Reply
Emerging Member
Posts: 45
Registered: ‎05-26-2018
Kudos: 2

LoadBalance groups - What is maximum? 4 groups ? (5th group is not working...)

Hello guys,

 

I am loadbalancing 4 ISPs on my ER-X. And i found one interesting thing.

 

I have 4 load balance groups. If i add the 5thgroup into loadbalance -> this group is ignored like it never existed ...

 

Simply, if i set this 5th group in some firewall rule, it is not working. 

It seems like maximum 4 LB groups are working.

 

I know this is maybe kinda weird that i am using lowend router for balancing 4 IPSs, but... why not? Man Happy

 

Thanks 

Regular Member
Posts: 302
Registered: ‎02-12-2013
Kudos: 81
Solutions: 23

Re: LoadBalance groups - What is maximum? 4 groups ? (5th group is not working...)

Hi @Misho888

Can you post your config? Also, are you making the changes via GUI or CLI?

The current limit is 8 load balancers, but that will be changed to a much higher number in the future:
https://community.ubnt.com/t5/EdgeRouter-Beta/Max-Load-Balancing-Capacity-for-ER-12/m-p/2587926#M242...
Senior Member
Posts: 5,692
Registered: ‎01-04-2017
Kudos: 795
Solutions: 286

Re: LoadBalance groups - What is maximum? 4 groups ? (5th group is not working...)

Also post version, old limit was 4 I think, new is 8
Emerging Member
Posts: 45
Registered: ‎05-26-2018
Kudos: 2

Re: LoadBalance groups - What is maximum? 4 groups ? (5th group is not working...)

Hello Guys,

 

sorry i can´t post config now. 

 

@flamber I am making changes via GUI.

 

@smyers119 I am using EdgeRouter X v1.10.3

 

 

Highlighted
Emerging Member
Posts: 45
Registered: ‎05-26-2018
Kudos: 2

Re: LoadBalance groups - What is maximum? 4 groups ? (5th group is not working...)

Here is my config: https://pastebin.com/tgBDmdem

 

I have created 5th LB group called "LTE30" which means i need to use traffi only through eth0.10.

 

As you can see, i added this LB group in FW "balance" rule "9" only for IP "192.168.2.101".

 

I am testing it from local pc (192.168.2.101) and it seems like i am getting still LB rule "LTE" (eth0.9 + eth0.10).

 

Like i said before, it seems like it is ignored.

 

Thanks for help.

Veteran Member
Posts: 7,221
Registered: ‎03-24-2016
Kudos: 1859
Solutions: 821

Re: LoadBalance groups - What is maximum? 4 groups ? (5th group is not working...)

The firewall modify ruleset probably is your problem

 

Unlike normal firewall rulesets , processing does NOT stop at a matching rule performing a modify LB-group command.

 

If you want to stop processing in the modify ruleset, append each rule with rule having identical matching condintion, and action=accept

 

Emerging Member
Posts: 45
Registered: ‎05-26-2018
Kudos: 2

Re: LoadBalance groups - What is maximum? 4 groups ? (5th group is not working...)

Thanks for your reply, but sorry, can you be more specific?

 

Sorry, Can you show some config example what do you mean?

 

If i set another "LB group" in this fw rule "9" under "balance" it is working... Why then? It is not working just with 5th created LB group as i already said.

 

Thanks for some example how to configure it.

Veteran Member
Posts: 7,221
Registered: ‎03-24-2016
Kudos: 1859
Solutions: 821

Re: LoadBalance groups - What is maximum? 4 groups ? (5th group is not working...)

Like below:

Spoiler
    modify LTE_Pecalka {
        description "Pecalka LTE + Game porty cez DSL"
        rule 30 {
            action modify
            description test_ping_dsl_sk
            destination {
                group {
                    address-group ping_DSL_M_weby
                }
            }
            modify {
                lb-group DSL_M
            }
        }
        rule 31 {
            action accept
            description test_ping_dsl_sk_Done
            destination {
                group {
                    address-group ping_DSL_M_weby
                }
            }
        }  
        rule 40 {
            action modify
            description Game_porty_cez_DSL_M
            destination {
                group {
                    port-group game_porty
                }
            }
            modify {
                lb-group LTE
            }
        }
        rule 50 {
            action modify
            modify {
                lb-group DSL_L
            }
        }
    }

Note: I had to renumber, as there was no room in between rules

Emerging Member
Posts: 45
Registered: ‎05-26-2018
Kudos: 2

Re: LoadBalance groups - What is maximum? 4 groups ? (5th group is not working...)

[ Edited ]

 

Thanks, so you have only added:

 

rule 31 {
            action accept
            description test_ping_dsl_sk_Done
            destination {
                group {
                    address-group ping_DSL_M_weby
                }
            }
        }  

 

But what is the point of that rule? Sorry, I am beginner and i am just trying to understand what is going on Man Happy.

