×

EdgeRouter - WAN Load-Balancing

Overview

This article demonstrates how the EdgeRouter WAN Load-Balancing feature works and provides a manual configuration example.

NOTES & REQUIREMENTS:
  • This feature allows the router to intelligently balance outgoing traffic using multiple WAN interfaces.
  • Applicable to the latest EdgeOS firmware on all EdgeRouter models.
  • The latest EdgeOS firmware can be downloaded from the EdgeRouter Downloads page.
  • Join the EdgeMAX discussion on the Ubiquiti Community and interact with other experts that are active on forum.

Table of Contents

  1. Frequently Asked Questions (FAQ)
  2. Using the Load-Balancing Wizard
  3. Manual Configuration Example
  4. Additional Load-Balancing Options
  5. Troubleshooting
  6. Related Articles

Frequently Asked Questions (FAQ)

Back to Top

What is the minimal EdgeOS firmware version that supports Load-Balancing?

The Load-Balancing feature was introduced in EdgeOS firmware version v1.4.0.

How many WAN interfaces can be used for Load-Balancing?
The maximum amount of WAN interfaces that can be added to a group is 55 when using the v2.0.8 EdgeOS firmware release and up. 

Up to 8 interfaces can be used starting from the v1.8.0 EdgeOS firmware release. Older releases only allow up to 2 interfaces.

Using the Load-Balancing Wizard

Back to Top

WAN Load-Balancing uses the following configuration options:

  • WAN Interfaces Defined in the load-balance section with optional criteria such as failover, weight and ping-targets.
  • Firewall Policy Defined in the firewall section using Load-Balancing exclusions and modify rules for matching traffic.
  • LAN interface(s) Defined in the interface section and applied to the LAN interface(s) in the ingress (in) direction.

topology.gif

Using WAN Load-Balancing, traffic sessions from the LAN clients are balanced across the WAN ports. 

The EdgeRouter configuration wizard provides a quick and easy setup of the Load-Balancing feature:

GUI: Access the EdgeRouter Web UI.

1. Navigate to the Wizards tab to configure the Load-Balancing feature.

Wizards > Setup Wizards > Load Balancing

2. Choose which WAN interfaces will be used in the setup and define the Internet connection types.

First Internet port

Port: eth0
Internet connection type: DHCP / Static / PPPoE
Firewall: Enable the default firewall (checked)

Second Internet port

Port: eth1
Internet connection type: DHCP / Static / PPPoE
Firewall: Enable the default firewall (checked)
Failover Only: -
NOTE:Choose whether to forward traffic using all WAN interfaces or to implement a failover setup using the Failover Only option.

LAN port

Port: eth3
Address: 192.168.1.1 / 255.255.255.0
DHCP: Enable the DHCP server (checked)

3. Apply the changes and reboot the device when prompted.

Manual Configuration Example

It is recommended to use the wizard in the Web UI to automatically configure all of the different Load-Balancing options. The configuration example below shows how to manually configure the previous section using the command line.

CLI: Access the Command Line Interface.You can do this using the CLI button in the GUI or by using a program such as PuTTY.

1. Enter Configuration mode.

configure

2. Create a firewall network group specifying the private IP address ranges.

set firewall group network-group PRIVATE_NETS network 192.168.0.0/16
set firewall group network-group PRIVATE_NETS network 172.16.0.0/12
set firewall group network-group PRIVATE_NETS network 10.0.0.0/8

3. Create a firewall modify policy with exclusion rules for the WAN interface addresses and the network group created earlier.

set firewall modify balance rule 10 action modify
set firewall modify balance rule 10 destination group network-group PRIVATE_NETS
set firewall modify balance rule 10 modify table main

set firewall modify balance rule 20 action modify
set firewall modify balance rule 20 destination group address-group ADDRv4_eth0
set firewall modify balance rule 20 modify table main

set firewall modify balance rule 30 action modify
set firewall modify balance rule 30 destination group address-group ADDRv4_eth1
set firewall modify balance rule 30 modify table main
NOTE: The modify table main entries are created to prevent the local LAN traffic from being balanced across the two WAN interfaces.

