Article Applies To:

Gen5: NSA E8510, E8500, E7500, NSA E6500, NSA E5500, NSA 5000, NSA 4500, NSA 3500, NSA 2400, NSA 2400MX, NSA 220, NSA 220W NSA 240, NSA 250M, NSA250MW
Gen5 TZ Series: TZ 100, TZ 100W, TZ 105, TZ 105W TZ 200, TZ 200W, TZ 205, TZ 205W TZ 210, TZ 210W,TZ 215, TZ 215W
Firmware/Software Version: SonicOS Enhanced 5.6 and above (For previous versions please refer KBID 7588)
Services: WAN Failover, load balancing, Probing


Feature/Application:

For Failover & Load Balancing (LB), from SonicOS Enhanced 5.6 onwards unlimited WAN members are supported:

Primary WAN Ethernet Interface
Alternate WAN #1
Alternate WAN #2
Alternate WAN #3


LB Members added to a LB Group take on certain “roles.” A member can only work in one of the following roles:

Primary—Only one member can be the Primary per Group. This member always appears first or at the top of the Member List. Note that although a group can be configured with an empty member list, it is impossible to have members without a Primary.
 
Alternate—More than one member can be an Alternate, however, it is not possible to have a Group of only Alternate members.
 
Last-Resort—Only one member can be designed as Last-Resort. Last-Resort can only be configured with other group members. 

Each member in a group has a rank. Members are displayed in descending order of rank. The rank is determined by the order of interfaces as they appear in the Member List for the group.The order is important in determining the usage preferences of the Interfaces, as well as the level of precedence within the group. Thus, no two interfaces within a group will have the same or equal rank; each Interface will have a distinct rank.

Deployment Steps:

To configure WAN failover and Load Balancing following steps has to performed:

Step 1: Configure Wan Failover Load balancing
Step 2: Configure Probe settings


Procedure:

Step 1: Configure Wan Failover Load balancing

1. On the Network > Failover & LB page, under settings check the options Enable Load Balancing and Respond to Probes . Under the Groups, Click Configure for Default LB Group .

Enable Load Balancing : If enabled, allows the user to access the LB Groups and LB Statistics section of the FLB configuration. If disabled, the LB Groups and LB Statistics are greyed-out and LB function is not performed.

Respond to Probes: This is independent of the “Enable Load Balancing” checkbox. Even if “Enable Load Balancing” is disabled, “Respond to Probes” can be enabled and can function properly. When “Respond to Probes” is enabled on the device, the device can reply to probe request packets that arrive on any of its interfaces.

 Any TCP-SYN to Port:-This configuration takes a TCP port parameter to further specify what kind of probe request packets will be processed. When enabled, the device only responds to TCP probe request packets having the same packet destination address TCP port number as the configured value e.g. 12345.

Please Note: The Add LB Group button is grayed out, currently we only support the Default LB Group and future releases will support multiple.

 

2Edit LB Group Windows is displayed, Under the general tab select the type of load balancing method

Group members: From the list of available WAN interface select the interfaces that has to participate in the failover function.
Interface Ordering: The first interface added is the Primary. Succeeding additions will add the interface to the tail of the member list giving them lower rank.
Type (or method) of LB—Choose the type of LB from the dropdown list (Basic Active/Passive Failover, Round Robin, Spillover-Based, or Percentage-Based).

Basic Active/Passive Failover:

The WAN interfaces use ‘rank’ to determine the order of preemption when the Preempt and failback to preferred interfaces when possible checkbox has been enabled. Only a higher-ranked interface can preempt an Active WAN interface



Final Back-Up:- The Final Back-Up interface is used IF and ONLY IF there are no other interfaces Available in the group. It is for FAILOVER only and always gets preempted by other members. Only one interface can be selected as a last-resort interface, but it is not required for any LB Group to have a Final Back-Up. The rule of preemption (enable/disable) does not apply to a Final Back-Up interface; preemption enable/disable only applies to Primary and Alternates. A Final Back-Up interface is never used for LB, so it does not take a percentage in Ratio, never gets selected in RR, and never gets Spillover traffic.

Round Robin:

This option now allows the user to re-order the WAN interfaces for Round Robin selection. The order is as follows: Primary WAN, Alternate WAN #1, Alternate WAN #2, and Alternate WAN #3; the Round Robin will then repeat back to the Primary WAN and continue the order.



Spillover:

The bandwidth threshold applies to the Primary WAN. Once the threshold is exceeded, new traffic flows are allocated to the Alternates in a Round Robin manner. Once the Primary WAN bandwidth goes below the configured threshold, Round Robin stops, and outbound new flows will again be sent out only through the Primary WAN.

Note that existing flows will remain associated with the Alternates (since they are already cached) until they timeout normally.

 

Ratio:

There are now four fields so that percentages can be set for each WAN in the LB group. To avoid problems associated with configuration errors, please ensure that the percentage correctly corresponds to the WAN interface it indicates.

To set the individual percentages of the member interfaces, an input box beside the member list is provided for the percentage value. The total of the percentage settings should be 100.

Use Source and Destination IP Address Binding: When you are using percentage-based load balancing, this checkbox enables you to maintain a consistent mapping of traffic flows with a single outbound WAN interface, regardless of the percentage of traffic through that interface. 

 

Note: When one of the WAN interface goes down the new connections will flow through the available WAN interfaces.

 

 


 

Step 2: Configure Probing

1. Once the Load Balancing method is selected, go to the Probing tab

On the probing tab the following options are available


Check Interface—The interval of health checks in units of seconds
Deactivate Interface—After a series of failed health checks, the interface sets to “Failover”
Reactivate Interface—After a series of successful health checks, the interface sets to “Available”

Note: Probe responder.global.sonicwall.com on all interfaces in this group - when enabled, it causes the Per-member Probe Settings to be greyed-out and automatically set to this fixed setting:


Logical/Probe Monitoring" enabled 

  • Probe succeeds when Main Target responds” is selected
  • Main Target is set to TCP, host responder.global.sonicwall.com, TCP port 50000
  • Alternate Target is greyed-out
  • Default Target IP is set to 204.212.170.23

Note: Probe responder.global.sonicwall.com once this checkbox is selected, the rest of the probe configuration will automatically enable built-in settings. The same probe will be applied to all four WAN Ethernet interfaces. Note that the Dialup WAN probe setting also defaults to the built-in settings

2. Navigate to the Network >Failover & LB screen, and expand the Default LB Group ; Notice that the member interfaces have grayed-out Configure buttons

3. Edit the Default LB Group and go to the Probing tab; Disable the option “Probe responder.global.sonicwall.com on all interfaces in this group ” ; hit OK 

4. Return to the Network > Failover & LB screen, and expand the Default LB Group ; Notice that the member interfaces now have usable Configure buttons



4. Configuration the settings depending upon the requirement.




Related Article

UTM: Administrator's Guide for SonicOS Enhanced 5.6 (PDF)