Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 2335 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Uplink Balancing and Multipath Rules

Kosta88

Hello,

I'll first try to keep my question simple, before I go into many details. Maybe this will be enough:

I am using Uplink Balancing and Multipath Rules (as opposed to Policy Routes before) to switch to another WAN-Interface if one stops working. Also additionally using Multipath Rules to route some specific devices over a specific WAN-Port. However it doesn't work as I would want it to.

I have a device going over WAN2 (Multipath Rule, Itf. Persistence is by Interface). If WAN2 drops, it switches to WAN1. However, when WAN2 comes back online, it won't switch back to WAN2. And by the looks of it, it won't switch at all any more. The device is merely sending packets at 1sec interval to two specific IP-Adresses.

What am I missing?



This thread was automatically locked due to age.
  • 0

    Hello Kosta88,

    I think that's by design ...
    a connection is reconnected in case of failure of a WAN interface and associated swing.
    An existing connection on the backup WAN interface will not be disconnected and reconnected just to pan back.
    I've seen this years ago with IPSec connection attempts too. Constant IKE connection attempts maintain (incorrect) interface binding.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    I had a Sophos specialist today on the phone, and he told me he thinks it will swing back in case of the new (TCP) session. While UDP should go back, TCP will only then when the new sessions beging. We saw that the device I was testing actually didn't begin the new TCP session.

    Would be interesting to test deeper.

    Because if that doesn't work that way, I have no use for Multipath Rules and might as well use Policy Based Routing. I have to be able to determine that one signal always gets swinged to a specific WAN interface.

  • 0

    Hallo Kosta,

    On the 'Uplink Balancing' tab, click on the wrench beside "Active Interfaces" and edit the 'Persistence Timeout'.

    The IP addresses are the hosts pinged when you activate 'Automatic monitoring' on that page.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    No matter how often I read the explanation about persistence timeout, I don't see to understand it. Can you please take a shot at trying to explain it, in other words than in the manual? Is this what's officially called TCP Keepalive? As in sending packets to keep the TCP connection alive?

  • 0 in reply to Kosta88

    Say you have only two WAN connections with one Multipath rule that binds VoIP traffic to interface A and another that binds everything else to interface B.  If interface A can on longer communicate with the outside world, VoIP traffic fails over to Interface B.  Even if Interface A re-establishes communication a few seconds later, VoIP traffic continues to use interface B until the persistence timeout has passed.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Ah great, sounds good! Thank you.

Unfiltered HTML