Reply
Highlighted
Senior Member
Posts: 10,065
Registered: ‎08-04-2017
Kudos: 1631
Solutions: 493

Re: UBNT Failover Connection Tracking Issue

Hello @jaikapoor,

 

Welcome to the community!

 

What firmware version is the USG on?

Do you have WAN2 setup as failover only?

 

Could you try the latest BETA USG Firmware? ( follow this to sign up for BETA )

 

 

Regards,

Glenn R.

 

CC @UBNT-cmb

Cloud Hosted Controllers | Glenn R. | UniFi Installation/Easy Update Scripts | UniFi-Video Installation/Easy Update Scripts | UniFi-VoIP Installation Scripts
USG-4-PRO • USG
USW-48-500W • USW-24-POE-250W 2x • USW-16-POE-150W • USW-24 • USW-8-150W • USW-8
UAP XG • UAP-SHD • UAP-HD • UAP-NanoHD • UAP-AC-PRO 2x • UAP-AC-LITE • UAP-AC-IW • UAP-AC-M
UCK-G2 • UCK
New Member
Posts: 1
Registered: Thursday
Kudos: 1

UBNT Failover Connection Tracking Issue

Current setup:

WAN1 = DSL

WAN2 = Verizon LTE Modem

  • For testing, I have a persistent ping out to 8.8.8.8.

  • When I am on WAN1 connection (verified by curl ifconfig.co command) my latency is about 20ms. Which is expected with this DSL connection.

  • When I am on WAN2 connection (verified by curl ifconfig.co command) my latency is about 120ms. Which is expected with this Verizon LTE connection.

The problem is that when WAN1 comes back online (verified by curl ifconfig.co command), my persistent ping still shows a latency of about 120ms indicating that is it still using the WAN2 connection. If I issue the SSH command clear connection-tracking, immediately my pings return to 20ms. This shows me that UBNT is not breaking connection when failback occurs. We REALLY need it to because our WAN2 connection is LTE and we pay by megabyte used. If a failover and failback occurs, many of our softwares will use the WAN2 connection even though WAN1 is available. This leads to very costly and unnecessary overages.

My proposal is the have a checkbox option within the Controller that says something like “On failback, clear connection tracking”. If this is checked and a failback event is triggered, the command clear connection-tracking just automatically gets executed so that all connections start going out WAN1.

 

Is this a known issue and are there any other workaround for this?

Ubiquiti Employee
Posts: 4,971
Registered: ‎08-08-2016
Kudos: 5317
Solutions: 344

Re: UBNT Failover Connection Tracking Issue

To explain the reply above the post - In moving this to the Routing & Switching board I inadvertently moved one post rather than the thread, then when I merged it back together it gets the order wrong and there's no way to easily fix that. 

 

There is a new config option in load-balance in 4.4.34 and newer versions for exactly this circumstance, flush-on-active. It's not controller-configurable in any public versions yet but you can use it if you're on a firmware version which includes it. 

 

The default behavior is to flush conntrack only when a connection goes down. That makes sure there aren't any connections stuck on a dead WAN. When a WAN transitions to active status it doesn't, as that would often be undesirably disruptive. The connections are up and functioning, no need to kill them much of the time. But not in cases like this where your backup's LTE or otherwise data-limited or sub-optimal and you don't care if your existing connections die. 

 

After upgrading to a firmware version including that, you can test it by SSHing to USG and running: 

configure
set load-balance group wan_failover flush-on-active enable
commit

then you should see it killing connections when a WAN goes to active. Don't do anything in the controller that will cause USG to be provisioned while testing, as that will disable that. 

 

To make that permanent, for now you can put it in config.gateway.json like: 

{
    "load-balance": {
        "group": {
            "wan_failover": {
                "flush-on-active": "enable"
            }
        }
    }
}
New Member
Posts: 5
Registered: ‎10-23-2018
Kudos: 1

Re: UBNT Failover Connection Tracking Issue

Thank you!

How do I upgrade to 4.4.34. My current USG firmware is 4.4.29.5124212. I am signed up to Early Adopters program.
Emerging Member
Posts: 87
Registered: ‎05-06-2017
Kudos: 178
Solutions: 5

Re: UBNT Failover Connection Tracking Issue


@triphen_admin wrote:
Thank you!

How do I upgrade to 4.4.34. My current USG firmware is 4.4.29.5124212. I am signed up to Early Adopters program.

Look for the post in the beta forums: https://community.ubnt.com/t5/UniFi-Routing-Switching-Beta/bd-p/USG_Beta

 

4.4.36 is the most recent beta firmware for the USG: https://community.ubnt.com/t5/UniFi-Routing-Switching-Beta/USG-Firmware-v4-4-36-now-available/m-p/25...

New Member
Posts: 5
Registered: ‎10-23-2018
Kudos: 1

Re: UBNT Failover Connection Tracking Issue

Thank you. I updated my firmware 4.4.36.5146617 and ran the following command:

 

configure
set load-balance group wan_failover flush-on-active enable
commit

I tried a test and still get the same result I describe above.

 

How can I check to see if it actually took effect? 

New Member
Posts: 5
Registered: ‎10-23-2018
Kudos: 1

Re: UBNT Failover Connection Tracking Issue

This appears to be working now, I need to do more testing on Monday, but at first glance, it looks good.
Reply