What does WAN monitoring do?

JKnott

Does monitoring actually do anything. Today, I've been experiencing some planned outages, while my ISP upgrades the equipment in my condo utility room. Since I knew this was going to happen, I decided to see what pfSense did, when my connection failed. I have monitoring enabled for both IPv4 and IPv6. Yet, I saw nothing in pfSense that indicated the failure, other than the loss of traffic displayed on the dashboard. Packet Capture showed only outgoing pings and TCP connection attempts, as expected, but the dashboard showed the WAN was still up.

tnx jk.

Gblenn

@JKnott I suppose that depends on what you are using as monitor IP... Like in this example for my second WAN connected to an LTE router.

The IP I'm monitoring against is Cloudflare (1.1.1.1) and if the mobile connection goes down, I will see that since Cloudflare will not be reacheable. However, if I had been using the default IP, being the gateway (192.168.3.2) it would still be showing as Online... But no internet traffic of course...

JKnott

@Gblenn

I know it's monitoring the connection, as I could see the pings going out, but nothing else.

stephenw10

Depends how you have the gateway configured but it should mark the gateway as down once it meets the latency or packet loss thresholds.

And that triggers some scripts you should see logged. Unless you have monitoring action disabled on the gateway.

JKnott

@stephenw10

No I haven't disabled monitoring. On IPv4, I'm monitoring my ISPs gateway and on IPv6, the next hop out, as the gateway doesn't respond. Today, I had complete failure, in which the equipment in my condo utility room was being upgraded (I expect for DOCSIS 4.0) and apparently I can expect some more interruptions tomorrow.

BTW, the service was intermittent. I didn't lose my connection for the entire day.

stephenw10

@JKnott said in What does WAN monitoring do?:

I haven't disabled monitoring

But have you disabled 'monitoring action'? Those are two separate settings on the gateway config. If you only have one WAN disabling monitoring action is quite common because there really isn't much benefit to running it.

tman222

It's certainly a very important feature for multi-wan setups to support automatic circuit failover.

JKnott

@stephenw10 said in What does WAN monitoring do?:

But have you disabled 'monitoring action'? Those are two separate settings on the gateway config. If you only have one WAN disabling monitoring action is quite common because there really isn't much benefit to running it.

Neither is disabled. Yes, I was wondering about what it could do quite a while ago. IIRC, I even asked if there were any hooks for triggering some action. I had considered things such as fallover. Now, I'm wondering if there was something immediately visible that would show it failed. I'll have to check the status tomorrow, to see if anything shows.

JKnott

@tman222 said in What does WAN monitoring do?:

It's certainly a very important feature for multi-wan setups to support automatic circuit failover.

I was considering that too, but don't see any way to use it. When using a routing protocol, such as OSPF, a router learns when a route has failed and then falls back to the next best, based on the metric. While pfSense certainly has a metric (currently 0 on all interfaces) but I'm not sure what support it has. In Linux, on my notebook, both the Ethernet and WiFi are on the same subnet, but the Ethernet interface has a lower metric than WiFi. This causes Ethernet to be preferred when available. If the WAN fails, what mechanism is there, in pfSense, to force change?

Gblenn

@JKnott said in What does WAN monitoring do?:

I'm wondering if there was something immediately visible that would show it failed. I'll have to check the status tomorrow, to see if anything shows.

It should really show Online or Offline like this :

And this

But if your monitoring IP is the ISP gateway, it is possible that it still shows online even if the ISP has a connection problem further up the line...

@JKnott said in What does WAN monitoring do?:

I was considering that too, but don't see any way to use it. When using a routing protocol, such as OSPF, a router learns when a route has failed and then falls back to the next best, based on the metric. While pfSense certainly has a metric (currently 0 on all interfaces) but I'm not sure what support it has.

You create a Gateway group out of the two (or more) gateways you have. Within this group you set the individual priority (Tiers), and optionally weight (when load balancing). Then change your default gateway to be the group instead of a single WAN interface. After that, pfsense will handle the change based on the decision criteria you have selected (packet loss or gateway down for example).
You find this under System > Routing
Where you first create the group under Gateway Groups and then select the group as default under Gateways, like this:

stephenw10

@JKnott said in What does WAN monitoring do?:

If the WAN fails, what mechanism is there, in pfSense, to force change?

It will change the default gateway (default route) and hence anything using that. If you have set the default gateway to a failover group it will use the gateways from within that. If it's set to automatic is just uses the next gateway that is UP which can be an issue is that is, say, a VPN.

If you're policy routing traffic you can set a load-balance or failover gateway group and pf forces traffic via that as states are opened. If a gateway is marked down it is removed from the group.