(Solve)FailOver not switching.
-
Hi people.
I'm testing pfsense 2.4.4 FailOver stuff.
I have 2 WAN's.
WAN1 PPPoE WAN2 StaticI had read the book related to Multiwan, which is base on the version prior 2.4.4 I think?
Now on 2.4.4:
Default Gateway SwitchingIs enable by default because I didn't see it in the GUI anymore, right?
I have follow the the instructions, but I had this doubts.
I have to enable:
Flush all states when a gateway goes downTo switch over wan2 went wan1 goes down, this is the right?
Because without that option it won't switch.
The last question related to Multiwan is:
In this section, which is the recommended option for a MultiWAN setup?
Thanks for your time.
-
-
Default Gateway Group: The default gateway may now be configured using a Gateway Group setup for failover, which replaces Default Gateway Switching.
-
Clear States When a Gateway is Down
When using Multi-WAN, by default the monitoring process will not flush states when a gateway goes into a down state. Flushing states for each gateway event can be disruptive in situations where a gateway is unstable.
The Flush all states when a gateway goes down option overrides the default behavior, clearing states for all existing connections when any gateway fails. Clearing states can help redirect traffic for long-lived connections such as VoIP phone/trunk registrations to another WAN, but it can also disrupt ongoing connections if a lesser-used gateway is flapping which would still kill all states when it fails.
State Killing/Forced Switch
When a gateway has failed, pfSense can optionally flush all states to force clients to reconnect, and in doing so they will use a gateway that is online instead of a gateway that is down. This currently only works one-way, meaning that it can move connections off of a failing gateway, but it cannot force them back if the original gateway comes back online.
- I think for you "Default gateway IPv4": GW_WAN2 - gateway which is default GW
-
-
Thanks Asamat.
For a scenario like a FailOver what is the recommendation to switch went a gw goes down?
My case I need to enable "Flush all states when a gateway goes down.
Thanks.
-
If you need connectivity from the firewall itself then set the default gatway to the same failover gateway group as the clients are using.
If you set
Flush all states when a gateway goes downit will speed up the failover as nothing needs to timeout but it will also be disruptive. Connections between internal subnets and connections already using WAN2 will be killed and need to re-establish.Steve
-
Thanks stephenw10.
What I understand is, we have 2 possible paths for multiWAN, if I'm wrong let me know please.
a) setup the FO or LB, once a GW goes down, wait until the session ends for the currents clients connected to the offline GW and after that they will try to reconnect, all other clients connected to the online GW will be NOT be affected.
b) Setup the FO or LB, if a GW goes down force pfsense to flush all connections, this will affect all clients.
Is correct?
Thanks guys.
-
Yes, that is correct.
One important thing I omitted though is that if the main gateway is up and all clients are using it and then the failover gateway fails all states will still be flushed. Even if nothing is using that gateway. That means everything is interrupted unnecessarily.
Steve
-
Got it, I will test all this stuff.
stephenw10, last thing, this will behavior is the same with a LoabBalance setup?
Thanks again for your knowledge.
-
Yes the behaviour is the same for load-balanced gateways. In a load-balance config though it's usually not as bad because you expect to have some connections on both WANs.
However that does mean that killing the states will always kill connections that didn't need to be.Steve
-
@periko said in FailOver not switching.:
stephenw10
I had finally test and see the behavior went a gw goes down.
With a LoadBalance or FailOver setup, no mater if the gw1 is up and u downloading something in gw1 and gw2 goes down.
Pfsense will flush states and affect even the session on online gw's.
There is no way to avoid this right?
I prefer to know this before going to production, thanks.
-
@stephenw10 said in FailOver not switching.:
Flush all states when a gateway goes down i
dont use this setting. It is exactly what you are experiencing
-
Yes that's the expected behaviour if you have state flushing set.
That setting comes from a time when there was no alternative in pf. We are now looking at a better solution there, remove the states only for the gateway that went down. There's no ETA on that though.
Steve
-
@netblues , I forgot to disable this, yes u a right.
-
@stephenw10 Looks like I got understand this part of pfsense, hope soon see this setting works, really will help.
Thanks all for your help. -
P pigbrother referenced this topic on Jul 4, 2022, 6:03 AM
-
@stephenw10 is the same configuration in 2.7.2 or is new change?
-
Which configuration exactly?
-
@stephenw10 Configuration "State Killing on Gateway Failure".
-
Nope in 2.7.2 you can choose to kill states only on the gateway that is down:
https://docs.netgate.com/pfsense/en/latest/config/advanced-misc.html#state-killing-on-gateway-failure -
@stephenw10 This option "Kill states for all gateways which are down"?
-
Yup
-
@stephenw10 Can you comment on the functionallity listed here: https://www.netgate.com/blog/netgate-to-enhance-gateway-recovery-in-pfsense-plus-version-24.03 will this be available in a CE release at any point? I have an expensive backup link and states don't reset on failback so I end up needing to take a manual action to reset them on 2.7.2
Thanks for your help
