4. On-demand load balancing

On-demand load balancing

  • A

    Hi,
    I would very much like see on-demand load balancing on Pfsense. As an example WAN1 if primary gateway and WAN2 for failover and on-demand gateway. When WAN1 utilization goes over 80% new connections are routed to WAN2 (respecting sticky rules of course).
    I have seen this in a few products but not in Pfsense.

    Axel.

    0
  • A

    Maybe there is a trick how to do this?

    Axel.

    0
  • R

    not that i've seen discussed yet, thats often called spillover or overflow

    0
  • Rebel Alliance Developer Netgate

    There is no mechanism to work that way. With pf it can only be either connection-based round-robin or failover.

    0
  • A

    Hi,
    Connection based round-robin generates issues. I tried it but users started to report problems with several session aware services like Gmail. It might work better if it's host-based with a longer state-flush timeout.
    I could split users into two groups and use two WANs permanently with rules. However, I don't have LAN ports enough. I tried to find a way to use VLANs but couldn't create an interface which is based on a VLAN. In theory, this might be possible:
    UserGroup1 -> RoutingGroupA WAN1 (tier1), WAN3 (tier2)
    UserGroup2 -> RoutingGroupB WAN2 (tier2), WAN3 (tier2)

    WAN3 is only for backup when the primary Tier1 is down.
    It would be nice if ISP could bond several DSLs together.

    Axel.

    0
  • Rebel Alliance Developer Netgate

    You can also try activating Use Sticky Connections under System > Advanced, Miscellaneous tab. That will tie a particular user to a specific gateway until all of their states expire (or the timeout passes)

    0
  • A

    Typo:

    UserGroup1 -> RoutingGroupA WAN1 (tier1), WAN3 (tier2)
    UserGroup2 -> RoutingGroupB WAN2 (tier1), WAN3 (tier2)

    0
  • A

    Yes, Sticky connections are being used. But it is connection based "sticky". Not host-based.

    BTW: Is it necessary to select one of the WAN interfaces as default gateway when Port group is used? I noticed that it causes some unwanted behavior and I don't think it does nothing in my setup.

    Axel.

    0 1 Reply
  • Rebel Alliance Developer Netgate

    @axsense2 said in On-demand load balancing:

    Yes, Sticky connections are being used. But it is connection based "sticky". Not host-based.

    Sticky does not work per connection. It sends all states from one client IP address through one gateway IP address.

    The users will still be sent round robin through the gateways, but once a state from a specific client is in the table all their traffic will use the same gateway from then until all their states expire.

    0
  • A

    According to my testing sticky connection is not working as you described. When opening several connections from one machine both wan gateways are being used. And there are persistent connections still active AND all connections are established within sticky connection timeout. If it is supposed to work client based it is not doing that in practice. And that causes issues when a single software opens multiple connections and those are routed through different wan gateways.
    One test I made was pretty clear: opening www.whatismyipaddress.com in two browsers -> different wans.

    A.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy