2022-04-29 EdgeRouter - WAN Load-Balancing – Ubiquiti Support and Help Center

- metadata: - source: https://help.ui.com/hc/en-us/articles/205145990-EdgeRouter-WAN-Load-Balancing --- # EdgeRouter - WAN Load-Balancing – Ubiquiti Support and Help Center --- This article demonstrates how the EdgeRouter WAN Load-Balancing feature works and provides a manual configuration example. **NOTES & REQUIREMENTS:** - This feature allows the router to intelligently balance outgoing traffic using multiple WAN interfaces. - Applicable to the latest EdgeOS firmware on all EdgeRouter models. - The latest EdgeOS firmware can be downloaded from the EdgeRouter [Downloads](https://www.ui.com/download/edgemax) page. ## Table of Contents 1. [Frequently Asked Questions (FAQ)]() 2. [Using the Load-Balancing Wizard]() 3. [Manual Configuration Example]() 4. [Additional Load-Balancing Options]() 5. [Troubleshooting]() 6. [Related Articles]() ## Frequently Asked Questions (FAQ) What is the minimal EdgeOS firmware version that supports Load-Balancing? The Load-Balancing feature was introduced in EdgeOS firmware version v1.4.0. How many WAN interfaces can be used for Load-Balancing? The maximum amount of WAN interfaces that can be added to a group is 55 when using the [v2.0.8](https://community.ui.com/releases/EdgeMAX-EdgeRouter-Firmware-v2-0-8/4d9cfba7-4a5a-403e-a5c8-26679d58620f) EdgeOS firmware release and up. Up to 8 interfaces can be used starting from the [v1.8.0](https://community.ui.com/releases/EdgeMAX-EdgeRouter-software-release-v1-8-0-1-8-0/054d555b-8a31-45b9-a8bc-32860bce5ab2) EdgeOS firmware release. Older releases only allow up to 2 interfaces. ## Using the Load-Balancing Wizard WAN Load-Balancing uses the following configuration options: - `WAN Interfaces` Defined in the load-balance section with optional criteria such as **failover**, **weight** and **ping-targets**. - `Firewall Policy` Defined in the firewall section using Load-Balancing exclusions and **modify** rules for matching traffic. - `LAN interface(s)` Defined in the interface section and applied to the LAN interface(s) in the **ingress (in)** direction. ![topology.gif](https://help.ui.com/hc/article_attachments/360065715473/topology.gif) _Using WAN Load-Balancing, traffic sessions from the LAN clients are balanced across the WAN ports._ The EdgeRouter configuration wizard provides a quick and easy setup of the Load-Balancing feature: **GUI:** Access the EdgeRouter Web UI. 1\. Navigate to the **Wizards** tab to configure the Load-Balancing feature. **Wizards > Setup Wizards > Load Balancing** 2\. Choose which WAN interfaces will be used in the setup and define the Internet connection types. **First Internet port** **Port:** eth0 **Internet connection type:** DHCP / Static / PPPoE **Firewall:** Enable the default firewall (checked) **Second Internet port** **Port:** eth1 **Internet connection type:** DHCP / Static / PPPoE **Firewall:** Enable the default firewall (checked) **Failover Only: -** **NOTE:**Choose whether to forward traffic using all WAN interfaces or to implement a failover setup using the **Failover Only** option. **LAN port** **Port:** eth3 **Address:** 192.168.1.1 / 255.255.255.0 **DHCP:** Enable the DHCP server (checked) 3\. Apply the changes and reboot the device when prompted. ## Manual Configuration Example It is recommended to use the wizard in the Web UI to automatically configure all of the different Load-Balancing options. The configuration example below shows how to manually configure the previous section using the command line. **CLI:** Access the Command Line Interface.You can do this using the CLI button in the GUI or by using a program such as PuTTY. 1\. Enter Configuration mode. ``` configure ``` 2\. Create a firewall network group specifying the private IP address ranges. ``` set firewall group network-group PRIVATE\_NETS network 192.168.0.0/16 set firewall group network-group PRIVATE\_NETS network 172.16.0.0/12 set firewall group network-group PRIVATE\_NETS network 10.0.0.0/8 ``` Click to copy 3\. Create a firewall modify policy with exclusion rules for the WAN interface addresses and the network group created earlier. ``` set firewall modify balance rule 10 action modify set firewall modify balance rule 10 destination group network-group PRIVATE\_NETS set firewall modify balance rule 10 modify table main set firewall modify balance rule 20 action modify set firewall modify balance rule 20 destination group address-group ADDRv4\_eth0 set firewall modify balance rule 20 modify table main set firewall modify balance rule 30 action modify set firewall modify balance rule 30 destination group address-group ADDRv4\_eth1 set firewall modify balance rule 30 modify table main ``` **NOTE:** The **modify table main** entries are created to prevent the local LAN traffic from being balanced across the two WAN interfaces. 