Multi-WAN

Multi-WAN (MWAN) provides outbound traffic balancing and failover across multiple WAN links. It comes as a default feature for RansNet product Family added onto mbox powerful performance and multiple GE ports. MWAN offers a simple and cost-effective choice for enterprises to efficiently aggregate the total bandwidth available from multiple upstream ISP links with the highest resiliency without a special licensing requirement.

Added onto mbox powerful performance and multiple GE ports, MWAN offers a simple and cost-effective choice for enterprises to efficiently aggregate the total bandwidth available from multiple upstream ISP links with highest resiliency. If you have multiple internet connections, and want to fully utilize the total available bandwidth with failover, or even control which traffic goes through which WAN link, mbox CMG is the ideal choice for this type of requirement.

You can do load-balancing based on weights between links (weights are relative to each WAN link capacity), or just do failover with multiple levels of primary and backup interfaces. For example, Different sources can have different primary or backup WANs, eg. group 1 use WAN1 as primary and WAN2 as backup; group2 use WAN1 as backup and WAN2 as primary etc.

In summary, MWAN does below:

  1. provides outbound WAN traffic load balancing over multiple WAN links based on weight assignment. It also supports specific outbound traffic rules to customize which outbound connections should use which WAN link, based on source IP, destination IP,destination port(s), protocols etc (is like PBR with failover support).
  1. monitors each WAN connection using repeated ping tests (to each interface default gateway only) and can automatically failover outbound traffic to other alive interfaces if one interface loses connectivity.
  1. supports unlimited WAN links (the limit is the available hardware GE interfaces!)

NOTE

If you have multiple internet connections and want to fully utilize the total available bandwidth with failover, or even control which traffic goes through which WAN link, RansNet Appliances is the ideal choice for this type of requirement.

With RansNet Appliance, you can configure to add the Gateway Ethernet Interfaces as member of MWAN group of the Host within the selected entity.

Prerequisites:

NOTE

To enable Multi WAN Group : User have to configure minimum two Interface for MWAN Group in the ‘Ethernet Interface (‘Network > Ethernet Interfaces‘) and enable the Multi-WAN Group section with relevant settings as per the User requirement.

Multi-WAN Interface

User can access the Multi-WAN interface from the dropdown menu of the  tab when editing the Gateway. User can click the number in the ‘Rule No.’ column to edit it.

Image 1. Multi-WAN List

The fields of the Multi-WAN List are explained below:

S/NFieldsDescription
01.Rule NoRule number to identify the MWAN Rule
Note : Rule number cannot be replicated
02.InterfaceDisplays the Group number configured in the Gateway > Ethernet Interface
03.Link MetricDisplays the type of protocol used for the outbound traffic
04.Link WeightDisplays the Source IP configured for MWAN rule
05.Tracked Host/Interval/AttemptsDisplays the Destination IP configured for MWAN rule
06.Action Displays the delete icon to delete the particular MWAN rule.
Table 1 : The Fields of Multi-WAN List

New MWAN Interface

To create new MWAN , click on the button as in Image 1.

Image 2. New/Edit Multi-WAN Rule Page

The fields of the Multi-WAN List are explained below:

S/NSECTIONFIELDSDESCRIPTION
01.New / Edit MWAN Rule
1.1Rule NoRule number to identify the MWAN Rule
NOTE: Rule number cannot be replicated
02.New Interface
2.1Select InterfaceInterface to configure mwan
2.2Link Metric / Weightconfigure the mwan metric and weight
2.3Tracked Host / Interval / AttemptsThis command tracks upstream host availability with interval and no of times for failure
03.MWAN Rule (Options)
3.1Application Protocol??
3.2User Source IP / Netmask??
3.3Destination IP / Netmask??
Table 2 : The Fields Of New/Edit Multi-WAN Settings

Settings of MWAN Rule

The New/Edit MWAN Rule Page consists of two sections as listed below:

  • Edit MWAN Rule, and
  • MWAN Rule (Options)

Pls see Table 1 above for the explanation of the fields.

