LAGG OR RoundRobin - Which should I use?

  • I have a box running pfsense 2.0.2.  I have 4 internet modems connected to it, each providing roughly 16mb download and .50mb upload.  The modems get their IPs from the internet provider via DHCP and are not fixed.  Using OPENDNS currently on each modem.

    The LAN connection on the box  is connected to a managed Dell Switch.

    Objective:  To have the ability for my network to use all four modems equally at the same time theoreitcally allowing more bandwidth available to my network.  The internal network would vew the connection as one LAN and would pass this information to the box and it would balance the load and failover should one of the modems in the group stop working.

    I am needing some help in disseminating terminology and installation scenarios…I have read the manual and not enough information or possible scenario setups are given to understand when a person would use one Option1 or Option2.)  I have consulted two "experts" and one person says, it can be done and another says it can't.  So need some further input on the LAGG ability in pfsense.  (freebsd)

    Am I limited to  Option1 - basic round robin, failover type scenario where Modem1 is my primary and when it is full or down it falls overs to one of my other three Modems, etc.,

    OR is a possible scenario be Option2 - LAGG with failover.  Where Modem1, Modem2,...are all "bonded" together so that the internal lan can see it as one LAN.  Would my scenario qualify for this sort of setup?  If it would, would there need to be any further requirements for install and/or what possible scenarios would a person use the LAGG setup over the basic round robin - failover option.

    In general my setup would look more like an Internet provider setup, however, doing it on a business lan.

    Any help, thoughts or further clarification would be appreciated as I try to understand terminology used by Windows, Linux, and freebsd and their different unique twists and abilities.

    I think many are confused by this and would appreciate further clarification by those of you who are experts on this panel and know the capabilities of pfsense.  (If this is well documented in another sorry..the search bar on the forum did not find it so post me a link.)

  • lagg is for layer 2 redundancy and load balancing across NICs. It's not related to, and cannot be used for, multi-WAN. The best you can do to balance bandwidth across WANs is round-robin load balance with a gateway group.

  • Is it possible to divide up the kind of traffic to go out a certain Modem i.e http through Modem1, https through Modem2 and thereby manually increasing the total bandwidth throughput.

    Or possibly dividing up your businness and put each department on its own separate dhcp network with their own modem?

    The current scenario as previously described basically just limits me to one modem out of four.  Any thoughts on alternate solutions then to handle this situation…how should I go about getting the most bandwidth available to them.

  • You can make gateway groups with all 4 WANs in the group, but with 1 or more at higher priority, e.g.
    Group1: WAN1, tier1; WAN2, tier2; WAN3, tier3; WAN4, tier4;
    Group2: WAN2, tier1; WAN3, tier2; WAN4, tier3; WAN1, tier4;
    Group3: WAN3, tier1; WAN4, tier2; WAN1, tier3; WAN2, tier4;
    Group4: WAN4, tier1; WAN1, tier2; WAN2, tier3; WAN3, tier4;

    Then add firewall rules to feed different types of traffic into each of groups 1 to 4.
    That lets you manually split up your traffic, if you have a reasonable way to make firewall rules that will approximately load-balance for your site. If a link fails, then it will fail to the next link in the list ("round-robin failover" as it is setup above) - so 2 "chunks" pf traffic will have to share a link while one is down.

    But, if you just want to let everything find its own way, then make a single gateway group, all at tier 1:
    Group1: WAN1, tier1; WAN2, tier1; WAN3, tier1; WAN4, tier1;

    The traffic flows/states will get round-robin allocated to the 4 WANs. Any single flow will use 1 WAN (so a single flow can only go as fast as 1 WAN link. If 1 link fails, then flows will be round-robin allocated to the remaining links.

  • Netgate Administrator

    You can use any combination of load balancing, failover and policy based routing to acheive what you need. So, yes, you can send a particular protocol or departments traffic via a specific modem or group of modems.

    You should investigate whether or not your ISP supports ML-PPP. If it does use that instead. Perhaps you meant that instead of LAGG.


Log in to reply