Dual WAN load balancing by application possible?

  • Hi,

    first of all, sadly, I don't have to much experience with this stuff, but here's what I'd like to do and I'd like to know if it is possible with pfSense:
    I have a standard ADSL line with low max rates and low latencies and Satellite DSL with high max rates and high latency. I'd now like to connect both to a Dual WAN Router and distribute the traffic by application sending/receiving the data using pfSense, e.g. standard would be Sat DSL handles the traffic, except if one of the applications (a game or another program that requires a low latency) I have specified in pfSense is the source/target, then it should be sent to the ADSL line.

    So would this be possible the way I have in mind (or possibly another way)? And if so, what router and/or other hardware should I buy to do this?

    Would be great if one of you guys could help me :)

    Best regards,

  • Rebel Alliance Developer Netgate

    pfSense can't know the application (e.g. program running on the user's PC) but it would see the port number.

    If you can identify the traffic in a firewall rule, you can have it balance or prefer a certain WAN, whatever you want. It just needs to be something you can express in a firewall rule.

  • Thanks for your reply. :)

    How specific are the ports to certain applications/programms/games? Might it be better/easier to e.g. have the ADSL line as standard and only have the traffic of my web browser and download programs directed to the Satellite DSL? Or are there any altogether better criteria to filter the traffic to make sure the apps that need a low latency get directed to the ADSL and larger downloads to the satellite? Can you recommend any (not too expensive) dual WAN router that has all the required features?

    Best regards,

  • Many games use specific UDP ephemeral ports or "client ports". You can check the source port on the LAN interface firewall rules and send those through the ADSL gateway. This will still break for Steam games since the Steam ticket will be against another IP address if Steam doesn't get classified correctly (it officially has specific ports too but in practice I haven't seen it use those ports).

    Other applications such as uTorrent let you specify the ephemeral port range in advanced settings so you can also use it to route Torrent traffic from properly configured clients.

    In general I'd recommend sending only HTTP/HTTPS through the Satellite connection and let everything else default to ADSL to avoid breaking things.

    Other than pfSense there is no other router which can do this except very expensive hardware.

Log in to reply