Exclude one WAN port from load balancing

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Exclude one WAN port from load balancing

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Exclude one WAN port from load balancing
Exclude one WAN port from load balancing
2022-10-27 04:43:53 - last edited 2022-11-01 08:27:41
Hardware Version: V1
Firmware Version: 1.2.1 Build 20220512 Rel.76748

Hi,

 

I'm having ER605 v1 managed by Omada SDN Software Controller 5.6.3. In my setup I have 3 WAN networks as follows:

 

The first 2 WANs which are connected to WAN & WAN/LAN 1 port of the network are directly connected to the internet via two different ISPs. ISP 2 is having 100Mbps bandwidth and expected to be serving as the primary WAN. ISP 1 is having 50Mbps and expected to be serving as the backup WAN.

The 3rd WAN which is connected to WAN/LAN2 port of the ER605 is connected to a Cooperate Network though a firewall in the Cooperate's end. This firewall drops all the traffic other than specific for few network segments and then shows a captive portal.

 

Here is my configuration for this

I have configured a routing rule as follows to forward matching traffic to the Cooperate WAN

The issue I'm having is even I set load balancing weight to 1 (which is the minimum) for the WAN/LAN 2 and set significantly higher values to both WAN and WAN/LAN 1 ports, there are some traffic send via WAN/LAN 2 occasionally and users are seeing captive portal in their browsers. I believe this has happened because WAN/LAN 2 port is still considered for load balancing and 1/100100 of connections are going though the WAN/LAN 2.

 

Pease kindly to help me to figure out a way where I can completely isolate WAN/LAN 2 from unintended traffic.

 

Thank you

  0      
  0      
#1
Options
1 Accepted Solution
Re:Exclude one WAN port from load balancing-Solution
2022-10-31 04:13:54 - last edited 2022-11-01 08:27:41

After evaluating options I have, I came up with a solution as below.

 

Since ER605 doesn't send any traffic to backup WAN port unless there is a failure in Primary WANs. So I have marked WAN/LAN2 as the backup while having both WAN & WAN/LAN1 as the primary.

With above configurations, even I have added my actual backup connection though ISP1 as a Primary WAN with low load balancing weight, ER605 is routing all the traffic via WAN, when WAN/LAN1 is failed. As long as ER605 activates WAN/LAN2 as the backup only when both WAN & WAN/LAN2 connections are down, it will no longer redirecting my users to captive portal while I have the internet connection from WAN or WAN/LAN1.

 

Hope this solution will helpful to anyone who is having the same situation as me.

Recommended Solution
  1  
  1  
#4
Options
3 Reply
Re:Exclude one WAN port from load balancing
2022-10-27 08:36:18

  @Charitha 

 

Try to configure  WAN/LAN2 as a LAN port?

 

On ER605 add a new VLAN interface that is on Cooperate Network, so it can communicate with Firewall. 

 

But it may require you add routing rule on the Firewall also, so it knows how to send data back to ER605 users

  1  
  1  
#2
Options
Re:Exclude one WAN port from load balancing
2022-10-28 13:12:06

@Somnus 

 

Thank you very much for your suggestion. Unfortunately, I don't have any control in the firewall in the Cooperate side. So marking WAN/LAN 2 as a LAN port and do what you have suggest is not an option for me.

 

As far as I understand, the only option is exclude the WAN/LAN 2 from load balancing. But again its not something supported by the ER605 at the moment.

  0  
  0  
#3
Options
Re:Exclude one WAN port from load balancing-Solution
2022-10-31 04:13:54 - last edited 2022-11-01 08:27:41

After evaluating options I have, I came up with a solution as below.

 

Since ER605 doesn't send any traffic to backup WAN port unless there is a failure in Primary WANs. So I have marked WAN/LAN2 as the backup while having both WAN & WAN/LAN1 as the primary.

With above configurations, even I have added my actual backup connection though ISP1 as a Primary WAN with low load balancing weight, ER605 is routing all the traffic via WAN, when WAN/LAN1 is failed. As long as ER605 activates WAN/LAN2 as the backup only when both WAN & WAN/LAN2 connections are down, it will no longer redirecting my users to captive portal while I have the internet connection from WAN or WAN/LAN1.

 

Hope this solution will helpful to anyone who is having the same situation as me.

Recommended Solution
  1  
  1  
#4
Options