How Ratio-Based Load Balancing behaves when one of the three available WAN interfaces is down

09/28/2023 248 People found this article helpful 495,174 Views

Description

SonicWall UTM appliances running SonicOS Enhanced support Wan Failover and Load Balancing. This article covers one particular method (Ratio-Based Load Balancing) in a deployment scenario where the installation has three available internet service providers. Each of the providers is connected to a separate interface on the SonicWall firewall, using interfaces such as X1, X2, and X3.

Resolution

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

From the SonicOS web management GUI,
Navigate to Network tab at the top fo the page
Navigate to System | Failover & Load Balancing screen

Click on the Configure button for the Default LB Group. Inside this window, the administrator can add WAN interfaces to the LB Group and configure 4 different types of Wan Failover and Load Balancing (as in picture below):

1.   Basic Failover
2.   Round Robin
3.   Spill-over
4.   Ratio

What happens then when a WAN interface goes down or not responsive?

In the first 3 option listed (Basic Failover, Round Robin, Spill-over), the behaviour is quite predictable: if a link is not responsive or an interface physically goes down, the traffic wil fail over to the other WAN interfaces. If that link then comes back, it will fail back (take over traffic to the WAN again) as planned by the administrator.

When the administrator configures the Ratio Load Balancing method, the firewall needs to assure availability by keeping consistency with the ratio configured per interface. The behavior of the firewall during failures of participating WAN interfaces is not obvious, and is explained below.

What happens then when a WAN link is down and its interface is belonging to a LB Group configured in Ratio?

The firewall will load balance the traffic by keeping the ratio constant between the link/interfaces up and available.
For example, we can configure Ratio LB between 3 WAN interfaces with the following LB ratio as in figure below reported

X1 (50%)
X2 (40%)
X3 (10%)

If X1 link becomes unavalailable, the firewall will load all traffic between the remaining responsive interface (i.e. X2 and X3), keeping the ratio constant between them:

X1 (down)
X2 (80%)
X3 (20%)

Notice that the ratio between X2 and X3 (4:1) is kept constant during the time X1 link is not available. The original Ratio Load Balancing for X2 and X3 was first configured as 40% and 10%, and thus the new calculation, after X1 is down, is proportional to that.

What happens then if a WAN link/interface comes back and operational after being down for a while, in a LB Group configured in Ratio?

In this case, the traffic will be load balanced according to the ratio configured by the administrator, balancing the traffic between all the interfaces configured in the ratio.
In our example, if X1 link comes back and operational and the LB Group is configured in the aforementioned ratio, the firewall will load balance again based on the ratio:

X1 (50%)
X2 (40%)
X3 (10%)

To prevent overload immediately X2 too much, the firewall will keep consistency by loading the traffic on X1 according to an additional calculation - "current ratio"- which is based on a short term sample which is NOT configurable by the administrator. The "current ratio" will work act like a valve to control the "average" ratio (i.e. the one planned and configured by the administrator) during the few seconds after an interface comes up and until the "average" ratio equalizes to the Load Balancing ratio configured by the customer (e.g. 50%, 40%, 10%).

The administrator can prevent having an interface (e.g. X2) loaded too much (e.g 80%) by cautiously planning the Ratio. For example planning

X1 (40%)
X2 (40%)
X3 (20%)

in case of failure of the X2 link, the ratio in disaster recovery will be:

X1 (66,7%)
X2 (down)
X3 (33,3%)

In this case the administrator would have achieved:

exploiting X2 as long as the X2 link is up;
limiting the traffic through X3;
a more fair usage of the remaining resources (X1 and X3 links) in case a fast speed link in not available anymore.

Of course the proper ratio to be configured for a certain configuration is matter of opinion and it is duty of the administrator to foresee and plan how to better use links available.

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

From the SonicOS web management GUI,
Navigate to the Manage tab at the top fo the page
Navigate to Network | Failover & Load Balancing screen

Click on the Configure button for the Default LB Group. Inside this window, the administrator can add WAN interfaces to the LB Group and configure 4 different types of Wan Failover and Load Balancing (as in picture below):

1.   Basic Failover
2.   Round Robin
3.   Spill-over
4.   Ratio

What happens then when a WAN interface goes down or not responsive?

In the first 3 option listed (Basic Failover, Round Robin, Spill-over), the behaviour is quite predictable: if a link is not responsive or an interface physically goes down, the traffic wil fail over to the other WAN interfaces. If that link then comes back, it will fail back (take over traffic to the WAN again) as planned by the administrator.

When the administrator configures the Ratio Load Balancing method, the firewall needs to assure availability by keeping consistency with the ratio configured per interface. The behavior of the firewall during failures of participating WAN interfaces is not obvious, and is explained below.

What happens then when a WAN link is down and its interface is belonging to a LB Group configured in Ratio?

