Tweet
Hi,
I suspect that I already know the answer to this question, however some clarification would be great!
I am running two Arista firewalls at two locations. They each have 2 internet connections attached to them, a primary line with gigabit bandwidth and a secondary line with 80mb bandwidth, provided from the same ISP. They are both setup using WAN Failover and WAN Balancing with the appropriate settings relative to the bandwidth available.
Here is one of the routing tables for the WAN Balancer:
= IPv4 Table balance =
default
nexthop via ***.**.255.80 dev ppp0 weight 92
nexthop via ***.**.255.85 dev ppp1 weight 8
The IP addresses listed are the ISP gateways. In this case they are different, however unlike the connections main IP addresses which are static, these gateways are dynamic, which can result in both nexthop gateways being identical!
When both gateways are identical, issues occur! For example:
Is anyone else using multiple WANs that are from the same ISP and have clashing gateways? Is there a way to make this work, or do I need to get my other lines from a different ISP?
I suspect that I already know the answer to this question, however some clarification would be great!
I am running two Arista firewalls at two locations. They each have 2 internet connections attached to them, a primary line with gigabit bandwidth and a secondary line with 80mb bandwidth, provided from the same ISP. They are both setup using WAN Failover and WAN Balancing with the appropriate settings relative to the bandwidth available.
Here is one of the routing tables for the WAN Balancer:
= IPv4 Table balance =
default
nexthop via ***.**.255.80 dev ppp0 weight 92
nexthop via ***.**.255.85 dev ppp1 weight 8
The IP addresses listed are the ISP gateways. In this case they are different, however unlike the connections main IP addresses which are static, these gateways are dynamic, which can result in both nexthop gateways being identical!
When both gateways are identical, issues occur! For example:
- The firewall does not know which connection to send traffic to, it may ignore one connection completely, or send upstream via one and downstream via another, breaking things like VoIP.
- The firewall loses track of it's physical ports, when WAN2 is unplugged it thinks WAN1 is unplugged.
- The firewall is unable to accurately report the usage of each WAN, it may show that WAN1 has zero usage yet I can demonstrate that it is carrying traffic.
Is anyone else using multiple WANs that are from the same ISP and have clashing gateways? Is there a way to make this work, or do I need to get my other lines from a different ISP?
Comment