Multi WAN Load Balancing problem

  • Hi,

    I have one ISP offering me 2 separat WAN connections. Both are up and running (PPPoE, connection established). I setuped a new "Gateway Group" as shown in the attched screenshot. My expectation now ist, that if pc1 is running a download through WAN1, that pc2 will have its download routet over WAN2. But this isnt the case. The download speed of PC1 (and also Traffic shown for WAN 1) is around 1 MB … When I now start a download on PC2, it uses also WAN 1 and reduses the download speed of PC1. So both downloads are handled by using WAN 1, which results in having WAN 2 "doing nothing".

    What do I miss ? I read several threads, that its not needed in pfSense 2.0.1 to configure Failover for both WANs. Is that right ?

    regards Torsten

  • Do you see outbound any traffic via WAN2 ?

    Assuming you have setup the outbound load-balancing correctly, you have to remember that a LB device is trying to balance TCP connections with no way of knowing how much traffic an individual connection might generate. One TCP connection might download a 2KB GIF whereas the very next TCP connection a 500MB CD iso.

    Therefore luck may have it that e.g. two 500 MByte big file downloads end up going over the same WAN.

  • thanks for the reply… yes, I make the same experience here. Stopped all running downloads and gave it a "fresh" try ... and yes, now, both WANs having traffic. I expected to have a functionallity as LoadBalancing like automatically comparing the current traffic (in/out) on each WAN connection. Based on a fixed setup of adding additional max bandwidth information for each WAN connection that should be entered in the system, the Load Balancing system could split the outgoing traffic also on an traffic-amount of view. Can I do a similar setup in pfSense right now... like setting the max "Out" bandwidth to 16384 kbit and "In" to 1024 kbit so that the system knows ?

    regards Torsten

  • That's the drawback of connection-based load-balancing vs true multipath routing with a protocol like BGP. However if you have enough users generating enough outbound connections it should even out and all WANs which are in the same Tier should get similar usage.

    As I wrote earlier, the router has no way of knowing a priori how a TCP connection will behave (especially true with HTTP keep-alive). Some commercial loadbalancers offer various algorithms other than simple round-robin to try spread load around, however I don't think they offer any real benefits.

  • yes, true … I am planning to use pfSense end of october as Gateway on a LAN-Party with around 360 people. We will have 8 different internet connections available, so having a pfSense with 8 x WAN and 1 x LAN. The current plans are to use in general Load-Balancing for at least 6 WAN connection and limit the bandwidth for each user by using traffic shaping down to 250 kbit DOWN and 50 kbit UP. Traffic like "Steam Update" and "Origin Update" should be routed through a separat WAN. Also Web (HTTP & HTTPS) will go through a separate WAN.

    We will try to block each type of downloader to reduse the usage of the DSL connections.

    I am currently "playing around" with pfSense at home. I had replaced my Cisco Dual-WAN Router today with a pfSense installation in a VM on my ESX server. Load-Balancing is fine now. Also just finsihed the setup of a second Subnet on the LAN (Test-Environment that will be used on LAN). All is currently working, subnets communicate/routes to each other and also access to the internet is possible from each subnet.

    Will make a backup right now and continue priorising the traffic of games and applications ;-)

    really started to love pfSense ;-)

  • I'm not familiar with the types of traffic that gaming apps generate, but if your gamers need to contact an external gaming server you might want to look into HFSC traffic shaping (rather than impose a "procrustean" limit of 250Kbps per user with limiters) and transparently redirect most user traffic via a proxy to cache e.g. antivirus updates or big files related to your gaming apps, and possibly enforce a policy against objectionable content (p0rn).

  • You can find  Dual WAn Loadbalancing in followink link

  • Rebel Alliance


    You can find  Dual WAn Loadbalancing in followink link

    Having "WAN1" on Tier 1 & "WAN2" on Tier 2 and using "Member Down" as trigger level you are NOT Doing "Load Balance" you are doing "Fail Over".

    Please review your "Blog" post, then come back with accurate info.

    You can check the info from the pfSense Docs:

    If any two gateways are on the same tier, they will load balance.

    If they are on different tiers, they will do failover preferring the lower tier.

    If the tier is set to "Never" then the gateway is not considered part of this group.

Log in to reply