MULTI-WAN HA Bandwidth Usage happening only on one WAN



  • Hi Guys,

    We are on pfsense for sometime now … and MULTIWAN was working good ...
    Bandwidth usage on both the WAN are more or less divided equally ....
    Recently we enable HA Carp and every since traffic usage on WAN1 is most of the
    time at 100% and it will go down and failover to WAN2 .....
    Below is my config:

    Hardware : C2758 @ 2.40GHz

    PFsense 2.3.2

    WAN1 = 70 mbps (Lease Line)
    WAN2 = 60 mbps (Lease Line)

    MULTIWAN Setup : WAN1 tier1, WAN2 tier1
                                WAN1 weight 10 WAN2 weight 9

    so most of the time WAN1 usage is at 90 -100% while WAN2 usage is at 2% only .....
    i'm noticing this ever since we enable HA Carp ....

    Please help ...


  • Netgate

    There is no difference in the load balancing algorithms if you are using HA or not using HA.

    Something else must have changed in the policy routing along the way resulting in the behavior you are seeing.



  • As far as i know … no changes are made except the HA carp config .... Could you give me a tips or pointer...
    what i should look out for ....


  • Netgate

    Just check the rules that policy route to the load balance gateway group. Check the outbound NAT. Are the users complaining?



  • Yes user are complaining also when WAN1 get saturated … the dpinger to check the WAN1 availability will get timeout and it will in turn remove it from the routing table....
    and it happen atleast two or thrice a day....


  • Netgate

    Well without seeing your configuration it is going to be impossible to know what you did wrong.



  • Below is our config:

    Lagg0 ig0 to ig3

    VLAN on Laggo

    VLAN 1 to 63

    LAN group : VLAN3 to 60

    VLAN60 DMZ

    WAN1: 70 mbps
    WAN2: 60 mbps

    MULTIWAN = WAN1+WAN2
    Firewall Rules: Gateway group : protocol : any Source:any Port:any Destination:any Port:any Gateway : MULTIWAN

    Traffic shaping for MultiWAN MultiLAN is enable…

    Apart from this :
    PowerD Hiadaptive is enable
    Flush state when gateway down is enable
    Gateway switching is enable
    WAN Reply-to is enable....

    Please let know if you need any more info.....


  • Netgate

    That all looks like it should work fine. There must be a mistake made in the actual configuration somewhere.



  • now i change the weigh on each WAN …

    WAN1 (default gateway) 70mbps i change the weight to 2
    and WAN2 60 mbps to weight 12

    and WAN1 usage 80 to 60 %
          WAN2 usage 20 - 40 %

    i actually increase the weigh on the smaller pipeline...


  • Netgate

    The only think I can think of is there are services on the firewall that are using WAN1, since those services cannot be policy routed.

    You will probably have to look at what is actually using the traffic. If it is things sourced from the firewall (like VPN traffic) you might have to make some adjustments there.

    The load balancer has no way to know how much traffic a state is going to generate when it is established and the interface is chosen. It distributes states, not traffic.



  • I do have natted ip routed only to WAN2 … and all personal devices too routed to WAN2 .... and the rest to WAN1+WAN2 ....

    i just finish adding a failover to WAN group .... so now VLAN 3 to 23 are on MULTIWAN
    and VLAN24 to 62 are on WAN2 hopefully this is increase the utilization on WAN2 ....

    LAN GOUP 1 = VLAN3 to 23 = MULTIWAN

    LAN GROUP2 = VLAN24 to 62 = WAN2 (FAILOVER ENABLED)

    and regarding services we have unbound and snort packages running on our pfsense ....