The primary goal of implementing Multiple WAN Connection Failover and Load Balancing is to ensure continuous network connectivity, optimize resource utilization, and enhance overall network performance. By integrating both Multiple WAN connection failover and load balancing, organizations aim to achieve greater resilience, efficiency, and scalability in their network infrastructure.
Benefits:
Enhanced Reliability
Multiple WAN Connection Failover provides redundancy by automatically switching to an alternate connection in the event of a primary link failure. This ensures uninterrupted connectivity and minimizes downtime, significantly enhancing network reliability.
Enhanced Network Performance
Load Balancing optimizes network efficiency by evenly distributing traffic across multiple WAN links. This approach alleviates congestion, optimizes bandwidth usage, and enhances overall network performance. The result is a reduction in latency and a significantly improved user experience.
Scalability
The combined approach facilitates seamless scalability as organizations expand and their network requirements change. Additional WAN connections can easily be integrated into the system, offering flexibility and accommodating increased traffic needs..
Cost Optimization
Efficient utilization of multiple WAN connections through load balancing helps optimize bandwidth usage, reducing costs associated with idle or underutilized links. Failover mechanisms minimize potential losses from network disruptions, further optimizing cost
Multiple WAN Connection Failover continuously monitors the status of all WAN links and automatically switches traffic to backup connections when primary links fail. Load Balancing intelligently distributes traffic across available WAN connections based on predefined algorithms, such as Weighted Round Robin. This ensures optimal utilization of bandwidth and prevents bottlenecks, thereby enhancing network efficiency and performance.
By integrating multiple WAN connection failover and load balancing, organizations can construct robust, high-performance networks. These networks offer continuous connectivity, efficient resource utilization, and scalability to accommodate evolving business needs.
WAN Connection Fail-Over Order
ESG is configured to ensure continuous Internet connectivity by automatically switching between multiple Wide Area Network (WAN) connections in the event of a failure. The failover process is designed to prioritize connections in the following order to maintain optimal network performance
Primary WAN Connection (WAN1 or WAN2)
This is the default connection for all outgoing and incoming traffic.
It utilizes an Ethernet interface for reliable, high-speed internet access.
Secondary WAN Connection (WAN1 or WAN2 or Cellular)
Activates automatically if the primary WAN connection fails.
Can be configured either as another Ethernet in terface (WAN) or a Cellular connection.
Tertiary WAN Connection (WAN1 or WAN2 or Cellular)
Takes over if both the primary and secondary connections fail.
Like the secondary, this can also be set up as an additional Ether net interface (WAN) or a Cellularconn ection.
Interfaces Supported:
WAN1 and WAN2: Both are Ethernet interfaces, ensuring high-speed, wired internet access.
WWAN: A Cellular interface option for when traditional WAN connectivity is unavailable.
Fallback to Primary: Upon restoration of the primary WAN connection, the ESG automatically reverts back to it to ensure optimal internet speeds and reliability.
Link Monitor
Link monitoring is essential for failover traffic. A link monitor verifies the connectivity of the device interface to ensure it is online and operational. If the link monitor IP address becomes inaccessible or unstable, the corresponding interface is marked as down, initiating the failover process. When the link monitor IP address stabilizes, the system automatically fails back to the primary WAN connection.
The link monitor IP addresses are as follows:
WAN1 link monitor IP address: 8.8.8.8
WAN2 link monitor IP address: 8.8.4.4
WWAN link monitor IP address: 1.0.0.1
Note: When physical link or port failure, the failover process will be triggered immediately.
Cellular Connection
Cellular connections are primarily used for failover functionality. They also serve as
Remote Areas
Cellular connections offer a practical alternative to traditional wired infrastructure, such as DSL, cable, or fiber-optic lines, especially in rural or remote regions where deploying such infrastructure is economically unfeasible.Underdeveloped infrastructure
Cellular networks often provide a faster and more dependable internet connection compared to traditional wired connections. This technology plays a crucial role in bridging the digital divide, offering high-speed connectivity to populations that are otherwise underserved.
Temporary Events or Deployments
Cellular connections can provide high-bandwidth internet access during outdoor events, festivals, or temporary deployments such as construction sites. They offer flexibility and convenience, enabling quick setup and teardown of network connectivity as needed.
Figure: Cellular connections
Based on the possibility of cellular being the main connection as mentioned above, ESG WAN failover design ensures that cellular is not restricted to being used only after wired connections fail. We provide flexibility for users to choose their preferred connection method.
