D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: napfer on February 03, 2010, 06:04:42 AM

Title: wan failover with dfl1600 is working but really slow
Post by: napfer on February 03, 2010, 06:04:42 AM

hello,
i tried to implement a wan failover on my dfl1600 with one pppoe and one static wan line.
pppoe is wan1 and static wan2.
after disconnecting the pppoe connection, wan2 is working but really slow. i guess there is a dns problem?

Here are my config:

Quote

Routing table main
# Type  Interface          Network  Gateway  Local IP-address Metric Monitor this route
1 Route T-DSL-Business  all-nets                                       80      yes
2 Route wan1_phys        all-nets   wan1_gw                        80      yes (disabled, is that right?)
3 Route wan2_phys        all-nets   wan2_gw                        90      yes
4 Route lan1                 lan1net                                        100     no
5 Route wan1_phys        wan1_net                                     100    no
6 Route wan2_phys        wan2net                                       100    no

in the main table there is my first problem to understand: do i need route 1 or why do i need rules 2 and 5? route 2 is disabled by me, but is that correct? or do i need a further record for t-dsl business?

Quote

Interface groups
wan1-and-wan2        t_dsl_business, wan2_phys

in the howto is standing members are wan1 and wan2. if i use pppoe, is that right?

Quote

ethernet
lan1             lan1_ip       lan1net
wan1_phys    wan1_ip     wan1net     wan1_gw
wan2_phys    wan2_ip     wan2net     wan2_gw

Quote

ip rules
# name                 action  source        source        destination           destination  services     
                                     interface     network      interface               network     
1 allow_standard     NAT     lan1           lan1_net     wan1-and-wan2     all-nets     all-services

Quote

interface addresses
lan1_ip    192.168.1.1
lan1net    192.168.1.0/24

T-DSL_BUSINESS_ip 0.0.0.0

wan1_br 0.0.0.0
wan1_dns1   0.0.0.0 (marked with a yellow star)
wan1_dns2   0.0.0.0 (marked with a yellow star)
wan1_gw 0.0.0.0
wan1_ip 0.0.0.0
wan1net 0.0.0.0/0

wan2_dns 192.168.178.1
wan2_gw 192.168.178.1
wan2_ip 192.168.178.15
wan2net 192.168.178.0/24

and last:

Quote

System->DNS

Primary Server: wan1_dns1
Secondary:      wan1_dns2
Tertiary:         wan2_dns

this config is working, but very slow if failover of pppoe.

any ideas whats wrong or missong? (after that is working normally i will config a other scenario for practice. so, i will come back...) ;D

regards thomas

Title: Re: wan failover with dfl1600 is working but really slow
Post by: Fatman on February 03, 2010, 09:04:11 AM

You are correct, disable automatic route creation for the WAN1 Ethernet interface, both of the routes it creates will be poison to you.

Your DNS servers should be set to known outside servers not hosted by any particular WAN, try 4.2.2.1 4.2.2.2 4.2.2.3 for testing.

Title: Re: wan failover with dfl1600 is working but really slow
Post by: danilovav on February 03, 2010, 08:31:59 PM

How you monitor your routes? After 2.25 best way is ICMP - you can easily and very flexible control intreface changing.

Title: Re: wan failover with dfl1600 is working but really slow
Post by: napfer on February 03, 2010, 11:39:07 PM

@fatman
thanks a lot - now it's working.

@danilov
what have i to do to use icmp? please can you give a me a short instruction?

regards
thomas

Title: Re: wan failover with dfl1600 is working but really slow
Post by: danilovav on February 04, 2010, 08:04:15 PM

In route settings (created by manually), on Monitor tab, select Monitor and Enable Host Monitoring checkboxes, you can keep grace period and set minimum reachable host count to keep this route live (usually i add 2-3 hosts for monitoring and set just one can be reached). And, on Monitored Hosts tab add hosts to monitor. Please keep mind, host should be included to route. And, if you don't want to use ICMP, you can use TCP/HTTP.