Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




381 posts

Ultimate Geek
+1 received by user: 70


# 210367 24-Mar-2017 14:02
Send private message

With the edgerouter, I have 2 internet connections from 2 diff isps in load balance. I am trying to force some devices/computers to use one wan1 and other devices use wan2. Both wan1 and wan2 in failover mode.

 

 

 

I've got it configured (the best I can tell via UBNT forums)...but the devices still keep jumping from one wan to the other and then back. I am kind of new to these edgerouters. This is something I have probably spent 18 to 20 hours trying to complete.

 

 

 

Please anyone help!

 

Configuration below:

 

firewall {                                                                                                 
    all-ping enable                                                                                        
    broadcast-ping disable                                                                                 
    group {                                                                                                
        address-group 4G_group {                                                                           
            address 192.168.1.38                                                                           
            description "Devices using 4G"                                                                 
        }                                                                                                  
        address-group my_minions {                                                                         
            address 192.168.1.100                                                                          
            description "Spark Group"                                                                      
        }                                                                                                  
        network-group PRIVATE_NETS {                                                                       
            network 192.168.0.0/16                                                                         
            network 172.16.0.0/12                                                                          
            network 10.0.0.0/8                                                                             
        }                                                                                                  
    }                                                                                                      
    ipv6-receive-redirects disable                                                                         
    ipv6-src-route disable                                                                                 
    ip-src-route disable                                                                                   
    log-martians disable                                                                                   
    modify balance {                                                                                       
        rule 10 {
            action modify
            description "do NOT load balance lan to lan"
            destination {
                group {
                    network-group PRIVATE_NETS
                }
            }
            modify {
                lb-group Spark
            }
            source {
                group {
                    address-group my_minions
                }
            }
        }
        rule 20 {
            action modify
            description "do NOT load balance destination public address"
            destination {
                group {
                    address-group ADDRv4_eth0
                }
            }
            modify {
                lb-group G
            }
            source {
                group {
                    address-group 4G_group
                }
            }
        }
        rule 30 {
            action modify
            description "do NOT load balance destination public address"
            destination {
                group {
                    address-group ADDRv4_eth1
                }
            }
            modify {
                table main
            }
        }
        rule 100 {
            action modify
            modify {
                table main
            }
            source {
                group {
                }
            }
        }
    }
    name WAN_IN {
        default-action drop
        description "WAN to internal"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    name WAN_LOCAL {
        default-action drop
        description "WAN to router"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
interfaces {
    ethernet eth0 {
        address dhcp
        description 4G
        duplex auto
        firewall {
            in {
                name WAN_IN
            }
            local {
                name WAN_LOCAL
            }
        }
        speed auto
    }
    ethernet eth1 {
        address dhcp
        description Spark
        duplex auto
        firewall {
            in {
                name WAN_IN
            }
            local {
                name WAN_LOCAL
            }
        }
        speed auto
    }
    ethernet eth2 {
        address 192.168.1.1/24
        description Local
        duplex auto
        firewall {
            in {
                modify balance
            }
        }
        speed auto
    }
    ethernet eth3 {
        duplex auto
        speed auto
    }
    ethernet eth4 {
        duplex auto
        speed auto
    }
    ethernet eth5 {
        duplex auto
        speed auto
    }
    ethernet eth6 {
        duplex auto
        speed auto
    }
    ethernet eth7 {
        duplex auto
        speed auto
    }
    loopback lo {
    }
}
load-balance {
    group G {
        interface eth0 {
        }
        interface eth1 {
            failover-only
        }
        lb-local enable
        sticky {
            dest-addr enable
            dest-port enable
            proto enable
            source-addr enable
            source-port enable
        }
    }
    group Spark {
        interface eth0 {
            failover-only
        }
        interface eth1 {
        }
        lb-local enable
        sticky {
            dest-addr enable
            dest-port enable
            proto enable
            source-addr enable
            source-port enable
        }
    }
}
service {
    dhcp-server {
        disabled false
        hostfile-update disable
        shared-network-name LAN {
            authoritative enable
            subnet 192.168.1.0/24 {
                default-router 192.168.1.1
                dns-server 192.168.1.1
                lease 86400
                start 192.168.1.38 {
                    stop 192.168.1.243
                }
                static-mapping GamingRig {
                    ip-address 192.168.1.100
                    mac-address BC:5F:F4:BF:34:04
                }
                static-mapping Note4 {
                    ip-address 192.168.1.38
                    mac-address C0:BD:D1:18:8C:70
                }
            }
        }
        use-dnsmasq disable
    }
    dns {
        forwarding {
            cache-size 150
            listen-on eth2
        }
    }
    gui {
        http-port 80
        https-port 443
        older-ciphers enable
    }
    nat {
        rule 5000 {
            description "masquerade for WAN"
            outbound-interface eth0
            type masquerade
        }
        rule 5002 {
            description "masquerade for WAN 2"
            outbound-interface eth1
            type masquerade
        }
    }
    ssh {
        port 22
        protocol-version v2
    }
}
system {
    conntrack {
        expect-table-size 4096
        hash-size 4096
        table-size 32768
        tcp {
            half-open-connections 512
            loose enable
            max-retrans 3
        }
    }
    host-name ****
    login {
        user ***** {
            authentication {
                encrypted-password ****************
            }
            level admin
        }
    }
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone UTC
    traffic-analysis {
        dpi enable
        export enable
    }