Cellular USB Dongle
The USB port on the ESG gateway can connect to a cellular USB dongle. If the WAN interfaces lose connectivity, traffic will automatically switch to the cellular interface.
Note: Celluar USB dongle only supported in Routed mode (Configure > Gateway > Interfaces > WAN > Operating Mode)
Preparing the USB Dongle
Once you've confirmed that the USB dongle allows you to connect to the Internet from your PC or Mac, you can directly plug the USB modem into the ESG gateway.
Please note that during initial bootup and connection to the EnGenius Cloud, an Ethernet WAN connection is required to download the initial configuration and establish the device's online status for the first time.
It is recommended to follow these steps in sequence:
Initially connect the ESG gateway to the EnGenius Cloud and ensure it successfully comes online.
Test the USB dongle to confirm its ability to establish an Internet connection with the provider.
Connect the cellular dongle and verify that the cellular WAN uplink is established in the dashboard.
To verify failover to the cellular modem, disconnect the Ethernet WAN connection and confirm connectivity.
Note:
ESG gateway DOES NOT support usernames and passwords for cellular dongle. If the cellular dongle requires a username and/or password, then the ESG gateway will not successfully connect.
If your USB dongle doesn't work, please call EnGenius support
Cellular Uplink Standby Data Usage
When using a cellular dongle as a standby uplink connection, a small amount of traffic will still pass through this connection for performing uplink connectivity tests, even though it is not actively handling client traffic.
Practice Scenario
In scenarios where users opt to set cellular connection as the second fail-over instead of the third, several factors such as cost, latency, and total bandwidth play crucial roles, especially when comparing options like cellular, Starlink, and VSAT (Very Small Aperture Terminal).
Cost Concerns
VSAT systems generally involve higher operational and setup costs due to the need for a satellite dish, and other associated equipment, which is more expensive than typical broadband or cellular setups. Maintenance and the proprietary nature of the equipment can also drive up costs.
Starlink offers a lower cost compared to traditional VSAT with service plans typically starting around $120 per month with an additional $599 equipment fee*. Starlink’s approach uses a vast network of low-Earth orbit satellites, which can offer more competitive pricing and lower equipment costs compared to traditional VSAT solutions.
Cellular connections are much lower in terms of equipment and setup costs. Cellular is relatively inexpensive and widely available, making this an attractive option for cost-sensitive environments.
Latency and Bandwidth:
VSAT typically exhibits higher latency due to the greater distances that signals must travel to geostationary satellites, usually resulting in latencies around 550~650ms**, which can significantly affect performance for real-time applications
Starlink, by using a low-Earth orbit constellation, substantially reduces latency, generally between 25-60ms***, making it suitable for a broader range of applications including interactive services like video conferencing.
Cellular networks, while varying in performance, typically exhibit higher latency than cable or fiber-optic internet, yet they can compete with or outperform satellite depending on regional network conditions
Given these considerations, choosing cellular as a second fail-over before VSAT could be driven by the significantly lower latency and cost, despite potentially limited bandwidth. In contrast, VSAT might only be considered as a last resort due to its high costs and latency issues, despite its ability to provide coverage in remote areas where other services might not be available.
* reference link ** reference link *** reference link
How to configure
This section introduces the configuration page and scenarios. When WAN1, WAN2, and WWAN are enabled in Configure > Gateway > Interfaces. Navigate to Dual WAN Preference > Primary WAN interface to choose between WAN1 or WAN2 as the primary WAN interface. Then, enable Dual WAN Preference > Load Policy > Failover to set your preferred failover settings
Note: If WAN1 and WAN2 are enabled and WWAN is disabled, the Failover Preference cannot be configured. In this case, the Primary WAN is chosen first, followed by the Secondary WAN
Figure: Daul WAN preference
Figure: Failover preference
WAN Fail Over Scenario
There are three scenarios to indicate WAN failover when WAN1, WAN2, and WWAN are enabled.
Under Normal conditions, the internet connection routes through the primary WAN, with the secondary and tertiary connections on standby. In the event of a primary WAN failure, the system switches to the secondary WAN. If both the primary and secondary WANs fail, the system then switches to the tertiary WAN
Figure: Failover Scenario For 3 WANs
Note: Once the primary WAN recovers, the connection reverts back to the primary WAN again.
WAN Link Load Balancing
ESG gateway is supported a secondary uplink that can be used for load balancing and failover purposes. This article explains how to enable and configure a secondary uplink and load balancing.
