OpenWrt Forum Archive

Topic: Multi-WAN Load Balancing

The content of this topic has been archived between 29 Mar 2018 and 3 May 2018. Unfortunately there are posts – most likely complete pages – missing.

andyballon, care to make a wiki page? smile

This is my problem this time:

I reinstalled 10.03, the 2.6 kernel version on my WRT54GL. Everything ran fine until I started installen multiwan and the iptable packages.
Now, when I go to 192.168.1.1, I get a flash of the luci black screen referring me to http://192.168.1.1/cgi-bin/luci and then POOF: can't connect to page.
What can the cause of that be? I'm doing nothing out of the ordinary, not touching any specific settings in any files and yet it craps out like this hmm

*Edit: I also can't SSH into the box.

(Last edited by skerit on 26 Apr 2010, 21:58)

Sounds as though you may have somehow locked yourself out, I assume you tried plugging in to a different port?

One thing you may want to try is rebooting it without the wan(s) plugged in and seeing if you can access it.

It turns out the black starting screen was nothing but browser cache.
After a few hours of fiddling with tftp, I managed to reflash the image again.

After setting up the new VLAN and installing multiwan, though, I'm back at my original problem: I can't make a connection when multiwan is enabled.

To answer your first questions:

It's a WRT54GL, running the latest 10.03 Backfire.

Yes, I have a /etc/config/multiwan file, and it looks like this:

config 'multiwan' 'config'
        option 'default_route' 'balancer'
        option 'resolv_conf' '/tmp/resolv.conf.auto'

config 'interface' 'wan'
        option 'weight' '5'
        option 'health_interval' '10'
        option 'icmp_hosts' 'dns'
        option 'timeout' '3'
        option 'health_fail_retries' '3'
        option 'health_recovery_retries' '5'
        option 'failover_to' 'wan'

config 'interface' 'telenet'
        option 'weight' '5'
        option 'health_interval' '10'
        option 'icmp_hosts' 'dns'
        option 'timeout' '3'
        option 'health_fail_retries' '3'
        option 'health_recovery_retries' '5'
        option 'failover_to' 'telenet'

wan is the eth0.1 device and telenet is the eth0.2 device.

I turned the syslogd on, activated multiwan, went to a few sites (unsuccessfully) and this is what I got:

Apr  6 02:22:14 OpenWrt syslog.info syslogd started: BusyBox v1.15.3
Apr  6 02:23:39 OpenWrt user.notice root: [Multi-WAN Notice]: Reinitializing Multi-WAN Configuration.
Apr  6 02:23:51 OpenWrt user.notice root: [Multi-WAN Notice]: Succesfully Initialized on Tue, 06 Apr 2010 02:23:51 +0000.

(Last edited by skerit on 27 Apr 2010, 01:10)

@jow - sure. how do i do that? big_smile
@skerit - what does your "route -n" and "ip route show table 123" show?  or you may have plugged in the second wan cable in the wrong port? or...  is that really telenet?

andyballon wrote:

@skerit - what does your "route -n" and "ip route show table 123" show?  or you may have plugged in the second wan cable in the wrong port? or...  is that really telenet?

You mean Telenet, the Belgian operator? Why yes, yes it is.
My wrt54gl router is hooked up to Telenet's router, which gives me an IP address directly.

The other connection is an edpnet one, VDSL, which gives me a regular 192.168.1.x ip address.

This is the output or "route -n" with multiwan enabled:

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0.1
78.20.192.0     0.0.0.0         255.255.240.0   U     0      0        0 eth0.2
0.0.0.0         78.20.192.1     0.0.0.0         UG    0      0        0 eth0.2
0.0.0.0         192.168.1.247   0.0.0.0         UG    0      0        0 eth0.1

And this is "ip route show table 123" with multiwan enabled:

# ip route show table 123 
192.168.1.0/24 dev br-lan  proto kernel  scope link  src 192.168.1.1 
78.20.192.0/20 dev eth0.2  proto kernel  scope link  src 78.20.193.10 
default  proto static 
    nexthop via 192.168.1.247  dev eth0.1 weight 5
    nexthop via 78.20.192.1  dev eth0.2 weight 5

