Hi All,
I am (as a complete novice) trying to set up an Edgerouter Lite (1.9.1) to load balance between
- An ADSL link (~4Mb/s, uncapped, pppoe, on eth0 ) and
- A 4G link (~50Mb/s, capped at 18G, using a Netgear 4G modem on eth1)
I was hoping to set this up so that file transfers etc go via the slower link so as to use unmetered data, and general interactive use via the faster. I've set the 4g modem to be in 'bridge' mode so as to avoid double-nat.
When both links are enabled, each link works fine - i.e. I can force traffic down one link or the other using a source-address based modify rule. Load balancing however has issues - e.g. if I disconnect pppoe0 then load-balance watchdog shows both interfaces as unreachable. Also, the load balancing never seems to actually send anything via eth1.
I've included my config below - any insights would be much appreciated!
Many thanks,
Simon
firewall {
all-ping enable
broadcast-ping disable
group {
network-group PRIVATE_NETS {
network 192.168.0.0/16
network 172.16.0.0/12
network 10.0.0.0/8
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians disable
modify balance {
rule 10 {
action modify
description "do NOT load balance lan to lan"
destination {
group {
network-group PRIVATE_NETS
}
}
modify {
table main
}
}
rule 20 {
action modify
description "do NOT load balance destination public address"
destination {
group {
address-group ADDRv4_pppoe0
}
}
modify {
table main
}
}
rule 30 {
action modify
description "do NOT load balance destination public address"
destination {
group {
address-group ADDRv4_eth1
}
}
modify {
table main
}
}
rule 50 {
action modify
application {
category File-Transfer
}
description "File transfer to ADSL"
modify {
table 1
}
}
rule 51 {
action modify
application {
custom-category Apple
}
description "Apple to ADSL"
modify {
table 1
}
}
rule 100 {
action modify
modify {
lb-group G
}
}
}
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
options {
mss-clamp {
mss 1412
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
description WAN
duplex auto
pppoe 0 {
default-route auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
mtu 1492
name-server none
password ****************
user-id **************
}
speed auto
}
ethernet eth1 {
address dhcp
description "WAN 2"
dhcp-options {
default-route update
default-route-distance 210
name-server no-update
}
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
}
ethernet eth2 {
address 192.168.1.1/24
description Local
duplex auto
firewall {
in {
modify balance
}
}
speed auto
}
loopback lo {
}
}
load-balance {
group G {
interface eth1 {
route-test {
count {
failure 3
success 1
}
initial-delay 60
interval 30
type {
ping {
target 8.8.8.8
}
}
}
}
interface pppoe0 {
route-test {
count {
failure 3
success 1
}
initial-delay 60
interval 30
type {
ping {
target 8.8.8.8
}
}
}
}
lb-local enable
sticky {
dest-addr enable
dest-port enable
source-addr enable
}
}
}
protocols {
static {
interface-route 192.168.5.0/24 {
next-hop-interface eth1 {
description "Netgear 4G"
distance 1
}
}
table 1 {
interface-route 0.0.0.0/0 {
next-hop-interface pppoe0 {
}
}
}
table 2 {
interface-route 0.0.0.0/0 {
next-hop-interface eth1 {
}
}
}
}
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN {
authoritative enable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 192.168.1.1
lease 86400
start 192.168.1.100 {
stop 192.168.1.243
}
}
}
use-dnsmasq enable
}
dns {
forwarding {
cache-size 150
listen-on eth2
name-server 8.8.8.8
}
}
gui {
http-port 80
https-port 443
listen-address 192.168.1.1
older-ciphers enable
}
nat {
rule 5000 {
description "masquerade for WAN"
outbound-interface pppoe0
type masquerade
}
rule 5002 {
description "masquerade for WAN 2"
outbound-interface eth1
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
}
system {
conntrack {
expect-table-size 4096
hash-size 4096
table-size 32768
tcp {
half-open-connections 512
loose enable
max-retrans 3
}
}
domain-name home.lan
host-name edgerouter
name-server 127.0.0.1
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat disable
ipv4 {
forwarding enable
pppoe enable
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
traffic-analysis {
custom-category Apple {
name Apple.com
}
dpi enable
export enable
}
}