One WAN NIC, multiple gateways LB/Failover



  • Hello, I am trying to achieve this config

    WAN IP: 192.168.0 .1
    GW0 IP: 192.168.0 .254
    GW1 IP: 192.168.0 .253
    GW3 IP: 192.168.0 .252

    with 1 phycal WAN NIC

    I defined the gateways, the gateways group (GW_GROUP_0, Tier1 for the three) and DNS (different for each GWx, routes created accordingly) and FIREWALL RULES (modified to use GW_GROUP_0)

    When I unplug GW (which is the default for WAN NIC), all the gateways are marked as down, since IP monitor check fails because it tries to check the IP using GW0.
    if I modify the monitor to monitor only the GWx IP (no WAN link check), the Gateway is not marked as down, but no traffic flows.

    So ath the end it seems that gateway group is ignored and physical NIC default gateway is used.

    Is it possibile to create a WAN failover/loadbancing wiht multiple gateways on same subnet of WAN interface or you need multiple NICs/VLANs ?

    Thks



  • Ok, after many attempt maybe I found a solution that in some conditions works fine.

    I describe it here for reference for others: It works with a physical desktop switch, it does not work with a VNMware virtual switch (even with promiscuos mode enabled)

    I recap scenario:

    A) One physical WAN NIC available (192.168.1.254)
    B) Many gateways each representing an internet connection (192.168.1.1,192.168.1.2,….)
    C) Archieve failover/lb of the gateways using only 1 physical nic

    Solution: use BRIDGE interface

    1. Create one bridge interface per each gateway minus one (will be assigned to WAN NIC) - Go to Interfaces > (Assign) > Bridges > + sign
    2. Go to interface assignements and  configure each interface with one IP on the public segnment (i.e. 192.168.1.253,192.168.1.252....) with NO gateway

    If you have 3 gateways to set up, you will end up with WAN NIC (192.168.1.254) + 2 OPT interfaces (192.168.1.253 and 192.168.1.252)

    1. At this point standard wan load balancing guide should apply (just check that outbound nat is configured accordingly): you will have to use one interface for each gateway

Log in to reply