All the cables are connected properly, both interfaces have the expected ip address

Your lan (br-lan) and eth0.1 (telenet?) seem to have the same IP address range (192.168.1.0/24) assigned.
Either (a) change the IP address of the lan (interface br-lan) of your OpenWRT router or (b) change the IP adress of the interface of the router connected to eth0.1.

kubu wrote:

Your lan (br-lan) and eth0.1 (telenet?) seem to have the same IP address range (192.168.1.0/24) assigned.
Either (a) change the IP address of the lan (interface br-lan) of your OpenWRT router or (b) change the IP adress of the interface of the router connected to eth0.1.

Hmm, I didn't realise this.
I almost got it now.

It's routing the packets through the first WAN successfully, but when it tries to route it through my second one it fails.

Do you have the packages iptables-mod-ipopt and kmod-ipt-ipopt installed? Those were missing in my installation.

kubu wrote:

Do you have the packages iptables-mod-ipopt and kmod-ipt-ipopt installed? Those were missing in my installation.

I added this to the package already, and it should be present in the latest.

skerit wrote:
kubu wrote:

Your lan (br-lan) and eth0.1 (telenet?) seem to have the same IP address range (192.168.1.0/24) assigned.
Either (a) change the IP address of the lan (interface br-lan) of your OpenWRT router or (b) change the IP adress of the interface of the router connected to eth0.1.

Hmm, I didn't realise this.
I almost got it now.

It's routing the packets through the first WAN successfully, but when it tries to route it through my second one it fails.

Make sure you go through your settings and verify that your second wan is configured similarly to your first wan. (MASQ, firewall..)

(Last edited by SouthPawn on 27 Apr 2010, 18:07)

SouthPawn wrote:

Make sure you go through your settings and verify that your second wan is configured similarly to your first wan. (MASQ, firewall..)

Eureka: I set up the zones allright, but forgot about traffic redirection. Just copied those over and voila: multiwan!
Thanks!

Maybe I'll make a wiki article if I find the time smile

I setup multiwan only for failover (I select wan instead of load balancer as default route). However, table 123 still has the balancing route. Is this an error in the scripts or I am doing something wrong?

edit: Nothing wrong with the above, table 123 always refers to load balancer, but if you use default route for one of wan interfaces, it uses the correct table (10 or 20 for two interfaces).

In order to use ipk files with imagebuilder, they have to be in tar.gz format. multiwan packages are in ar format and can't be used with imagebuilder. I converted them manually for my need, but it would be nice that next release will be in tar.gz format.

(Last edited by malakudi on 28 Apr 2010, 15:45)

i'm trying to create a failover setup using an adsl and umts connection. I've tried many configuration setups within the multiwan package.

this is what i have now, and seems the most logical:

/etc/config/network

config 'interface' 'wan'
        option 'ifname' 'eth1'
        option 'proto' 'static'
        option 'netmask' '255.255.255.0'
        option 'defaultroute' '0'
        option 'peerdns' '0'
        option 'ipaddr' '192.168.28.60'
        option 'gateway' '192.168.28.254'
        option 'dns' '192.168.28.1'

config 'interface' 'ppp0'
        option 'ifname' 'ppp0'
        option 'proto' '3g'
        option 'device' '/dev/usb/tts/0'
        option 'apn' 'internet'
        option 'pincode' '0000'
        option 'keepalive' '3'
        option 'defaultroute' '0'
        option 'peerdns' '0'
        option 'dns' '8.8.8.8'

