Multi-WAN

Multi-WAN (MWAN) provides outbound traffic balancing and failover across multiple WAN links. It comes as a default feature for RansNet product Family. Added onto mbox powerful performance and multiple GE ports, MWAN offers a simple and cost-effective choice for enterprises to efficiently aggregate the total bandwidth available from multiple upstream ISP links with the highest resiliency. If you have multiple internet connections and want to fully utilize the total available bandwidth with failover, or even control which traffic goes through which WAN link, mbox is the ideal choice for this type of requirement.

You can do load-balancing based on weights between links (weights are relative to each WAN link capacity), or just do failover with multiple levels of primary and backup interfaces. For example, Different sources can have different primary or backup WANs, eg. group 1 use WAN1 as primary and WAN2 as backup; group2 use WAN1 as backup and WAN2 as primary etc.

In summary, MWAN does below:

  1. provides outbound WAN traffic load balancing over multiple WAN links based on weight assignment. It also supports specific outbound traffic rules to customize which outbound connections should use which WAN link, based on source IP, destination IP, destination port(s), protocols, etc (is like PBR with failover support).
  1. monitors each WAN connection using repeated ping tests (to each interface default gateway only) and can automatically failover outbound traffic to other alive interfaces if one interface loses connectivity.
  1. supports unlimited WAN links (the limit is the available hardware GE interfaces!)

NOTE

If you have multiple internet connections and want to fully utilize the total available bandwidth with failover, or even control which traffic goes through which WAN link, RansNet Appliances is the ideal choice for this type of requirement.

With RansNet Appliance, you can configure to add the Gateway Ethernet Interfaces as a member of the MWAN group of the Host within the selected entity.

Prerequisites:

NOTE

To enable Multi-WAN Group: The user has to configure a minimum of two Interface for MWAN Group in the ‘Ethernet Interface (‘Network > Ethernet Interfaces’) and enable the Multi-WAN Group section with relevant settings as per the user requirement.

Multi-WAN Interface

User can access the Multi-WAN interface from the dropdown menu of the  tab when editing the Gateway. User can click the number in the ‘Rule No.’ column to edit it.

Image 1. Multi-WAN List

The fields of the Multi-WAN List are explained below:

S/NFieldsDescription
01.Rule NoRule number identifies different traffic steering policies, in top down approach. eg. traffic with lower rule number is processed first.
02.InterfaceDisplays the Group number configured in the Gateway > Ethernet Interface
03.Link MetricDisplays the link route metric used for the link balancing algorithm. If all links have the same metric, it means traffic will be load balanced (all links actively passing traffic); if links have a different metrics, the lower metric link will be the primary link.
04.Link WeightDisplays the weights used for link balancing (when all links have the same metric). If all link have the same weight, traffic will be equally load-balanced out from all interfaces, else traffic will be split proportionally according to the weights configured.
05.Tracked Host/Interval/AttemptsDisplays upstream host tracking config.
06.Action Displays the delete icon to delete the particular MWAN rule.
Table 1 : The Fields of Multi-WAN List

New MWAN Interface

To create new MWAN , click on the button as in Image 1.

Image 2. New/Edit Multi-WAN Rule Page

The fields of the Multi-WAN List are explained below:

S/NSECTIONFIELDSDESCRIPTION
01.New / Edit MWAN Rule
1.1Rule NoRule number to identify the MWAN Rule
NOTE: Rule number cannot be replicated
02.New Interface
2.1Select InterfaceInterface to configure mwan
2.2Link Metric / Weightconfigure the mwan metric and weight
2.3Tracked Host / Interval / AttemptsThis command tracks upstream host availability with interval and no of times for failure
03.MWAN Rule (Options)
3.1Application ProtocolConfigures traffic matching criteria for each policy.
3.2User Source IP / NetmaskConfigures traffic matching criteria for each policy.
3.3Destination IP / NetmaskConfigures traffic matching criteria for each policy.
Table 2 : The Fields Of New/Edit Multi-WAN Settings

Settings of MWAN Rule

The New/Edit MWAN Rule Page consists of two sections as listed below:

  • Edit MWAN Rule, and
  • MWAN Rule (Options)

Pls, see Table 1 above for the explanation of the fields.

CONFIGURATION STEPS

  • Before starting any MWAN configuration, test each link by pinging its default gateway.
  • Plan mwan-group and assign each WAN interface to the target mwan-group. You can potentially put each interface into a different mwan-group for different balance/active-standby purposes (applied into mwan-rules).
  • Configure the default route for each link
  • Configure firewall-access rules to permit outbound access through each WAN link. See Firewall-Access Rule
  • Configure firewall-snat rules to hide/PAT all source address to the WAN interface public IP
  • Define the mwan-rule to specify which interesting traffic to use which target mwan-group
  • start MWAN (mwan start)

CONFIGURATION EXAMPLE

In this code, we are configuring 3 x ISP links, connected to eth0, eth1, eth2 respectively.

  • eth0 and eth1 to do load balancing. Both of them are having the same metric value of 1, with a balancing policy, eth0: 33%, eth1: 66% (as in ratio of 1:2).
  • eth2 has the higher metric value of 2, so it will always be standby/back unless both eth0 and eth1 fail.

