Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multi wan failover – reset states table

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 4.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bacara
      last edited by

      Hello everyone,

      I am trying to configure multi wan load balancing with pfSense 2.0.1. 
      I have two ISP (ISP1 with STATIC addresse and ISP2 with DHCP addresse).
      Both failover and load balancing is working fine with http.  But I have some problems with icmp.

      In failover mode (for icmp protocol : use ISP2 first and switch to ISP1 if ISP2 is down):

      When both links are up, using my windows laptop I do "ping -t 8.8.8.8" and I let it continue.
      So far so good, I can see in the states table of pfSense that it's going through ISP2 as expected.
      Then I bring down ISP2, and pings start to fail.  It wouldn't bother me if it was only for a few seconds (wait for the states table to be cleared and then send icmp through ISP1).  BUT pings continue to fail because the states table isn't cleared (I checked).  From my understanding it should be cleared when ISP2 becomes down…

      The weird thing is that I have also tested with two ISP, BOTH STATIC addresses, and it's working just fine (states table is cleared after a few seconds and icmp is sent through the ISP that is still working).

      So I have come to the conclusion that when a wan interface is in DHCP and loses its connectivity to its ISP, the states related to this interface are not removed from the states table.

      Is this possible ?  Am I missing something ?

      Here is an other topic about reseting states for failed gateways (http://forum.pfsense.org/index.php/topic,7808.0.html).  It's a bit old and since then improvements have been made but it definatly helped me understand my problem.

      Hope someone can help.

      Thanks

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        It will kill states for a down gateway by default, but it may depend on how you're monitoring ISP2 in System > Routing. If the monitor IP is actually local and not something on the other end, it may never appear to be down. Or if you have monitoring disabled it can't detect it.

        Also on gateway groups, the trigger should almost always be "packet loss or high latency" or it won't kick in.

        Make sure under System > Advanced, on the Misc tab at the bottom, that the state killing option is not disabled.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • B
          bacara
          last edited by

          The monitor IP is the next-hop address (public IP of my ISP).  So it is on the other end.  Monitoring is not disabled (default).  And it appears down when I remove the link (I checked Status > Gateways).

          I already chose "packet loss or high latency".

          The state killing option is not disabled (default).

          Thanks for the help but I already checked all this.  I couldn't think of anything else and that's why I asked for help here.

          As I said before, the weird thing is that it did kill states when I changed the configuration of my interface from dhcp mode to static mode (the whole configuration is exactly the same, except for the mode).

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.