WANs on VLANs - No Load Balance!
-
Seems that when WANs that need to Load Balance are in VLANs in the same NIC, LB is not happening (checking with speedtest).
I have tried this in 2 different sites, using the latest version and with different hardware, both WANs are 50 mbps VDSL lines:
Site 1: APU.1D4 box, Ubiquiti ES-48-Lite EdgeSwitch, 3 WANs
Site 2: HP 7900 PC with Intel NICs, Cisco SLM 2048 switch.
When I use the same NIC with VLANs, I get the full speed of each WAN, but no LB, even if the WANs are in the same group-tier.
When I use the WANs in separate NICs, using the exact LB group, I get ~90 mbps in speedtest.
Is there something special that needs to be done when using the same NIC card and VLANs? Is it not possible at all?
Best regards
Kostas
-
Whether it is a single interface or a VLAN interface makes zero difference to the load balancing algorithm.
You might run into issues if the VLANs are on 100BaseT ports and not gigabit. Know that you are putting both sets of traffic on the same wire when you trunk VLANs like that.
-
Thank you,
All the VLANs are in gigabit ports in all hardware.
I see the same behavior in both boxes. if I use separate i/f for WANs, I get the result I need.
Best regards
Kostas
-
Need more information. Like I said, Load Balance does does not care at all. It requires no special features of the NICs.
-
OK, here is some more info on the setup, its the same in both cases:
In switch I have one trunk port which is connected to OPT port of the pfsense box.
In the OPT port I am creating 2 VLANs. I set static addresses for each of the ISP network.
Below a part of the documentation I sent to one of the clients:
OPT: Connected to port 41 (VLAN 10 and VLAN 20 trunk port)
VLAN10 (port 40): Connected to ISP1 router with IP: 192.168.10.253
VLAN20 (port 42): Connected to ISP2 router with IP: 192.168.6.3
Best regards
Kostas
-
OK that's all fine. My point is the Load balancing GW group does not care if the gateways are on VLAN interfaces or physical interfaces. It just chooses the gatway and sends traffic that way.
That being the case you probably want to look elsewhere, such as is the interface (on the firewall and the switch) taking errors, etc.
-
Thank you,
I looked, no errors either in switches or the pfsense boxes. Strange that happens in 2 different scenarios though, and the behavior is the same, I get the full speed of each wan, but never the speed of both, as it happens when using physical interfaces.
Best regards
Kostas
-
In general you do not get the speed of both load balance circuits when using a generic speed test site. They would have to do multiple streams in a manner that prompts the load balancing algorithms to put different states on different circuits.
You say you do see the bandwidth of both when physical and don't when VLAN.
That makes no sense.
-
You say you do see the bandwidth of both when physical and don't when VLAN.
Exactly. However, speedtest sites (especially Ookla), is the "proof of concept" that most of the clients are using. In this situation, the client had a TP-Link load balancer, which using these sites, showed him the total bandwidth of his 2 VDSL lines (~90 download and 10 upload), and pfsense did not.
Even the "refresh and see the round robin happen" test using pfsense.org/ip.php does not work, and with TPLink works…Is there a way to find out if the balanace algorithm does not work through logs?
Best regards
Kostas
-
There is no reason for it not to be working.
Load Balancing does not combine two circuits into one. The only technology that can do that in pfSense is Multi-Link PPP.
Load balancing distributes states across multiple links with the end goal of getting more of both circuits utilized.
Did you enable sticky connections or anything like that?
A single speed test site has never been a good way to test this. The last time someone said it didn't work I tested it with T-Rex. The results are here:
https://forum.pfsense.org/index.php?topic=124373.msg697215#msg697215
That thread is probably worth reading.
This too: https://portal.pfsense.org/docs/book/multiwan/index.html
