EdgeRouter - WAN Load-Balancing


Overview


Readers will learn how the WAN Load-Balancing feature works in EdgeOS. This feature allows the router to intelligently balance outgoing traffic using multiple WAN interfaces.

NOTES & REQUIREMENTS:
Applicable to the latest EdgeOS firmware on all EdgeRouter models. Knowledge of the Command Line Interface (CLI) and basic networking knowledge is required. Please see the Related Articles below for more information.
 
Devices used in this article:

Table of Contents


  1. Frequently Asked Questions (FAQ)
  2. Using the Load-Balancing Wizard
  3. Manual Configuration Example
  4. Additional Load-Balancing Options
  5. Troubleshooting
  6. Related Articles

Frequently Asked Questions (FAQ)


Back to Top

What is the minimal EdgeOS firmware version that supports Load-Balancing?

The Load-Balancing feature was introduced in EdgeOS firmware version v1.4.0.

How many WAN interfaces can be used for Load-Balancing?
The maximum amount of WAN interfaces is 8 when using the v1.8.0 EdgeOS firmware release and up.

Firmware releases prior to v1.8.0 only allow Load-Balancing between 2 interfaces.

Using the Load-Balancing Wizard


Back to Top

WAN Load-Balancing uses the following configuration options:

  • WAN Interfaces Defined in the load-balance section with optional criteria such as failover, weight and ping-targets.
  • Firewall Policy Defined in the firewall section using Load-Balancing exclusions and modify rules for matching traffic.
  • LAN interface(s) Defined in the interface section and applied to the LAN interface(s) in the ingress (in) direction.

topology.png

Using WAN Load-Balancing, traffic sessions from the clients in the 192.168.1.0/24 network is balanced across the WAN ports. 


The EdgeRouter configuration wizard provides a quick and easy setup of the Load-Balancing feature:

GUI: Access the EdgeRouter Web UI.

1. Navigate to the Wizards tab to configure the Load-Balancing feature.

Wizards > Setup Wizards > Load Balancing

2. Choose which WAN interfaces will be used in the setup and define the Internet connection types.

First Internet port

Port: eth0
Internet connection type: DHCP / Static / PPPoE
Firewall: Enable the default firewall (checked)

Second Internet port

Port: eth1
Internet connection type: DHCP / Static / PPPoE
Firewall: Enable the default firewall (checked)
Failover Only: -
NOTE: Choose whether to forward traffic using all WAN interfaces or to implement a failover setup using the Failover Only option.

LAN port

Port: eth3
Address: 192.168.1.1 / 255.255.255.0
DHCP: Enable the DHCP server (checked)

3. Apply the changes and reboot the device when prompted.


Manual Configuration Example


It is recommended to use the wizard in the web UI to automatically configure all of the different Load-Balancing options. The configuration example below shows how to manually configure the previous section using the command line.

CLI: Access the Command Line Interface. You can do this using the CLI button in the GUI or by using a program such as PuTTY.

1. Enter Configuration mode.

configure

2. Create a firewall network group specifying the private IP address ranges.

set firewall group network-group PRIVATE_NETS network 192.168.0.0/16
set firewall group network-group PRIVATE_NETS network 172.16.0.0/12
set firewall group network-group PRIVATE_NETS network 10.0.0.0/8

3. Create a firewall modify policy with exclusion rules for the WAN interface addresses and the network group created earlier.

set firewall modify balance rule 10 action modify
set firewall modify balance rule 10 destination group network-group PRIVATE_NETS
set firewall modify balance rule 10 modify table main

set firewall modify balance rule 20 action modify
set firewall modify balance rule 20 destination group address-group ADDRv4_eth0
set firewall modify balance rule 20 modify table main

set firewall modify balance rule 30 action modify
set firewall modify balance rule 30 destination group address-group ADDRv4_eth1
set firewall modify balance rule 30 modify table main
NOTE:  The modify table main entries are created to prevent the local LAN traffic from being balanced across the two WAN interfaces.

4. Add a firewall rule entry that sends all other traffic to a load balancing group.

set firewall modify balance rule 110 action modify
set firewall modify balance rule 110 modify lb-group G

5. Apply the firewall to the LAN interface in the ingress/in direction.

set interfaces ethernet eth3 firewall in modify balance

6. Create a Load-Balance group that includes the two WAN interfaces.

set load-balance group G interface eth0
set load-balance group G interface eth1
NOTE: Each interface will use its own separate routing table.

7. Commit the changes and save the configuration.

commit; save

Additional Load-Balancing Options


NOTE: The commands below are optional and not required for all Load-Balancing implementations.

