Tutorial Asus Dual WAN Router Load Balancing and Failover Router Problems and Fix

[bsauvage]

they don't say... I think some generic chinese brand.

 

[Tech9]

This is a modem/router. Is it in bridge (modem) or gateway (router) mode?

 

[garycnew]

Thank you all for the thoughts. Looks like I should get that other box! Sad that such a so-called "high end" device as the ASUS doesn't handle this natively.

I think we all agree with you on this point.

My old asus modem still works, perhaps I can add this to the AiMesh and connect my computer through it, thus ensuring I get the desired result and having the computer on the same network as the other devices ?

I'm not sure I understand your suggested topology with the old Asus "modem." You still need devices/network interfaces that support 2Gbps links and Link Aggregation.

On the Mikrotik (or equivalent): why would it be able to do Link Aggregation, while my ISP explicitly told me "WAN Aggregation" (802.3ad) is not supported, which I've tried on the ASUS and indeed didn't seem to aggregate anything ?

The Asuswrt does not support true Link Aggregation.

Also, when checking the docs (for example on the RB750Gr3 mentionned previously) it doesn't seem to be able to handle above 1Gb, so how would I connect it to ASUS, it seems I would instead needa box with 2x 1Gb in, link aggreg then 2.5Gb output to the ASUS ?

Correct... You'd need something like the Mikrotik RB5009UG+S+IN that supports multiple 1Gbps links and a 2.5Gbps link to connect to the 2.5Gbps link on your GT-AX11000. Then you'll have to ensure your PC is equiped with a 2.5Gbps network interface with compatible cable to connect all of them.

EDIT: I just realized with only a single 2.5Gbps link on your GT-AX11000 you won't have any 2.5Gbps output links. You might have to consider bonding multiple 1Gbps links or adding a 2.5/5/10Gbps Switch with Compatible Network Interfaces on your Endpoint Devices to take advantage of the 2Gbps Aggregated Link. It's starting to sound expensive.

 

[princi]

they don't say... I think some generic chinese brand.

View attachment 39052

View attachment 39053

View attachment 39054

I’m guessing you’re in HK.

This sort of service is common in places like HK, Singapore. Can’t comment on South Korea.

 

[garycnew]

they don't say... I think some generic chinese brand.

View attachment 39052
View attachment 39054

From the photo it looks like 1Gbps Fiber + 1Gbps WAN, but only a single LAN output? What's the link speed for the LAN output (i.e., 1Gbps or 2.5Gbps)?

 

[bsauvage]

Thank you for all the comments and the help! I start to see some light. It's great to have so much care and help from the community!

@princi yes I'm in Hong Kong! Nowhere to go, so I need to set up my home entertainment as best I can given the lockdown!
@Tech9 it is in router mode: I could use it "as is" as a wifi6 router, but the configuration is locked by their software hence rather limited (plus, weak signal), hence the need for the ASUS.
@garycnew my cabling was misleading apologies: the fiber is 2Gb, both network cables should have been connected to both LAN outputs (I was just fiddling around with the WAN see if it would change anything) - the below shows both LANs with each 1Gb output.

Given only one 2.5Gb port on the ASUS as you point out, I was thinking modem Lan1&2-> Mikrotik RB5009UG+S+IN (thanks for the hint!) link aggregation -> 2.5G input of Asus -> connected devices. Indeed I would be limited to 1Gb max per device but the total network output would now be 2Gb. At this stage I think it's more than enough. Though in the future, if I wanted to get a full 2Gb output on my main computer, what would I need to add ? Perhaps another Mikrotik to recombine 2 LAN outputs from the Asus into one 2Gb that I'd then feed in my computer (which has a 2.5Gb LAN interface, I checked), or is there a smarter solution?

 

[Tech9]

I was thinking modem Lan1&2

The two LAN ports are the same network in router mode. There is nothing to load balance there.

 

[garycnew]

Thank you for all the comments and the help! I start to see some light. It's great to have so much care and help from the community!

Glad to be of service. Perhaps, you'll be able to pay it forward, someday.