4. Add a firewall rule entry that sends all other traffic to a load balancing group.

set firewall modify balance rule 110 action modify
set firewall modify balance rule 110 modify lb-group G

5. Apply the firewall to the LAN interface in the ingress/in direction.

set interfaces ethernet eth3 firewall in modify balance
ATTENTION:The WAN and LAN interfaces might differ depending on your EdgeRouter model and setup.
 
For example, the ER-X / ER-X-SFP / ER-10X / ER-12 / ER-12P and EP-R6 are able to use switch0 as the LAN interface.

6. Create a Load-Balance group that includes the two WAN interfaces.

set load-balance group G interface eth0
set load-balance group G interface eth1
NOTE:Each interface will use its own separate routing table.

7. Commit the changes and save the configuration.

commit; save

Additional Load-Balancing Options

NOTE: Thecommands below are optional and not required for all Load-Balancing implementations.

Route Test

This feature will test the connectivity of the WAN interface by sending probes (ICMP ping messages) to a predefined address.

The following options are available:

  • count success Defines after how many tries the route test is considered successful before the interface changes state.
  • count failure Defines after how many tries the route test is considered failed before the interface changes state.
  • initial-delay Delay in seconds before the initial route test is started.
  • interval Number of seconds between pings.
  • type Defines whether to ping the default gateway, a custom host or use a script.
set load-balance group G interface eth0 route-test count success <nr>
set load-balance group G interface eth0 route-test count failure <nr>

set load-balance group G interface eth0 route-test initial-delay <nr>
set load-balance group G interface eth0 route-test interval <nr>

set load-balance group G interface eth0 route-test type ping target <host>
set load-balance group G interface eth0 route-test type default
set load-balance group G interface eth0 route-test type script <path>

Fail Over

Interface configured with the failover-only option will only become active when the other WAN interface(s) fail the route test.

set load-balance group G interface eth1 failover-only 

Local Load-Balancing

The lb-local feature will also load balance the traffic from the router rather than using the main routing table.

set load-balance group G lb-local enable

Flush Conntrack Table

The flush-on-active feature clears all connections in the conntrack table whenever a WAN transition occurs.

set load-balance group G flush-on-active enable

Local Metric Change

The lb-local-metric-change feature automatically changes the router's default route distance and is most useful when using a failover setup.

set load-balance group G lb-local-metric-change enable

Route table

Configures the interface to use a custom routing table (valid routing table numbers are between 1-200).

set load-balance group G interface <id> route table 10

Weight

Defines the percentage of traffic that is forwarded out of each interface. The default weight ratio is 50/50.

set load-balance group G interface eth0 weight 70 
set load-balance group G interface eth1 weight 30

Sticky

This option will keep traffic sessions on the same WAN interface until they are timed out. The following options are available:

  • dest-addr Traffic sessions will be on the same WAN interface based on the destination address.
  • dest-port Traffic sessions will be on the same WAN interface based on the destination port.
  • source-addr Traffic sessions will be on the same WAN interface based on the source address.
  • source-port Traffic sessions will be on the same WAN interface based on the source port.
  • proto Traffic sessions will be on the same WAN interface based on the protocol.
set load-balance group G sticky dest-addr enable
set load-balance group G sticky dest-port enable
set load-balance group G sticky source-addr enable
set load-balance group G sticky source-port enable
set load-balance group G sticky proto enable

Troubleshooting

Back to Top

You can verify the Load-Balancing configuration and status with the following commands:

show load-balance status
show load-balance watchdog
show load-balance config

The main and Load-Balancing routing tables can be displayed with the commands below:

show ip route
show ip route table 201
show ip route table 202

Related Articles

Back to Top

EdgeRouter - Which EdgeRouter Should I Use?

EdgeRouter - Beginners Guide to EdgeRouter

Intro to Networking - How to Establish a Connection Using SSH

Was this article helpful?
24 out of 29 found this helpful
Can't find what you're looking for?
Visit our worldwide community of Ubiquiti experts for more answers
Visit the Ubiquiti Community
Can't find what you're looking for?