Load balancing… very unbalanced



  • Hi
    I setup a dual WAN Load Balanced pfSense.
    I have two ADSL but looking at traffic graphs I see 95% of the traffic flowing through the WAN interface, and only small pieces of traffic on the other.
    If I disconnect one router, pfSense correctly sends ALL the traffic on the active link.
    The traffic is generated by 10/15 users using web, smtp and pop3.
    Is there a way to have a more evenly distributed balancing? I only have one rule (other than the FTP trick one) that uses the load balanced GW.
    I read the documentation but no luck.

    Any ideas or test?
    Thanks



  • Load balancer type "failover"? Then that will only send traffic down one WAN until that WAN dies.



  • @LoZio:

    Hi
    I setup a dual WAN Load Balanced pfSense.
    I have two ADSL but looking at traffic graphs I see 95% of the traffic flowing through the WAN interface, and only small pieces of traffic on the other.
    If I disconnect one router, pfSense correctly sends ALL the traffic on the active link.
    The traffic is generated by 10/15 users using web, smtp and pop3.
    Is there a way to have a more evenly distributed balancing? I only have one rule (other than the FTP trick one) that uses the load balanced GW.
    I read the documentation but no luck.

    Any ideas or test?
    Thanks

    I'm new to this as well, but have successfully setup Loadbalancing and Failover with two connections and 8 computers utilizing them.

    Could you post your Firewall Rules for LAN/WAN/WAN2(OPT)

    Also Your Load Balancer Pools.

    Basically anything you setup yourself, would be nice to diagnose.

    It sounds like your just using a single WAN connection, and the traffic you see on the other is just ARP traffic,.. (Aka: Nothing is going down that pipe).  You really don't have LB enabled or working..

    Because when it is on, it works fine.

    The manner in which it does work is on a Round Robin basis.  So If user A connects to a website, it will pick the next IP (WAN interface IP) out of the list.  User B Connects immediately after, they will generally get the second IP (Your WAN Interface 2).  User C, back to WAN1.

    Though user A can swap between WAN1 and 2 in a matter of seconds, as it just goes back and forth with each new established connection.

    IE: I can have two computers next to each other.

    Open a webbrowser at the same time on each, and enter "www.whatismyip.com" – Computer A will report the IP of my First Cable Modem -- Computer B will report the IP of my Second Cable Modem.

    Took me a while to get things going, but turns out I had to create 3 pools, and some rules for each interface.

    Good luck,



  • I'm new to this as well, but have successfully setup Loadbalancing and Failover with two connections and 8 computers utilizing them.

    Could you post your Firewall Rules for LAN/WAN/WAN2(OPT)

    <filter><rule><interface>wan</interface>
    <protocol>tcp</protocol>
    <source>
    <any><destination><address>192.168.1.100</address>

    <port>443</port></destination>
    <descr>HTTPS Publishing</descr></any></rule>
    <rule><type>pass</type>
    <interface>wan</interface>
    <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>

    <protocol>udp</protocol>
    <source>
    <any><destination><any><port>2000</port></any></destination>
    <descr>OpenVPN</descr></any></statetimeout></max-src-states></max-src-nodes></rule>
    <rule><type>pass</type>
    <interface>lan</interface>
    <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
    <os><source>
    <any><destination><address>127.0.0.1</address></destination>
    <descr>Workaround FTP</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule>
    <rule><type>block</type>
    <interface>lan</interface>
    <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
    <os><protocol>tcp/udp</protocol>
    <source>
    <network>lan</network>

    <destination><any><port>P2P</port></any></destination>
    <descr>Block P2P</descr></os></statetimeout></max-src-states></max-src-nodes></rule>
    <rule><type>pass</type>
    <interface>lan</interface>
    <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
    <os><source>
    <network>lan</network>

    <destination><any></any></destination>
    <descr>Default LAN -> any</descr>
    <gateway>LoadBalance</gateway></os></statetimeout></max-src-states></max-src-nodes></rule></filter>

    Also Your Load Balancer Pools.

    <load_balancer><lbpool><type>gateway</type>
    <behaviour>balance</behaviour>
    <monitorip>62.97.32.3</monitorip>
    <name>LoadBalance</name>
    <desc>My 2 ADSL</desc>
    <port><servers>opt1|80.20.178.19</servers>
    <servers>wan|62.97.32.3</servers></port></lbpool>
    <virtual_server></virtual_server></load_balancer>

    Basically anything you setup yourself, would be nice to diagnose.

    It sounds like your just using a single WAN connection, and the traffic you see on the other is just ARP traffic,.. (Aka: Nothing is going down that pipe).  You really don't have LB enabled or working..

    I think it is working since if I tear down WAN interface, the other seamlessy get the traffic.
    Also in LB status, I have 2 green tabs saying it allright.

    Because when it is on, it works fine.

    I can believe it!pfSense works very well.

    The manner in which it does work is on a Round Robin basis.  So If user A connects to a website, it will pick the next IP (WAN interface IP) out of the list.  User B Connects immediately after, they will generally get the second IP (Your WAN Interface 2).  User C, back to WAN1.

    May it be related to the fact I have a transparent proxy (squid) installed as a package?In this way the connections are all generated from the proxy itself…

    Open a webbrowser at the same time on each, and enter "www.whatismyip.com" – Computer A will report the IP of my First Cable Modem -- Computer B will report the IP of my Second Cable Modem.

    If I refresh lots of times I can see the 2 IPs. I use www.gorlani.net to check my IP address and headers.

    Took me a while to get things going, but turns out I had to create 3 pools, and some rules for each interface.

    Maybe I'm missing something, I only have 1 pool for load balancing.

    Hope to find some help
    Thanks!!

    p.s.
    Version I'm using is 1.2-BETA-1-TESTING-SNAPSHOT-05-02-07








  • squid could well be the problem, didn't use to work with load balance, try removing and see if that fixes it, then we can worry about making squid work in load balanced set up…....



  • @Pootle:

    squid could well be the problem, didn't use to work with load balance, try removing and see if that fixes it, then we can worry about making squid work in load balanced set up…....

    I'm going to try it next Tuesday.
    Bye and thanks



  • @Pootle:

    squid could well be the problem, didn't use to work with load balance, try removing and see if that fixes it, then we can worry about making squid work in load balanced set up…....

    Ok, I'm right back.
    Disabling Squid seemed to solve the problem. I have 4 hours of work and see the 2 connection somewhat evenly balanced.
    Next step is to find a way to have balancing AND Squid.
    Any ideas?
    Thanks



  • @LoZio:

    Next step is to find a way to have balancing AND Squid.
    Any ideas?

    I'd like that too, but am no expert at firkling around inside packges, hopefully someone more expert can explain how it might be done…..

    There's some talk about it here http://forum.pfsense.org/index.php/topic,737.0.html, but I'm not sure how this maps into the (beta) 1.2 build of pfSense.


Log in to reply