Issue on failover?
I was wondering if someone else has had this issue before, Currently I have 2 lSP which i have configured the failover and load balance, but i have seen something really odd, the failover wont work until i reboot, and for the load balencing, if i understood correctly that if i have WAN 1 with 200mb and wan 2 with 30mb i should get around 230mb on a speed test?
2.4.4-RELEASE-p1 (amd64) built on Mon Nov 26 11:40:26 EST 2018 FreeBSD 11.2-RELEASE-p4
I'm having problems with failover at the moment so can't comment with authority on that... however the load balance will not do what you think. Some traffic will be assigned to the wan1 other to wan2. So the load balance will give you an aggregate of up to 230Mb, but it won't give you a single connection of 230Mb. Chances are it isn't what you want unless things are very congested.
Spreading your connection over both links requires some sort of bonding service. PFsense supports Multi-link PPP which is one method for bonding multiple wan links together. This requires provider support, and clearly both links need to be from the same provider.
There are other techniques that involve putting something that takes multiple wan links and communicates to an endpoint elsewhere over all links, presenting you with a single, faster and resilient connection. Peplink routers are one example, sometimes used between branch offices and a corporate datacentre. The advantage of this approach is the links can be provided by different companies over divergent routes. Usually the overall latency matches the performance of the link with the highest latency.
As a home grown approach there are things like this: https://www.openmptcprouter.com/ which let's you connect multiple wan links to something running the router sofware, and connects to an endpoint VPS somewhere. It's interesting, but you end up paying for the traffic in and out of the VPS.....
and PFsense can't do any of this stuff.
Thanks for the reply, just out of curiosity did i set up the fail over and load balance correctly?
@killmasta93 You haven't showed weights on gateways, which must be adjusted for unequal links. Also, if you disable stickiness you will get aggregate bandiwdth on speedtest (but Speedtest only, since it utilizes multiple connections).
Also disable flush all states, it creates more problems than it solves
And in practice, I would never load balance 200 with 30, since connections would be served by 30 occassonaly and seem slow. (and it will be large downloads, as per murphys law).
As for policy rules, you just need to specify where the traffic goes. Having multiple entries for same source/dest isn't working. First rule will be used exclusively.
Failover does work, however if stickiness is enabled it won't happen immediately.
And you DO need stickiness.
Thanks for the reply, so i should just keep it simple just failover instead of load balance in this case?
So in my case what i tries to move some users from one WAN to another WAN?
@killmasta93 If you want to experiment, then you should go to routing/gateways/advanced and assign a weight of 12 to the 200mbit interface and a weight of 2 to the 30mbit
Disable stickiness and run speedtest (with multiple connections).
You should get something close to the aggregate bandwidth.
However you need to turn stickiness on and also increase the value to something greater than 1000 to avoid disconnections (especially from banking sites).
Thus occasionally someone will be using 30mbits when 200 are available.
Load balancer can't predict how much bandwidth a connection will consume.
It does a round robin (with weights) to all the available connections, and if connections are many, load balances the traffic.
Thanks for the reply, so i should enable stickiness ? and add 1000 instead of 0 ? also the check mark on state killing on gateway failure?
@killmasta93 Yes, and dont flash all states on gateway failure. This creates havoc everywhere.
In general If you suspect issues with old states, clear them manually and see if it fixes things
Clearing all states in a multiwan environment is service affecting and in most cases unnessecary.
thank you so much