Exceptions to sticky routing feature on multi-WAN setups
-
Dear all,
We are running pfsense on an appliance with dual WAN (igb0 and igb1) and single LAN (igb3) with load balancing (via same tier routing group) on the WAN side.
The sticky connection feature works perfectly on „ordinary“ browser connections, but for a cloud upload we would need aggregate bandwidth of both WAN links for a limited period of time (overnight). The cloud upload process uses multiple HTTPS connections, but all of them are routed to the same WAN uplink as they are originating from the same LAN IP/MAC. As it’s HTTPS we haven’t found a way to separate them from “ordinary” browser traffic.
- Is there a way to exclude certain target IPs / nets or domain names on the public internet from being routed/tagged through the same WAN connection?
- If so, is there a way of limiting this exclusion to certain times?
I’m thankful for any hint or advice.
I’ve searched the forum back and forth before posting, please forgive me in case I missed something.
-
Does anybody know if this is possible at all?
-
Sticky connections is currently a global option. It would be applied to all load-balance gateway groups when they are configured in the ruleset. It's not something you can apply via individual firewall rules or a schedule associated with that.
However it is actually applied per gateway pool in the ruleset:
GWLoadBalance = " route-to { ( pppoe1 x.x.x.x ) ( pppoe0 y.y.y.y ) } round-robin sticky-address "You could potentially have a second gateway group with the same gateways but without sticky connections applied to different hosts. There is just no way to create that in pfSense from the GUI. You could open a feature request to move that option to the gateway config.
https://redmine.pfsense.org/I can't see any way to achieve that currently beyond something very hacky like loading a custom ruleset with a cronjob.
Steve
-
I created one, this seems like it would be a useful feature:
https://redmine.pfsense.org/issues/12077
