Load balancing on Zentyal 2.2.7 and my failed attempts to make it work.

[Escorpiom]

Ok this post is a report on my attempts to make load balancing work on Zentyal 2.2.7.
In short, it is not as straight forward as it looks, and I'll explain why.

Let's start with the first scenario, one static interface with public IP address, the other interface dynamic PPPoE using included pppd with a bridged adsl2+ modem.
Either the pppd implementation is in early alpha stage or incredibly buggy, well - when you have ONE interface it works but if you try to balance between
one static and another pppoe it's a no-go.
I found that every change to the static gateway also disconnected the PPPoE interface.
Likewise, adding, changing or removing rules also disconnects both interfaces.

The problem lies in the method how the PPPoE connection is ended. A non-clean termination causes a "hung" session at the providers side, and to detect this can take a long time.
While testing, my PPPoE interface would come up only after 30 minutes or sometimes one hour.
That in turn results in Zentyal reporting firewall errors, because when saving changes, the PPPoE gateway is down.
 
So while PPPoE authentication worked before with only one interface, when doing load balancing I was forced to use my adsl2+ modem as a PPPoE client, and make it as transparent as possible. I'm not exited about double routing and getting all sorts of port issues.
The penalty of this method is latency, the poor adsl2+ modem has a lot more to cope with now.

Now having two static interfaces, the load balancing worked better. But then, another issue came up.
Load balancing breaks video conferencing, online games and my security camaras would go black after a while.
Obviously this has to do with traffic going out on the second interface while the remote client is still connected to the first from which the connection was initiated.
So this can be solved eventually, but it requires setting traffic rules for each and every application and service.
This is just not feasible because it takes a lot of work.

What does work? Interface metrics are OK. the weight of each interface can be adjusted and it gives the expected results.
Rules on itself are also working. I could set rules for different traffic types like sending DNS out one one interface etc. all OK.
But what I wanted to achieve, the load balancing using two interfaces simultaneously, is not possible.

At this point, to make use of my second interface with the adsl2+ modem connected, I have the load balancing option disabled and set some rules
for specific traffic type to go out on that interface.
Bandwidth is only 512Kb (yes, in Colombia that's still considered high speed Internet) so my options are a bit limited.
Anyway, if others can share their views and/or experiences it would be nice.

Cheers. 

   
     

[christian]

100% in line.
"load balancing" is slightly misleading. Well, not really misleading but misunderstood with wrong expectations.
If you goal is to balance you internet bandwidth consumption across 2 internet accesses, it will not work out-of-the-box if, e.g. this usage is made of almost 100% HTTP access, as you already know.

For some (quite a lot) of protocol, you have to set rule so that connection always use same unique port otherwise client's IP will swing from one gateway to another.
I do understand this is not the expectation 
To me, what is missing is the "sticky bit" that would permit existing "session" to always use same gateway while next "session", even if using same protocol, could use the other gateway. Bad luck, this is not the way it works.

I'm using 2 gateway too, do not use load balancing (because compared to my needs and you quite slow bandwidth, mine are huge) but I do need fail-over. This doesn't work very well neither.
Perhaps my rules are not the best ones (I'm testing ISP DNS availability) but what makes me doubting Zentyal implementation is correct is that when one gateway is seen as failing, it, quite often and most of the time, never comes back to "available" in an automatic way while, almost 100ù of times, if I change it using Zentyal interface to make it as "available" and default, it works.

As a result, even fail-over doesn't work very well.
I didn't spend a lot of time on this problem (after all, this is pretty stable ISP side) but this could be annoying in other countries. 

[Escorpiom]

Thanks Christian, you understood perfectly and have given a better explanation. The "sticky bit" seems to be the missing part.
Before testing load balancing, I looked up several posts on this forum. I've seen Robb's comments, and also yours and the wan failover issue you reported.
Perhaps Zentyal team should take another look at the load balancing option, or at least add more detail to the documentation so that users cannot get false expectations.

Perhaps I should clarify, my main connection is cable modem 10Mbit and the second one is 512Kbit.
It is not so much because of the limited bandwidth available (just got that 10Mbit line back as of December), the main reason is the high failure rate of Internet connections in my country.
Main line already failed December 31 and January 1+2.   
So WAN failover will be the next option to test, but as you reported already, I'm not convinced it will work flawlessly...
 
Cheers.

[christian]

take it with a bit of salt:
- it looks like I'm the only one reporting issue with WAN failover
- this could be due to the way I perform availability test (although I doubt as I've tried many options)
- I'm still running 2.2. Perhaps 3.0 improved from this standpoint