Overflow rule not working as desribed


#1

Running a Balance 305 HW2 with firmware 6.3.3

WAN 1: 200 x 200 fiber circuit (and configured with those speeds in the WAN setting)
WAN 2: 150 x 20 cable circuit (configured appropriately)
WAN 3: 100 x 10 cable circuit (configured appropriately)

My “Outbound Policy” is set to “Custom” and am running HTTPS Persistence followed by the default rule of “Overflow” where I have the WANs listed in order of 1 -> 2 -> 3

My assumption here would be that traffic would use WAN 1 until it reached ~90% utilization and then shed load to WAN 2, etc. What I am seeing at any given moment is 60% of the traffic on WAN 1, 30% on WAN 2 and 10% on WAN 3. None of the WAN ports are above 50% utilization - ever.

Even when overall traffic use is very low on the router, it is utilizing all 3 WAN ports all the time roughly following the 60/30/10 split regardless of traffic amounts.

There are no firewall rules in place utilizing specific WAN ports or IPs. All custom 1:1 NAT mapping rules are done on IP addresses on the WAN 1 port only.

What am I missing? I do have the “DSL/Cable Optimization” checked since two of the WAN ports are cable lines.


#2

Please confirm the traffic type. For example UDP 500 and 4500 may be routed differently by default to prevent problems out of the box for client VPN users. Under: Network> Misc. Settings> Service Passthrough Support you can disable IPsec NAT-T or FTP which override outbound policy rules.


#3

Hi,

Base on the defined outbound policy:

–> HTTPS persistent ( Traffics will distribute over WAN1, WAN2, WAN3)
–> Default (Custom - Overflow) - 1 -> 2 -> 3

As mention by RON, please confirm the traffics type that distribute using WAN2 & WAN3.

Please check also the WAN2, WAN3 usage is not belongs to SpeedFusion bonding traffics.

Thank You


#4

Weird, I replied once to this already but see now it did not get posted. The traffic on WAN 2 and 3 is 100% HTTPS traffic. I do not have SpeedFusion turned on for this router. Why would HTTPS traffic choose any old WAN port to go out?


#5

Hi Reynaldo,

The default HTTPS persistent rule will distribute HTTPS traffics using the available WAN1, WAN2 & WAN3. This why you will see HTTPS running for WAN2 & WAN3. Please change the Algorithm to “Priority” if you doesn’t want the traffic distributed using WAN2 or WAN3. Make sure “Terminate Sessions on Link Recovery” is turn on to make sure connection will always use WAN1 when link recovery detected.

Thank You