WAN Failover Data Usage?

itxnc
itxnc Posts: 98  Ally Member
First Anniversary 10 Comments Friend Collector
edited April 2021 in Security
We're experimenting with Netgear LB1120 LTE modems for WAN failover on our USG and ATP routers. We're doing this instead of USB cellular modems because we can put the LTE modem elsewhere to get better signal (or attach a patch antenna to it). Since most of our clients the network closet, etc is a terrible place for LTE signal.

Anyway - setup is easy enough. Put in the activated LTE SIM, set the modem to bridge mode, and hook the network port to the WAN2 port on the Zyxel. Create the Trunk in Active/Passive mode and you have failover.

Here's the problem - we're seeing approximately 250MB of traffic going over the LTE modem every day (and it is remarkably consistent) - which adds up at $10/GB ($15/GB if you're on Verizon). That's $75/month just in *standby* data with the failover not even being used. The assumption was when WAN1 was online and WAN2 is set to passive - no data would go over it? Is it possible after failback that a long term connection stays up on WAN2 after everything flips back to WAN1? Haven't gotten a chance to WireShark the connection yet to figure out what the traffic is yet.

Has anyone else seen this?

Best Answers

All Replies

  • itxnc
    itxnc Posts: 98  Ally Member
    First Anniversary 10 Comments Friend Collector
    Suspect it was a lingering connection. I had not checked the 'Disconnect Connections Before Falling Back'

    I also had used the wrong algorithm. Initially we'd used a cellular modem- which the KB says to use Weighted Round Robin for:

    https://support.zyxel.eu/hc/en-us/articles/360001743233-How-to-configure-the-3G-LTE-Interface-on-the-ZyWALL-USG-as-a-WAN-Backup-

    But the WAN Failover article says you have to use Spillover:

    https://support.zyxel.eu/hc/en-us/articles/360005480394-WAN-Failover-via-trunk-of-a-USG

    One weird thing - the video says to set the WAN1 Spillover value to something very high (say 100000kbps), but if you have the Egress value reduced so BWM works, you can't set it any higher than that (in my case 12000kbps). Not sure if it matters or not... 

    Then another article says to use Least Load First...
    https://support.zyxel.eu/hc/en-us/articles/360004076140-WAN-Failover-with-Mail-Alert-USG-Series-FW-4-10-

    Go figure.. :) For now we're going to see how it works with Spillover and the spillover value at the max egress value (and 0 for WAN2). And disconnect connections on failback enabled.
  • itxnc
    itxnc Posts: 98  Ally Member
    First Anniversary 10 Comments Friend Collector
    So in an Active/Passive scenario where you kill connections on fail back, is there any difference between Spill-over and least load?
  • itxnc
    itxnc Posts: 98  Ally Member
    First Anniversary 10 Comments Friend Collector

    Hi @itxnc,

    The passive interface is activated only when all active interfaces fail.

    If only two interfaces are in a trunk and one interface is set as passive, there is no difference between spillover and least load first because only one interface is set as active mode.

    The difference between spillover and least load first is obvious when there are at least two active interfaces in the trunk: 2 active interfaces and 1 passive interface.

    That's what I figured - but just wanted to make sure. Thanks!
  • blechkiste
    blechkiste Posts: 14  Freshman Member
    First Anniversary 10 Comments Friend Collector
    itxnc said:
    Suspect it was a lingering connection. I had not checked the 'Disconnect Connections Before Falling Back'

    I also had used the wrong algorithm. Initially we'd used a cellular modem- which the KB says to use Weighted Round Robin for:

    https://support.zyxel.eu/hc/en-us/articles/360001743233-How-to-configure-the-3G-LTE-Interface-on-the-ZyWALL-USG-as-a-WAN-Backup-

    But the WAN Failover article says you have to use Spillover:

    https://support.zyxel.eu/hc/en-us/articles/360005480394-WAN-Failover-via-trunk-of-a-USG

    One weird thing - the video says to set the WAN1 Spillover value to something very high (say 100000kbps), but if you have the Egress value reduced so BWM works, you can't set it any higher than that (in my case 12000kbps). Not sure if it matters or not... 

    Then another article says to use Least Load First...
    https://support.zyxel.eu/hc/en-us/articles/360004076140-WAN-Failover-with-Mail-Alert-USG-Series-FW-4-10-

    Go figure.. :) For now we're going to see how it works with Spillover and the spillover value at the max egress value (and 0 for WAN2). And disconnect connections on failback enabled.
    I've just configured WAN Failover with a Mikrotik LtAP LTE6 AP on a USG 500 Flex, using Least Load First and it is working fine. Fully agree though hat there is a need for Zyxel to make this clearer and provide more details of the different algorithms in context of Failover.
    I've also tried with Policy Routes and albeit technically working fine, I could not find a way to disconnect connections on failover WAN when failing back as it is possible for the failover trunk. And this could either become costly or lead to a throttled through-put, depending on your LTE data subscription.

Security Highlight