Load balance with AON enabled

cubsfan · Mar 26, 2008, 3:44 PM

I enabled AON to NAT an internal segment out. Added NATs for both of my WAN interfaces, but after doing that, it seems that no traffic is being balanced, all traffic is going out my OPT interface. I saw a reference in a post that something has to be setup correctly with AON for load balancing, but not what that was. What do I have to do different with AON for load balancing?

Here are the rules I have defined currently.

WAN 172.16.1.0/24 * * * * * NO
WAN 192.168.1.0/24 * * * * * NO
OPT1 192.168.1.0/24 * * * * * NO
WAN 172.16.12.0/24 * * * * * NO
OPT1 172.16.12.0/24 * * * * * NO

thanks much

hoba · Mar 26, 2008, 3:50 PM

There is no rule for 172.16.1/24 on your OPT1. Besides that advanced outbound nat does not determine where the traffic gets routed. That is done with the firewallrules. AON only adds the natting when it gets routed out through the one or the other interface. You have to check your firewallrules or your loadbalancer status to see why this is happening. Are you using sticky connections (system>advanced)?

cubsfan · Mar 26, 2008, 4:00 PM

@hoba:

There is no rule for 172.16.1/24 on your OPT1. Besides that advanced outbound nat does not determine where the traffic gets routed. That is done with the firewallrules. AON only adds the natting when it gets routed out through the one or the other interface. You have to check your firewallrules or your loadbalancer status to see why this is happening. Are you using sticky connections (system>advanced)?

Is it ok to only have one rule for that segment? I am primarily interested in the 172.16.12/24 subnet as that is the source of most of my browser traffic. My loadbalancer status is all green and appears to be working fine. The only rule I have on that interface is an allow all with a gateway set to my balancer pool.

* * * * * BALANCE

thanks again

hoba · Mar 26, 2008, 4:01 PM

Looks ok to me. Are you using sticky connections?

cubsfan · Mar 26, 2008, 4:03 PM

Yes, sorry, forgot to mention that bit.

hoba · Mar 26, 2008, 4:07 PM

That will keep a client on one wan until all it's states have expired. A single client can't make use of loadbalancing this way, only multiple clients will be distributed across all WANs in the pool then. Sounds like you want to turn that off.

cubsfan · Mar 26, 2008, 4:14 PM

doh, light bulb moment! If all of my traffic is coming from a proxy server then I effectively have one client! I'd enabled sticky connections the other day as well with the thought that I wouldn't have to create the rules for various protocols any longer.

thanks for another mind to bounce things off of :)

-andy