/etc/config/multiwan

config 'multiwan' 'config'
        option 'resolv_conf' '/tmp/resolv.conf.auto'
        option 'default_route' 'wan'

config 'interface' 'wan'
        option 'timeout' '3'
        option 'icmp_hosts' '62.41.42.180'
        option 'health_interval' '5'
        option 'failover_to' 'ppp0'
        option 'weight' 'disable'
        option 'health_fail_retries' '1'
        option 'health_recovery_retries' '3'

config 'interface' 'ppp0'
        option 'health_fail_retries' '3'
        option 'health_recovery_retries' '5'
        option 'health_interval' '10'
        option 'timeout' '5'
        option 'failover_to' 'disable'
        option 'weight' 'disable'
        option 'icmp_hosts' 'disable'

route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.64.64.64     0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
192.168.28.0    0.0.0.0         255.255.255.0   U     0      0        0 eth1
0.0.0.0         10.64.64.64     0.0.0.0         UG    0      0        0 ppp0
0.0.0.0         192.168.28.254  0.0.0.0         UG    0      0        0 eth1

so in short, i don't want the load balancer option, i want the umts (ppp0) connection to take over the adsl (eth1) connection if it goes down.

what is the right way to achieve this ?

ok some more information, since i've tried several setups i've noticed the following:

-when using failover is it neccesairy to add a both the wan (eth1) connection as well as the failover connection (ppp0) to the config page, if so why ?
-when using failover can i set the default route to 'wan' instead of 'loadbalancer'
-when using failover i don't need (at the bottom of the page) the Multi-Wan traffic redirection settings

I imagine that failover works like this, and that is how i've set it up wright now:
-in the Luci webpage select the default route to be 'wan'
-select your primary wan connection and let it ping a host for 'health monitoring'
-set the ppp0 (or another wan interface) as the failover connection
-delete all multi-wan traffic redirection rules at the bottom of the page

this doesn't seem to work, and there's another nasty problem that keeps popping up. If the wan goes down (ifdown wan) it deletes all the nameservers in /tmp/resolv.conf.auto. At startup all of the nameservers in /etc/config/network are correctly added, but when bringing eth1 down (by pulling out the cable or ifdown wan) it deletes all the records in that file.

any illumination on this issue would be greatly appreciated

wvthoog wrote:

ok some more information, since i've tried several setups i've noticed the following:

-when using failover is it neccesairy to add a both the wan (eth1) connection as well as the failover connection (ppp0) to the config page, if so why ?
-when using failover can i set the default route to 'wan' instead of 'loadbalancer'
-when using failover i don't need (at the bottom of the page) the Multi-Wan traffic redirection settings

I imagine that failover works like this, and that is how i've set it up wright now:
-in the Luci webpage select the default route to be 'wan'
-select your primary wan connection and let it ping a host for 'health monitoring'
-set the ppp0 (or another wan interface) as the failover connection
-delete all multi-wan traffic redirection rules at the bottom of the page

this doesn't seem to work, and there's another nasty problem that keeps popping up. If the wan goes down (ifdown wan) it deletes all the nameservers in /tmp/resolv.conf.auto. At startup all of the nameservers in /etc/config/network are correctly added, but when bringing eth1 down (by pulling out the cable or ifdown wan) it deletes all the records in that file.

any illumination on this issue would be greatly appreciated

Try 1.0.3, which should at the very least take care of the dns issue, hopefully more. smile

thanks for replying

updating took care of some problems.

but there is one issue, do i need the second entry (besides wan) in the luci multi-wan configuration page. If i remove it, the second default gateway isn't added and failover to ppp0 (the second entry) won't work.

in the Network->Interfaces->ppp0 page there are two options 'replacing the default gw and dns'. But i don't want it to replace but to append, coexist with the primary route (that of the wan) So enabling that will replace the default route to ppp0 instead of the multi-wan. Disabling will not create the secondary 'default route'

ppp0 is an umts connection and is brought up on statup.

wvthoog wrote:

thanks for replying

updating took care of some problems.

but there is one issue, do i need the second entry (besides wan) in the luci multi-wan configuration page. If i remove it, the second default gateway isn't added and failover to ppp0 (the second entry) won't work.

in the Network->Interfaces->ppp0 page there are two options 'replacing the default gw and dns'. But i don't want it to replace but to append, coexist with the primary route (that of the wan) So enabling that will replace the default route to ppp0 instead of the multi-wan. Disabling will not create the secondary 'default route'

ppp0 is an umts connection and is brought up on statup.

