Hi all,
I’m trying to use the load-balance module on vyos 1.2.2 to provide failover capability between two internet connections for our office. according to show wan-load-balance etc the outgoing connections seem to be switching correctly, but nothing is actually being routed.
Previously I had static routes set up, which allowed the firewalls to access the internet, and SNAT rules to allow routing from internal VLANs. I attempted to remove these, as far as I understand it the load balance module should be managing routes and NAT, but the firewall lost the ability to access the internet (as it doesn’t have a default route), and there’s no routing from other VLANs
With the static routes in place, there is internet access / routing for the primary internet connection, but when I block the primary internet connection at the switch level (to trigger the load balancing) I lose all connection (as i did before setting up failover). It i use show wan-load-balance the primary internet connection shows as failed, and the secondary shows as active, however the default route remains set to the ‘down’ internet connection.
Any ideas?
load-balancing config:
wan {
flush-connections
interface-health eth2.2 {
failure-count 4
nexthop 10.35.2.251
success-count 10
test 0 {
resp-time 3
target 8.8.8.8
ttl-limit 1
type ping
}
}
interface-health eth2.4000 {
failure-count 4
nexthop 167.98.27.225
success-count 10
test 0 {
resp-time 3
target 167.98.27.225
ttl-limit 1
type ping
}
}
interface-health eth2.4001 {
failure-count 4
nexthop 148.252.241.225
success-count 10
test 0 {
resp-time 3
target 148.252.241.225
ttl-limit 1
type ping
}
}
rule 2 {
failover
inbound-interface eth2.2
interface eth2.2 {
weight 101
}
interface eth2.4000 {
weight 11
}
interface eth2.4001 {
weight 15
}
protocol all
}
rule 204 {
failover
inbound-interface eth2.204
interface eth2.2 {
weight 101
}
interface eth2.4000 {
weight 11
}
interface eth2.4001 {
weight 15
}
protocol all
}
sticky-connections {
inbound
}
}
protocols config
static {
route 0.0.0.0/0 {
next-hop 10.35.2.250 {
distance 200
}
next-hop 148.252.241.225 {
distance 15
}
next-hop 167.98.27.225 {
distance 11
}
}
}
> show wan-load-balance
Interface: eth2.4000
Status: failed
Last Status Change: Wed Aug 7 08:56:58 2019
-Test: ping Target: 167.98.27.225
Last Interface Success: n/a
Last Interface Failure: 0s
# Interface Failure(s): 164665
Interface: eth2.4001
Status: active
Last Status Change: Wed Aug 7 08:56:26 2019
+Test: ping Target: 148.252.241.225
Last Interface Success: 0s
Last Interface Failure: 21d2h25m9s
# Interface Failure(s): 0