Outbound Load Balancing Questions



  • Hi all,

    I have pfSense up and running with 1 active WAN connection, and I am planning on adding a 2nd WAN connection for my LAN.

    I have a few questions about some of what I've read in the forums and the FAQ/Wiki.

    I am planning to use 2 cable modems to provide the WAN connections.  I am doing this primarily to provide a more robust connection to the internet, and am not as concerned at this time about redundancy as the costs for a different technology based connection such as DSL are at least double those of another cable modem connection.  It is somewhat likely, based on my current research, that these cable connections even though from separate ISPs will share the same gateway.

    1. If the cable modems share the same gateway, am I still able to use incoming/outgoing load balancing?  Must I insert routers between the cable modems and the pfSense box?  Will I be limited to policy based routing as opposed to load balancing if I choose not to use a router, or are routers required with this kind of configuration to resolve the problem with the WAN connections' shared gateway?

    2. My current cable WAN connection obtains its connection through DHCP, but the IP address might as well be static as it hasn't changed in the 2 years I've had the service.  Does this change what is required in terms of using a router or not?  If it turns out that each ISP uses a unique gateway as provided by DHCP, would I still require a router between the cable modems and pfSense box with this quasi-static DHCP setup?

    3. I understand that in standard single threaded file transfers, the connections will max out at the speed of whichever single WAN interface that is used.  How about multi-threaded transfers, or many simultaneous transfers from the same workstation?  Will these be routed over both WAN connections resulting in WAN1+WAN2 total transfer speeds, or is each workstation able to access only 1 WAN interface with Load Balancing?

    ie. Assuming two 6mbit internet connections, could one workstation obtain 12mbit total speed when downloading multiple transfers over HTTP or with a NNTP client which has multiple connections to it's Usenet server?

    1. When I read that the speed of file transfers won't increase, it leads me to believe that each PC is limited by whichever WAN interface it is assigned to, but isn't this Policy Based routing as opposed to Load Balancing?  Please clarify…

    5 ) My hope is to implement both Incoming and Outgoing Load Balancing, in addition to some Policy Based routing for things like SMTP and POP3 traffic.  Is all of this possible simultaneously, or must one choose one method or the other?

    I really appreciate any help to understand these questions.  It seems that there is some conflicting, or at least confusing information about some of the things I have asked.  I will be grateful to all who are able to shed a bit more light on this for me!

    With many thanks,

    -- Phob



  • @Phobia:

    Hi all,

    I have pfSense up and running with 1 active WAN connection, and I am planning on adding a 2nd WAN connection for my LAN.

    I have a few questions about some of what I've read in the forums and the FAQ/Wiki.

    I am planning to use 2 cable modems to provide the WAN connections.  I am doing this primarily to provide a more robust connection to the internet, and am not as concerned at this time about redundancy as the costs for a different technology based connection such as DSL are at least double those of another cable modem connection.  It is somewhat likely, based on my current research, that these cable connections even though from separate ISPs will share the same gateway.

    1. If the cable modems share the same gateway, am I still able to use incoming/outgoing load balancing?  Must I insert routers between the cable modems and the pfSense box?  Will I be limited to policy based routing as opposed to load balancing if I choose not to use a router, or are routers required with this kind of configuration to resolve the problem with the WAN connections' shared gateway?

    Outgoing loadbalancing would need routers or at least one router at one WAN to have different gateways as we use the gateway to determine which WAN has to be used.

    Incoming Loadbalancing is a whole different story and has nothing to do with gateways. You even can use incoming loadbalancing with only ONE wan. This provides loadbalancing an incoming port to several internal servers (to share load for example).

    @Phobia:

    1. My current cable WAN connection obtains its connection through DHCP, but the IP address might as well be static as it hasn't changed in the 2 years I've had the service.  Does this change what is required in terms of using a router or not?  If it turns out that each ISP uses a unique gateway as provided by DHCP, would I still require a router between the cable modems and pfSense box with this quasi-static DHCP setup?