You definitely need both entries within the Multi-WAN configuration, however I'm not sure about the ppp settings, I don't have a ppp connection and therefor have not done any testing in that environment.

ok, got everything up and running as it should.

dns is working properly and failover to ppp0 is also working. What i've noticed is, and you may use my setup as a test environment if you wish, if system is booted .. ping to www.google.nl ...it nicely pings to that host. Pulling out the wan cable the route defaults to ppp0 within a second and the ping continues... but when bringing up the wan again is takes a long time (approx half hour) before the pings route through the wan again. (pings stay high cause of the ppp0/umts connection)

what i want to accomplish is that the ppp0 -> wan failover works as fast as the wan -> ppp0 failover

PM if you want access to this setup

(Last edited by wvthoog on 2 May 2010, 23:28)

hey,
i installed the ipk files, provided by southpawn from here https://forum.openwrt.org/viewtopic.php … 50#p104650
i use a x86 system with 4 port network card and one onboard network.
the plan is to use 4 dsl lines on each port of the card and eth4 is the internal lan port, no bridge is used, each port is single configured.
after ipkg install ... i made a reboot a get a kernel crash while starting and the system freezes.

here is the output i can see on the serial console:

root@OpenWrt:/# BUG: unable to handle kernel NULL pointer dereference at 0000000c
IP: [<c889b00c>] :ip_tables:ipt_do_table+0x9c/0x2bc
*pde = 00000000
Oops: 0000 [#1]
Modules linked in: via_rhine tg3 sky2 sis900 r8169 pcnet32 ne2k_pci 8390 e1000 e100 8139too 3c59x nf_nat_tftp nf_conntrack_tftp nf_nat_irc nf_conntrack_irc nf_nat_ftp nf_conntrack_ftp ipt_TTL xt_MARK ipt_ECN xt_CLASSIFY ipt_ttl xt_time xt_tcpmss xt_statistic xt_mark xt_length ipt_ecn xt_DSCP xt_dscp ipt_IMQ imq xt_string xt_layer7 ipt_ipp2p ipt_MASQUERADE iptable_nat nf_nat xt_NOTRACK xt_CONNMARK ipt_recent xt_helper xt_conntrack xt_connmark xt_connbytes xt_state nf_conntrack_ipv4 nf_conntrack ipt_REJECT xt_TCPMSS ipt_LOG xt_multiport xt_mac xt_limit iptable_mangle iptable_filter ip_tables xt_tcpudp x_tables bonding tunnel4 tun ppp_async crc_ccitt natsemi pppoe pppox ppp_generic slhc