@princi yes I'm in Hong Kong! Nowhere to go, so I need to set up my home entertainment as best I can given the lockdown!

After 2020 & 2021, I believe I finally have my home entertainment dialed-in. Anything. Anywhere. Anytime. "It's Already Tomorrow in Hong Kong."

@Tech9 it is in router mode: I could use it "as is" as a wifi6 router, but the configuration is locked by their software hence rather limited (plus, weak signal), hence the need for the ASUS.

Often premises equipment is too locked down to take advantage. Asuswrt is a better solution.

@garycnew my cabling was misleading apologies: the fiber is 2Gb, both network cables should have been connected to both LAN outputs (I was just fiddling around with the WAN see if it would change anything) - the below shows both LANs with each 1Gb output.

Thank you. Very good information to know.

Given only one 2.5Gb port on the ASUS as you point out, I was thinking modem Lan1&2-> Mikrotik RB5009UG+S+IN (thanks for the hint!) link aggregation -> 2.5G input of Asus -> connected devices. Indeed I would be limited to 1Gb max per device but the total network output would now be 2Gb. At this stage I think it's more than enough.

Hmm... If you're fine with your devices only connecting at 1Gbps, it might just make more sense to use the Asuswrt Dual-WAN Weighed, Round-Robin Feature and forego link aggregation with the Mikrotik. You'll still make use of both LAN links on the modem, you'll just never see a speed-test over 1Gbps.

Though in the future, if I wanted to get a full 2Gb output on my main computer, what would I need to add ? Perhaps another Mikrotik to recombine 2 LAN outputs from the Asus into one 2Gb that I'd then feed in my computer (which has a 2.5Gb LAN interface, I checked), or is there a smarter solution?

Fiber Modem -> Mikrotik -> Switch (that supports minimum 2.5Gbps) -> separate 2.5Gbps connections to Main Computer & GT-AX11000.

Hope that helps.


Gary

 

[Tech Junky]

bsauvage said:
Though in the future, if I wanted to get a full 2Gb output on my main computer, what would I need to add ? Perhaps another Mikrotik to recombine 2 LAN outputs from the Asus into one 2Gb that I'd then feed in my computer (which has a 2.5Gb LAN interface, I checked), or is there a smarter solution?

Fiber Modem -> Mikrotik -> Switch (that supports minimum 2.5Gbps) -> separate 2.5Gbps connections to Main Computer & GT-AX11000.

For what this is going to cost you you're better off using a SFF PC and making your own router and dangling an AP off it for WIFI.

Depending on how many devices need 2.5G getting a NIC that supports 4 ports @ 2.5 or 5G means you won't need the switch.

SFF PC - $150
4 port 5GE NIC - $200
AP - $130-$160

 

[garycnew]

For what this is going to cost you you're better off using a SFF PC and making your own router and dangling an AP off it for WIFI.

Depending on how many devices need 2.5G getting a NIC that supports 4 ports @ 2.5 or 5G means you won't need the switch.

SFF PC - $150
4 port 5GE NIC - $200
AP - $130-$160

Building your own SFF PC, which I've done, is definitely a viable Mikrotik alternative. Being able to incorporate a 2/4-Port x 2.5/5Gbps NIC would be a great expansion option, but we'd need to compare it with comparable switch options available in the market. I believe $150 is for a low-end SFF PC vs $200 for the previously quoted Mikrotik. Again, we'd need to verify hardware components vs price in such a comparison. The already owned GT-AX11000 could be put in AP mode with a SFF PC.

One thing is certain, one would learn a lot more building their own Mikrotik alternative.

It's great to know there are multiple solutions available for a given task.

Appreciate your prospective @Tech Junky

 

[Tech Junky]

2/4-Port x 2.5/5Gbps NIC

The only issue with 2.5's is dual port options are limited and they use a switching mechanism to divide the load between the ports. A true 4-port version is available that doesn't do this but, the pricing is comparable to the 5GE version making a compelling argument to over provisioning to the 5GE model.

