Failover support added for Load balancing in latest snapshot

sullrich

Thanks to Seth Mos (databeestje) we now have failover support for load balancing.  IE: you can set it up to prefer a gateway for specific traffic and if pfSense detects an issue with that gateway, it will fail over to the next in the pool, etc.

You can grab the latest snapshot from http://snapshots.pfsense.com/FreeBSD6/RELENG_1/

Please test, test, test!

cheeky

My load balancing is working before updating to this latest snapshot.
After upgrade, reconfigure load balancing, all connections are active. But cannot access any websites.
Changing the gateway in the LAN rule from Balancer to default makes access to websites possible, but no load balancing happens! All traffic uses only the default WAN gateway! :o
Please help!

Mercredi

Wow! it works for me. I created a loadbalancer with the "failover" radio-button selected, then created a firewall rule to access http with the failover loadbalancer as a gateway. and now i am writing this message within my backup connection. Fantastic!

cheeky

Selecting failover or loadbalancing mode in the load balancer does not correct my problem. How did you load the new snapshot, via a full install or upgrade firmware utility? I did it via upgrade firmware utility. Any comments please? I'm already planning to reformat my firewall to restore it.
But i want the failover feature!  :(

databeestje

I don't see why this would not work for load balancing since that code has not changed. Actually I use load balancing with this code at work with a 2 WAN setup and it works for me. So I cannot replicate this.

Are you using 2 DHCP wans?

cheeky

WAN is via PPPOE (ADSL), WAN2 is static(also ADSL).
Load balancing is working before upgrading it to your latest snapshot (1-7-2007), so i'm sure my configs are working.
Loaded it via firmware upgrade, not a full install. Is this an issue?

Cannot access internet if the selected gateway in the LAN dafault rule is the balancer, but can access internet when changing it to default. My rules are all default, nothing special except for the 127.0.0.1 rule for the FTP.

Mercredi

cheeky: i also updated my pfsense through the firmware update feature. but i didnt used load balance before on this installation, so it's a new pool. check your monitor IP's, be sure they are different from each other and are accesible also.

sullrich

And make sure the monitor ips are on the network of the ISP.  Adding google as a monitor ip which most people do is WRONG.

The IP needs to be a few hops out on the SAME ISP.  Traceroute out of each of the WANS and find a next hop router to use as the monitor IP.  Just pulling one out of your head is wrong and is asking for trouble.

databeestje

Monitor IPs need to be unique over all interfaces. So you can not add the google IP for multiple interfaces.

Ignoring the fact that the IP probably lives across a trans atlantic link or some such.

Do a traceroute from/to each internet connection and find yourself the upstream router. That is way more reliable and they differ for each interface. After changing the firewall rule did you actually wait for the rules to finish loading?

hoba

I just set up some testenvironment in my lab and tested this with a failoverpool of wan and opt1, both set to dhcp and it works like a charm. Good job seth!

Btw, lot's of people have demanded this feature and now that it is available only that few testers? Come on all you loadbalancing users out there, we need some feedback!  ::)

Sn3ak

Firstly, Let me say great job guys. keep up the good work.

Can someone get an updated/easier howto posted? I think this would help adoption.
I have looked at two different articles, one from the wiki, and one from somewhere
else on the site.  They are slightly different, and that makes things even more confusing
for someone who hasn't done this before.

That being said, I seem to have gotten mine to work well with three wans. I do have a problem
that has caused me to turn off the Load Balancing. As soon as I create a firewall rule setting the
default route the the loadbalancer, I can't access my IPSEC client's.

I have tried to create different rules, etc to get traffic to pass over the IPSEC, but have failed.

I am the IPSEC Host, the rest of the clients are all mobile. I was looking for a way to set IPSEC
to use the default gateway, or force it to one lan, but can't seem to find a way to do so.

I tried creating the following LAN rule, figuring ipsec could communicate to my network, but my
network couldn't communicate back. the ip 111 used below would be the original default gateway
ip.

*  LAN net  *  192.168.2.0/24  *  111.111.111.111 Default LAN -> IPSEC

Help, please :)

Mercredi

@hoba:

Btw, lot's of people have demanded this feature and now that it is available only that few testers? Come on all you loadbalancing users out there, we need some feedback!  ::)

failover available only in the "latest snapshot", we can test it only on the testing environment. for example me: my testing environment is my home and my home network.

databeestje

@Sn3ak:

Firstly, Let me say great job guys. keep up the good work.

Can someone get an updated/easier howto posted? I think this would help adoption.
I have looked at two different articles, one from the wiki, and one from somewhere
else on the site.  They are slightly different, and that makes things even more confusing
for someone who hasn't done this before.

The new page is a lot easier. Just add a interface and it's monitor IP to the server list using the add button.
Or just pick the gateway from each interface as the monitor IP. that works in a pinch.

That being said, I seem to have gotten mine to work well with three wans. I do have a problem
that has caused me to turn off the Load Balancing. As soon as I create a firewall rule setting the
default route the the loadbalancer, I can't access my IPSEC client's.

Are your ipsec clients in another subnet or are they assigned addresses in the LAN address range?
If they have different addresses you need to create a allow any from lan to vpnsubnets rule with the default gateway assigned.

tunge2

Is there a doc availlable of how to install the load-balancing function….?

databeestje

If you do have 2 wan, go to Services -> Load Balancer, Create a new pool, type gateway, add the interfaces and monitor IPs, Save and apply.
Then go to Firewall -> Rules -> Lan and edit the Lan->Any rule, change the gateway from default to your just created pool.

Good Luck.

sai

Can I have 2 pools at the same time? One with simple load balancer and the other with failover?

I was thinking that the failover would be used with ssl stuff and load balancer for everything else

sullrich

Yes, that will work fine.

dscott98

I have setup load balance using DSL (PPPoE) as the WAN interface, and Cable (dhcp) as an optional interface.  I added a loadbalancing gateway pool as described in this thread, but it does not work properly.  If I used the loadbalancing gateway DNS name resolution doesn't work for any clients on my network.

sullrich

Add static routes for the DNS servers forcing the traffic out the correct interfaces.

Rockyboa

Hi all,

Been trying this new feature.  I have two WAN and one is using a very costly per Mb.  If my top gateway become available again will it switch back after a fail over?

Also I was wondering, how come in my routing table the gatway always stays to the top one in my pool when I look at my route.

Martin