4\. Add a firewall rule entry that sends all other traffic to a load balancing group. ``` set firewall modify balance rule 110 action modify set firewall modify balance rule 110 modify lb-group G ``` 5\. Apply the firewall to the LAN interface in the **ingress/in** direction. ``` set interfaces ethernet eth3 firewall in modify balance ``` **ATTENTION:**The WAN and LAN interfaces might differ depending on your EdgeRouter model and setup. 6\. Create a Load-Balance group that includes the two WAN interfaces. ``` set load-balance group G interface eth0 set load-balance group G interface eth1 ``` **NOTE:**Each interface will use its own separate routing table. 7\. Commit the changes and save the configuration. ``` commit; save ``` ## Additional Load-Balancing Options **NOTE:** The commands below are optional and not required for all Load-Balancing implementations. **Route Test** This feature will test the connectivity of the WAN interface by sending probes (ICMP ping messages) to a predefined address. The following options are available: - `count success` Defines after how many tries the route test is considered successful before the interface changes state. - `count failure` Defines after how many tries the route test is considered failed before the interface changes state. - `initial-delay` Delay in seconds before the initial route test is started. - `interval` Number of seconds between pings. - `type` Defines whether to ping the default gateway, a custom host or use a script. ``` set load-balance group G interface eth0 route-test count success <nr> set load-balance group G interface eth0 route-test count failure <nr> set load-balance group G interface eth0 route-test initial-delay <nr> set load-balance group G interface eth0 route-test interval <nr> set load-balance group G interface eth0 route-test type ping target <host> set load-balance group G interface eth0 route-test type default set load-balance group G interface eth0 route-test type script <path> ``` **Fail Over** Interface configured with the `failover-only` option will only become active when the other WAN interface(s) fail the route test. ``` set load-balance group G interface eth1 failover-only ``` **Local Load-Balancing** The `lb-local` feature will also load balance the traffic from the router rather than using the **main** routing table. ``` set load-balance group G lb-local enable ``` **Flush Conntrack Table** The `flush-on-active` feature clears all connections in the conntrack table whenever a WAN transition occurs. ``` set load-balance group G flush-on-active enable ``` **Local Metric Change** The `lb-local-metric-change` feature automatically changes the router's default route distance and is most useful when using a failover setup. ``` set load-balance group G lb-local-metric-change enable ``` **Route table** Configures the interface to use a custom routing table (valid routing table numbers are between 1-200). ``` set load-balance group G interface <id> route table 10 ``` **Weight** Defines the percentage of traffic that is forwarded out of each interface. The default weight ratio is 50/50. ``` set load-balance group G interface eth0 weight 70 set load-balance group G interface eth1 weight 30 ``` **Sticky** This option will keep traffic sessions on the same WAN interface until they are timed out. The following options are available: - `dest-addr` Traffic sessions will be on the same WAN interface based on the destination address. - `dest-port` Traffic sessions will be on the same WAN interface based on the destination port. - `source-addr` Traffic sessions will be on the same WAN interface based on the source address. - `source-port` Traffic sessions will be on the same WAN interface based on the source port. - `proto` Traffic sessions will be on the same WAN interface based on the protocol. ``` set load-balance group G sticky dest-addr enable set load-balance group G sticky dest-port enable set load-balance group G sticky source-addr enable set load-balance group G sticky source-port enable set load-balance group G sticky proto enable ``` ## Troubleshooting You can verify the Load-Balancing configuration and status with the following commands: ``` show load-balance status show load-balance watchdog show load-balance config ``` The **main** and Load-Balancing routing tables can be displayed with the commands below: ``` show ip route show ip route table 201 show ip route table 202 ``` ## Related Articles [EdgeRouter - Which EdgeRouter Should I Use?](https://help.ui.com/hc/en-us/articles/219652227) [EdgeRouter - Beginners Guide to EdgeRouter](https://help.ui.com/hc/en-us/articles/115002531728) [Intro to Networking - How to Establish a Connection Using SSH](https://help.ui.com/hc/en-us/articles/218850057)