Failover without load balancing



  • What is a config for failover without load balancing?

    I have, on my personal home office setup:
    Comcast Cable Modem - 20/2.5 mbps avg (WAN/WAN1 - dynamic IP)
    Speakeasy DSL - 1.2/0.6 kbps avg (OPT1/WAN2 - Static IP)

    I want to always use Comcast (WAN1) for all my browsing/internet access and only use the Speakeasy (OPT1) when Comcast goes down.

    I have it working Round Robin, but it makes no sense to ever use the Speakeasy DSL except for failover.

    When I removed the DSL (OPT1) from the round robin load balancing, I get no connection to the internet when the Comcast is disconnected.

    Thanks in advance,
    Chris.



  • Hey Chris,

    I'm not sure if I understand you, are you having problems with failover?  i.e. If WAN1 is down, you can't go online using WAN2?

    Did you use those instructions: http://doc.pfsense.org/index.php/Multi-WAN_Version_1.2.x



  • Yes, I did read and follow the Multi-WAN_Version_1.2.x document.  Seems to be the bible on this subject.

    The difference I'm looking for in this case is to have failover without load balancing.

    I don't really need load balancing but I do want failover.  I would like:

    • to always browse on my Comcast service (WAN1, dynamic, 20mbps)
    • to always allow access to my LAN based IIS web on my Speakeasy DSL (OPT1, static, 1.2mbps)

    If Comcast/WAN1 fails, fail over to Speakeasy/OPT1 - for web browsing

    I have a separate thread about another issue which is how to work the failure of Speakeasy/OPT1.  It is a static IP with a domain name associated with it. When it fails, the failover to the Comcast/WAN1 service would need to be configured for a dynamic DNS service.  But I have the domain name already hooked up to my fixed IP.  I don't think there's an answer for this problem.  I might end up trying to hook up the Comcast/WAN1 service to a separate domain name (via dynamic DNS service), so I could at least access my internal web temporarily when the Speakeasy/OPT1 line goes down.

    Thanks for your response.  I appreciate any insights you have.



  • I believe you just need to change the behavior on your load balanced pool to "failover" from "load balanced."  The interface on the top (Comcast) will be used by default and fail over to the second (Speakeasy) connection.  This should do the trick.



  • linkn3echo,

    That seems reasonable.

    Should I then delete the existing failover rule that does the same thing (WAN1FailsToWAN2)?

    Or, just delete the load balancing rule (LoadBalance) and leave the other 2 failover rules (WAN1FailsToWAN2, WAN2FailsToWAN1)?

    I set up 3 main rules as described in the Multi-WAN_Version_1.2.x document:

    • LoadBalance
    • WAN1FailsToWAN2
    • WAN2FailsToWAN1

    Thanks for your help,
    Chris.



  • Honestly, I'm not sure.  I took a brief look over the document and I think the preferred WAN's part is too much for what you are trying to accomplish.  From what I understand to get fail over working correctly you only need 3 things.

    1. Route for DNS for WAN
    2. Route for DNS for OPT
    3. Load Balanced fail over that uses both interfaces.

    When the main connection is up it should be the default gw for all your rules, then when it fails the other connection takes over and your rules already have the default gw which is the backup connection in this instance.  With everything, testing will reveal the correct answer, if I'm wrong let me know.

    Oh so to answer your question I would rename your LoadBalance to Failover or something and remove the other two

    WAN1FailsToWAN2
    WAN2FailsToWAN1



  • Hi All,
    I have the same problem: using a simple failover rule doesn't seem to work and I don't want to load balance the connections.

    My schema is:

    WAN- –-|              |---- LAN
                | PFSENSE |
    OPT2----|              |---  OPT1 (GUEST NET)

    Wan is 10Mbit/s while OPT is 2Mbit/s.
    I want to use WAN for internet browsing  for both LAN adn GUEST NET while OPT2 should be reserved for VPN acess form the internet (both remote sites and road warriors).
    I also set some static routes to have some remote server accessible only through OPT2.
    WAN has DHCP from ISP while OPT2 has fixed adddress.

    If I use just one failover rule, when WAN goes down the normal browsing doesn't switch to the OPT2.
    I'm sure it's not a DNS problem since I use an internal dns with forwarders that are accessible on both links (not the ones of the two ISPs).
    These are the lines in the logs:
    Jul 15 17:34:33 apinger: Exiting on signal 15.
    Jul 15 17:33:53 apinger: command (/usr/bin/touch /tmp/filter_dirty) exited with status: 1
    Jul 15 17:33:53 apinger: Error while starting command.
    Jul 15 17:33:48 apinger: command (/usr/bin/touch /tmp/filter_dirty) exited with status: 1
    Jul 15 17:33:48 apinger: Error while starting command.
    Jul 15 17:33:43 apinger: alarm canceled: xx.xx.xx.xx(xx.xx.xx.xx) *** down ***
    Jul 15 17:33:43 apinger: alarm canceled: xx.xx.xx.xx(xx.xx.xx.xx) *** down ***

    Thanks for your kind help.

    Alberto


  • Rebel Alliance Developer Netgate

    @Bittone66:

    If I use just one failover rule, when WAN goes down the normal browsing doesn't switch to the OPT2.
    I'm sure it's not a DNS problem since I use an internal dns with forwarders that are accessible on both links (not the ones of the two ISPs).
    These are the lines in the logs:

    You should really start a new thread instead of tacking onto a 6-month-old thread that may not be related. You could always put a link to this old thread in the new one if you suspect if it's related.

    That said, if you have a failover rule but "normal browsing" doesn't failover, I suspect you're using squid, which isn't compatible with multi-wan setups. If not, we'll need a lot more information about how you setup the load balancer pools and LAN/OPT1 rule gateways.



  • Hi jimp ,
    sorry, I just didn't want to add too much noise to the forum…
    I'll open a new discussion with more details.
    Thanks

    Alberto


Log in to reply