WAN Load Balancing
VyOS also allows for the configuration of WAN Load Balancing. This can be used to either balance traffic between several public interfaces, or to configure failover. In these scenario we will assume that our VyOS machine has a private IP of 10.0.0.1/24 on eth0, a public IP of 22.214.171.124 on eth1 and a public IP of 126.96.36.199 on eth2.
Load Balancing traffic
VyOS can be used to load balance traffic across multiple interfaces, in this case between eth1 and eth2.
Firstly we need to set masquerading on both the public interfaces.
set nat source rule 100 outbound-interface eth1 set nat source rule 100 source address 10.0.0.0/24 set nat source rule 100 translation address masquerade set nat source rule 110 outbound-interface eth2 set nat source rule 110 source address 10.0.0.0/24 set nat source rule 110 translation address masquerade
Now the load balancer needs to be configured. First we will set up the tests which determine whether an interface is active or not, starting with eth1.
edit load-balancing wan interface-health eth1
Here we create a test of rule number 10. Just like with the firewall, several rules can be specified, and will be tested sequentially. In this case we will just use a single ping test, with a target of 188.8.131.52 (one of Google's public DNS servers), with a failure-count of 3. The nexthop address needs to be also set to point towards the gateway for this interface.
set failure-count 3 set nexthop 184.108.40.206 edit test 10 set target 220.127.116.11 set type ping top
This also needs to be repeated for eth2. We will also use 18.104.22.168 as our ping target to determine whether this interface is active or not.
edit load-balancing wan interface-health eth2 set failure-count 3 set nexthop 22.214.171.124 edit test 10 set target 126.96.36.199 set type ping top
Static routes now also need to be set so that our ping target can be accessed through our interface's gateways. In this case we only pinged 188.8.131.52 through both interfaces.
edit protocols static route 184.108.40.206/32 set next-hop 220.127.116.11 set next-hop 18.104.22.168 top
Static routes should also be used to configure the gateways. The system gateway should be removed to prevent conflicts.
del system gateway-address edit protocols static route 0.0.0.0/0 set next-hop 22.214.171.124 set next-hop 126.96.36.199 top
Finally, we can set our load balancing rules. The rules are checked sequentially, and if matched will be carried out. We will only use one rule to balance traffic between the two interfaces. The inbound interface in this case is eth0, and we will allow all protocols through.
edit load-balancing wan rule 10 set inbound-interface eth0 set interface eth1 set interface eth2 set protocol all
We can also set weights to each interface. This will dictate the percentage of traffic which flows through that interface. In this case twice as much traffic (roughly) will flow through eth1 than eth12
set interface eth1 weight 20 set interface eth2 weight 10
This completes the configuration for load balancing traffic.
Failover can also be configured so that should an interface fail, switching can occur to prevent any significant downtime.
When failover occurs, existing sessions do not automatically fail over, resulting in a session timeout. This can be avoided by flushing connections.
set load-balancing wan flush-connections
Failover using weights
We will assume all the previous configurations are still present. Only a single line needs to be added to this to enable failover. The weights previously configured will now refer to which interface is the primary interface (the highest weighted interface is the primary). In this case eth1 will become the primary interface.
set failover commit save
Failover using Rule Order
Rule order can also be used to determine which interface is set as the primary. In this case we will use two rules to carry this out. First the old rule needs to be deleted.
del load-balancing wan rule 10
Now two new rules need to be created, the first one forwarding traffic through eth1, which will be our primary interface. The second rule forwards traffic through eth2. While eth1 is up, the first rule will be matched, and carried out, but if eth1 is down than the second rule will be matched and carried out.
edit load-balancing wan rule 10 set inbound-interface eth0 set interface eth1 top edit load-balancing wan rule 20 set inbound-interface eth0 set interface eth2 commit save