From 03b004d1b53f1ac5eec4c3e55171eef1018aa8ef Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Sun, 5 Nov 2023 11:43:40 +0100 Subject: [PATCH] System: Gateways: Group - better explain groups and point to the requirement of addresses. closes https://github.com/opnsense/docs/issues/513 --- source/manual/multiwan.rst | 54 ++++++++++++++++++++++++++++++++------ 1 file changed, 46 insertions(+), 8 deletions(-) diff --git a/source/manual/multiwan.rst b/source/manual/multiwan.rst index 7865ff3b..1e3dd23c 100644 --- a/source/manual/multiwan.rst +++ b/source/manual/multiwan.rst @@ -8,9 +8,9 @@ are also possible with OPNsense. :desctable: blockdiag { - WAN_primary -- OPNsense; OPNsense -- WAN_backup; - internet -- WAN_primary; + OPNsense -- WAN_primary; + WAN_primary -- internet; WAN_backup -- internet; internet [shape="cloud"]; WAN_primary [shape="cisco.modem",label=""]; @@ -18,27 +18,65 @@ are also possible with OPNsense. } ------------- +The technology used to offer multiwan is called "policy based routing" or "source routing" and depends on the :doc:`firewall ` functionality of OPNsense. + + +.. Note:: + Currently it's not possible to use gateways without an address (Interface option "Dynamic gateway policy") inside a group. + This is due to the fact that the firewall requires an address of the right family (IPv4 / IPv6) to be present on the + interface, which can not be guranteed based on its configuration at the moment. + + +------------------------ +Terminology +------------------------ + +When configuring gatew groups, there is a limited number of options and terms being used. Besides the name +of the group, one can find the following terms on the page: + +===================================================================================================================== + +==================================== =============================================================================== +Gateway Priority If a gateway is configured for a group, the 'when' part is divided into + 'tiers,' with lower numbers (starting at 1) indicating higher importance. + When no usable gateways are present within a peer, the next one is + considered. +Trigger Level When a gateway inside the tier is considered offline, either when its + fully down, has loss or increased latency. +Pool Options Usually left to default, but can influence stickyness for sources on + a per group basis. +==================================== =============================================================================== + + + +------------------------ +Roles +------------------------ + +Using 'tiers', multiple scenarios can be constructed, by grouping gateways inside the same tier or choosing +to move them to different ones. Below the most common scenarios. + +........................................ WAN Failover ------------- +........................................ WAN failover automatically switches between WAN connections in case of connectivity loss (or high latency) of your primary ISP. As long as the connection is not good all traffic will be routed of the next available ISP/WAN connection and when connectivity is fully restored so will the routing switch back to the primary ISP. ------------------- +........................................ WAN Load Balancing ------------------- +........................................ Load balancing can be used to split the load between two (or more) ISPs. This enhances the total available bandwidth and/or lowers the load on each ISP. The principle is simple: Each WAN connection (gateway) gets a portion of the traffic. The traffic can be divided equally or weighted. ------------------------------- +........................................ Combining Balancing & Failover ------------------------------- +........................................ It is also possible to combine Load Balancing with Failover in such scenarios you will have 2 or more WAN connections for Balancing purposes and 1 or more for Failover. OPNsense offers 5 tiers (Failover groups) each tier can hold multiple