EdgeRouter - WAN Load-Balancing


Overview


Readers will learn how the WAN load-balancing feature works in EdgeOS. This feature allows the router to intelligently load-balance outgoing traffic between multiple WAN interfaces.

NOTES & REQUIREMENTS:
Applicable to the latest EdgeOS firmware on all EdgeRouter models. Knowledge of the Command Line Interface (CLI) and basic networking knowledge is required. Please see the Related Articles below for more information.
 
Equipment used in this article:

Table of Contents


  1. FAQ
  2. Network Diagram
  3. Manual Configuration Example
  4. Load Balancing Configuration Options
  5. Troubleshooting
  6. Related Articles

FAQ


Back to Top

1. What is the minimal firmware version that I need to run load-balancing?

The load-balancing feature was introduced in EdgeOS firmware version v1.4.0.

2. How many interfaces can I load-balance between?
You can load-balance between 8 interfaces using EdgeOS firmware version v1.8.0 and up. Firmware versions prior to v1.8.0 only allow load-balancing between 2 interfaces.

There are a few requirements for the load-balancing configuration:

  • A load-balance section that defines the interfaces, and optionally ping targets, timer intervals, route-test, etc.
  • A firewall modify ruleset that defines the match criteria.
  • At least one LAN interface that has the firewall modify ruleset applied in the ingress (in) direction.

Network Diagram


Back to Top

The network topology is shown below with a PC on the LAN sending traffic to both WANs based on multiple sessions. For example there may be two websites being access on the PC with website1 traffic using WAN1 and website2 traffic using WAN2.

ER-4

  • eth0 203.0.113.1
  • eth1 192.0.2.1
  • eth2 192.168.1.1

lbdiagram.001.png


Manual Configuration Example


CLI: Access the command line interface (CLI). You can do this using the CLI button in the GUI or by using a program such as PuTTY.

It is recommended to use the wizard in the Web UI to automatically configure all of the different load-balancing options. The configuration below shows how to manually configure load-balancing using the CLI with eth0 and eth1 as the WAN interfaces and eth2 as the LAN interface.

1. Enter Configuration mode

configure

2. Create firewall network group specifying Private IP address ranges.

set firewall group network-group PRIVATE_NETS network 192.168.0.0/16
set firewall group network-group PRIVATE_NETS network 172.16.0.0/12
set firewall group network-group PRIVATE_NETS network 10.0.0.0/8

3. Create a firewall modify ruleset with rules to send all traffic destined to a private IP and each WAN IP address to the main routing table. 

set firewall modify balance rule 10 action modify
set firewall modify balance rule 10 destination group network-group PRIVATE_NETS
set firewall modify balance rule 10 modify table main

set firewall modify balance rule 20 action modify
set firewall modify balance rule 20 destination group address-group ADDRv4_eth0
set firewall modify balance rule 20 modify table main

set firewall modify balance rule 30 action modify
set firewall modify balance rule 30 destination group address-group ADDRv4_eth1
set firewall modify balance rule 30 modify table main
NOTE: The modify table main entries are there to prevent the local LAN traffic from being balanced across the two WAN interfaces.

4. Create a new rule in the modify ruleset that sends all traffic (other than traffic specified in the rules in step 3) to a load balancing group. This step specifies that all other traffic should be handled by the load balancer.

set firewall modify balance rule 110 action modify
set firewall modify balance rule 110 modify lb-group G

5. Assign the new modify ruleset to the LAN interface.

set interfaces ethernet eth2 firewall in modify balance

 

6. Create load balance group. These commands add WAN interfaces to the load balance group.

set load-balance group G interface eth0
set load-balance group G interface eth1

7. Commit and save configuration.

commit; save

Load Balancing Configuration Options


NOTE: The commands below are optional and not required for all load balancing implementations.

