Load balancing seems to get stuck



  • Was following this
    http://forum.pfsense.org/index.php?topic=28121.0

    And it used to work, not always though.

    Here is what mine looks like:


    Ok so here is the problem, when I load up my first modem, conenctions do start to go through to the second modem, but it sure as hell takes a while to even do that.

    However, once the first conenction gets idle, and the second modem is idle, connections are still going through to the second modem. The only way for connections to go back to the first modem, is by loading up the second modem again.

    Is there a way I can make it so that if there is no heavy load on the first modem, the first modem is preferred? Not sure why it isn't working, I don't think it always used to do this.



  • Hi,

    you do not need WAN1FailoverWAN2 and WAN2FailoverWAN1. This was in 1.2.3. In 2.0-RC1 this is done with Tier. If DSL1 and DSL1 are both Tier1, then they do LoadBalancing. If DSL1 goes down, there ist automatically Failover to the other line with the same Tier.

    The LoadBalancing in pfsense uses RoundRobin. It is uninteresting if one DSL line has heavy load or not.



  • Thanks for the reply, but constantly switching ip addresses isn't always good.

    Like for instance, when playing Call of Duty 4, I keep getting awaiting key code autorhoziation, because my IP keeps constantly switching, or if I leave a server. I will get key code in use, because my IP has changed again.

    (This is my own copy of the game, not pirated or anyting).

    When I go back to 1 modem ,it doesn't do this.

    Same things for forums like sbhacker, posting is anoyying because they tie your login session to what your ip is, so I keep getting logged out and in.

    This would happen a lot less if WAN1 is preffered unless loaded.

    EDIT: Hmm seemed to have fixed the cod4 issue, I just port forwarded on WAN, so the connections go through the WAN interface and not OPT1.



  • Theres just so many things wrong its hard to know where to begin with. First of all all your lan rules (except the first one) match all of the traffic. That means the first rule gets driven and the rest of the are just ignored. So everything under Wan1Failover2 is useless. Use the balancerule as the default,bottom rule, that matches all thats not specified.

    For your cod4 problem, you can match the traffic (like you have for ssh, https etc) and make them use a failover gw. That way the connections will usually go for example to your wan1 but if wan1 is down you can still game through wan2.

    BTW, you do realize that you need separate gateways (=ip's) for every wan?



  • For not changing IP adresses while playing CoD4 I could offer you two possibilities:

    1. Create a Firewall LAN rule that matches the CoD4 port to only use WAN1

    2. SYSTEM -> ADVANCED -> MISCELLANEOUS -> Use sticky connections

    But like n1ko said and I didn't recognize:
    Firewall rules get applied from TOP to DOWN. If one rule matches, no other will be used.



  • @n1ko:

    Theres just so many things wrong its hard to know where to begin with. First of all all your lan rules (except the first one) match all of the traffic. That means the first rule gets driven and the rest of the are just ignored. So everything under Wan1Failover2 is useless. Use the balancerule as the default,bottom rule, that matches all thats not specified.

    For your cod4 problem, you can match the traffic (like you have for ssh, https etc) and make them use a failover gw. That way the connections will usually go for example to your wan1 but if wan1 is down you can still game through wan2.

    BTW, you do realize that you need separate gateways (=ip's) for every wan?

    Last statement, course, I have two modems.

    I was just following that, and I knew they went in order, it never made quit clear sense what was happening. However,  I thought it could work, because those firewall rules are only activated when high latency or packetloss is reported. Is this correct?

    Will try the  sticky connections option, looks like a nice cheap fix that I will try out. (I've already gotten rid of all the filewall rules except the load balance)



  • Those rules never got activated and the topmost rule was always used. If you had configured the gw groups to function according to latency then it might have been ok.

    Two modems doesn't mean two gateways. With same isp and connection type you could have two connections with the same gateway.

    I have never bothered with sticky connections and have lan rules with specified gateways, but it should work as you wanted



  • One last question, how do I give each modem a static ip? They are both 192.168.100.1

    If I go to 192.168.100.1, I have to refresh to get to the right modem and what not.

    If I go to the interfaces and select static and set the gateway as itself, and put that ip in my browser, it takes me to the pfsense page ;?

    EDIT: Was able to chance the lan ip of the modem through it's interface.



  • Actually I take that back, sometimes 192.168.100.2(OPT1) doesn't load.
    However, when plugged into my laptop, it works at all times.

    It loads at other times, what's going on? The net still works on it though even when I can't connect to the LAN ip.

    Also one last thing, on sticky connections my speedtest.net result is only using 1 modem. Without sticky connections, it uses both modems and I get a much higher result. Just a lil word out to anyone else.



  • @jigglywiggly:

    Also one last thing, on sticky connections my speedtest.net result is only using 1 modem. Without sticky connections, it uses both modems and I get a much higher result. Just a lil word out to anyone else.

    No it doesn't. speedtest.net uses one TCP connection, it's impossible to send that out two connections (short of ISP involvement like MLPPP or BGP).



  • @cmb:

    @jigglywiggly:

    Also one last thing, on sticky connections my speedtest.net result is only using 1 modem. Without sticky connections, it uses both modems and I get a much higher result. Just a lil word out to anyone else.

    No it doesn't. speedtest.net uses one TCP connection, it's impossible to send that out two connections (short of ISP involvement like MLPPP or BGP).

    Actually speedtest seems to using multiple connections but for me (2x100Mbps) it never maxes out before ending testing.



  • @n1ko:

    @cmb:

    @jigglywiggly:

    Also one last thing, on sticky connections my speedtest.net result is only using 1 modem. Without sticky connections, it uses both modems and I get a much higher result. Just a lil word out to anyone else.

    No it doesn't. speedtest.net uses one TCP connection, it's impossible to send that out two connections (short of ISP involvement like MLPPP or BGP).

    Actually speedtest seems to using multiple connections but for me (2x100Mbps) it never maxes out before ending testing.

    @jigglywiggly:

    One last question, how do I give each modem a static ip? They are both 192.168.100.1

    If I go to 192.168.100.1, I have to refresh to get to the right modem and what not.

    If I go to the interfaces and select static and set the gateway as itself, and put that ip in my browser, it takes me to the pfsense page ;?

    EDIT: Was able to chance the lan ip of the modem through it's interface.

    Thats something you should know and has nothing to do with pfsense. Wonder how they are now 192.168.100.1 and in the first post gw addresses began with a 7 :)



  • How does it not have to do with pfsense? The page loading to 192.168.100.2 or sometimes 192.168.100.1 is very slow, or the connection does not connect. Works at other times, not the modems.



  • ok ok!

    i have one question for the rules with failover

    i need only one rule ? and why is everything ignored under this rule? i think, this rule is only for - when first is down - use second gateway !   ???

    what i need ???

    a balance rule on top –> at second the failover rule --> at the end my other rules?

    or it is wrong? because all is match by failover and all other rules dont match????

    and second point:

    i have to create both gateway failover groups, but i need only one rule for this in firewall ???

    thanks for helping...



  • Just to clear my issue up, to fix the slow loading just go to the LAN firewall rules, and make a rule for 192.168.100.1 and 192.168.100.2 and bind 192.168.100.1 to WAN1, and 192.168.100.2 to WAN2. (192.168.100.1's gateway will be WAN1, 192.168.100.2 will be OPT1)


Locked