pfSense Gold Subscription

Author Topic: 2 ISP to 2 WANs and make 2 LANs  (Read 245 times)

0 Members and 1 Guest are viewing this topic.

Offline Modesty

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
2 ISP to 2 WANs and make 2 LANs
« on: November 30, 2017, 08:30:22 am »
Hi

i have set up pfsens to load balance 2 WANs (from 2 ISPs)
Now i would like to share 1 ekstra lan to my rental aparment. In this way i make one lan for my house and one for the apartment.

My pfsense box is connected to a switch and apartment is wired to this switch.

I was thinking to make one extra DHCP service for this but i cant find a way. Do i need to make a VLAN?

M
Everything can be rebuilt!

Offline jahonix

  • Hero Member
  • *****
  • Posts: 2444
  • Karma: +146/-14
  • volunteer since 2006
    • View Profile
Re: 2 ISP to 2 WANs and make 2 LANs
« Reply #1 on: November 30, 2017, 04:25:20 pm »
If you need to use VLANs depends on your setup, pfSense hardware, switch and need to separate apartment traffic from your LAN.
Is your switch VLAN capable or do you have a spare interface in your pfSense (or could you just throw in an additional NIC)?
Chris

The issue with IPv6 jokes is that almost no one understands them and no one is using them yet.

Offline Modesty

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: 2 ISP to 2 WANs and make 2 LANs
« Reply #2 on: November 30, 2017, 04:39:24 pm »
Hi

I have a apu with 3 nics, plan to have 2 wan in one lan out.

Was hoping pfsense could handle house an apartment by itself so switch could stay out of the equation.

Faile safe is nice but bundling bandwidth and 2 separeye lans is my imediate needs, but i dont figure out how to set it up.

Thanks
Everything can be rebuilt!

Offline jahonix

  • Hero Member
  • *****
  • Posts: 2444
  • Karma: +146/-14
  • volunteer since 2006
    • View Profile
Re: 2 ISP to 2 WANs and make 2 LANs
« Reply #3 on: November 30, 2017, 05:37:08 pm »
With a 3-port APU you're missing at least one physical interface.
Without a managed switch you will not be able to use VLANs and configure another subnet for your apartment. No way of doing so.

Faile safe is nice but bundling bandwidth and 2 separeye lans is my imediate needs
Failsafe?
You are aware that two WANs 'bundled' will NOT get you the sum of both connection speeds, aren't you?
2x 1Mbps will always be 2x 1Mbps and not 1x 2Mbps. Has nothing to do with pfSense, that's a basic TCP/IP limitation.
Chris

The issue with IPv6 jokes is that almost no one understands them and no one is using them yet.

Offline supermon

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: 2 ISP to 2 WANs and make 2 LANs
« Reply #4 on: November 30, 2017, 10:22:43 pm »
Hello There, I'm also new to this forum. It depends on how complex you want your setup to be. You can go with VLANs but this can get over complicated if you just require simple segmentation. I suggest you go with getting an extra NIC.

Offline Modesty

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: 2 ISP to 2 WANs and make 2 LANs
« Reply #5 on: December 01, 2017, 02:36:45 am »

If ican't add speed from WAN 1 + WAN2 i have been played by a youtuber, HA HA :-) 

He did this arithmetic and showed before after speed on speedtest.net


To really be sure, if i have2 WANS from different ISPs. It is not possible to increase the speed due to native TCP/IP operation?

Is there any way to do this wan1+wan2->LAN1?

So maybe the conclusion is that 2 WANs gives me "only" redundancy and fail safe operation, nothing more?


By the way, my APU has 3 NICs and no more space to add a NIC.

M




Everything can be rebuilt!

Offline jahonix

  • Hero Member
  • *****
  • Posts: 2444
  • Karma: +146/-14
  • volunteer since 2006
    • View Profile
Re: 2 ISP to 2 WANs and make 2 LANs
« Reply #6 on: December 01, 2017, 06:39:44 am »
Your PC opens a connection to a web server through one of the WANs, be it downloading a web site for viewing, streaming some media, getting a file, whatever. To the same server it will not (aka never) use your second WAN. However, simultaneously downloading from server A via WAN A and downloading something different from server B through WAN B will use both WANs and the total speed you see is its sum.

