Policy routing and WAN detection and Load Balancing
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
My setup is as follows:
Two WAN links (possibly one more in the future):
WAN1: 100mbps
WAN2: 2mbps (for OOB and emergency access for 3 computers that need always access for administrative stuff, email and such)
So far, the configuration sort of works, because I'm getting an odd behavior using the "Priority mode" on the Routing Policy.
Since I'm using OpenDNS to control DNS request and navigation, I can see the DNS requests on both WANs (different ISP, so no issue of mixing traffic there).
For some unknown reason, I can see a bunch of DNS requests on WAN2, but the traffic goes to WAN1. How do I know that? because, WAN2 on OpenDNS has many things restricted, like YT, Instagram and stuff that consumes bandwidth, meanwhile on WAN1 is a green pass for those pages. And I have configured the OpenDNS in such way that on the blocking page says WAN1 or WAN2 depending on what is getting blocked.
So, that being said, I have 100% certainty that for some unknown reason, the router is not detecting correctly that WAN1 is Online and routes the traffic to WAN2. Why? because most of the users of that group are getting an OpenDNS page saying the page was blocked on WAN2, when they are supposed to be on WAN1 and no blockage.
You can see the difference in requests,
| from WAN1: | And WAN2 |
 |
 |
 |
 |
Strangely enough, the difference in request is about half between the two, which is something also odd. I should be getting almost 90% DNS requests on my WAN1, and almost nothing on WAN2.
Now, the behavior per se is not so incorrect, it is true that I want Only the VIP_Access group to have access to WAN2 when WAN1 goes down, but then, how come the rest of the users who have WAN1 as only route have no issue? Why the "priority mode" is not working as expected?
Knowing that, there is something that I need to understand, and that goes back to "Load Balancing". On my setup, I DO NOT want Load balancing, what I want is:
- one group of users going to WAN1,
- servers going to WAN2 and
- a handful of users to go to WAN1 when is online, if not, go to WAN2
So far, the router is doing what is configured to, except the last bit, that is a "sort of".
For this setup to work, do I need to have "Load balancing" or "Application Optimized Routing" enabled so policy routing works?
I ask this because, the "Online Detection" is on the "Load Balancing" section. Since both are part of the "Transmission" section, I do not know if all those main sections (NAT, Bandwidth Control, Session Limit, Load Balancing, Routing) work together or can be configured independently of the other (sadly the user manual is not so specific about it).
Another thing that I wanted to know from the "Online detection" is which option is the best to detect the online link? do I need both ping and dns lookup? will it more accurate and give less false reports? Before I was using Ping only and then changed to DNS lookup but still same results. I am using OpenDNS servers as destinations for any of them since they are the DNS I use.
The router WORKS, for everything that I need it, is just fine, works great, but the whole routing part in "Priority mode" needs some work. And I need to fix the issue ASAP.
@Virgo thanks for the guidance.
But still, the router is not routing properly.
I tried making manual routes and setting proper metrics but it gives an error, so I cannot "override" the default routes the device created. I'm no network expert but, all routes having a 0 metric is odd. Specially is I want WAN1 to have MORE priority than WAN2.
I even created kind like "inbound" set of rules for the Policy Routing. Although the user manual does not state anything about needing to do that, I gave it a try just to see if something improved, but nothing.
I understand that you need to setup the policy only to tell traffic where to go, but from the router, but I don't know if you have to also do the other way around.
And, back again to the OpenDNS:
| WAN1 (100mbps) | WAN2 (2mbps) |
 |
 |
The difference on request is roughly 20k, so for some reason is like doing some 2:1 balancing. And I have all those settings related to balancing disabled.
I'm getting the crazy idea of doing manual routing for the 3 computers that need access all the time and for the rest of the network force it via WAN1. But, is going to be a nightmare, because I have no idea how am I going to do that.
One thing that I did noticed, regarding the load balancing is the following:
I can enable it just for one port, but the question is, what would that do? and I quote:
3. If the bandwidth ratio of WAN1 to WAN2 is set as 2:1, the traffic ratio of WAN1 and WAN2 will be approximately 2:1 after "Bandwidth Based Balance Routing" of WAN1 and WAN2 is enabled.
