Balance 20 not failing over


#1

I have the following setup on a Balance 20:

  1. HTTPS Persistance with weighted balance
  2. Weighted balance for any other connections

Currently I am seeing that when a WAN is down (DNS response failure) connections to this WAN are apparently still made (I see it working intermittently from different devices).

How do I ensure that traffic will always fail over to the working link, regardless of any balancing algorithms?

How long does it take for already established HTTPS Persistence connections to time out and fail over to the working WAN?

Thanks for any help :slight_smile:


#2

Hi,
The HTTPS Persistence is used for sessions like online Banking where if the session is spread across different WAN connections you would have to re-login each time the web server sees the traffic coming from a different location.

In most cases the DNS failure can be solved by setting the WAN Health Check method to use a DNS Lookup of Google’s public DNS servers (8.8.8.8 and 8.8.4.4).

Below I have pasted links to Knowledgebase Articles that go into more detail of Outbound Policy and the Health Check mechanisms.

Outbound Policy: Understanding and Configuring Outbound Policy
Health Check: Health Check Mechanisms Against Link Failure

To force traffic to fail over to the second WAN connection you can change the Outbound Policy to use Priority. Priority 1 will send traffic through this WAN connection and when it fails Priority 2 will take over.


#3

Thanks. This is all something I know, and already have configured. The line is marked as disconnected due to bad DNS check. But sessions are still kept on this bad WAN - and it even looks like new sessions are also created on the line that is disconnected.

So my question is essentially: how can I use both lines when both lines work. But also always fail over to the working line if one line doesn’t work.

If I understand correctly Priority algorithm routing means that only one line is ever used?

My goal is to have failover as well as balancing.


#4

Hi,
The traffic should not be going out the WAN interface when the Health Check fails. If this issue is persisting I would recommend opening a support ticket with your point of purchase.


#5

I am seeing the same thing. Did you ever find a solution?
When WAN 1 or WAN 2 goes down because of failed DNS check. No internet is served up to new devices or existing devices on the failed WAN. The working WAN still continues to work and provided internet to already connected devices.
But no actual fail over happens.


#6

Sounds like the same problem. I have found no solution. No good way to open a support ticket with the point of purchase, I think.

I haven’t tried reporting this as a bug to Peplink (yet) though. In the past I have received great support from them.

Please update this thread if you find a solution, and I will do likewise :slight_smile:


#7

@Nate_B and @dth

May i know what application facing problem when WAN fail over (WAN health failed) happen ?

Connection WAN failed over is really depend the application involved. In general, or the back end connection handling, if WAN health check failed, new connections will not forward to the problem WAN. If the application restart the connection, then the connection will automatically fail-over using the healthy WAN.

For some cases, user may experience that the fail-over is not happening and most of the time this is because the application doesn’t restart a new connections. This is a common issue as the same connection cannot be run for different WAN due to the NATed IP address involved.

This why one of the technology that Peplink offer will be PepVPN SpeedFusion connection. That will allow unbreakable connection / hot fail-over connections.

Detail info, please refer to the following Link:

Do let me know the issue that you are having now is exactly what i mention above.


#8

That sounds great in theory but the issues I am seeing are not by application it is by device. If I am browsing in chrome on my macbook and the internet drops, If I change to another app like citrx or any other app that used the internet I do not get a new connection to the other WAN that is functioning. I am still stuck on the original one.
SpeedFusion is not a usable solution if you are hiding behind a VPN. Video services will block you like Netflix and Hulu because they are required to enforce viewing by regions.
And recently I have been seeing when WAN 1 goes down then the router stops all internet. Even tho WAN 2 is still connected and has good internet. I am still trying to figure the scenario that causes that.
It just seems like a configuration issue. Failover is not working in a traditional sense.
When a WAN goes down everything should go to the next WAN and I should be able to refresh and be on the new WAN. Any app connections should be released so the applications can re-establish a connection.


#9

Hello @Nate_B,
What is in your outbound network policies on the router?

This image shows the defaults if using Firmware 7.1.1

Happy to Help,
Marcus :slight_smile:


#10

This should not be the case, probably you should submit a support ticket for the team to investigate.