MULTI-WAN HA Bandwidth Usage happening only on one WAN

kamminthang

Hi Guys,

We are on pfsense for sometime now … and MULTIWAN was working good ...
Bandwidth usage on both the WAN are more or less divided equally ....
Recently we enable HA Carp and every since traffic usage on WAN1 is most of the
time at 100% and it will go down and failover to WAN2 .....
Below is my config:

Hardware : C2758 @ 2.40GHz

PFsense 2.3.2

WAN1 = 70 mbps (Lease Line)
WAN2 = 60 mbps (Lease Line)

MULTIWAN Setup : WAN1 tier1, WAN2 tier1
                            WAN1 weight 10 WAN2 weight 9

so most of the time WAN1 usage is at 90 -100% while WAN2 usage is at 2% only .....
i'm noticing this ever since we enable HA Carp ....

Please help ...

Derelict

There is no difference in the load balancing algorithms if you are using HA or not using HA.

Something else must have changed in the policy routing along the way resulting in the behavior you are seeing.

kamminthang

As far as i know … no changes are made except the HA carp config .... Could you give me a tips or pointer...
what i should look out for ....

Derelict

Just check the rules that policy route to the load balance gateway group. Check the outbound NAT. Are the users complaining?

kamminthang

Yes user are complaining also when WAN1 get saturated … the dpinger to check the WAN1 availability will get timeout and it will in turn remove it from the routing table....
and it happen atleast two or thrice a day....

Derelict

Well without seeing your configuration it is going to be impossible to know what you did wrong.

kamminthang

Below is our config:

Lagg0 ig0 to ig3

VLAN on Laggo

VLAN 1 to 63

LAN group : VLAN3 to 60

VLAN60 DMZ

WAN1: 70 mbps
WAN2: 60 mbps

MULTIWAN = WAN1+WAN2
Firewall Rules: Gateway group : protocol : any Source:any Port:any Destination:any Port:any Gateway : MULTIWAN

Traffic shaping for MultiWAN MultiLAN is enable…

Apart from this :
PowerD Hiadaptive is enable
Flush state when gateway down is enable
Gateway switching is enable
WAN Reply-to is enable....

Please let know if you need any more info.....

Derelict

That all looks like it should work fine. There must be a mistake made in the actual configuration somewhere.

kamminthang

now i change the weigh on each WAN …

WAN1 (default gateway) 70mbps i change the weight to 2
and WAN2 60 mbps to weight 12

and WAN1 usage 80 to 60 %
      WAN2 usage 20 - 40 %

i actually increase the weigh on the smaller pipeline...

Derelict

The only think I can think of is there are services on the firewall that are using WAN1, since those services cannot be policy routed.

You will probably have to look at what is actually using the traffic. If it is things sourced from the firewall (like VPN traffic) you might have to make some adjustments there.

The load balancer has no way to know how much traffic a state is going to generate when it is established and the interface is chosen. It distributes states, not traffic.

kamminthang

I do have natted ip routed only to WAN2 … and all personal devices too routed to WAN2 .... and the rest to WAN1+WAN2 ....

i just finish adding a failover to WAN group .... so now VLAN 3 to 23 are on MULTIWAN
and VLAN24 to 62 are on WAN2 hopefully this is increase the utilization on WAN2 ....

LAN GOUP 1 = VLAN3 to 23 = MULTIWAN

LAN GROUP2 = VLAN24 to 62 = WAN2 (FAILOVER ENABLED)

and regarding services we have unbound and snort packages running on our pfsense ....