Understanding & Configuring Outbound Policy

A flexible rule-based configuration design enables the fine-tuning of outbound traffic at a per-service level by allowing multiple rules to be configured.

The following types of Outbound Traffic Rules are available:

  • Weighted Balance
  • Persistence
  • Enforced
  • Priority
  • Overflow
  • Least Used
  • Lowest Latency
For more information related to Load Balancing Algorithms, please refer to this page.

 

Weighted Balance

Weighted Balance rules enable configuring the proportion of outgoing data traffic to be handled by each WAN link. (Examples follow.)

Persistence

Persistence rules make specified types of traffic (eg: HTTPS) to always be routed through a particular WAN link based on source or destination IP address(es).

Enforced

Enforced rules result in the routing of specified type(s) of traffic through a particular WAN connection or VPN connection, regardless of its up/down status. (An example follows.)

Priority

Priority rules specify the order of the available WAN links (or VPN connections) in which traffic is to be routed. A priority value is configured for each WAN link; the highest-priority available WAN link will be utilized; lower-priority WAN links will be utilized in priority sequence in the event of WAN link unavailability.

Overflow

Traffic will be routed through the healthy WAN connection that has the highest priority and is not in full load of downlink bandwidth. When this connection gets saturated, new sessions will be routed to the next healthy WAN connection that is not in full load.

Least Used (Balance 20/30 require firmware 6.2.2 or above)

The traffic matching this rule will be routed through the healthy WAN connection with the most available down link bandwidth.

Lowest Latency (Balance 20/30 require firmware 6.2.2 or above)

The traffic matching this rule will be routed through the healthy WAN connection with the lowest latency. Periodic latency checking packets are sent to the WAN connection.

 

Outbound Traffic Management Interface

The following screenshot illustrates the Custom Rule configuration interface available at Network > Outbound Policy:

load balancing

The top-down order of the list denotes the order of decreasing precedence. The up and down arrow keys can be used to move a rule up and down within the list, respectively.

Example 1 – Setting up Weighted Balance Rules

The basic idea behind Weighted Balance rules is to govern how Peplink Balance distributes outgoing traffic requests across multiple WAN links.

To illustrate, with the following link configuration:

  • WAN1: 3M (DSL)
  • WAN2: 2M (E1)
  • WAN3: 3M (DSL)
The Weighted Balance rule should be set as follows:
  • Service: General
  • Source & Destination IP: Any
  • Protocol & Port: Any
  • Algorithm: Weighted Balance
  • Load Distribution Weight: 3 : 2 : 3 (Derived from 3M : 2M : 3M)
This distributes a larger proportion of traffic to WAN1 and WAN3 to take advantage of the faster links, and a smaller proportion of traffic to WAN2 to prevent over-saturation of the slower link.

Example 2 – Setting up Per-service Weight Balance Rules

Some types of WAN links have different upstream and downstream speeds (e.g. ADSL with 3M upstream and 512K downstream). In such cases, upload-intensive services may require special fine-tuning.

A common example is outgoing email (SMTP), where traffic is mostly upstream.

Building upon the previous link configuration:

  • WAN1: 3M Downstream, 512K Upstream (DSL)
  • WAN2: 2M Downstream, 2M Upstream (E1)
  • WAN3: 3M Downstream, 512K Upstream (DSL)
A per-service Weighted Balance rule should be added for SMTP as follows:
  • Service: SMTP
  • Source & Destination IP: Any
  • Protocol & Port: TCP 25
  • Algorithm: Weighted Balance
  • Load Distribution Weight: 1 : 4 : 1 (Derived from 512K : 2M : 512K)
Example 3 – Restricting IPSec VPN Traffic to the WAN1 Link

To configure Peplink Balance to restrict IPSec VPN traffic to WAN1, add the following per-service Enforced rules:

Rule to specify UDP Port 500 traffic:

  • Service Name: UDP500_on_WAN1
  • Source & Destination IP: Any
  • Protocol & Port: UDP 500
  • Algorithm: Enforced
  • Enforced Connection: WAN1
Rule to specify UDP Port 4500 traffic:
  • Service: UDP4500_on_WAN1
  • Source & Destination IP: Any
  • Protocol & Port: UDP 4500
  • Algorithm: Enforced
  • Enforced Connection: WAN1
With these rules enabled, Peplink Balance will route IPSec VPN traffic with NAT-T (that require UDP ports 500 and 4500) to WAN1 regardless of its up/down status. In the event the WAN1 is down, by design, the specified traffic will simply be dropped rather than routed via the other WAN links.
2 Likes

Great Post thanks Eric!
Just wanted to share a blog post with some more examples on outbound policy usage too :wink:

2 Likes

A post was split to a new topic: Archive since I’ve updated articie published