Change WAN based on RTT/Ping

Started by inkeliz, Today at 05:35:01 PM

Previous topic - Next topic
I currently have three WAN connections. My primary goal was to use them for failover and basic load balancing.

However, I've noticed that latency and routing change between ISPs on a weekly or monthly basis. Some ISPs have terrible routes to specific servers, especially international ones (for example, Brazil ↔ Europe). I'd like to know whether OPNsense can automatically switch the WAN based on latency.

Does OPNsense provide a feature that can continuously ping a set of IP addresses and choose the WAN with the lowest latency?

For example, consider three WANs: WAN_A WAN_B, and WAN_C.

The idea would be:

* WAN_A → ServerSaoPaulo = 170 ms
* WAN_B → ServerSaoPaulo = 230 ms
* WAN_C → ServerSaoPaulo = 123 ms

In this case, I would want all connections to ServerSaoPaulo to use WAN_C* OPNsense should only switch to WAN_A or WAN_B if WAN_C experiences high latency or significant packet loss.

For connections to ServerSomewhereElse: any of the WANs can be used.
Hardware: Ryzen 3700X, 1x Mellanox MT27700, 1x Mellanox MT27710, 1x Intel I211, 2x 120GB SATA3 SSD, 2x 16GB DDR4 RAM = 7116.99/1906.76 Mbps

You can use gateway groups for that and use specific trigger levels - it is in the official docs.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, Leox LXT-010H-D

1100 down / 450 up, Bufferbloat A+

Not really. You can define a gateway group with a latency threshold, and any of the member gateways that exceeds that threshold will not get selected, but it's the latency to a single monitor IP address defined for each gateway (usually (something near) the other end of the WAN connection). I don't know of any way to have the same gateways evaluated for latency to different destinations.

It only works for one specific monitoring IP, yes, not multiple destinations per gateway. There is no dynamic routing depending on "what is best".

On the other hand, that would also break your connections, because the routes (and IPs) would change. Normally, you would want "Failover States" to be enabled, too. If you want some destinations to use another (group of) interface(s), you can do PBR based on that.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, Leox LXT-010H-D

1100 down / 450 up, Bufferbloat A+