Enabling and Configuring WAN2
The ESG gateway features a dedicated secondary uplink port known as WAN2. To utilize the WAN2 port, simply connect a cable to it and configure the IP address either through the ESG's local status page or via the EnGenius cloud dashboard. By default, WAN2 is enabled as a LAN interface, so users must switch its role to WAN interface.
To enable and configure WAN2:
Navigate to the ESG gateway's local status page
Click on the Local Setting tab at the top.
In the WAN2/LAN, switch the Role to WAN2
Configure the WAN port as needed:
VLAN Tagging: Assigns a VLAN tag to all traffic sent out of this port. If unset, traffic will be sent untagged.
Connection Type: Choose from three connection types:
Static IP Address: Configure the IP address, subnet, gateway, and DNS.
DHCP: Obtain a dynamic IP address from the ISP.
PPPoE: Configure the username and password.
Override Default MAC Address: If a specific WAN MAC address needs to be configured, fill in this field.
Once the WAN2 port has been configured and connected.
Figure: Gateway local status page
Load Balancing
The ESG offers the option to utilize both of its uplinks for load balancing. Enabling Load Balance in the Configure > Gateway > Interfaces > WAN settings ensures that traffic is distributed across both uplinks. This distribution is determined by the configuration of the WAN 1 and WAN 2 ISP bandwidth.
Figure: Load balance configuration
The load balancing algorithm utilized is Weighted Round Robin (WRR), where the WRR value is determined by the upload speed of each ISP bandwidth. In the following scenario, WAN1 has an upload speed of 500Mbps, while WAN2 has an upload speed of 100Mbps. This results in a speed ratio of 5:1, indicating that for every five flows directed over WAN1, one flow will be routed over WAN2
Figure: Scenario for WAN load balance
Figure: WAN ISP speed
Note: WWAN is NOT supported Load Balance
Additional Considerations
Policy Routing for Load Balancing and 1:1 NAT
Load balancing is a technique used to evenly distribute network traffic across multiple WAN uplinks, ensuring efficient utilization of available bandwidth and enhancing network performance. On the other hand, 1:1 NAT is employed to map specific public IP addresses to corresponding internal IP addresses, facilitating inbound communication from external networks to internal resources
However, utilizing both load balancing and 1:1 NAT simultaneously can introduce conflicts within the network configuration. For example, when load balancing is active, outbound traffic from the internal network may be dynamically routed through any available WAN interface. This dynamic routing can potentially conflict with the static NAT mappings established for specific public IP addresses to internal resources.
To illustrate, consider a scenario where a company hosts a web server with a public IP address mapped to an internal server using 1:1 NAT. If load balancing directs outbound traffic through a different WAN interface than the one specified in the NAT mapping, external users attempting to access the web server may encounter connectivity issues or reach the wrong internal resource.
Figure: Load Balance with 1:1 NAT
To resolve this, Policy Routing can be utilized to ensure that traffic subject to 1:1 NAT rules utilizes the desired interface. Follow these steps:
Navigate to Configure > Gateway > Interfaces > Policy Route and add a new route rule.
Configure the policy route to specify the source IP (e.g., 192.168.66.3) and designate the preferred uplink that corresponds to the public IP referenced in the NAT rule.
Click Done and Apply to save the changes.
By implementing Policy Routing, you can resolve conflicts between load balancing and 1:1 NAT, ensuring that traffic adheres to the desired routing configuration
Figure: Add Rule for Policy Route
Site-to-Site VPN Failover Overview
This outlines VPN failover behavior for the ESG series.
AutoVPN
EnGenius AutoVPN is a site-to-site VPN solution that utilizes the EnGenius Dashboard for centralized, cloud-based orchestration of VPN connections between ESG devices. The benefit refers to AutoVPN.
Uplink Failover
The uplink failover feature in the ESG series ensures continuous connectivity by switching to an alternative uplink if the primary connection fails.
VPN Failover operates based on WAN Failover logic: if the primary WAN link goes down, the system will automatically switch to the secondary WAN, and VPN Failover will follow suit by routing VPN traffic over the new WAN connection.
Failover occurs when the primary uplink on an ESG device cannot access the Internet. By default, AutoVPN traffic routes through the primary uplink, configured via Configure > Gateway > Interfaces > WAN > Dual WAN Preference > Primary WAN Interface (Refer to How to configure). If multiple uplinks are available, WAN uplink failover will occur automatically. For further details, please refer to WAN Connection Fail-Over Order.