Multi WAN Failover doesn't work
-
How are you testing?
NEW connections should be on the new line as soon as it's detected as down.
What does the status –> loadbalancer page say about the different gateways when you do your test?
It should be in the range of a few seconds. -
What do you mean by "NEW connections should be on the new line as soon as it's detected as down." ??
I'm testing by removing the UTP cable that's plugged to WAN1, WAN2, and WAN3.
Within a few seconds, the status: load balancer page always give me the correct status. That is when I remove WAN2 cable, WAN1 and WAN3 will be the only one "Online". And so on and so forth.
This is how I set my load balancer pool:
Did I do it correctly?
How does failover work anyway? When one link is detected as offline, pfsense will disregard the "load balancer pool"? and revert to the failover pools?
Do I need to setup anything in the firewall rules in terms of failover mechanisms?
-
Umm…
You either use loadbalancing OR failover. Never both at the same time for the same rule.Please read up how the rules with pfSense work.
It's written quite often in this forum/faq/stickies.If the loadbalancer updates its status correctly, then it's working as it should.
If you open a new connection, this connection will be accordig to the "gateway-field" of the firewall-rule (failover, loadbalancer, whatever) assigned to a gateway.
If you set as gateway the loadbalance pool, the connection will be assigned to one of the "online" gateways of the pool.
If you remove this link while traffic is going over it, you will have to reestablish the connection, to get on one of the still online gateways.
The connection wont "jump" to an online link.You ask how the failover/loadbalance work together.
You either define a loadbalancer for a firewall rule (say all port 80, standard browse traffic), or a failoverpool (for port 443, https).
Loadbalance makes sense where you open lots of connections and it doesnt matter to the server if multiple requests come from different IPs.
However https doesnt like it if the same client has multiple sources. So it makes sense to force it to one WAN, and if this one is down you move to the next WAN. -
Yes, actually I have that same perception on how loadbalancer and failover works.
What I'm confused at is, for example, you did not set up any "firewall rule" that has a "failover gateway" on it. Say, you just have one firewall all in all, just Lan subnet, source: any, destination: any, and gateway: load balancer, and then I remove the WAN2 link, will pfsense automatically use the failover pools? Even though I don't have a rule setup with failover gateways?
Consider that yes I did refresh the website to make a NEW connection AFTER removing the WAN2 link.
-
What I'm confused at is, for example, you did not set up any "firewall rule" that has a "failover gateway" on it. Say, you just have one firewall all in all, just Lan subnet, source: any, destination: any, and gateway: load balancer, and then I remove the WAN2 link, will pfsense automatically use the failover pools? Even though I don't have a rule setup with failover gateways?
If you dont set up any rule with as gateway a "failover pool", you will never get the failover behavior.
With a single rule which has as gateway the loadbalancer, the traffic will always be balanced.What the failover and loadbalancer have in common: if a link is marked as down, no new connections go to this link.
So if you were to only have 2 WANs, you would have no difference between a failover pool and a loadbalancing pool, if one of the WANs is down.The only difference is that if all interfaces are up:
- the loadbalancer pool uses all gateways
- the failover pool uses the gateways in a top to down manner depending on if the gateway is up or not.
-
Ahh.
So, for example, I did not create a failover, I only set up a load balancer pool. And I only have one firewall rule as I mentioned in my previous reply, everything will be "re-routed" properly when one or two of the links goes down?
So, technically, I don't need a failover pool if I don't care about HTTPs traffic having problems with load balancing, did I get that correctly?
-
Yes.
There are quite a few other protocols which will have problems (ftp as a prime candidate). -
But either way I should always make a static DNS route for WAN2 (OPT1) and WAN3 (OPT2) interfaces right?
Also, if I understand correctly, I could just make three failover pools where each WAN interface will be the priority, right? So with the picture I posted above, I have already thee failover pools but each has only two gateways, all of them should have all the three gateway interfaces correct?
-
yes and yes.
But unless you are actually using the failover pool it doesnt make much sense to have them in the first place :D
-
Yup, I will use them for HTTPs :) I just stated an example earlier, lol.
Could I just also make one failover pool with three gateways?
In failover pools, if the top gateway is online, it will only use that right?
-
Yes. Usually you make only one failover-pool with the gateways in the preferred order.
The failover pool will use the top available gateway.Although if you establish (while the primary WAN is down) a connection over the secondary/tertiary gateway and then the primary gateway comes back online, the connection will stay on the secondary/tertiary gateway.
–> Once a connection has been established on a WAN it will stay there. -
Ok, thank you very much for the help ;)
