Multi Wan Failover

Hello,

I have an active/passive FireCluster with two Multi Wan Links. We are using BGP with the routing table so both connections are live and using the least cost routing method. I have the link monitor setup which is monitoring the connections.

Our failovers don't seem to be handled as smoothly as I think they should when a particular link goes down. RDP sessions are dropped and so forth.

Am I missing something? In Network > Multi Wan > Advanced, Immediate Failback is selected but should it be gradual?

Thanks

Comments

  • edited July 27

    No matter what you are going to drop "S" sessions and other odds and ends in the instance of a failover. For instance, if you are connected to a VPN (SSL, IKE) for your 3389 RDP you will have an external IP address (or more than one) and possibly an FQDN pointing to your external IP to access the internal resource...if you switch your ISP your external IP changes and your session is terminated - nothing you can do about that. No matter how you handle your SDWAN failover, your sessions will end (and can be immediately reconnected assuming you have policies in place and proper setup for the outside to get back in).

  • Good Morning,

    Well technically the ISP is changing but the external IP doesn't. Our failovers work without any intervention. So I would expect the failovers to be more fluid honestly. Is that wrong?

  • @travis_tmb said:
    Good Morning,

    Is that wrong?

    Yes - somewhere the tunnel is breaking (albeit for a short time) as the IP does change at some point. That can not be avoided. Two ISPs can not support the same IP and the fail over as fast as it can be will drop a tunnel for a blip - long enough to terminate an RDP session or end an IP call from a handset.

  • Good Morning again ... To circle back ... with the router using the Multi-Wan function in Mixed Routing Mode ... do the fallback for active connections even apply then? I personally don't have a problem if the connections that failover stay on the other circuit but we are using BGP and least cost routing so I am not sure thats the way it works anyway but its not necessary for the connection to go back to the original link once the circuit returns.

Sign In to comment.