QXG-5G2T-111C - $110​

QXG-5G4T-111C -- this is the one I'm using @ $210​

QXG-2G2T-I225 -- $69 dual 2.5​

QXG-2G4T-I225 -- $75-$130 quad 2.5​

https://www.ebay.com/itm/274527664598 - dual port 2.5 using RTL8125 @ $52... used to be ~$40

I would build the SFF option and then sell the AX11000 to get the AP/s

If you're not going to use the SFF as a NAS or anything else high bandwidth then the Quad 2.5 cuts the costs a bit. The option though to expand beyond the SFF router to more functions in a single device is something to consider if you have additional devices sitting around sucking AC power anyway.

I cut the cord and that's what started this for me. I found most of the TV I was watching on cable was OTA local channels / networks and rolled a DVR / NAS / quad tuner OTA card into a single appliance. Then when I upgraded to 1gbps ISP plan I found deficiencies in the downstream network equipment that required an upgrade to a R7800 to get line speed out of the new plan. Well, I figured there's over provisioning being done on the connection and decided to take on the router/switch/AP portion and combined them into the PC to knock out those devices as well.

Now I have full control and no bottlenecks.

PC - router / switch / AP / DVR (Plex) / OTA (Plex + HDHR) / NAS / Firewall / VPN (whole house @ wire speed)

With the 4-port NIC you can allocate ports to either WAN or LAN as needed or add more NIC's to the mix if you diversify your ISP options even further. The Modem I'm using (MB8600) has 4 x 1GE ports that can be bound together to a max of 4gbps if/when the ISP decides to boost their plan options it's all there ready to be switched on. Currently I use LACP to bind 3 ports for redundancy but, even just 2 ports yields 1500 x 40 mbps w/o a VPN and w/ VPN the down speeds still hit ~1400mbps depending on the server I'm connecting to.

Depending on how much / deep you want to get into this sort of thing it can be done on the cheap or put some more money into it to consolidate multiple functions. For the same price as some of the off the shelf options you see in the $500 range you get to a more robust / stable / secure solution. As you roll devices into the box you sell off things to recoup the costs. If you were to cut the cord on the TV side that's typically at least $100/mo in savings to make up for the HW cost up front.

 

[garycnew]

The only issue with 2.5's is dual port options are limited and they use a switching mechanism to divide the load between the ports. A true 4-port version is available that doesn't do this but, the pricing is comparable to the 5GE version making a compelling argument to over provisioning to the 5GE model.

If the price-point between the multi-port 2.5GE & 5GE NIC's are relatively that close in price, I would definitely go with the 5GE NIC.

I would build the SFF option and then sell the AX11000 to get the AP/s

What AP/s would you recommend? R7800?

If you're not going to use the SFF as a NAS or anything else high bandwidth then the Quad 2.5 cuts the costs a bit. The option though to expand beyond the SFF router to more functions in a single device is something to consider if you have additional devices sitting around sucking AC power anyway.

Agreed.

I cut the cord and that's what started this for me.

I haven't cut the cord, but I find I augment my satellite tv with a great deal of online content. For me, it's similar to having a Pandora account for exploring and a Spotify/Tidal subscription for exactly what I'm looking for.

I found most of the TV I was watching on cable was OTA local channels / networks and rolled a DVR / NAS / quad tuner OTA card into a single appliance.

My preference is a PVR to record Satellite, external USB 3.0 RAID5 NAS, to LDNA or AppleTV.

Then when I upgraded to 1gbps ISP plan I found deficiencies in the downstream network equipment that required an upgrade to a R7800 to get line speed out of the new plan.

Do you use an Asuswrt-Merlin in this topology?

Well, I figured there's over provisioning being done on the connection and decided to take on the router/switch/AP portion and combined them into the PC to knock out those devices as well.

Now I have full control and no bottlenecks.

Which Operating System?

PC - router / switch / AP / DVR (Plex) / OTA (Plex + HDHR) / NAS / Firewall / VPN (whole house @ wire speed)

Nice. However, I found that Plex doesn't do very well with transcoding an array of different multimedia files over DLNA and I don't have a hardware decoder at the TV.

With the 4-port NIC you can allocate ports to either WAN or LAN as needed or add more NIC's to the mix if you diversify your ISP options even further.