If my math is correct, and I account 100mbps as 100%, 2mbps is 2%. Would that mean that I would only see 2% traffic on WAN2 but ONLY for those using Priority mode on the Policy routing or the whole network? But if I choose just one port, where does that leave me?
I'm still baffled by this whole ordeal.
@Virgo After reading the following on the KB:
https://www.tp-link.com/us/support/faq/701/ - This Article Applies to: TL-R470T+( V6 ) , TL-R480T+( V9 ) , TL-ER5120( V3 ) , TL-R600VPN( V4 ) , TL-ER6120( V2 ) , TL-ER6020( V2 ) / Updated 08-03-2021 03:46:41 AM
https://www.tp-link.com/us/support/faq/2133/ - This Article Applies to: TL-R600VPN( V4 ) , TL-ER6120( V2 V3 ) , TL-ER6020( V2 ) , TL-ER5120( V3 V4 ) , TL-R480T+( V9 ) , TL-R470T+( V6 ) / Updated 08-03-2021 03:41:57 AM
https://www.tp-link.com/us/support/faq/2134/ - This Article Applies to: TL-R600VPN( V4 ) , ER7206 , TL-ER6120( V2 V3 ) , TL-ER6020( V2 ) , ER605 , TL-ER5120( V3 V4 ) , TL-R480T+( V9 ) , TL-R470T+( V6 ) / Updated 08-03-2021 03:43:01 AM
I think I found the issue, and it is related to the wording in both user manual and updates. (Or probably I'm not intelligent enough to understand).
Here it is HOW I made Policy Routing and Load Balance work.
First, lets recap some stuff.
TL-R470T+(UN)_v6_20180731 (the version PRIOR to the one I'm using, which is the latest):
Quote:
Modifications and Bug Fixes
2. Add multi WANs selection for NAT/Policy Routing/primary WAN of Link Backup;
3. Add Only, Priority two modes for Policy Routing feature;
4. Add two sub-modes of Failover mode for Link Backup feature;
If you go to the KB 2134, around mid page, it says on RED the following:
Note: Enable Load Balancing must be enabled if you want to configure Policy routing. Otherwise Policy routing won’t work normally.
If you go to the KB 2133, around mid page, it says the following when using Link Backup:
Please note that during the effective time, Backup WAN will be online and Primary WAN will be offline. At other times, Primary WAN will be online and Backup WAN will be offline.
Knowing this, also this is important to know:
- If you enable Load Balancing WITH RULES ENABLED IN LINK BACKUP, it EFFECTIVELY DISABLES the backup WAN, making Policy Routing useless, unless you want some devices to access the internet via the Backup WAN ONLY when the Primary WAN is Down.
- If you want to use Policy Routing, YOU NEED TO HAVE LINK BACKUP EMPTY WITH NO RULES WHATSOEVER or SAID RULES DISABLED.
If you see the web gui of the device, it does not say anywhere that Load Balance works with the Policy Routing, because they are in different sections:
At least, for the future, use that empty space that the section has to make the remark I made in green, so future users know, or at LEAST make some programming so it you enable Link Back, it will disable Policy routing and viceversa, and also make it so that Load Balance MUST be enabled for either to work.
You can see all the space available surrounded in white, or there, where the arrows is pointing, where there are some usefull remarks about how to use the config.
For proof, the images, in which I have Load Balancing enabled, because it supposed to AID the Policy routing, but effectively just messes up the whole config IF you have Link backup rules. Also, if you ever thought that having Link Detection on "Always Online", just don't, it also messes up everyhing.
 |
 |
 |
 |
 |
 |
| Check the routes above, on Link Backup, it will show ONLY the routes of the active WAN. When you have NO Link backup rules, it will then show BOTH WAN routes, and everything "will and should" work properly.
So, the problem for those who tried to setup Policy Routing but did not work as expected, is because you need to have Load Balancing enabled WITHOUT any Link Backup rules. |