Failover and Load Balancing not working over VLANs
-
Hi,
I've recently upgraded to 1.0.1-SNAPSHOT-03-27-2007 because I wanted to setup fail over (as well as load balancing). I've been working at this for a few days now and could not get Fail over (FO) or Load Balancing (LB) to send any traffic over WAN2. However, when I setup firewall rules so that the default gateway for the LAN is WAN2 (instead of the LB/FO pool), traffic does finally pass over WAN2.
What may be different from my setup compared to others is that I am only using 1 cable between my pfSense box and my Managed Ethernet switch as I configured all my traffic to use VLANs over a single NIC. Is there something different in the way the system deals with routing traffic when its all going over the same physical interface using VLANs??
For completeness, I did move WAN2 to its own NIC and LB still doesn't work, but FO now does. Real strange. I'm not a BSD person (a Linux IPTables dude myself) so I really don't even know where to start looking to help resolve this. Any pointers on what to check next?
I do want to give my kudos to you guys, you've got a real slick project going here!
Thanks,
-Rob
-
In general it should work with vlans just the same way. I have heard of people using several WANs connected to a vlan switch and one cable to the pfSense, just like what you are trying. As you say that it doesn't work even when not using vlans I guess it's some kind of configuration issue. Not sure if you already have seen http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing but maybe go through it (again) to verify your setup.
-
Hi Hoba,
Yes, I did see that link and followed all the directions. The strange thing is Failover DOES work. Its Load Balancing that is not working. The Status -> Load Balancer shows both interfaces ONLINE and like I mentioned, when I set the Firewall -> Rules -> LAN gateway (default rule) to EITHER WAN interface (thus by-passing the pool) traffic does flow over the given link, proving the VLANs are working properly, so I doubt its a configuration problem.
I will have a 3rd NIC to play with tomorrow, so I will try and put the WANs on their own physical interface to see what happens. I suspect that will work properly (otherwise there would be a ton of people complaining in the forums about it!) and then we'll be back to square one - trying to figure out why VLAN combined with FO/LB pools don't route as expected.
Thanks,
-Rob
-
How do you test loadbalancing? might be a problem with the way you test. An established state will remain at the wan it was created on until it is closed or times out. So unless you start multiple connections you won't notice loadbalancing. Try tracerouting to google.com, then yahoo.com, then microsoft.com, … you should see every new tracert using the next link in the pool to go out.
-
I opened up 2 windows to Status -> Traffic Graph as well as look at the lights on both WAN network devices. I then loaded up web pages that have lots of images (so as to generate many connections) at random sites, including doing searches at YouTube, clipart.com, Google Image searches and any other site that would generate lots of connections. I did try traceroute too. In ALL cases NO traffic was observed on the second WAN.
I should mention that the stable release (non snapshot) load balancing worked great with VLANs, but of course it did not support stand alone failover. I upgraded to the latest snapshot both using the System -> Firmware with the tarball and then finally giving up, and going with a fresh install of the snapshot .iso and had the same results.
Thanks,
-Rob
-
Did you use the old config.xml? That explains what you are seeing. Please follow these steps: http://forum.pfsense.org/index.php/topic,3755.msg22914.html#msg22914
-
Yup - I saw this post too! (Believe me, I searched everywhere before posting this!) That's why I mentioned that I blew everything away and started from scratch. I'm running a fresh snapshot CD, with a brand new config saved to a fresh USB key. Nothing upgraded at this point. Still no go.
Thanks,
-Rob
-
I have the same problem. If I force trafic to a wan2 interface it works. But when I force trafico to load balance interface, don't work. The packets goes always to wan interface.