Load balance with AON enabled



  • I enabled AON to NAT an internal segment out.  Added NATs for both of my WAN interfaces, but after doing that, it seems that no traffic is being balanced, all traffic is going out my OPT interface.  I saw a reference in a post that something has to be setup correctly with AON for load balancing, but not what that was.  What do I have to do different with AON for load balancing?

    Here are the rules I have defined currently.

    WAN    172.16.1.0/24  *  *  *  *  *  NO
    WAN  192.168.1.0/24 * * * * * NO
    OPT1  192.168.1.0/24 * * * * * NO
    WAN  172.16.12.0/24 * * * * * NO
    OPT1  172.16.12.0/24 * * * * * NO

    thanks much



  • There is no rule for 172.16.1/24 on your OPT1. Besides that advanced outbound nat does not determine where the traffic gets routed. That is done with the firewallrules. AON only adds the natting when it gets routed out through the one or the other interface. You have to check your firewallrules or your loadbalancer status to see why this is happening. Are you using sticky connections (system>advanced)?



  • @hoba:

    There is no rule for 172.16.1/24 on your OPT1. Besides that advanced outbound nat does not determine where the traffic gets routed. That is done with the firewallrules. AON only adds the natting when it gets routed out through the one or the other interface. You have to check your firewallrules or your loadbalancer status to see why this is happening. Are you using sticky connections (system>advanced)?

    Is it ok to only have one rule for that segment?  I am primarily interested in the 172.16.12/24 subnet as that is the source of most of my browser traffic.  My loadbalancer status is all green and appears to be working fine.  The only rule I have on that interface is an allow all with a gateway set to my balancer pool.

    *  *  *  *  *  BALANCE

    thanks again



  • Looks ok to me. Are you using sticky connections?



  • Yes, sorry, forgot to mention that bit.



  • That will keep a client on one wan until all it's states have expired. A single client can't make use of loadbalancing this way, only multiple clients will be distributed across all WANs in the pool then. Sounds like you want to turn that off.



  • doh, light bulb moment!  If all of my traffic is coming from a proxy server then I effectively have one client!  I'd enabled sticky connections the other day as well with the thought that I wouldn't have to create the rules for various protocols any longer.

    thanks for another mind to bounce things off of  :)

    -andy


Locked