Is your SFF PC's memory expandable? That might be another plus for this approach.

The Modem I'm using (MB8600) has 4 x 1GE ports that can be bound together to a max of 4gbps if/when the ISP decides to boost their plan options it's all there ready to be switched on. Currently I use LACP to bind 3 ports for redundancy but, even just 2 ports yields 1500 x 40 mbps w/o a VPN and w/ VPN the down speeds still hit ~1400mbps depending on the server I'm connecting to.

Using LACP with which Operating System?

Depending on how much / deep you want to get into this sort of thing it can be done on the cheap or put some more money into it to consolidate multiple functions. For the same price as some of the off the shelf options you see in the $500 range you get to a more robust / stable / secure solution. As you roll devices into the box you sell off things to recoup the costs. If you were to cut the cord on the TV side that's typically at least $100/mo in savings to make up for the HW cost up front.

Each approach has its Pros & Cons. You can spend as much or as little on either.

Thanks, again, for your thoughts.

 

[Tech Junky]

What AP/s would you recommend? R7800?

R7800 is a router... for an actual AP I like the NWA210AX for the 4x4 / 2.5GE uplink but there's a 2x2 model with 1GE uplink - NWA110AX $160 vs $130

My preference is a PVR to record Satellite, external USB 3.0 RAID5 NAS, to LDNA or AppleTV.

Rolling everything into 1 box w/ Plex. I'm running Raid 10 for speed / redundancy and every client works fine from the server on playback.

Do you use an Asuswrt-Merlin in this topology?

No, I run a Linux PC w/o any WRT to be mentioned. Specifically Ubuntu as the core since I'm familiar with the packages / structures / commands to get things done. Any linux distro though should work though some have pitfalls with different aspects of making things work together.

Nice. However, I found that Plex doesn't do very well with transcoding an array of different multimedia files over DLNA and I don't have a hardware decoder at the TV.

I convert most things to MP4 for playback and saving storage space since MPEG2 reduces down to 1/5 the size in MP4 while retaining 5.1 audio.

Is you SFF PC's memory expandable? That might be another plus for this approach.

Depends on how full blown you go but, in my setup I'm using 16GB of RAM to power all of the functions and typically only using 3-4GB at any given point. If I let it do transcoding for some files it will go up in use but, nothing to extreme .

Using LACP with which Operating System?

Linux - just add the config to the /etc/network/intefaces

auto bo0
iface bo0 inet dhcp
        bond-mode 4
        bond-miimon 100
        bond-lacp-rate 1

Each approach has its Pros & Cons. You can spend as much or as little on either.

Very true. If you want performance and reliability do it yourself. If privacy is of concern then the PC option is better as you don't have it calling home with statistics all the time. If you add PiHole to the mix you can point all of your clients to that for DNS and kill other stat scrapers in the process. You can add monitoring for network - ntopng / system - webmin / glances.

For the DLNA issue having a higher HP CPU gets you around some of it but, the client side is just as important using a full fledged option Roku / Apple / NVIDIA Shield or built in TV / Soundbar. The Chromecast chokes a bit compared to the TCL TV running Roku. Where you do the encoding/decoding makes a difference on the CPU needed.

 

[bsauvage]

Very insightful to hear about the possibilities available when creating your own box, and on top it's much cheaper than the Asus ...! Thank you all for these I may try that at some point.

Glad to be of service. Perhaps, you'll be able to pay it forward, someday.

Sadly I don't have what it takes to be able to contribute in this forum otherwise I'd gladly help newcomers as well! What I can think of: when you're ever in HK, beers on me

Hmm... If you're fine with your devices only connecting at 1Gbps, it might just make more sense to use the Asuswrt Dual-WAN Weighed, Round-Robin Feature and forego link aggregation with the Mikrotik. You'll still make use of both LAN links on the modem, you'll just never see a speed-test over 1Gbps.