Route Test

This feature will test the connectivity of the WAN interface by sending probes to ping.ubnt.com. The following options are available:

  • count success Defines after how many tries the route test is considered successful before the interface changes state.
  • count failure Defines after how many tries the route test is considered failed before the interface changes state.
  • initial-delay Delay in seconds before the initial route test is started.
  • interval Number of seconds between pings.
  • type Defines whether to ping the default gateway, a custom host or use a script.
set load-balance group G interface eth0 route-test count success <nr>
set load-balance group G interface eth0 route-test count failure <nr>

set load-balance group G interface eth0 route-test initial-delay <nr>
set load-balance group G interface eth0 route-test interval <nr>

set load-balance group G interface eth0 route-test type ping target <host>
set load-balance group G interface eth0 route-test type default
set load-balance group G interface eth0 route-test type script <path>

Fail Over

Interface configured with the failover-only option will only become active when the other WAN interface(s) fail the route test.

set load-balance group G interface eth1 failover-only 

Local Load-Balancing

The lb-local feature will also load balance the traffic  from the router rather than using the main routing table.

set load-balance group G lb-local enable

Local Metric Change

The lb-local-metric-change feature automatically changes the router's default route distance and is most useful when using a failover setup.

set load-balance group G lb-local-metric-change enable

Route table

Configures the interface to use a custom routing table (valid routing table numbers are between 1-200).

set load-balance group G interface <id> route table 10

Weight

Defines the percentage of traffic that is forwarded out of each interface. The default weight ratio is 50/50.

set load-balance group G interface eth0 weight 70 
set load-balance group G interface eth1 weight 30

Sticky

This option will keep traffic sessions on the same WAN interface until they are timed out. The following options are available:

  • dest-addr Traffic sessions will be on the same WAN interface based on the destination address.
  • dest-port Traffic sessions will be on the same WAN interface based on the destination port.
  • source-addr Traffic sessions will be on the same WAN interface based on the source address.
  • source-port Traffic sessions will be on the same WAN interface based on the source port.
  • proto Traffic sessions will be on the same WAN interface based on the protocol.
set load-balance group G sticky dest-addr enable
set load-balance group G sticky dest-port enable
set load-balance group G sticky source-addr enable
set load-balance group G sticky source-port enable
set load-balance group G sticky proto enable

Troubleshooting


Back to Top

You can verify the current Load-Balancing status with:

show load-balance status
Group G
interface : eth0
carrier : up
status : active
gateway : 203.0.113.1
route table : 201
weight : 50%
flows
WAN Out : 55
WAN In : 0
Local Out : 986

interface : eth1
carrier : up
status : active
gateway : 192.0.2.1
route table : 202
weight : 50%
flows
WAN Out : 49
WAN In : 0
Local Out : 416

The watchdog is using to verify the interface reachability status:

show load-balance watchdog
Group G
eth0
status: Running
pings: 29
fails: 3
run fails: 1/2
route drops: 2
ping gateway: ping.ubnt.com - REACHABLE
last route drop : Mon Dec 10 11:48:02 2018
last route recover: Mon Dec 10 11:58:52 2018

eth1
status: Running
pings: 29
fails: 0
run fails: 0/2
route drops: 1
ping gateway: ping.ubnt.com - REACHABLE
last route drop : Thur Dec 13 17:04:13 2018
last route recover: Thur Dec 13 17:06:18 2018

View the main and Load-Balancing routing tables:

show ip route
S *> 0.0.0.0/0 [1/0] via 203.0.113.1, eth0
S *> 0.0.0.0/0 [1/0] via 192.0.2.1, eth1
C *> 203.0.113.0/24 is directly connected, eth0
C *> 192.0.2.0/24 is directly connected, eth1
C *> 192.168.1.0/24 is directly connected, eth3

show ip route table 201
S *> 0.0.0.0/0 [1/0] via 203.0.113.1, eth0
C *> 203.0.113.0/24 is directly connected, eth0
C *> 192.168.1.0/24 is directly connected, eth3

show ip route table 202
S *> 0.0.0.0/0 [1/0] via 192.0.2.1, eth1
C *> 192.0.2.0/24 is directly connected, eth1
C *> 192.168.1.0/24 is directly connected, eth3

Related Articles


Back to Top

EdgeRouter - Which EdgeRouter Should I Use?

EdgeRouter - Beginners Guide to EdgeRouter

Intro to Networking - How to Establish a Connection Using SSH


We're sorry to hear that!