Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Why do people use LoadBalance AND Fail Over Rules together?

    Routing and Multi WAN
    3
    10
    5899
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      Eddie55 last edited by

      I was watching this guide and many others on youtube and all the guides show people using setting up 3 rules.
      https://www.youtube.com/watch?v=omuklZrzopM

      First
      WAN1 Tier 1
      WAN2 Tier 2

      Second
      WAN1 Tier 1
      WAN2 Tier 2

      Third
      WAN1 Tier 2
      WAN2 Tier 1

      This makes no sense to me… if your initial Rule shows load balance.... why do you need the fail over rules?

      If your connection is being split between DUAL WANS and WAN 2 goes down... why doesnt it just use WAN1 100% until WAN 2 comes back online?

      How does the logic flow through the rules?

      Thanks in Advance
      Eddie

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        Generally for different types of traffic.

        It's also a way to make a special rule that policy routes differently.

        You might also have traffic that doesn't like to be load balanced in the way that works for everything else so you can route that out differently.

        If all you have is load balance (equal tier) you don't get a DynDNS failover (switching the IP address from one WAN to the other) either I don't think. Ran across that the other day but haven't tested it further or looked at the code.

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • E
          Eddie55 last edited by

          Thank you for the reply…
          I am trying to understand the router logic behind the rules

          Group 1
          WAN1 Tier 1
          WAN2 Tier 2

          Group 2
          WAN1 Tier 1
          WAN2 Tier 2

          Group 3
          WAN1 Tier 2
          WAN2 Tier 1

          At what point does the router decide not to use group 1 rules of load balancing and move to group 2 rules with WAN 1 Tier 1 and WAN 2 Tier 2 and then what would cause the router to move to Group 3?

          or

          Is the point of creating these groups is to then create rules at the firewall level to utilize them?

          Just trying to wrap my head around creating groups

          Thank in advance
          Eddie

          1 Reply Last reply Reply Quote 0
          • H
            heper last edited by

            the yt "tutorial' is crap.

            https://doc.pfsense.org/index.php/Multi-WAN

            1 Reply Last reply Reply Quote 0
            • E
              Eddie55 last edited by

              Thank you for the reply…
              I read through that as well
              "A common practice for a two-WAN setup is to make three gateway groups for a multi-wan configuration: one that load balances, and two for failover, one preferring each WAN. This could be expanded for any number of WANs: Make one group that prefers each of them and fails over to some ordering of other WANs. This will allow selectively putting traffic on each WAN as well as load balancing."

              They recommend the three group setup... I'm just trying to understand why if you are doing load Balance do you also need to setup fail over...

              1 Reply Last reply Reply Quote 0
              • Derelict
                Derelict LAYER 8 Netgate last edited by

                You policy route traffic to a gateway group.

                You don't have to policy route all traffic to the same gateway group.

                You might want different behaviors.

                And, like I said, Dynamic DNS might behave differently. You could have a gw group that doesn't have any traffic routed to it but you want your Dynamic DNS to move from Cable to DSL in the event Cable does down.

                Chattanooga, Tennessee, USA
                The pfSense Book is free of charge!
                DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • H
                  heper last edited by

                  @Eddie55:

                  They recommend the three group setup… I'm just trying to understand why if you are doing load Balance do you also need to setup fail over...

                  -You don't want to load balance HTTPS (fail over preferred)

                  • you don't want to balance your first person shooter traffic
                  • you want to load balance your torrents to get the maximum speeds
                  • ….
                  1 Reply Last reply Reply Quote 0
                  • E
                    Eddie55 last edited by

                    Just to give some context this is for a medical office

                    @heper
                    its like your in my head…
                    i was going to ask that exact question about https that makes my decision super easy.... Fail over only no load balance

                    @Derelict
                    I didnt even think about that but thats a great point about being able to use DDNS

                    Long story short....No load balance for me... just fail over

                    Now if ALL i care about is putting everything through WAN 1 and when WAN 1 dies we use WAN 2 as back up but when WAN 1 comes back online we go back to WAN 1
                    I should only need 1 gateway group id imagine

                    Group 1
                    WAN1 Tier 1
                    WAN2 Tier 2

                    Just curious but would i need to also need to create a Group 2 as follows

                    Group 2
                    WAN1 Tier 2
                    WAN2 Tier 1

                    Thanks in advance
                    Eddie

                    1 Reply Last reply Reply Quote 0
                    • Derelict
                      Derelict LAYER 8 Netgate last edited by

                      No you do not need to.

                      Chattanooga, Tennessee, USA
                      The pfSense Book is free of charge!
                      DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • E
                        Eddie55 last edited by

                        you guys are awesome thanks!

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post