Re: [pfSense] Multi Wan via gateway groups breaking some websites

2013-12-12 Thread Benjamin Swatek

On 11, Dec2013, at 15:14 , Joe Landman land...@scalableinformatics.com wrote:

 Hi folks
 
 I've run into an issue that has me somewhat confused.  Our multiwan router is 
 up and working.  This is 2.1 release.  I've got 2 ports to two different 
 network providers (different technologies at that).
 
 Following the directions ( https://doc.pfsense.org/index.php/Multi-WAN_2.0), I
 
 1) set up a Gateway group called MultiWANGW which has both gateways.  Both 
 were originally set as tier 1.  More on this in a moment.
 
 2) set up outbound LAN-any mapping to use the MultiWANGW in the Gateway of 
 the LAN rule governing outbound traffic.
 
 3) I have two distinct DNS servers set up per gateway under Systems-General.
 
 I've verified that gateway monitor reports them working.  Actually everything 
 appears to be working ... except ...
 
 One or two sites (Ariba http://www.ariba.com  and a few others) seem to have 
 some significant problems if I leave both gateways at tier 1.  Once I change 
 it so that one (the slower backup one) is tier 2, it works.  This has the 
 impact of not doing an explicit load balance from what I have read on it.
 
 So ... my question is, what diagnostics should I try to be able to identify 
 the issue (some sites not working when the system is set in load balanced 
 mode)?  I did try setting the sticky mode (System-Advanced-Miscellaneous), 
 though I am not sure this is correct for outbound load balanced multi-wan.


Maybe an issue with HTTPS?
https://doc.pfsense.org/index.php/Multi-WAN_Version_1.2.x#Setting_up_for_protocols_that_don.27t_like_load_balancing

Ben___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] Multi Wan via gateway groups breaking some websites

2013-12-12 Thread Joe Landman

On 12/12/2013 04:41 PM, Benjamin Swatek wrote:


On 11, Dec2013, at 15:14 , Joe Landman 
land...@scalableinformatics.com 
mailto:land...@scalableinformatics.com wrote:




[...]

So ... my question is, what diagnostics should I try to be able to 
identify the issue (some sites not working when the system is set in 
load balanced mode)?  I did try setting the sticky mode 
(System-Advanced-Miscellaneous), though I am not sure this is 
correct for outbound load balanced multi-wan.


Maybe an issue with HTTPS?
https://doc.pfsense.org/index.php/Multi-WAN_Version_1.2.x#Setting_up_for_protocols_that_don.27t_like_load_balancing

Ben


Could be ... Is there a way to make specific protocols sticky with 
respect to the gateway beyond what I did above?  I would imagine that 
SIP has to be (and our phones are working fine).




--
Joseph Landman, Ph.D
Founder and CEO
Scalable Informatics, Inc.
email: land...@scalableinformatics.com
web  : http://scalableinformatics.com
twtr : @scalableinfo
phone: +1 734 786 8423 x121
cell : +1 734 612 4615

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list


[pfSense] Multi Wan via gateway groups breaking some websites

2013-12-11 Thread Joe Landman

Hi folks

 I've run into an issue that has me somewhat confused.  Our multiwan 
router is up and working.  This is 2.1 release.  I've got 2 ports to 
two different network providers (different technologies at that).


Following the directions ( 
https://doc.pfsense.org/index.php/Multi-WAN_2.0), I


1) set up a Gateway group called MultiWANGW which has both gateways.  
Both were originally set as tier 1.  More on this in a moment.


2) set up outbound LAN-any mapping to use the MultiWANGW in the Gateway 
of the LAN rule governing outbound traffic.


3) I have two distinct DNS servers set up per gateway under 
Systems-General.


I've verified that gateway monitor reports them working.  Actually 
everything appears to be working ... except ...


One or two sites (Ariba http://www.ariba.com  and a few others) seem to 
have some significant problems if I leave both gateways at tier 1.  Once 
I change it so that one (the slower backup one) is tier 2, it works.  
This has the impact of not doing an explicit load balance from what I 
have read on it.


So ... my question is, what diagnostics should I try to be able to 
identify the issue (some sites not working when the system is set in 
load balanced mode)?  I did try setting the sticky mode 
(System-Advanced-Miscellaneous), though I am not sure this is correct 
for outbound load balanced multi-wan.


Overall, its working nicely, with a few strange things like this, with 
one larger exception that I have a work-around for.  More in next email.


--
Joseph Landman, Ph.D
Founder and CEO
Scalable Informatics, Inc.
email: land...@scalableinformatics.com
web  : http://scalableinformatics.com
twtr : @scalableinfo
phone: +1 734 786 8423 x121
cell : +1 734 612 4615

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list