Pid: 1775, comm: iptables Not tainted (2.6.25.20 #1)
EIP: 0060:[<c889b00c>] EFLAGS: 00010246 CPU: 0
EIP is at ipt_do_table+0x9c/0x2bc [ip_tables]
EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: 00000000
ESI: c897b2d8 EDI: c783f000 EBP: 00000070 ESP: c6eedc1c
 DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
Process iptables (pid: 1775, ti=c6eec000 task=c782aaa0 task.ti=c6eec000)
Stack: 00000000 00000003 c6dd5200 00000000 00000000 ffffffff c889be00 c783f000
       c897a000 c897a378 00000000 c6dd5200 00000003 0100007f 0100007f c889d07f
       c783f000 c7908160 00000002 00000000 c889d534 c6eedcb4 00000003 c6dd5200
Call Trace:
 [<c889d07f>] __mod_vermagic5+0x9e1f/0x9e74 [iptable_mangle]
 [<c021e9ac>] nf_iterate+0x30/0x63
 [<c0224f88>] dst_output+0x0/0x7
 [<c021ea3d>] nf_hook_slow+0x3a/0x90
 [<c0224f88>] dst_output+0x0/0x7
 [<c02260e1>] __ip_local_out+0x8a/0x90
 [<c0224f88>] dst_output+0x0/0x7
 [<c02260ef>] ip_local_out+0x8/0x17
 [<c022634b>] ip_push_pending_frames+0x24d/0x2a0
 [<c023bf5d>] udp_push_pending_frames+0x2aa/0x2fc
 [<c023cdf6>] udp_sendmsg+0x435/0x513
 [<c02101d6>] neigh_lookup+0x68/0x70
 [<c023d97e>] arp_bind_neighbour+0x44/0x67
 [<c0241821>] inet_sendmsg+0x35/0x3f
 [<c0202cf9>] sock_sendmsg+0xb7/0xd0
 [<c0220c9b>] __ip_route_output_key+0x673/0x6fe
 [<c0121b60>] autoremove_wake_function+0x0/0x2d
 [<c0220d31>] ip_route_output_flow+0xb/0x3e
 [<c0202ffd>] sys_sendto+0xf9/0x124
 [<c0241766>] inet_dgram_connect+0x45/0x4e
 [<c020288c>] sys_connect+0x6d/0x98
 [<c0204afe>] sk_prot_alloc+0x12/0x54
 [<c0205c41>] sk_alloc+0x3d/0x47
 [<c0203041>] sys_send+0x19/0x1d
 [<c0203c52>] sys_socketcall+0xd2/0x181
 [<c0103aae>] syscall_call+0x7/0xb
 [<c0250000>] packet_rcv+0x1fb/0x2c3
 =======================
Code: 8b 40 2c 8b 78 34 89 7c 24 20 89 fe 03 7c 90 20 03 74 90 0c c7 44 24 14 00 00 00 00 89 7c 24 24 8b 5c 24 10 8b 46 08 0f b6 4e 53 <23> 43 0c 3b 06 89 c8 0f 95 c2 c1 e8 03 24 01 38 c2 0f 85 cb 01
EIP: [<c889b00c>] ipt_do_table+0x9c/0x2bc [ip_tables] SS:ESP 0068:c6eedc1c
Kernel panic - not syncing: Fatal exception in interrupt

i am sure, this cause of a iptables module, which depend on the multiwan script from southpawn
the problem is, that a can not stop this while booting to look which iptables module cause the kernel crash.

With a recent version of backfire (2 days old, brcm-4712xx) and a Linksys wrt54gl, once I installed the multi-wan package, the router started rebooting. I made the mistake of not configuring the WAN2 interface prior to installing multi-wan. The reboots happen with and without wireless. I will post the output of logread later today.

I'll have to reflash the router with tftp and try this again

Hi everyones,
I read every post here and I setup my WRT54GL 1.1 with Backfire firmware 2.4 update to 2.6 and then config the multi-wan but I have got some issues getting the load balancer work. sad and sad
Here's My confguration;

etc/config/network

config 'switch' 'eth0'
    option 'enable' '1'

config 'switch_vlan' 'eth0_0'
    option 'device' 'eth0'
    option 'vlan' '0'
    option 'ports' '2 3 4 5'

config 'switch_vlan' 'eth0_1'
    option 'device' 'eth0'
    option 'vlan' '1'
    option 'ports' '1 5'

config 'switch_vlan' 'eth0_2'
    option 'device' 'eth0'
    option 'vlan' '2'
    option 'ports' '0 5'

config 'interface' 'loopback'
    option 'ifname' 'lo'
    option 'proto' 'static'
    option 'ipaddr' '127.0.0.1'
    option 'netmask' '255.0.0.0'

config 'interface' 'lan'
    option 'type' 'bridge'
    option 'ifname' 'eth0.0'
    option 'proto' 'static'
    option 'netmask' '255.255.255.0'
    option 'ipaddr' '192.168.2.1'
    option 'defaultroute' '0'
    option 'peerdns' '0'

config 'interface' 'wan'
    option 'ifname' 'eth0.1'
    option 'proto' 'static'
    option 'defaultroute' '0'
    option 'peerdns' '0'
    option 'netmask' '255.255.255.0'
    option 'ipaddr' '10.0.0.200'
    option 'gateway' '10.0.0.138'
    option 'dns' '10.0.0.138'

config 'interface' 'wan2'
    option 'ifname' 'eth0.2'
    option 'defaultroute' '0'
    option 'peerdns' '0'
    option 'proto' 'static'
    option 'ipaddr' '192.168.1.21'
    option 'netmask' '255.255.255.0'
    option 'gateway' '192.168.1.1'
    option 'dns' '192.168.1.1'



