WAN Load Balancing

VyOS also allows for the configuration of WAN Load Balancing. This can be used to either balance traffic between several public interfaces, or to configure failover. In these scenario we will assume that our VyOS machine has a private IP of 10.0.0.1/24 on eth0, a public IP of 23.90.55.5 on eth1 and a public IP of 23.90.76.5 on eth2.

Load Balancing traffic

VyOS can be used to load balance traffic across multiple interfaces, in this case between eth1 and eth2.

Firstly we need to set masquerading on both the public interfaces.

set nat source rule 100 outbound-interface eth1
set nat source rule 100 source address 10.0.0.0/24
set nat source rule 100 translation address masquerade

set nat source rule 110 outbound-interface eth2
set nat source rule 110 source address 10.0.0.0/24
set nat source rule 110 translation address masquerade

Now the load balancer needs to be configured. First we will set up the tests which determine whether an interface is active or not, starting with eth1.

edit load-balancing wan interface-health eth1

Here we create a test of rule number 10. Just like with the firewall, several rules can be specified, and will be tested sequentially. In this case we will just use a single ping test, with a target of 8.8.8.8 (one of Google's public DNS servers), with a failure-count of 3. The nexthop address needs to be also set to point towards the gateway for this interface.

set failure-count 3
set nexthop 23.90.55.1
edit test 10
set target 8.8.8.8
set type ping

top

This also needs to be repeated for eth2. We will also use 8.8.8.8 as our ping target to determine whether this interface is active or not.

edit load-balancing wan interface-health eth2
set failure-count 3
set nexthop 23.90.76.1
edit test 10
set target 8.8.8.8
set type ping

top

Static routes now also need to be set so that our ping target can be accessed through our interface's gateways. In this case we only pinged 8.8.8.8 through both interfaces.

edit protocols static route 8.8.8.8/32
set next-hop 23.90.55.1
set next-hop 23.90.76.1

top

Static routes should also be used to configure the gateways. The system gateway should be removed to prevent conflicts.

del system gateway-address
edit protocols static route 0.0.0.0/0
set next-hop 23.90.55.1
set next-hop 23.90.76.1

top

Finally, we can set our load balancing rules. The rules are checked sequentially, and if matched will be carried out. We will only use one rule to balance traffic between the two interfaces. The inbound interface in this case is eth0, and we will allow all protocols through.

edit load-balancing wan rule 10
set inbound-interface eth0
set interface eth1
set interface eth2
set protocol all

We can also set weights to each interface. This will dictate the percentage of traffic which flows through that interface. In this case twice as much traffic (roughly) will flow through eth1 than eth12

set interface eth1 weight 20
set interface eth2 weight 10

This completes the configuration for load balancing traffic.

commit
save

Failover

Failover can also be configured so that should an interface fail, switching can occur to prevent any significant downtime.

When failover occurs, existing sessions do not automatically fail over, resulting in a session timeout. This can be avoided by flushing connections.

set load-balancing wan flush-connections

Failover using weights

We will assume all the previous configurations are still present. Only a single line needs to be added to this to enable failover. The weights previously configured will now refer to which interface is the primary interface (the highest weighted interface is the primary). In this case eth1 will become the primary interface.

set failover

commit
save

Failover using Rule Order

Rule order can also be used to determine which interface is set as the primary. In this case we will use two rules to carry this out. First the old rule needs to be deleted.

del load-balancing wan rule 10

Now two new rules need to be created, the first one forwarding traffic through eth1, which will be our primary interface. The second rule forwards traffic through eth2. While eth1 is up, the first rule will be matched, and carried out, but if eth1 is down than the second rule will be matched and carried out.

edit load-balancing wan rule 10
set inbound-interface eth0
set interface eth1

top

edit load-balancing wan rule 20
set inbound-interface eth0
set interface eth2

commit
save