Page 1 of 2 12 LastLast
Results 1 to 10 of 15
  1. #1
    Untangler
    Join Date
    Jun 2009
    Location
    Denmark
    Posts
    66

    Default WAN Balancer - out of balance

    WAN Balancer has just been caught in a very strange behavior!

    One of the ISP's is down (link is down) - and this is actually the backup ISP so the primary link is up.
    Despite of this - it creates sessions on the interface that is DOWN!?

    I have taken some screen captures of stats (few seconds apart) and settings - and it keeps ticking away on the wrong interface :-(

    2015.08.31 - WAN Balancer - combined images.jpg

    I also have a PDF with the images but the low upload limit does not allow that...

    Glad that I at the current test setup have the interim Untangle that is solely on the primary ISP :-)

    TIA,
    ..Anders

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    "it creates sessions on the interface that is DOWN"
    What are you looking at to see this? The faceplate?
    I would open the session viewer and see what sessions are on that WAN.
    There are some sessions that should be put on that WAN even if its down, like ones local to that route, coming from that address, etc.

    What are your nat rules? What are your static routes? What is your network configuration?
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangler
    Join Date
    Jun 2009
    Location
    Denmark
    Posts
    66

    Default

    Yes - the faceplate where the session count increases rapidly.

    I have rebooted the server to ensure that there was no "old" session that was bound to the interface.
    I have not "manually" setup any NAT, routing or other rules - left them as defaults.
    I have tried to setup the OpenVPN but failed so it has been switched off (but not removed - that may be the next step, comes to my mind...)

    I tried to lookup jp.dk just before this session snapshot:

    2015.08.31 - UT1 - Session table.png

    It is clearly a mistake that I did not include the network configuration as that is of course necessary to understand it more clearly.
    But it is as simple as shown in the WAN Balancer - one Internal LAN and two External WAN's.

    2015.08.31 - UT1 - Network interfaces.png

    2015.08.31 - UT1 - Network AURA.png

    2015.08.31 - UT1 - Network TDC.png

    If the easy fix is to start over from scratch then I will do that - I am just worried that I have stumbled on some simple setup mistake that I will do again (despite that I find the installation and setup so straight and simple that it is admirable!)

    TIA

  4. #4
    Untangler
    Join Date
    Jun 2009
    Location
    Denmark
    Posts
    66

    Default

    Found the Current Routing table printout:

    = IPv4 Rules =
    0: from all lookup local
    100: from all fwmark 0xfe00/0xff00 lookup 1000
    32766: from all lookup main
    32767: from all lookup default
    50000: from 192.168.1.128 lookup uplink.1
    50001: from 192.168.1.6 lookup uplink.3
    70001: from all fwmark 0x100/0xff00 lookup uplink.1
    900000: from all lookup balance
    1000000: from all lookup uplink.1

    = IPv4 Table main =
    10.100.100.0/24 dev eth1 proto kernel scope link src 10.100.100.1
    192.168.1.0/24 dev eth3 proto kernel scope link src 192.168.1.128
    192.168.1.0/24 dev eth2 proto kernel scope link src 192.168.1.6
    192.168.1.1 dev eth2 scope link

    = IPv4 Table balance =
    default via 192.168.1.1 dev eth3

    = IPv4 Table uplink.1 =
    default via 192.168.1.1 dev eth3

    = IPv4 Table uplink.3 =
    default via 192.168.1.1 dev eth2

    = IPv4 Route Rules =



    = IPv6 Rules =
    0: from all lookup local
    32766: from all lookup main

    = IPv6 Table main =
    fe80::/64 dev eth1 proto kernel metric 256
    fe80::/64 dev eth2 proto kernel metric 256
    fe80::/64 dev utun proto kernel metric 256

    = IPv6 Table uplink.1 =

    = IPv6 Table uplink.3 =

  5. #5
    Untangler
    Join Date
    Jun 2009
    Location
    Denmark
    Posts
    66

    Default

    Sorry about another follow-up but I tried to interpret the routing tables - despite by lack of deep routing knowledge - just using my general computer science logic :-)

    I have noticed the problem with the identical network on the ISP routers.
    These are hard (well, impossible) to change due to ISP rules so they manage the router setup (VoIP, etc.)
    Can that be the devil in this case?

  6. #6
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Since your "TDC WAN" is 192.168.1.x/24 then all sessions to 192.168.1.x should go there, regardless of it being "up" or not.

    As you can see in the session viewer all sessions going to 192.168.1.1 are going to that WAN.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Untangler
    Join Date
    Jun 2009
    Location
    Denmark
    Posts
    66

    Default

    And the TDC WAN is the link that is DOWN.
    It is AURA that is live and working...

    Can't the WAN Balancer work with this "overlap" over WAN-IP's?

    It is "only" the single IP address that should be used for routing to the WAN - not the whole range as I understand the /24 netmask indicates. I just hope that WAN Balancer does the "right thing!" without me knowing (too) much on the internal routing and setup mechanics...
    Last edited by Justy; 08-31-2015 at 12:52 PM.

  8. #8
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Yes, read my posts.

    It doesn't matter that its "down." 192.168.1.1 is local to that segment whether its considered "down" or not.
    Obviously traffic to 192.168.1.x would not work if it went out the other WAN, so you might as well attempt to reach those hosts using the down WAN. Luckily for you thats why you can still connect to 192.168.1.1 despite that wan being considered "down." I know you can connected because you posted a screenshot of the session viewer.

    It is doing the right thing.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  9. #9
    Untangler
    Join Date
    Jun 2009
    Location
    Denmark
    Posts
    66

    Default

    Hi dmorris,

    (Respecfully) I AM (trying to) read and understand your posts because I know the answer(s) most often is(are) served and ready for use.
    But I am not seeing the (full) answer in your response as your deduction is not correct - the Untangle with the WAN Balancer is NOT working.
    Yes - I also see (from the faceplate and interpretation of the routing table) that it is trying to route to TDC but this connection is off!
    Actually it is physically disconnected so that is absolute knowledge that nothing comes through!

    Instead I have to switch to this "test 9.4->11.2 upgrade" Untangle that I also have with a working Untangle (no WAN Balancer :-)

    So I still see that this IP network similarity can be the culprit - even though as I stated, it is only one IP address that actually shall be addressed on the WAN's...

  10. #10
    Untangler
    Join Date
    Jun 2009
    Location
    Denmark
    Posts
    66

    Default

    And one more addition based on my limited insight in the routing domain:

    Is it possible to "restrict" by network mask so it is only ONE IP address at the WAN interfaces - something like /31 AFAIK?

    This is just a guess - and I am very reluctant to defer from the default Untangle configurations as this makes it so much easier to upgrade and not stray from the critical path...

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2