etc/config/multiwan

config 'multiwan' 'config'
    option 'default_route' 'balancer'

config 'interface' 'wan'
    option 'health_fail_retries' '3'
    option 'health_recovery_retries' '5'
    option 'failover_to' 'balancer'
    option 'dns' '8.8.8.8'
    option 'icmp_hosts' 'dns'
    option 'weight' '3'
    option 'health_interval' '60'
    option 'timeout' '1'

config 'interface' 'wan2'
    option 'health_fail_retries' '3'
    option 'health_recovery_retries' '5'
    option 'failover_to' 'balancer'
    option 'dns' '8.8.8.8'
    option 'icmp_hosts' 'dns'
    option 'weight' '3'
    option 'health_interval' '60'
    option 'timeout' '1'

config 'mwanfw'
    option 'wanrule' 'balancer'

config 'mwanfw'
    option 'wanrule' 'balancer'

config 'mwanfw'
    option 'wanrule' 'balancer'


@Craig; Thanks for your scripts. big_smile and big_smile I read your post and I compare your settings with my setting I think is ok.
@andyballon; Thanks for the 30 min instructions  big_smile and big_smile

Ashley,
I think my problems is with the iptables because my two connections work but when I try to use a download manager software use wan1 or wan2 but not both.

Craig:
When when you moved from dualwan to multiwan, it looks like you stopped using the iptables statistic  (or nth) module and you started using the weight option in "ip route" to distribute the traffic.  I am assuming this is true because I couldn't find either of the matches mentioned in the 1.0.4 version of the multiwan script


If that is true  then  due to the route cache, all connections made to the same destination address will use the same interface.   So, for example,  if you were opening pages on a single web server, only one interface would be used.

That is why the statistic match in iptables is a better approach.

Secondly, you mentioned that you did not have 2 wan lines to test your script.  If that is still the case, you can try something I did in the past.
I took another router (with openwrt). Created  2 "WAN" connections on it. Enabled dnsmasq on both "WAN" connections.  "WAN" is in quotes since these are not strictly WAN connections as far as this router is concerned  - but they look like WAN connections to our multiwan router.
Then setup routing rules so that all traffic to the Internet went out through a 3rd interface  (happened to be a wireless client interface in my case).    You can ifdown one of the "WAN" interfaces to simulate a loss of the WAN and do other tricks.


Snowyowlster

snowyowlster wrote:

Craig:
When when you moved from dualwan to multiwan, it looks like you stopped using the iptables statistic  (or nth) module and you started using the weight option in "ip route" to distribute the traffic.  I am assuming this is true because I couldn't find either of the matches mentioned in the 1.0.4 version of the multiwan script


If that is true  then  due to the route cache, all connections made to the same destination address will use the same interface.   So, for example,  if you were opening pages on a single web server, only one interface would be used.

That is why the statistic match in iptables is a better approach.

Secondly, you mentioned that you did not have 2 wan lines to test your script.  If that is still the case, you can try something I did in the past.
I took another router (with openwrt). Created  2 "WAN" connections on it. Enabled dnsmasq on both "WAN" connections.  "WAN" is in quotes since these are not strictly WAN connections as far as this router is concerned  - but they look like WAN connections to our multiwan router.
Then setup routing rules so that all traffic to the Internet went out through a 3rd interface  (happened to be a wireless client interface in my case).    You can ifdown one of the "WAN" interfaces to simulate a loss of the WAN and do other tricks.


Snowyowlster

Correct, this is also what I've observed. To counter, 1.0.6 is now equipped with the statistic module (using mode random) to allow better load balancing.

The LoadBalancer routing table is still in place for backwards compatibility, depending on whether there's any incompatibilities I may make two options for the load balancer, one for load balancing via netfilter and one for load balancing via routing table.

I believe this should lead to a significant performance improvement, particularly when using apps such as DownThemAll.

Updated to 1.0.7 for tweaks in the packet matching probabilites.

(Last edited by SouthPawn on 10 May 2010, 20:20)