Where to put limiter rules to limit multi-WAN failover/load-balanced traffic?
pubmsu last edited by
In single LAN, single WAN setup, one can easily put the rule activating limiter on any traffic either on the LAN interface or in the floating rules (by setting LAN as interface and direction "in").
Now, for multi-WAN setups, if the traffic which needs to be limited will go through either failover or load-balanced gateway group, in which the WANs may not necessarily have same bandwidth, the traffic should ideally go through the limiter that has the bandwidth corresponding to the actual gateway that traffic is going out through. In our case, there's an additional requirement that each of the WAN's bandwidth get evenly shared by LAN-side clients.
For example, if WAN1 has 1 mbps, and if WAN2 has 2 mbps there should be limiter specific to each of these WANs matching the respective bandwidths (so that these bandwidths can be evenly shared between all active clients using child queues on the limiters and applying the child queues as limiters in the rules). So, if traffic goes through the load-balanced group of WAN1_WAN2, traffic that goes through WAN1 will be limited by the limiter with total bandwidth set as 1 mbps and traffic that goes through WAN2 via this policy-based routing gateway, will be limited by the 2 mbps limiter. Let's say the limiters are setup this way:
WAN1UploadLimiter (1 mbps)
–-- WAN1UploadLimiter_LAN (mask set as source address) << for evenly sharing bandwidth between clients
WAN1DownloadLimiter (1 mbps)
---- WAN1DownloadLimiter_LAN (mask set as destination address)
WAN2UploadLimiter (2 mbps)
---- WAN2UploadLimiter_LAN (mask set as source address)
WAN2DownloadLimiter (2 mbps)
---- WAN2DownloadLimiter_LAN (mask set as destination address)
Now the question is, where to put the limiter rule? You can't put the limiter rule on LAN tab since in such rule, you're specifying the loadbalance gateway as the gateway and setting any one of the limiters will not be specific to the other gateway and hence won't work.
In case of putting the limiter rule as a FLOATING rule, we will need to set two limiters: one set as per WAN1's bandwidth and another set as per WAN2 bandwidth and therefore the following questions arise:
Q1. Should the two rules be "Match" rule where interface is set as LAN with direction "in" or should the interface be set as WAN1 (or WAN2) and direction "out" and respective limiter set in "In/Out"?
Q2. if the answer to Q1 is that it should be a Match rule on interface LAN with direction "in", then how do we correlate the WAN-specific limiters with the respective WANs? Do we select the respective WAN as the gateway? Like WAN1 as gateway for the WAN1 limiter?
Q3. Will we need to set limiter rules on the "in" direction of WAN interfaces, too, to make sure inbound traffic also falls under the limiters? Or is that not necessary?
Thanks for reading the questions and looking forward to the answers!
pubmsu last edited by
Let me state our needs in a more simplified way:
We have 2 WANs: WAN1 (1 mbps up/down) and WAN2 (2 mbps up/down). And we have mainly 3 requirements:
A. Traffic will use policy-based routing: gateways will be either load-balancing or failover
B. Regardless of which load-balancing/failover gateway group the gateway is member of, bandwidth of each WAN will be shared evenly between the client machines those are active in the LAN at any time. This part is easily achieved by creating source/destination mask-based child queues on the main limiters as mentioned in the post.
C. The bandwidth that gets evenly shared by the LAN clients will be determined by which actual WAN the traffic is passing out through so that the LAN clients can utilize the maximum possible bandwidths made available by either the load-balance or failover gateway group. Otherwise, if we set limiter with 1 mbps limit, clients will not get the full utility of the 2 mbps WAN and if we set 2 mbps as the limit, then if traffic is indeed going through 1 mbps, the bandwidth distribution to clients will not be even/fair. For example, if there are 2 active clients and traffic is going through 1 mbps WAN1, limiter will let the both users use 1 mbps therefore causing congestion and the first user will end up enjoying the 1 mbps of the WAN1.
So, quite simply, the question is where to put the rule that'll assign the limiters and how to correlate or correspond the limiter with the specific gateway (WAN1 or WAN2) the traffic is eventually going through when policy-based routing gateway group is set as the gateway?
Eagerly hoping for some answers/hints…