How to PROPERLY achieve MULTI-WAN in pfSense 2.0 ???



  • Looking for some help on how to PROPERLY achieve a Multi-Wan environment?  I've had a look at "outbound load balancing" sticky; but am still a little confused on how to successfully accomplish what I am looking for.

    We currently use ClarckConnect for the SOLE purpose of Multi-Wan in combination with a Sonicwall Firewall/VPN Appliance…  Recently a colleague of mine recommended I have a look at pfSense 2.0 with its many new developments.  I previously played around with pfSense 1.2.2 and while I successfully had FAILOVER working, I never could get reliable multi-wan capabilities; especially the "sticky" connections as I believe they are called? (user would log into an https site, and upon clicking on a link - would be prompted to log in again as the gateway would switch back/forth)...

    SCENARIO:  We have 3 Internet connections consisting of, T1, Cable, and DSL.  Our server has 8 INTEL PRO Gbit NICs.  In an effort to maintain speedy internet connections for all of our users, we would like to aggregate all 3 of the above connections - ensuring that all users have adequate bandwidth for their needs.

    Using Clarkconnect this is a rather easy process consisting of setting up the nic as "EXTERNAL" and then setting "weights" under the "MULTI-WAN" tab for each connection.  Our current setup looks like this: 
    CABLE:  50%
    DSL:      30%
    T1:        20%
    Should any of the connections FAIL;  The connections automatically failover and balance (according to weights) to the remaining 2 active connections.

    After looking at the "Outbound Load Balancing Guide" in the sticky section; I assume this is the proper way:

    1.)  Create A SINGLE(?) Routing Group
    2.)  Assign Tier1 status to ALL WAN interfaces of Single Routing Group

    But how does the LOAD BALANCING work???  Is it simply a round robin?  Is there a way to assign "weights" to each interface so that my CABLE interface gets used MORE than say the DSL & T1 interface?

    Would I be better to setup MULTIPLE routing groups?  i.e.

    ROUTING GROUP 1:  Cable WAN set as Tier1  (Packet loss/high latency)
    ROUTING GROUP 2:  DSL WAN set as Tier1    (Packet loss/high latency)
    ROUTING GROUP 3:  T1 WAN set as Tier 1      (Packet loss/high latency)

    ?  In the above setup, would users get balanced over to Routing group 2 & 3 if for instance, the cable WAN was at capacity???

    THANKS FOR ANY INSIGHT..........

    P.S.  I did read that 2.0 is NOT FOR USE IN PRODUCTION; and am fully aware of this...  Our internet access is not MISSION critical - I am simply looking to explore my options vs. our current setup.



  • certainly on v1.2.2 it's simply a matter of adding multiple instances of the same interface to a load balancing group
    We have a 1.5Mbps line with 512Kbps backup, which is always on, so the 1.5Mbps line has three entries in the pool and 512 has one- works fine. Failover is in either direction.


Locked