    You need static IPs at the WANs for loadbalancing. By using routers you get "fake" static IPs for your pfSense WANs. The routers in front then can have DHCPs.

    @Phobia:

    1. I understand that in standard single threaded file transfers, the connections will max out at the speed of whichever single WAN interface that is used.  How about multi-threaded transfers, or many simultaneous transfers from the same workstation?  Will these be routed over both WAN connections resulting in WAN1+WAN2 total transfer speeds, or is each workstation able to access only 1 WAN interface with Load Balancing?

    ie. Assuming two 6mbit internet connections, could one workstation obtain 12mbit total speed when downloading multiple transfers over HTTP or with a NNTP client which has multiple connections to it's Usenet server?

    The same client can use different WANs for different destinations, so you can have the speed of both WANs with one client when using multiple connections to multiple destinations. The same destination will stay at the same WAN where the first connection was initiated.

    @Phobia:

    1. When I read that the speed of file transfers won't increase, it leads me to believe that each PC is limited by whichever WAN interface it is assigned to, but isn't this Policy Based routing as opposed to Load Balancing?  Please clarify…

    look at answer for 3).
    btw, you can use loadbalancing and policy based routing at the same time. actually loadbalancing is a policy to use a gatewaypool.

    @Phobia:

    5 ) My hope is to implement both Incoming and Outgoing Load Balancing, in addition to some Policy Based routing for things like SMTP and POP3 traffic.  Is all of this possible simultaneously, or must one choose one method or the other?

    Oops, I answered that already  ;)

    @Phobia:

    I really appreciate any help to understand these questions.  It seems that there is some conflicting, or at least confusing information about some of the things I have asked.  I will be grateful to all who are able to shed a bit more light on this for me!

    With many thanks,

    – Phob



  • @hoba:

    @Phobia:

    1. I understand that in standard single threaded file transfers, the connections will max out at the speed of whichever single WAN interface that is used.  How about multi-threaded transfers, or many simultaneous transfers from the same workstation?  Will these be routed over both WAN connections resulting in WAN1+WAN2 total transfer speeds, or is each workstation able to access only 1 WAN interface with Load Balancing?

    ie. Assuming two 6mbit internet connections, could one workstation obtain 12mbit total speed when downloading multiple transfers over HTTP or with a NNTP client which has multiple connections to it's Usenet server?

    The same client can use different WANs for different destinations, so you can have the speed of both WANs with one client when using multiple connections to multiple destinations. The same destination will stay at the same WAN where the first connection was initiated.

    So, the roundrobin function of the loadbalancer distributes like:

    client A opens connection 1 to dest IP X, loadbalancer assigns to WAN1
    client A opens connection 1 to dest IP Y, loadbalancer assigns to WAN2
    client A opens connection 1 to dest IP Z, loadbalancer assigns to WAN1

    client A opens connection 2 to dest IP X, loadbalancer assigns to WAN1
    client A opens connection 3 to dest IP X, loadbalancer assigns to WAN1

    I'm looking for TCP session-based loadbalancing, where each new TCP session is roundrobined across the connections. Is this possible with pfSense?

    How persistent is the IP-based assignment to WAN by the loadbalancer…is the assignment only valid while an active connection exists between a client and a destination? Or if that client/dest connection is dropped and then later reinitialized, is the same WAN used?

    What loadbalancer does pfSense use under the covers? I might be able to better answer my questions by looking up the docs on it specifically.



  • Is it planned to add a sticky state "by source IP", I mean 1 client = same sessions on same destination ?
    Outgoing load balancing is a nice thing , but may be strange in a few cases (for example with webservers who don't like moving clients .. )



  • Do this from a shell:

    touch /var/etc/use_pf_pool__stickyaddr

    It will use sticky address once the daemon is restarted.



  • @sullrich:

    Do this from a shell:

    touch /var/etc/use_pf_pool__stickyaddr

    It will use sticky address once the daemon is restarted.

    Sorry, I read it on the board a few days ago, but thought it was a server loadbalancing trick :)
    I will give it a try ! Thanks


Locked