NOTE

The weight for eth2 is not relevant to eth0 & eth1 (only effective if there’s another interface in the same mwan-group and having the same metric value of 2)

!
hostname mbox
!
interface eth0
 description "ISP1 connection"
 enable
 ip address 192.168.1.10/24
 mwan-group 10
  track 192.168.1.1 timer 5 5
  metric 1
  weight 1
!
interface eth1
 description "ISP2 connection"
 enable
 ip address 192.168.2.10/24
 mwan-group 10
  track 192.168.2.1 timer 5 5
  metric 1
  weight 2
!
interface eth2
 description "Default OOB-Mgmt"
 enable
 ip address 10.10.10.1/24
!
interface eth3
 description "Reserved network"
!
interface loopback
 enable
 ip address 2.1.2.1/32
!
ip name-server 8.8.8.8 8.8.4.4
!
ip ntp-server 203.211.159.1 62.201.225.9
!
ip host portal.ransnet.com 129.126.175.80
!
ip route 0.0.0.0/0 nexthop 192.168.1.1
ip route 0.0.0.0/0 nexthop 192.168.2.1
!
firewall-input 100 permit all tcp dport 80
firewall-input 101 permit all tcp dport 22
!
firewall-access 10 permit outbound eth0
firewall-access 11 permit outbound eth1
!
firewall-snat 10 overload outbound eth0
firewall-snat 11 overload outbound eth1
!
mwan-rule 10 tcp dst 0.0.0.0/0 dport 443 group 10 persistent remark "[Auto] Re-a
ctivate: 66dee23c95"
mwan-rule 14 dst 0.0.0.0/0 group 14 remark "[Auto] Re-activate: d41d8cd98f"

Config below is an example snip when both WAN interfaces are getting dynamic(dhcp) addresses from ISP. The mbox will auto-learn the default gateway via DHCP from each ISP, so there’s no need to add any default routes. CLI config example below:

INFO:

User can stop the DHCP to auto-learn the default gateway IP. [ ip address dhcp nodefault ]

!
hostname mbox
!
interface eth0
 description "ISP1 connection"
 enable
 ip address dhcp nodefault          ------------> Stop auto-learn default gateway ip.
 ip address dhcp
 mwan-group 10
  track 192.168.1.1 timer 5 5
  metric 1
  weight 1
!
interface eth1
 description "ISP2 connection"
 enable
 ip address dhcp nodefault          ------------> Stop auto-learn default gateway ip.
 ip address dhcp
 mwan-group 10
  track 192.168.2.1 timer 5 5
  metric 1
  weight 2
!
interface eth2
 description "Default OOB-Mgmt"
 enable
 ip address 10.10.10.1/24
!
interface eth3
 description "Reserved network"
!
interface loopback
 enable
 ip address 2.1.2.1/32
!
ip name-server 8.8.8.8 8.8.4.4
!
ip ntp-server 203.211.159.1 62.201.225.9
!
ip host portal.ransnet.com 129.126.175.80
!
ip route 0.0.0.0/0 nexthop 192.168.1.1
ip route 0.0.0.0/0 nexthop 192.168.2.1
!
firewall-input 100 permit all tcp dport 80
firewall-input 101 permit all tcp dport 22
!
firewall-access 10 permit outbound eth0
firewall-access 11 permit outbound eth1
!
firewall-snat 10 overload outbound eth0
firewall-snat 11 overload outbound eth1
!
mwan-rule 10 tcp dst 0.0.0.0/0 dport 443 group 10 persistent remark "[Auto] Re-a
ctivate: 66dee23c95"
mwan-rule 14 dst 0.0.0.0/0 group 14 remark "[Auto] Re-activate: d41d8cd98f"

When using PPPoE with Multi-WAN config, there’re a few points to note

  1. The next-hop is usually dynamic or unknown, so in the MWAN config, use ppp0/ppp1 as the next-hop, eg.
!
ip route 0.0.0.0/0 nexthop ppp0
ip route 0.0.0.0/0 nexthop ppp1
ip route 0.0.0.0/0 nexthop ppp2
!

  1. The MWAN config is applied under ppp interface config, eg.
!
interface ppp 0
mwan-group 0
track 8.8.8.8
metric 1
weight 1
!

Below is a sample config for configuring MWAN with PPPoE, where mbox is connecting to two ISPs, eth0 to ISP1 using fiber/ONT; eth1 to ISP2 using PPPoE/DSLModem.

!
hostname mbox
!
interface eth0
 description "Connection to WAN/Internet"
 ip address 172.21.2.88/24
 mwan-group 0
  track 172.21.2.1
  metric 1
  weight 2

  start
!
interface eth1
 description "connect to PPPoE"
 enable
 pppoe 11111 22222
!
interface eth2
 description "connect to LAN"
 enable
 ip address 192.168.10.1/24
 dhcp-server
  dns 8.8.8.8 8.8.4.4
  range 192.168.10.5 192.168.10.254
!
interface ppp0
 mwan-group 0
  track 182.253.32.1
  metric 1
  weight 1

  start
!
ip name-server 8.8.8.8 8.8.4.4
!
ip route 0.0.0.0/0 nexthop 172.21.2.1
ip route 0.0.0.0/0 nexthop ppp0
!
mwan-rule 11 tcp dport 443 group 0 persistent remark "https traffic"
mwan-rule 14 dst 0.0.0.0/0 group 0 remark "default rule"
!
firewall-access 10 permit outbound eth0
firewall-access 11 permit outbound ppp0
!
firewall-snat 10 overload outbound eth0
firewall-snat 11 overload outbound ppp0
!

.

Reference Link

Follow this video guide:

  1. RansNet SD-Branch 3: Multi-WAN Link Balancing