3

I'm working on setting up a zywall USG-100 firewall. I can get everything to work but now I'm trying to get the 2 wans to work correctly.

They both work individually but I'm having trouble with the trunk setup.

We have two connections, our main has 60/10 mbit up/down and our backup has 8/1 mbit up/down. So the backup really is just a backup to keep email and the vpn just going untill the main comes back online.

Now to setup the wan trunk I have 3 protocols I can choose: - Weighted round robin - Least load first - spillover

Now I can sorta guess what they do, but not exactly. Now what protocol should I use and with what settings (weight or speed)??

I hope someone can help me, if more info is needed, just comment.

Update screenshot

as you can see these are the only options I get

HTDutchy
  • 445
  • 1
  • 4
  • 15
  • In the manual, is there a "failover" option? That's what it sounds like you want: fail over to the 8/1 connection only if the 60/10 goes down. – gravyface May 23 '11 at 13:17
  • Nope, sadly there isn't one, I've requested a solution to the manufacturer, Still waiting for a reply... – HTDutchy May 25 '11 at 11:34
  • weighted round robin will allow you to give a higher weight (like 80/20) to your faster connection. Are there any failover options within that option (in a sub-menu somewhere?). – gravyface May 25 '11 at 11:40
  • (updated post) As you can see these are the only options I get... What weight should I give it? just one higher or something like 10? – HTDutchy May 25 '11 at 11:46
  • Check the other connection as passive from the trunk. –  Oct 10 '11 at 15:40

3 Answers3

4

Spillover can approximate failover by setting the Egress Bandwidth on the fast connection to a value much greater than its maximum bandwidth.

Assuming wan1 is the fast connection, adding wan1 followed by wan2 to the user configured trunk means that when both connections are up, wan2 will never see any traffic because the bandwidth will never exceed wan1's specified egress bandwidth. When wan1 goes down, wan2 picks up the traffic.

The egress bandwidth is set in the Configuration/Network/Interface/Ethernet tab for each of the wan connections. Also, the connectivity check should be enabled for at least wan1.

robm
  • 141
  • 3
3

As user97408 points out, you should change the mode of the backup interface to Passive. If you only have one Active interface, the load balancing algorithm selection doesn't really matter. (Screenshot Edit WAN_TRUNK)

I have also enabled Connectivity Check in the settings of each wan Ethernet interface, as in my setup the ZyWall is unlikely to see link loss on outage (it is connected to a local switch with UPS power). (Screenshot Edit Ethernet wan1)

With the default check settings, the ZyWall takes about 2 minutes to detect wan1 down and switch to wan2. Switching back seems to be a lot faster (about 15-30 seconds).

Kimmo Suominen
  • 60
  • 6
0

I have a usg 50 that i am working with and the answer has to do with setting up a custom trunk. then in the trunk settings, set the fast connection to active and the slow connection to passive. then, under routing, you need to add a policy route that redirects all traffic to the new trunk.

other things that i did, but i am not sure that they are right: 1. set the new trunk to default. 2. used least load as the trunk design. the instructions i found did address which algorithm to use and i suspect it is because they will not matter since they are for load balancing and the active passive should take precedence.

Seth Klinefelter
  • 1
  • While I can see this would work, I've gone with the option to go with spillover mode, this has now worked for more then half a year. (This is indeed also with a custom trunk setting, but prevents having to mess with routing) – HTDutchy Feb 04 '13 at 20:20