Can PBR and wan-load-balance failover exist on one vyos? Scenarios is: When both ISP up and running: Vlan100 - ISP1 - Internet, Vlan200 - ISP2 - Internet If one ISP fails switch everyone to working ISP, and then revert back when it restores.
What is the best approach?
Thanks for advices.
Yes.
Wan load Balancing has failover mechanism included.
Please refer to our docs
Using rules and failover, you can achieve what you are looking for.
Yes, it is failover, but i didn’t find if I can use PBR to still route some clients thru non primary internet?
In wan load balancing rules, you use exclude in your rule, and it won’t be affected by wan load balancing.
Then, you should define pbr for that traffic.
In theory, I think this should be possible. I haven’t tested in lab, so if you do it, please share your results so everybody is aware of this feature.
I’ll also give it a try to this setup.
Will do, I tried already, but i think that T3522 issue is making this setup isn’t possible right now.
Here is my first result:
So i have 2 dhcp internet connections, I did setup wan-load-balance in failover mode and it works great. The on top of that i made PBR to make one local subnet to go outside from “backup” internet. And it works. But, it “backup” internet goes down then PBR subnet switches to main channel and even after it comes back alive keeps there. If main internet goes down PBR will work again.
Some configs related to issue (eth0 is main, eth4 is backup internet, eth3 is local subnet):
vyos@vyos:~$ sh conf comm | grep PBR
set interfaces ethernet eth3 policy route 'PBR'
set policy route PBR rule 20 description 'Route all traffic to table 10'
set policy route PBR rule 20 set table '10'
set policy route PBR rule 20 source address '172.21.9.0/24'
vyos@vyos:~$ sh conf comm | grep wan
set load-balancing wan flush-connections
set load-balancing wan interface-health eth0 failure-count '2'
set load-balancing wan interface-health eth0 nexthop 'dhcp'
set load-balancing wan interface-health eth0 success-count '2'
set load-balancing wan interface-health eth0 test 0 resp-time '5'
set load-balancing wan interface-health eth0 test 0 target '1.1.1.1'
set load-balancing wan interface-health eth0 test 0 ttl-limit '1'
set load-balancing wan interface-health eth4 failure-count '2'
set load-balancing wan interface-health eth4 nexthop 'dhcp'
set load-balancing wan interface-health eth4 success-count '2'
set load-balancing wan interface-health eth4 test 0 resp-time '5'
set load-balancing wan interface-health eth4 test 0 target '1.1.1.1'
set load-balancing wan interface-health eth4 test 0 ttl-limit '1'
set load-balancing wan rule 1 failover
set load-balancing wan rule 1 inbound-interface 'eth3'
set load-balancing wan rule 1 interface eth0 weight '255'
set load-balancing wan rule 1 interface eth4 weight '1'
set load-balancing wan rule 1 protocol 'all'
Modyfying all lab I have, i get following results.
First, scenario is:
- eth1: WAN01
- eth2: WAN02
- eth3: LAN, which has 2 networks (192.168.88.0/24 and 192.168.99.0/24), and then 2 vlans.
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 - u/u
eth1 10.1.1.2/24 u/u To R01
eth2 10.2.2.2/24 u/u To R02
eth3 192.168.99.1/24 u/u LAN
192.168.88.1/24
eth3.100 192.168.100.1/24 u/u
eth3.200 192.168.200.1/24 u/u
Wan Loadbalancing config:
- VLAN 100 through WAN01, and backup WAN02
- VLAN 200 throguh WAN02, and backup WAN01
- Network 192.168.88.0/24, same behaviour as VLAN 200
- Network 192.168.99.0/24: not affected by WAN Load Balancing.
vyos@R03:~$ show config comm | grep wan
set load-balancing wan interface-health eth1 failure-count '1'
set load-balancing wan interface-health eth1 nexthop '10.1.1.1'
set load-balancing wan interface-health eth1 success-count '1'
set load-balancing wan interface-health eth2 failure-count '1'
set load-balancing wan interface-health eth2 nexthop '10.2.2.1'
set load-balancing wan interface-health eth2 success-count '1'
set load-balancing wan rule 10 failover
set load-balancing wan rule 10 inbound-interface 'eth3.100'
set load-balancing wan rule 10 interface eth1 weight '100'
set load-balancing wan rule 10 interface eth2 weight '10'
set load-balancing wan rule 10 protocol 'all'
set load-balancing wan rule 20 failover
set load-balancing wan rule 20 inbound-interface 'eth3.200'
set load-balancing wan rule 20 interface eth1 weight '10'
set load-balancing wan rule 20 interface eth2 weight '100'
set load-balancing wan rule 20 protocol 'all'
set load-balancing wan rule 30 failover
set load-balancing wan rule 30 inbound-interface 'eth3'
set load-balancing wan rule 30 interface eth1 weight '10'
set load-balancing wan rule 30 interface eth2 weight '100'
set load-balancing wan rule 30 protocol 'all'
set load-balancing wan rule 30 source address '192.168.88.0/24'
PBR routing affecting only to network 192.168.99.0/24 on eth3:
- Set different table and test
vyos@R03:~$ show config comm | grep pol
set interfaces ethernet eth3 policy route 'POL-ETH3'
set policy route POL-ETH3 rule 10 set table '10'
set policy route POL-ETH3 rule 10 source address '192.168.99.0/24'
vyos@R03:~$ show config comm | grep "table 10"
set protocols static table 10 route 0.0.0.0/0 next-hop 10.1.1.1
set protocols static table 10 route 1.1.1.1/32 blackhole
Results:
- Wan loadbalancing working as expected, and swithing from main to backup when one of the links goes down. (applies for both vlans and for network 192.168.88.0/24)
- As for network 192.168.99.0/24, static PBR is applied. So no fail-over mechanism is working on it. and It’s always being routed according to content of routing table 10
Hope this might be helpful for you!