Failover support added for Load balancing in latest snapshot
-
Firstly, Let me say great job guys. keep up the good work.
Can someone get an updated/easier howto posted? I think this would help adoption.
I have looked at two different articles, one from the wiki, and one from somewhere
else on the site. They are slightly different, and that makes things even more confusing
for someone who hasn't done this before.The new page is a lot easier. Just add a interface and it's monitor IP to the server list using the add button.
Or just pick the gateway from each interface as the monitor IP. that works in a pinch.That being said, I seem to have gotten mine to work well with three wans. I do have a problem
that has caused me to turn off the Load Balancing. As soon as I create a firewall rule setting the
default route the the loadbalancer, I can't access my IPSEC client's.Are your ipsec clients in another subnet or are they assigned addresses in the LAN address range?
If they have different addresses you need to create a allow any from lan to vpnsubnets rule with the default gateway assigned. -
Is there a doc availlable of how to install the load-balancing function….?
-
If you do have 2 wan, go to Services -> Load Balancer, Create a new pool, type gateway, add the interfaces and monitor IPs, Save and apply.
Then go to Firewall -> Rules -> Lan and edit the Lan->Any rule, change the gateway from default to your just created pool.Good Luck.
-
Can I have 2 pools at the same time? One with simple load balancer and the other with failover?
I was thinking that the failover would be used with ssl stuff and load balancer for everything else
-
Yes, that will work fine.
-
I have setup load balance using DSL (PPPoE) as the WAN interface, and Cable (dhcp) as an optional interface. I added a loadbalancing gateway pool as described in this thread, but it does not work properly. If I used the loadbalancing gateway DNS name resolution doesn't work for any clients on my network.
-
Add static routes for the DNS servers forcing the traffic out the correct interfaces.
-
Hi all,
Been trying this new feature. I have two WAN and one is using a very costly per Mb. If my top gateway become available again will it switch back after a fail over?
Also I was wondering, how come in my routing table the gatway always stays to the top one in my pool when I look at my route.
Martin
-
Yes, it will switch back. Not sure what you are asking about the route table but we do not route multi-wan via regular routing. It is handled via PF itself.
-
Great function :D. I have at home a 100 Mbit line connected to the city's MAN and a ADSL line as a secondary link.
Great to have something to automate the switch between the WAN's if the primary line goes down, instead of as today, manually connecting cables :-.If you do have 2 wan, go to Services -> Load Balancer, Create a new pool, type gateway, add the interfaces and monitor IPs, Save and apply.
Then go to Firewall -> Rules -> Lan and edit the Lan->Any rule, change the gateway from default to your just created pool.Good Luck.
My problem appears at
add the interfaces
because only one NIC is in the list, the NIC named "WAN".
I have my secondary ISP on the OPT1 NIC, but i cannot choose it.Both ISP's issues IP address with the help of DHCP. The ADSL unit is a modem with 4 switchports.
The 100 Mbit MAN line is a simple Ethernet twisted pair cable.The computer running pfSense has 1 onboard 3Com and 2 3Com 3C905 PCI cards.
How do I tell the failover function that the OPT1 NIC is a WAN NIC so that it gets in the list named "Interface Name" @ load_balancer_pool_edit.php page?
-
Only NICs that have a gateway assigned will be listed in the selection. I guess your OPT1-WAN is not connected and/or has no dhcp lease yet. Make sure it got an IP and gateway assigned first. Then revisit the poolcreationscreen.
-
Thanks, that did the trick ;).
Is there a way of controlling the
ping intervall time,
ping reply timeout time,
how many ping timeouts that are needed before it failsover,
plus controlling how many successful pings on the primary isp that are needed to do a failback?If at this time it is not possible to manually control the above values,
is there a way to find out what the values are today, even if they are hardcoded? -
Thanks, that did the trick ;).
Is there a way of controlling the
ping intervall time,
ping reply timeout time,
how many ping timeouts that are needed before it failsover,
plus controlling how many successful pings on the primary isp that are needed to do a failback?Not currently.
If at this time it is not possible to manually control the above values,
is there a way to find out what the values are today, even if they are hardcoded?1 second timeout, 1 interval every 5 seconds. Newer snapshots have been changed to ping interval of 3, timeout 2 seconds.
-
Thanks.
That was the fastest response over a webbased forum i have seen :). -
It's alive ;D.
Failover took about max 5 seconds and i could browse the web and check my ipaddress to be sure what isp i was using.
Failback the same, only a couple of seconds. Thanks everybody :D.A question about portforwarding and failover:
When creating a rule under Firewall/NAT/Port Forward, the first parameter is Interface.
Is there a way of being able to choose my loadbalancer pool named "Failover" as interface parameter,
or do i have to clone every PF rule so that it even applies to the OPT1 interface? -
You have to add seperate rules/forwards for each Interface.
-
I added static routes for my DNS servers, and even tried to use DNS servers from opendns, still can't get DNS to work properly, i can ping outside my network via ip address, but i can't using domain names.
-
I had almost a similar problem. It took a couple of minutes after reboot before the problem started and it did not affect clients
on the network using the pfSense computer as a DNS server, but the pfSense own use of internet(not local static mappings)DNS
stopped working. Squid was unable to resolve, ping from pfSense console was unable to resolve and the Packages tab on the web
gui was unable to resolve.Hoba posted a response to my issue and the problem has after that not yet shown itself again.
The only thing i still can not understand was why my problem showed itself when i was running on the primary WAN link
and first after a couple of minutes. There was never any failure recorded(nor did i notice one either) on the primary WAN link.
But still, Hoba's response solved my problem.http://forum.pfsense.org/index.php/topic,3467.0.html
-
I got this working. Sort of.
Its buggy though.
Set it all up, lb status shows both links up. interface status show both links up. disconnect wan1 and it takes close to 5 minutes for it failover. while the interface status instantly shows the connection down, the load balancer status takes forever to update.
being mindful of the state table i test against a different destination and eventually traffic begins to cross WAN2.
Reconnect WAN1, this took 10 minutes for the lb status to show that this connection was back. again the interface status showed it instantly. Traffic never switches back to WAN1. By never I mean I waited for more than 90 minutes. I cleared the state tables etc. The route table shows the WAN1 gw as the default. But all traffic still passes the WAN2 interface.
Even if I change the gateway on my outbound rule to explicitly specify only the gw of WAN1 all the traffic passes WAN2. Yes I waited for the rules to build. Yes I flushed the states. Yes both interfaces are up. :)
The way the loadbalancer updates the interface status seems to be screwy. In fact at time it won't update the interface status of all my pools the same ways. See the attached image for an example. Explain that one. :)
Running 2-09 snapshot.
rebooting restores traffic to wan1. rinse and repeat.
suggestions?
oh…monitor ips are the farside of both connections on the isp networks.
-
Followup :: I've added static routes for the ips i'm monitoring on each interface. Made zero difference.