 

 

 

Load Balance Status:

 

Group G
interface : eth0
carrier : up
status : active
gateway : 192.168.4.1
route table : 201
weight : 100%
flows
WAN Out : 0
WAN In : 0
Local Out : 625

 


interface : eth1
carrier : up
status : failover
gateway : 192.168.3.1
route table : 202
weight : 0%
flows
WAN Out : 0
WAN In : 0
Local Out : 0

 


Group Spark
interface : eth1
carrier : up
status : active
gateway : 192.168.3.1
route table : 204
weight : 100%
flows
WAN Out : 2422
WAN In : 0
Local Out : 0

 


interface : eth0
carrier : up
status : failover
gateway : 192.168.4.1
route table : 203
weight : 0%
flows
WAN Out : 0
WAN In : 0
Local Out : 0

 

 

 

Load Balance Watchdog

 

Group G eth0 status: Running pings: 214 fails: 0 run fails: 0/3 route drops: 0 ping gateway: ping.ubnt.com - REACHABLE

 

 

 

eth1 status: Running failover-only mode pings: 215 fails: 0 run fails: 0/3 route drops: 0 ping gateway: ping.ubnt.com - REACHABLE   Group Spark eth0 status: Running failover-only mode pings: 214 fails: 0 run fails: 0/3 route drops: 0 ping gateway: ping.ubnt.com - REACHABLE

 

 

 

eth1 status: Running pings: 215 fails: 0 run fails: 0/3 route drops: 0 ping gateway: ping.ubnt.com - REACHABLE    


Create new topic


381 posts

Ultimate Geek
+1 received by user: 70


  # 1747211 24-Mar-2017 17:13
One person supports this post
Send private message

I think I have it solved! I just found a reddit post and it mentioned/showed something that others failed to mention. Just in case there is another person trying or someday trying to do this.

 

All I had to do was basically the same as what I have above.... but add in one more firewall rule (5) and edits to rule 100 :

 

firewall

 

modify balance {
rule 5 {
modify {
lb-group Spark
}
source {
group {
address-group my_minions
}
}
}
rule 10 {
action modify
description "do NOT load balance lan to lan"
destination {
group {
network-group PRIVATE_NETS
}
}
modify {
table main
}
source {
group {
}
}
}
rule 20 {
action modify
description "do NOT load balance destination public address"
destination {
group {
address-group ADDRv4_eth0
}
}
modify {
table main
}
source {
group {
}
}
}
rule 30 {
action modify
description "do NOT load balance destination public address"
destination {
group {
address-group ADDRv4_eth1
}
}
modify {
table main
}
}
rule 100 {
action modify
modify {
lb-group G
}
source {
group {
address-group 4G_group

 

 

 

It is working like a charm. If some one sees something wrong...let me know?

 

 

 

Hope this helps someone..someday.

 

 


22157 posts

Uber Geek
+1 received by user: 4729

Trusted
Subscriber

  # 1747217 24-Mar-2017 17:24
Send private message

This is something that I was wanting to do on my USG when I had 2 connections and kept running into dead ends on. Shame they dont make it as easy as it should be to do things like this.





Richard rich.ms

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35


Air New Zealand uses drones to inspect aircraft
Posted 17-Jun-2019 15:39


TCL Electronics launches its first-ever 8K TV
Posted 17-Jun-2019 15:18


E-scooter share scheme launches in Wellington
Posted 17-Jun-2019 12:34


Anyone can broadcast with Kordia Pop Up TV
Posted 13-Jun-2019 10:51


Volvo and Uber present production vehicle ready for self-driving
Posted 13-Jun-2019 10:47


100,000 customers connected to fibre broadband network through Enable
Posted 13-Jun-2019 10:35


5G uptake even faster than expected
Posted 12-Jun-2019 10:01


Xbox showcases 60 anticipated games
Posted 10-Jun-2019 20:24


Trend Micro Turns Public Hotspots into Secure Networks with WiFi Protection for Mobile Devices
Posted 5-Jun-2019 13:24


Bold UK spinoff for beauty software company Flossie
Posted 2-Jun-2019 14:10


Amazon Introduces Echo Show 5
Posted 1-Jun-2019 15:32


Epson launches new 4K Pro-UHD projector technology
Posted 1-Jun-2019 15:26


Lenovo and Qualcomm unveil first 5G PC called Project Limitless
Posted 28-May-2019 20:23


Intel introduces new 10th Gen Intel Core Processors and Project Athena
Posted 28-May-2019 19:28



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.