What does not work (with both WANs being 2Mbps for example) is streaming a live video with a 4Mbit rate.
Of course you can download the latest pfSense ISO with 2Mbit through one of your WANs and Windows updates with another 2Mbit through the other WAN simultaneously. That's how load-balancing works.

What some random people show on YT is oftentimes highly questionable.

So maybe the conclusion is that 2 WANs gives me "only" redundancy and fail safe operation, nothing more?
Did you actually read (and understand) what I wrote or earlier?
You can load-balance with two or more WANs. OR you could use fail-over. Depends on what you want.

Edit:
But all of this still leaves you with one NIC short for your apartment. Get a managed switch for that and you're fine. I prefer Cisco SG300-10 for such tasks. Grab 'em cheap on eBay or such while you still can, they are end-of-sale and the successors SG350 are pricier (but will not do your job any better).
« Last Edit: December 01, 2017, 06:55:14 am by jahonix »
Chris

The issue with IPv6 jokes is that almost no one understands them and no one is using them yet.

Offline Modesty

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: 2 ISP to 2 WANs and make 2 LANs
« Reply #7 on: December 03, 2017, 01:32:50 am »
Hi all

I did now understand it, no bandwidth bundling. Thanks for all info.

I have connected it and now i have a fail over config. WAN1 +2 -> LAN, if one wan goes down the other take over.

On wan1 i have speed 250/20 on wan2 i have speed 250/250.
My box is chosing wan1 by default (slowest one).

Can i configure PF sense to choose wan2 by defalut without changing physical NIC?
Everything can be rebuilt!

Offline jahonix

  • Hero Member
  • *****
  • Posts: 2444
  • Karma: +146/-14
  • volunteer since 2006
    • View Profile
Re: 2 ISP to 2 WANs and make 2 LANs
« Reply #8 on: December 03, 2017, 05:37:45 am »
Reverse order?
Chris

The issue with IPv6 jokes is that almost no one understands them and no one is using them yet.

Offline Modesty

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: 2 ISP to 2 WANs and make 2 LANs
« Reply #9 on: December 03, 2017, 08:32:54 am »
Reverse order?

Thanks jahonix


Reverse...? not sure... If I unplug both RJ45 and change order it works with todays setup, if I do this all pfsense config on WAN1-2 is wrong.

I was hoping to config priority in pfsense to:
WAN2 -> pri1
WAN1 -> pri2

If something fail on WAN2 WAN1 kicks in (fail safe).

(of course, i will set up load balancing, but first i will set up priority and fail safe)

Thanks
Everything can be rebuilt!

Offline jahonix

  • Hero Member
  • *****
  • Posts: 2444
  • Karma: +146/-14
  • volunteer since 2006
    • View Profile
Re: 2 ISP to 2 WANs and make 2 LANs
« Reply #10 on: December 03, 2017, 06:19:00 pm »
Weight
By default all WANs on the same tier are considered equal when doing load balancing. If the WANs are different speeds, the weight parameter allows the system to give some bias toward a faster link. If one is a 50Mbit line and another is a 10Mbit line, sharing them equally is not desirable as it would often leave the 50Mbit line underloaded and the 10Mbit line overloaded. The 50MBit line can be given a weight of 5 so that there is a 5:1 ratio of usage to prefer the faster WAN.

https://doc.pfsense.org/index.php/Troubleshoot_Outbound_Load_Balancing_Issues
Chris

The issue with IPv6 jokes is that almost no one understands them and no one is using them yet.

Offline supermon

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: 2 ISP to 2 WANs and make 2 LANs
« Reply #11 on: December 05, 2017, 12:04:48 am »
From what I've experienced so far, you can chose which GW you want as default, but when you have your gateway groups setup / failover and the system switches to the fallback WAN, it doesn't automatically switch back to the default GW and it stays there until somehow triggered back by the FB mechanism. This is probably how the Round Robin works in PFS. It behaves similar to a Dell's Sonicwall in terms of interface priority switching and source and destination IP binding. Probably you can tweak the probing and weight of the gateways to ensure that the one which has the faster connection remains as the default.