Outbound loadbalancing not working RC2??



  • running 2.0 RC2 built on june/12 i386 2G -

    Not sure, but it seems like outbound loadbalancing is always using a single WAN on my dual WAN (T1+DSL) setup.

    I check tracert or whatismyip.com and they always come back with the same gateway, unless I go somewhere that uses a static route. If I run a speedtest, it always shows the speed of the DSL (the upload is terrible), I would think it would swap over for some tests.

    I have no default gateway set, so I dont see why it always picks DSL.

    I might have something configured wrong, but here are some screen caps:





  • you don't need to specify multiple gateway groups for the same thing.

    you specify opposite failover gateways on the lan interface for the same thing (failover wan1 -> wan2 , failover wan2 -> wan1). this is pointless.



  • certain services must use specific gateways first, so I think I do.



  • @totalimpact:

    certain services must use specific gateways first, so I think I do.

    You do not nee dthe last two rules - under the "LoadBalancing" Gateway because this group does automatic failover if one line goes down.

    The Firewall and Routing Groups are looking just fine. Not sure, if the shedule/shaper affects LoadBalancing.
    Could you try to create a simple any any any any LoadBalancing Group in front of all and try if it works then  ? As source address you could enter you test PC so the other PCs will not be affected.

    Try www.pfsense.org/ip.php You have to refresh fast after another

    Do you using squid on this machine ? If yes, take a look at floating rules in the forum.
    If both lines have the same gateway, LoadBalancing is not working.



  • I have certain services that must use a specific gateway order, voip, some vpn clients, ssl traffic to a certain site, and another app, the rules are not fully populated, but you can see SIP in there. - How would I do this with 1 gateway group?

    I will try what you said, although my any/any rule is there, its just below the specific rules.



  • @totalimpact

    All your firewall rule are correct. They make sense for the things you want to realize.
    Only the last two rules are unnecessary. They will never be used. What yopu wnat to realize with this rules is, that if one line goes down it does failover to the other and vice versa. But this alle is covered with this rule:

          • LoadBalance

    It makes no difference if you use the rules you have now or if you delete the last two of these.
    But this ist not your main problem.

    Back to topic:
    I know, that you need different rules for different services, but for testing purposes, just create an any to any rule with LoadBalance as gateway and without shedule and without shaper. Just to test, if LoadBalancing is working or not.
    Perhaps there is a bug in this snapshot - you could try a newer one.
    For me it is really difficult because your rules and groups look correct for me.



  • Ok, good, I was just kind of looking for verification that I was close to the right path, I will try that.



  • Now on RC3 June 22 snapshot: I really dumbed it down - and it still does not work. I deleted the shaper setup, deleted the extra gateway groups, deleted all my firewall rules, and just used 1 any/any rule for the loadbalance group.

    Not checking a "Default Gateway" on any of the gateways (see pic)
    Tried both Auto and Manual outbound NAT.

    • still only 1 WAN gets used - which I verified under the state table, and whatismyip. There seems to be a major problem with this new gateway group system.

    Here is a test I am running:
    fetch -o /dev/null http://speedtest.wdc01.softlayer.com/downloads/test500.zip

    If I run that command (500mb download) 4 times simultaneously it creates 4 separate states in the state table, but all 4 of them show the same WAN port being used. If I check the "Default Gateway" box on the other gateway, then traffic will start going out that one.

    Failing a gateway causes the whole load balancer to fail - no traffic is passed unless it is to a static route.

    ![DSL Gateway.png](/public/imported_attachments/1/DSL Gateway.png)
    ![DSL Gateway.png_thumb](/public/imported_attachments/1/DSL Gateway.png_thumb)
    ![T1 Gateway.png](/public/imported_attachments/1/T1 Gateway.png)
    ![T1 Gateway.png_thumb](/public/imported_attachments/1/T1 Gateway.png_thumb)
    ![Gateway Groups.png](/public/imported_attachments/1/Gateway Groups.png)
    ![Gateway Groups.png_thumb](/public/imported_attachments/1/Gateway Groups.png_thumb)
    ![GW Status.png](/public/imported_attachments/1/GW Status.png)
    ![GW Status.png_thumb](/public/imported_attachments/1/GW Status.png_thumb)


  • Netgate Administrator

    I am running an almost identical setup and it's working perfectly on the 21/6/11 snapshot. I can't beleive much changed in one day.
    It looks like you have everything set correctly. Are the gateways staying 'up' when you start downloading? Is there anything in the logs from apinger?

    Steve



  • @Steve - not much logged, everything shows to be up:

    
    Jun 23 01:33:23	apinger: Error while feeding rrdtool: Broken pipe
    Jun 23 01:34:23	apinger: /usr/local/bin/rrdtool respawning too fast, waiting 300s.
    
    

    have you set any custom latency/loss settings on the gateways? What form of outbound NAT are you using?



  • Hi,

    1.) which packages do you use on this machine ? squid ?
    2.) Are your two WAN connections using the same gateway ? You have to take a look at you official IP/subnet/gateway from you ISP and see, if they are using different gateways.


  • Netgate Administrator

    @totalimpact:

    have you set any custom latency/loss settings on the gateways? What form of outbound NAT are you using?

    I'm using the default values for latency and loss, I never get warnings from apinger in the logs but then both my connections seem to be good.
    I have outbound NAT set to automatic.

    It's possible that you've managed to set something behind the scenes with all the config changes that's causing a problem. Though this would be a bug. It might be worth starting from scratch to make sure.

    Steve



  • I only installed Snort, but its not on.

    My wans are from 2 different providers, if I check the default gateway box on each connection its obvious traffic is going out each gateway - so its not a gateway mismatch on the ISP side.


  • Netgate Administrator

    The fact that it uses which ever is set to default implies it is using the default system routing and not the loadbalancing group. Yet it looks, from what you have posted, as though everything is set up correctly.  :-
    Do you have any floating rules? They are processed first so could be catching traffic before the load balancing rule.

    Steve



  • Normally I have no Default gateway checked. I removed all floating rules that were made by the traffic shaper yesterday, this still didnt help.



  • On a clean RC3 install, load balancing worked as it should (two WAN connections) until I installed Squid.  After installing that package and setting up transparent proxy, all traffic went to WAN1



  • @dwood:

    On a clean RC3 install, load balancing worked as it should (two WAN connections) until I installed Squid.  After installing that package and setting up transparent proxy, all traffic went to WAN1

    This is common. You have to search the forum for "floating rules" and the use with multiwan and squid. You have to do some additional configuration.

    But this is not the thread to talk about that. First search the forum and if there are still any questions, start a new thread for you problem.



  • Thank you sir :-)  I do believe I may write a basic Multi-Wan online how-to after all of this :-)

    I've been following along the setup guides which are "stuck" at the top of this forum…but already several gotchas:

    a.  The load balancing thread makes the process much more complicated...all you need is one rule!
    b.   Pass thru VPN does not work unless you turn on sticky connections.
    c.   Floating rules have no mention in the multi-wan setup... I found this which is a bit misleading: http://forum.pfsense.org/index.php/topic,28121.0.html
    d.  Context help is not there for packages generally in in RC3

    I will search up the multi-wan, squid and floating rules and play some more tonight.  Given that (based on the above) I'm likely to encounter incorrect information...is there a thread link that you know is correct for squid on psSense2, multiwan, with floating rules?

    When done all of this, I will edit my thread over at small net builder..and replicate in the form of a user guide here :-)


Locked