The firewall will load balance the traffic by keeping the ratio constant between the link/interfaces up and available.
For example, we can configure Ratio LB between 3 WAN interfaces with the following LB ratio as in figure below reported

X1 (50%)
X2 (40%)
X3 (10%)

If X1 link becomes unavalailable, the firewall will load all traffic between the remaining responsive interface (i.e. X2 and X3), keeping the ratio constant between them:

X1 (down)
X2 (80%)
X3 (20%)

Notice that the ratio between X2 and X3 (4:1) is kept constant during the time X1 link is not available. The original Ratio Load Balancing for X2 and X3 was first configured as 40% and 10%, and thus the new calculation, after X1 is down, is proportional to that.

What happens then if a WAN link/interface comes back and operational after being down for a while, in a LB Group configured in Ratio?

In this case, the traffic will be load balanced according to the ratio configured by the administrator, balancing the traffic between all the interfaces configured in the ratio.
In our example, if X1 link comes back and operational and the LB Group is configured in the aforementioned ratio, the firewall will load balance again based on the ratio:

X1 (50%)
X2 (40%)
X3 (10%)

To prevent overload immediately X2 too much, the firewall will keep consistency by loading the traffic on X1 according to an additional calculation - "current ratio"- which is based on a short term sample which is NOT configurable by the administrator. The "current ratio" will work act like a valve to control the "average" ratio (i.e. the one planned and configured by the administrator) during the few seconds after an interface comes up and until the "average" ratio equalizes to the Load Balancing ratio configured by the customer (e.g. 50%, 40%, 10%).

The administrator can prevent having an interface (e.g. X2) loaded too much (e.g 80%) by cautiously planning the Ratio. For example planning

X1 (40%)
X2 (40%)
X3 (20%)

in case of failure of the X2 link, the ratio in disaster recovery will be:

X1 (66,7%)
X2 (down)
X3 (33,3%)

In this case the administrator would have achieved:

exploiting X2 as long as the X2 link is up;
limiting the traffic through X3;
a more fair usage of the remaining resources (X1 and X3 links) in case a fast speed link in not available anymore.

Of course the proper ratio to be configured for a certain configuration is matter of opinion and it is duty of the administrator to foresee and plan how to better use links available.

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

From the SonicOS web management GUI,
Go to the Network | Failover & LB screen, and click on the Configure button for the Default LB Group.
Inside this window, the administrator can add WAN interfaces to the LB Group and configure 4 different types of Wan Failover and Load Balancing (as in picture below):

1.   Basic Failover
2.   Round Robin
3.   Spill-over
4.   Ratio

What happens then when a WAN interface goes down or not responsive?

In the first 3 option listed (Basic Failover, Round Robin, Spill-over), the behaviour is quite predictable: if a link is not responsive or an interface physically goes down, the traffic wil fail over to the other WAN interfaces. If that link then comes back, it will fail back (take over traffic to the WAN again) as planned by the administrator.

When the administrator configures the Ratio Load Balancing method, the firewall needs to assure availability by keeping consistency with the ratio configured per interface. The behavior of the firewall during failures of participating WAN interfaces is not obvious, and is explained below.

What happens then when a WAN link is down and its interface is belonging to a LB Group configured in Ratio?

The firewall will load balance the traffic by keeping the ratio constant between the link/interfaces up and available.
For example, we can configure Ratio LB between 3 WAN interfaces with the following LB ratio as in figure below reported
X1 (50%)
X2 (40%)
X3 (10%)

If X1 link becomes unavalailable, the firewall will load all traffic between the remaining responsive interface (i.e. X2 and X3), keeping the ratio constant between them:
- X1 (down)
- X2 (80%)
- X3 (20%)
Notice that the ratio between X2 and X3 (4:1) is kept constant during the time X1 link is not available. The original Ratio Load Balancing for X2 and X3 was first configured as 40% and 10%, and thus the new calculation, after X1 is down, is proportional to that.

What happens then if a WAN link/interface comes back and operational after being down for a while, in a LB Group configured in Ratio?

In this case, the traffic will be load balanced according to the ratio configured by the administrator, balancing the traffic between all the interfaces configured in the ratio.
In our example, if X1 link comes back and operational and the LB Group is configured in the aforementioned ratio, the firewall will load balance again based on the ratio:
- X1 (50%)
- X2 (40%)
- X3 (10%)
To prevent overload immediately X2 too much, the firewall will keep consistency by loading the traffic on X1 according to an additional calculation - "current ratio"- which is based on a short term sample which is NOT configurable by the administrator. The "current ratio" will work act like a valve to control the "average" ratio (i.e. the one planned and configured by the administrator) during the few seconds after an interface comes up and until the "average" ratio equalizes to the Load Balancing ratio configured by the customer (e.g. 50%, 40%, 10%).

The administrator can prevent having an interface (e.g. X2) loaded too much (e.g 80%) by cautiously planning the Ratio. For example planning
- X1 (40%)
- X2 (40%)
- X3 (20%)
in case of failure of the X2 link, the ratio in disaster recovery will be:
- X1 (66,7%)
- X2 (down)
- X3 (33,3%)
In this case the administrator would have achieved:
- exploiting X2 as long as the X2 link is up;
- limiting the traffic through X3;
- a more fair usage of the remaining resources (X1 and X3 links) in case a fast speed link in not available anymore.
Of course the proper ratio to be configured for a certain configuration is matter of opinion and it is duty of the administrator to foresee and plan how to better use links available.