But for now I'll use the ready solution of Dual Wan, this is actually what I was trying to set up initially but somehow I haven't managed to make it work, meaning it's as if the traffic is using only one of the two links, not both concurrently. So my rules setup doesn't seem to have an effect and the max speedtest shared across all devices is 1Gb (seems it's using only one of the links at any given time, not balancing, not making use of both). Can you spot what is wrong with my rules?

 

[garycnew]

Sadly I don't have what it takes to be able to contribute in this forum otherwise I'd gladly help newcomers as well! What I can think of: when you're ever in HK, beers on me

You'll be surprised how you might be able to contribute to the Asuswrt-Merlin community; after, learning about Asuswrt Dual-WAN Loadbalancing.

But for now I'll use the ready solution of Dual Wan, this is actually what I was trying to set up initially but somehow I haven't managed to make it work, meaning it's as if the traffic is using only one of the two links, not both concurrently.

That is exactly how Asuswrt Dual-WAN Loadbalancing works. A connection traverses either one or the other links, but not both at the same time.

So my rules setup doesn't seem to have an effect and the max speedtest shared across all devices is 1Gb (seems it's using only one of the links at any given time, not balancing, not making use of both). Can you spot what is wrong with my rules?

There's nothing wrong with your rules. It sounds like the feature is working as designed. Previously, I stated that the max you'd see on a speed-test with this setup is 1Gbps.

Loadbalancing and Aggregating are two different ventures.

 

[bsauvage]

You'll be surprised how you might be able to contribute to the Asuswrt-Merlin community; after, learning about Asuswrt Dual-WAN Loadbalancing.

That is exactly how Asuswrt Dual-WAN Loadbalancing works. A connection traverses either one or the other links, but not both at the same time.

There's nothing wrong with your rules. It sounds like the feature is working as designed. Previously, I stated that the max you'd see on a speed-test with this setup is 1Gbps.

Loadbalancing and Aggregating are two different things.

ah, so there is no way to set some rules to force my computer's static IP to exclusively use the Primary, and have all other IPs exclusively use the Secondary ?

 

[FernandoF]

But for now I'll use the ready solution of Dual Wan, this is actually what I was trying to set up initially but somehow I haven't managed to make it work, meaning it's as if the traffic is using only one of the two links, not both concurrently. So my rules setup doesn't seem to have an effect and the max speedtest shared across all devices is 1Gb (seems it's using only one of the links at any given time, not balancing, not making use of both). Can you spot what is wrong with my rules?

View attachment 39096

Hi @bsauvage. I'm not an expert, but I believe there may indeed be a problem with the above rules - 192.168.50.1/24 and 192.168.50.128/24 overlap! You should probably use /25 instead.

I'd suggest setting up just the following 2 rules, which should allow each "half" of your network to independently get 1 Gbps (from the 2 corresponding WAN links):

• 192.168.50.128/25 --- all --- Primary WAN
• 192.168.50.1/25 ------ all --- Secondary WAN

And a couple of additional tips, based on what I've learned while playing with Load Balancing:

• There's no need for the corresponding inbound "all --- 192.168.50.xxx/25 --- xxxxxx WAN" rules. Just the outbound rules are enough.
• The Primary WAN rules are always considered BEFORE any Secondary WAN rules, regardless of the order they're entered in the GUI (such as in your example). You can confirm that by issuing ip rule over SSH.

ah, so there is no way to set some rules to force my computer's static IP to exclusively use the Primary, and have all other IPs exclusively use the Secondary ?

On the other hand, if you want only one device to use the Primary WAN and the rest of the network to use the Secondary WAN, the following set of rules will likely work (assuming 192.168.50.200 is your computer's reserved IP):

• 192.168.50.200 ---- all --- Primary WAN
• 192.168.50.1/24 --- all --- Secondary WAN

I hope this helps - please let us know!

 

[bsauvage]

I hope this helps - please let us know!

Very clear, and made me learn how to properly use a netmask length! It's working! Closing this, as the goal is achieved given my current setup!
Thank you everyone for the great help and the education.

 

[FernandoF]

I'm glad to hear it!

 

[garycnew]

If you're using Mikrotik be aware:

https://www.bleepingcomputer.com/ne...eaks-ddos-record-with-218-million-rps-attack/