Why do people use LoadBalance AND Fail Over Rules together?



  • I was watching this guide and many others on youtube and all the guides show people using setting up 3 rules.
    Youtube Video

    First
    WAN1 Tier 1
    WAN2 Tier 2

    Second
    WAN1 Tier 1
    WAN2 Tier 2

    Third
    WAN1 Tier 2
    WAN2 Tier 1

    This makes no sense to me… if your initial Rule shows load balance.... why do you need the fail over rules?

    If your connection is being split between DUAL WANS and WAN 2 goes down... why doesnt it just use WAN1 100% until WAN 2 comes back online?

    How does the logic flow through the rules?

    Thanks in Advance
    Eddie


  • LAYER 8 Netgate

    Generally for different types of traffic.

    It's also a way to make a special rule that policy routes differently.

    You might also have traffic that doesn't like to be load balanced in the way that works for everything else so you can route that out differently.

    If all you have is load balance (equal tier) you don't get a DynDNS failover (switching the IP address from one WAN to the other) either I don't think. Ran across that the other day but haven't tested it further or looked at the code.



  • Thank you for the reply…
    I am trying to understand the router logic behind the rules

    Group 1
    WAN1 Tier 1
    WAN2 Tier 2

    Group 2
    WAN1 Tier 1
    WAN2 Tier 2

    Group 3
    WAN1 Tier 2
    WAN2 Tier 1

    At what point does the router decide not to use group 1 rules of load balancing and move to group 2 rules with WAN 1 Tier 1 and WAN 2 Tier 2 and then what would cause the router to move to Group 3?

    or

    Is the point of creating these groups is to then create rules at the firewall level to utilize them?

    Just trying to wrap my head around creating groups

    Thank in advance
    Eddie



  • the yt "tutorial' is crap.

    https://doc.pfsense.org/index.php/Multi-WAN



  • Thank you for the reply…
    I read through that as well
    "A common practice for a two-WAN setup is to make three gateway groups for a multi-wan configuration: one that load balances, and two for failover, one preferring each WAN. This could be expanded for any number of WANs: Make one group that prefers each of them and fails over to some ordering of other WANs. This will allow selectively putting traffic on each WAN as well as load balancing."

    They recommend the three group setup... I'm just trying to understand why if you are doing load Balance do you also need to setup fail over...


  • LAYER 8 Netgate

    You policy route traffic to a gateway group.

    You don't have to policy route all traffic to the same gateway group.

    You might want different behaviors.

    And, like I said, Dynamic DNS might behave differently. You could have a gw group that doesn't have any traffic routed to it but you want your Dynamic DNS to move from Cable to DSL in the event Cable does down.



  • @Eddie55:

    They recommend the three group setup… I'm just trying to understand why if you are doing load Balance do you also need to setup fail over...

    -You don't want to load balance HTTPS (fail over preferred)

    • you don't want to balance your first person shooter traffic
    • you want to load balance your torrents to get the maximum speeds
    • ….


  • Just to give some context this is for a medical office

    @heper
    its like your in my head…
    i was going to ask that exact question about https that makes my decision super easy.... Fail over only no load balance

    @Derelict
    I didnt even think about that but thats a great point about being able to use DDNS

    Long story short....No load balance for me... just fail over

    Now if ALL i care about is putting everything through WAN 1 and when WAN 1 dies we use WAN 2 as back up but when WAN 1 comes back online we go back to WAN 1
    I should only need 1 gateway group id imagine

    Group 1
    WAN1 Tier 1
    WAN2 Tier 2

    Just curious but would i need to also need to create a Group 2 as follows

    Group 2
    WAN1 Tier 2
    WAN2 Tier 1

    Thanks in advance
    Eddie


  • LAYER 8 Netgate

    No you do not need to.



  • you guys are awesome thanks!


Log in to reply