Network_Failover
Network > Failover & Load Balancing
This chapter contains the following sections:
For Failover & Load Balancing (LB), multiple WAN members are supported (N–1, where N is the total number of interfaces on a hardware platform). For example:
• Primary WAN Ethernet Interface
• Alternate WAN #1
• Alternate WAN #2
• Alternate WAN #<N–1> . . .
The Primary WAN Ethernet Interface has the same meaning as the previous firmware’s concept of “Primary WAN.” It is the highest ranked WAN interface in the LB group. The Alternate WAN #1 corresponds to “Secondary WAN,” it has a lower rank than the Primary WAN, but has a higher rank than the next two alternates. The others, Alternate WAN #2 and Alternate WAN #3, are new, with Alternate WAN #3 being the lowest ranked among the WAN members of the LB group.
The Failover and Load Balancing settings are described below:
• Enable Load Balancing—This option must be enabled for the user to access the LB Groups and LB Statistics section of the Failover & Load Balancing configuration. If disabled, no options for Failover & Load Balancing are available to be configured.
• Respond to Probes—When enabled, the appliance can reply to probe request packets that arrive on any of the appliance’s interfaces.
• Any TCP-SYN to Port—This option is available when the Respond to Probes option is enabled. When selected, the appliance will only respond to TCP probe request packets having the same packet destination address TCP port number as the configured value.
Load Balancing Members and Groups
LB Members added to a LB Group take on certain “roles.” A member can only work in one of the following roles:
• Primary—Only one member can be the Primary per Group. This member always appears first or at the top of the Member List. Note that although a group can be configured with an empty member list, it is impossible to have members without a Primary.
• Alternate—More than one member can be an Alternate, however, it is not possible to have a Group of only Alternate members.
• Last-Resort—Only one member can be designed as Last-Resort. Last-Resort can only be configured with other group members.
Each member in a group has a rank. Members are displayed in descending order of rank. The rank is determined by the order of interfaces as they appear in the Member List for the group. The order is important in determining the usage preferences of the Interfaces, as well as the level of precedence within the group. Thus, no two interfaces within a group will have the same or equal rank; each Interface will have a distinct rank.
General Tab
To configure the Group Member Rank settings, click the Configure icon of the Group you wish to configure on the Network > Failover & LB page. The General tab displays.
The General tab allows the user to do modify the following settings:
• Display name—Edit the display name of the Group
• Type (or method) of LB—Choose the type of LB from the drop-down list (Basic Active/Passive Failover, Round Robin, Spillover-Based, or Percentage-Based).
– Basic Active/Passive Failover—The four WAN interfaces use ‘rank’ to determine the order of preemption when the Preempt checkbox has been enabled. Only a higher-ranked interface can preempt an Active WAN interface.
– Round Robin—This option now allows the user to re-order the WAN interfaces for Round Robin selection. The order is as follows: Primary WAN, Alternate WAN #1, Alternate WAN #2, and Alternate WAN #3; the Round Robin will then repeat back to the Primary WAN and continue the order.
– Spillover—The bandwidth threshold applies to the Primary WAN. Once the threshold is exceeded, new traffic flows are allocated to the Alternates in a Round Robin manner. Once the Primary WAN bandwidth goes below the configured threshold, Round Robin stops, and outbound new flows will again be sent out only through the Primary WAN. Note that existing flows will remain associated with the Alternates (since they are already cached) until they timeout normally.
– Ratio—There are now four fields so that percentages can be set for each WAN in the LB group. To avoid problems associated with configuration errors, please ensure that the percentage correctly corresponds to the WAN interface it indicates.
• Add/delete member interfaces—Members can be added by selecting a displayed interface from the “Group Members:” column, and then clicking the Add>> button. Note that the interface listed at the top of the list is the Primary. Members can be deleted from the “Selected:” column by selecting the displayed interface, and then clicking the Remove>> button.
Note The Interface Rank does not specify the operation that will be performed on the individual member. The operation that will be performed is specified by the Group Type.
Probing Tab
When Logical probing is enabled, test packets can be sent to remote probe targets to verify WAN path availability. A new option has been provided to allow probing through the additional WAN interfaces: Alternate WAN #3 and Alternate WAN #4.
Note VLANs for alternate WANs do not support QoS or VPN termination.
To configure the probing options for a specific Group, click the Configure icon of the Group you wish to configure on the Network > Failover & LB page. Then, click the Probing tab.
The Probing tab allows the user to modify the following settings:
• Check Interface—The interval of health checks in units of seconds
• Deactivate Interface—After a series of failed health checks, the interface sets to “Failover”
• Reactivate Interface—After a series of successful health checks, the interface sets to “Available”
• Probe responder.global.sonicwall.com on all interfaces in this group—Enable this checkbox to automatically set Logical/Probe Monitoring on all interfaces in the Group. When enabled, this sends TCP probe packets to the global SNWL host that responds to SNWL TCP packets, responder.global.sonicwall.com, using a target probe destination address of 204.212.170.23:50000. Once this checkbox is selected, the rest of the probe configuration will automatically enable built-in settings. The same probe will be applied to all four WAN Ethernet interfaces. Note that the Dialup WAN probe setting also defaults to the built-in settings.
The Load Balancing Statistics table displays the following LB group statistics for the SonicWALL:
• Total Connections
• New Connection
• Current Ratio
• Average Ratio
• Total Unicast Bytes
• Rx Unicast
• Rx Bytes
• Tx Unicast
• Tx Bytes
• Throughput (KB/s)
• Throughput (Kbits/s)
In the Display Statistics for pull-down menu, select which LB group you want to view statistics for.
Click the Clear Statistic button on the bottom right of the Network > Failover & LB page to clear information from the Load Balancing Statistics table.
The Multiple WAN (MWAN) feature allows the administrator to configure all but one of the appliance's interface for WAN network routing (one interface must remain configured for the LAN zone for local administration). All of the WAN interfaces can be probed using the SNWL Global Responder host.
Network Interfaces
The Network Interfaces page allows more than two WAN interfaces to be configured for routing. It is possible to configure WAN interfaces in the Network Interfaces page, but not include them in the Failover & LB. Only the Primary WAN Ethernet Interface is required to be part of the LB group whenever LB has been enabled. Any WAN interface that does not belong to the LB group is not included in the LB function, but performs normal WAN routing functions.
Note A virtual WAN interface may belong to the LB group. However, prior to using within the LB group, please ensure that the virtual WAN network is fully routable like that of a physical WAN.
Routing the Default & Secondary Default Gateways
Because the gateway address objects previously associated with the Primary WAN and Secondary WAN are now deprecated, user-configured Static Routes need to be re-created in order to use the correct gateway address objects associated with the WAN interfaces. This will have to be configured manually as part of the firmware upgrade procedure.
The old address object Default Gateway corresponds to the default gateway associated with the Primary WAN in the LB group. The Secondary Default Gateway corresponds to the default gateway associated with Alternate WAN #1.
Note After re-adding the routes, delete the old ones referring to the Default and Secondary Default Gateways.
Note Depending on your location, some DNS Servers may respond faster than others. Verify that these servers work correctly from your installation prior to using your SuperMassive appliance.