate.com/pfsense/en/latest/routing/gateway-configure.html#advanced-gateway-settings

But also one can disable monitoring or alerting. Higher up on that page:

Disable Gateway Monitoring
By default, the gateway monitoring daemon will ping each gateway periodically to monitor latency and packet loss for traffic to the monitored IP address. This data is used for gateway status information and also to draw the Quality RRD graph. If this monitoring is undesirable for any reason, it may be disabled by checking Disable Gateway Monitoring. Note that if the gateway status is not monitored, then Multi-WAN will not work properly as it cannot detect failures.

Disable Gateway Monitoring Action
When set, the gateway monitoring daemon will take no action if the status of the gateway changes. For example, no events will be acted upon if it becomes unresponsive or suffers from high latency.

This is useful if the administrator wants to monitor a gateway without the monitoring causing additional disruptions.

chitchat

Thanks for your reply Steve.

Hmm, this seems to put us between a rock and a hard place. We wouldn't want to disable monitoring because we do want to know if our backup WAN line goes down.

The specific WAN we're addressing is frequently dirty. I've set to the loss threshold set at 95% in an attempt to keep it from cycling up and down all the time. The instances of high loss can sometimes last less than a minute. IE, it is marked Down, then Up again within the same minute. I'd be ok with even a high percentage of packet loss for a brief period, rather than have it go offline completely, leaving us with nothing to failover to when the primary WAN goes down.

Is there some way to effectuate something like say max 65% packet loss for 2 minutes before marking a WAN offline?

TIA.

SteveITS

@chitchat Yes you can adjust thresholds and increase the time period: https://docs.netgate.com/pfsense/en/latest/routing/gateway-configure.html#advanced-gateway-settings

chitchat

@SteveITS

So, if I want to set the trigger to be 65% loss for 2 minutes before marking down the WAN, I would set:

-"Packet loss threshhold - High" to 65

-"Loss Latency" to 120,000" milliseconds

Is that right?

SteveITS

@chitchat Time Period is the sampling interval:

"Time Period

The amount of time, in milliseconds, over which ping results are averaged. The default is 60000 (60 seconds, one minute). A longer Time Period will take more time for latency or loss to trigger an alarm, but it is less prone to be affected by erratic behavior in ping results.

The Time Period must be greater than twice the sum of the Probe Interval and Loss Interval, otherwise there may not be at least one completed probe."

I don't see a "Loss Latency" setting?

Play with "Packet Loss thresholds"...I seem to recall it behaving a bit like I wouldn't expect...maybe the lower threshold triggers or something. It's been a few years since I dealt with a problematic ISP.