1. Failover

An interface can be configured as a failover only interface. An interface with this option will only become active when the interface without this option fails due to the route test.

set load-balance group G interface eth1 failover-only 

2. Load Balance Local Options

lb-local

Feature Description: Enabling this feature sends traffic originating from the router to the load balancer rather than the main routing table.

set load-balance group G lb-local enable

lb-local-metric-change

Feature Description: Enabling this feature affects the main routing table route distances and is most useful when an interface in the load balance group is set as a failover interface.

set load-balance group G lb-local-metric-change disable

3. Route Test

The default route test will base the status of the WAN connected by pinging ubnt.com The options below allow for further customization to specify when and how a WAN connected is determined to be in a down state.

  • count How many times a route test is successful or fails before the interface changes state.
  • initial-delay Number of seconds until the first route test starts.
  • interval Number of seconds between pings.
  • type Options for type include default, script, and ping target. It is often helpful to specify a ping target using the command below so the route-test does not rely on DNS.
set load-balance group G interface eth0 route-test type ping target 8.8.8.8

4. Weight

It is possible to specify the percentage of traffic that goes out of each interface. The default is 50/50. 

set load-balance group G interface eth0 weight 70 
set load-balance group G interface eth1 weight 30

5. Sticky

Including this option in the configuration specifies that if traffic starts using a specific WAN, the flow of traffic for that stream will stay with that WAN until the session closes based on the criteria below.

  • dest-addr Traffic will stay with the same WAN based on destination address.
  • dest-port Traffic will stay with the same WAN based on destination port.
  • proto Traffic will stay with the same WAN based on protocol.
  • source-addr Traffic will stay with the same WAN based on source address.
  • source-port Traffic will stay with the same WAN based on soucre port. This option is uncommon.
NOTE: The modify table main entries are there to prevent the local LAN traffic from being balanced across the two WAN interfaces.

Troubleshooting


Back to Top

1. Load Balance Status

show load-balance status
Group G
interface : eth0
carrier : up
status : active
gateway : 203.0.113.1
route table : 201
weight : 50%
flows
WAN Out : 55
WAN In : 0
Local Out : 986

interface : eth1
carrier : up
status : active
gateway : 192.0.2.1
route table : 202
weight : 50%
flows
WAN Out : 49
WAN In : 0
Local Out : 416

2. Load Balance Watchdog

show load-balance watchdog
Group G
eth0
status: Running
pings: 29
fails: 3
run fails: 1/2
route drops: 2
ping gateway: ping.ubnt.com - REACHABLE
last route drop : Mon Dec 10 11:48:02 2018
last route recover: Mon Dec 10 11:58:52 2018

eth1
status: Running
failover-only mode
pings: 29
fails: 0
run fails: 0/2
route drops: 2
ping gateway: ping.ubnt.com - REACHABLE
last route drop : Thur Dec 13 17:04:13 2018
last route recover: Thur Dec 13 17:06:18 2018

3. View main and load balancing routing tables

show ip route
S *> 0.0.0.0/0 [1/0] via 203.0.113.1, eth0
S *> 0.0.0.0/0 [10/0] via 192.0.2.1, eth1
C *> 203.0.113.0/24 is directly connected, eth0
C *> 127.0.0.0/8 is directly connected, lo
C *> 192.0.2.0/24 is directly connected, eth1
C *> 192.168.1.0/24 is directly connected, eth2

show ip route table 201
S *> 0.0.0.0/0 [1/0] via 203.0.113.1, eth0
C *> 203.0.113.0/24 is directly connected, eth0
C *> 127.0.0.0/8 is directly connected, lo
C *> 192.168.1.0/24 is directly connected, eth2

show ip route table 202
S *> 0.0.0.0/0 [10/0] via 192.0.2.1, eth1
C *> 192.0.2.0/24 is directly connected, eth1
C *> 127.0.0.0/8 is directly connected, lo
C *> 192.168.1.0/24 is directly connected, eth2

Related Articles


Back to Top

EdgeRouter - Which EdgeRouter Should I Use?

EdgeRouter - Beginners Guide to EdgeRouter

Intro to Networking - How to Establish a Connection Using SSH


We're sorry to hear that!