CONFIGURATION STEPS

  • Before starting any MWAN configuration, test each link by pinging its default gateway.
  • Plan mwan-group and assign each WAN interface to the target mwan-group. You can potentially put each interface into a different mwan-group for different balance/active-standby purposes (applied into mwan-rules).
  • Configure default route for each link
  • Configure firewall-access rules to permit outbound access to through each WAN link. See Firewall-Access Rule
  • Configure firewall-snat rules to hide/PAT all source address to the WAN interface public IP
  • Define mwan-rule to specify which interesting traffic to use which target mwan-group
  • start MWAN (mwan start)

CONFIGURATION EXAMPLE

In this code, we are configuring 3 x ISP links, connected to eth0, eth1, eth2 respectively.

  • eth0 and eth1 to do load balancing. Both of them are having the same metric value of 1, with balancing policy, eth0: 33%, eth1: 66% (as in ration of 1:2).
  • eth2 has higher metric value of 2, so it will always be standby/back, unless both eth0 and eth1 fail.

NOTE

The weight for eth2 is not relevant to eth0 & eth1 (only effective if there’s another interface in the same mwan-group and having the same metric value of 2)

!
hostname mbox
!
interface eth0
 description "ISP1 connection"
 enable
 ip address 192.168.1.10/24
 mwan-group 10
  track 192.168.1.1 timer 5 5
  metric 1
  weight 1
!
interface eth1
 description "ISP2 connection"
 enable
 ip address 192.168.2.10/24
 mwan-group 10
  track 192.168.2.1 timer 5 5
  metric 1
  weight 2
!
interface eth2
 description "Default OOB-Mgmt"
 enable
 ip address 10.10.10.1/24
!
interface eth3
 description "Reserved network"
!
interface loopback
 enable
 ip address 2.1.2.1/32
!
ip name-server 8.8.8.8 8.8.4.4
!
ip ntp-server 203.211.159.1 62.201.225.9
!
ip host portal.ransnet.com 129.126.175.80
!
ip route 0.0.0.0/0 nexthop eth0
ip route 0.0.0.0/0 nexthop eth1
!
firewall-input 100 permit all tcp dport 80
firewall-input 101 permit all tcp dport 22
!
firewall-access 10 permit outbound eth0
firewall-access 11 permit outbound eth1
!
firewall-snat 10 overload outbound eth0
firewall-snat 11 overload outbound eth1
!
mwan-rule 10 tcp dst 0.0.0.0/0 dport 443 group 10 persistent remark "[Auto] Re-a
ctivate: 66dee23c95"
mwan-rule 14 dst 0.0.0.0/0 group 14 remark "[Auto] Re-activate: d41d8cd98f"

Config below is example snip when both WAN interfaces are getting dynamic/dhcp addresses from ISP. The mbox will auto learn default gateway via DHCP from each ISP, so there’s no need to add any default routes. CLI config example below:

!
hostname mbox
!
interface eth0
 description "ISP1 connection"
 enable
 ip address dhcp
 mwan-group 10
  track 192.168.1.1 timer 5 5
  metric 1
  weight 1
!
interface eth1
 description "ISP2 connection"
 enable
 ip address dhcp
 mwan-group 10
  track 192.168.2.1 timer 5 5
  metric 1
  weight 2
!
interface eth2
 description "Default OOB-Mgmt"
 enable
 ip address 10.10.10.1/24
!
interface eth3
 description "Reserved network"
!
interface loopback
 enable
 ip address 2.1.2.1/32
!
ip name-server 8.8.8.8 8.8.4.4
!
ip ntp-server 203.211.159.1 62.201.225.9
!
ip host portal.ransnet.com 129.126.175.80
!
firewall-input 100 permit all tcp dport 80
firewall-input 101 permit all tcp dport 22
!
firewall-access 10 permit outbound eth0
firewall-access 11 permit outbound eth1
!
firewall-snat 10 overload outbound eth0
firewall-snat 11 overload outbound eth1
!
mwan-rule 10 tcp dst 0.0.0.0/0 dport 443 group 10 persistent remark "[Auto] Re-a
ctivate: 66dee23c95"
mwan-rule 14 dst 0.0.0.0/0 group 14 remark "[Auto] Re-activate: d41d8cd98f"

.

Reference Link

Follow this video guide:

  1. RansNet SD-Branch 3: Multi-WAN Link Balancing