 

Ok, let´s say i have set a new config, i created these LB groups, and can you help me why i have following error on the last one?

 

 

Spoiler
show load-balance status
Group DSL_L
  interface   : eth0.9
  carrier     : up
  status      : failover
  gateway     : 192.168.9.1
  route table : 201
  weight      : 0%
  flows
      WAN Out : 0
      WAN In  : 0
    Local Out : 0

  interface   : eth2
  carrier     : up
  status      : active
  gateway     : 192.168.12.1
  route table : 202
  weight      : 100%
  flows
      WAN Out : 267
      WAN In  : 0
    Local Out : 10

Group DSL_M
  interface   : eth1
  carrier     : up
  status      : active
  gateway     : 192.168.11.1
  route table : 203
  weight      : 100%
  flows
      WAN Out : 374
      WAN In  : 0
    Local Out : 0

Group G
  interface   : eth0.9
  carrier     : up
  status      : active
  gateway     : 192.168.9.1
  route table : 204
  weight      : 38%
  flows
      WAN Out : 0
      WAN In  : 0
    Local Out : 0

  interface   : eth0.10
  carrier     : up
  status      : active
  gateway     : 192.168.10.1
  route table : 205
  weight      : 38%
  flows
      WAN Out : 0
      WAN In  : 0
    Local Out : 0

  interface   : eth2
  carrier     : up
  status      : active
  gateway     : 192.168.12.1
  route table : 206
  weight      : 23%
  flows
      WAN Out : 0
      WAN In  : 0
    Local Out : 0

Group LTE
  interface   : eth0.9
  carrier     : up
  status      : active
  gateway     : 192.168.9.1
  route table : 207
  weight      : 70%
  flows
      WAN Out : 425
      WAN In  : 0
    Local Out : 0

  interface   : eth0.10
  carrier     : up
  status      : active
  gateway     : 192.168.10.1
  route table : 208
  weight      : 30%
  flows
      WAN Out : 163
      WAN In  : 0
    Local Out : 0

Group LTE15
  interface   : eth0.9
  carrier     : up
  status      : active
  gateway     : 192.168.9.1
  route table : 209
  weight      : 100%
  flows
      WAN Out : 0
      WAN In  : 0
    Local Out : 0

  interface   : eth0.10
  carrier     : up
  status      : failover
  gateway     : 192.168.10.1
  route table : 210
  weight      : 0%
  flows
      WAN Out : 0
      WAN In  : 0
    Local Out : 0

Group LTE30
  interface   : eth0.9
  carrier     : up
  weight      : 0%
  flows
      WAN Out : 1
      WAN In  : 0
    Local Out : error calculating []

  interface   : eth0.10
  carrier     : up
  weight      : 100%
  flows
      WAN Out : 1
      WAN In  : 95
    Local Out : error calculating []

 Config: https://pastebin.com/e8f9z6UM

 

Veteran Member
Posts: 7,221
Registered: ‎03-24-2016
Kudos: 1859
Solutions: 821

Re: LoadBalance groups - What is maximum? 4 groups ? (5th group is not working...)

Maybe the group with error shown is functional, and the error is limited to only displaying statistics.

 

On normal firewall rulesets, rules are processed in numerical order, and when a packet matches the rule , action (allow, block or reject)  is performed and further rules aren't checked.

 

On firewall modify rulesets, some actions don't terminate the processing of further rules:

example

rule 10, match-DNS,  set dscp=10

rule 20, match-DNS,  set dscp=20

rule 30, match-DNS,  set dscp=30

 

A single DNS packet will match rule10 , then continues.... and will end up having DSCP=30. 

So using multiple lb-groups in single modify ruleset might give unexpected results

 

To make it stop after 10, add in between

rule 11, match-DNS,  action accept

 

Emerging Member
Posts: 45
Registered: ‎05-26-2018
Kudos: 2

Re: LoadBalance groups - What is maximum? 4 groups ? (5th group is not working...)

If i set the LB "LTE30" for example to my Guest WiFi (VLAN)

  • set interfaces ethernet eth3 vif 5 firewall in modify LTE30

It´s not working... why? If i set LTE15 is it working...

Emerging Member
Posts: 45
Registered: ‎05-26-2018
Kudos: 2

Re: LoadBalance groups - What is maximum? 4 groups ? (5th group is not working...)

Ok, nveremind...

 

I reorganized some LB rules, and also some fw rules, and I have total 5 LB groups, and it seems that it is working as should Man Happy.

 

Anyway thanks for your replies guys.

 

I am really satisfied what ER-X can handle... This little box is awesome!

Reply