Load Balancing - Балансировка нагрузки WAN
Load Balancing в VyOS - это функция распределения сетевого трафика между множественными WAN-подключениями для повышения отказоустойчивости и эффективного использования пропускной способности.
Обзор
Load Balancing используется для:
- WAN Redundancy: Автоматический failover при отказе основного канала
- Bandwidth Aggregation: Суммирование пропускной способности нескольких каналов
- Traffic Distribution: Распределение нагрузки между провайдерами
- Cost Optimization: Эффективное использование множественных каналов
- High Availability: Непрерывность работы при отказе оборудования или канала
Типы балансировки
VyOS поддерживает несколько методов балансировки:
| Метод | Описание | Использование |
|---|---|---|
| Round-robin | По очереди между каналами | Равномерное распределение |
| Weighted | Пропорционально весу канала | Разная пропускная способность |
| Source-based | По IP источника | Sticky sessions |
| Destination-based | По IP назначения | Специфичные маршруты |
Архитектура
Load Balancing в VyOS работает через:
- Health monitoring: Проверка доступности каналов (ping, TTL)
- Failover: Автоматическое переключение на рабочие каналы
- Sticky connections: Сохранение маршрута для существующих сессий
- Rule-based routing: Policy-based routing для балансировки
Базовая конфигурация
Dual WAN с автоматическим failover
# Настройка интерфейсов
set interfaces ethernet eth0 address dhcp
set interfaces ethernet eth0 description 'WAN1 - Primary ISP'
set interfaces ethernet eth1 address dhcp
set interfaces ethernet eth1 description 'WAN2 - Backup ISP'
set interfaces ethernet eth2 address 192.168.1.1/24
set interfaces ethernet eth2 description 'LAN'
# Load balancing группа
set load-balancing wan interface-health eth0 nexthop dhcp
set load-balancing wan interface-health eth0 test 10 type ping
set load-balancing wan interface-health eth0 test 10 target 8.8.8.8
set load-balancing wan interface-health eth1 nexthop dhcp
set load-balancing wan interface-health eth1 test 10 type ping
set load-balancing wan interface-health eth1 test 10 target 1.1.1.1
# Правило балансировки
set load-balancing wan rule 1 inbound-interface eth2
set load-balancing wan rule 1 interface eth0 weight 1
set load-balancing wan rule 1 interface eth1 weight 1
# NAT для обоих каналов
set nat source rule 100 outbound-interface name eth0
set nat source rule 100 source address 192.168.1.0/24
set nat source rule 100 translation address masquerade
set nat source rule 101 outbound-interface name eth1
set nat source rule 101 source address 192.168.1.0/24
set nat source rule 101 translation address masquerade
commit
saveActive-Backup (Primary-Failover)
# Primary канал с большим весом
set load-balancing wan rule 1 inbound-interface eth2
set load-balancing wan rule 1 interface eth0 weight 100 # Primary
set load-balancing wan rule 1 interface eth1 weight 1 # Backup only
commit
saveHealth monitoring с множественными тестами
# Множественные тесты для надежности
set load-balancing wan interface-health eth0 nexthop dhcp
set load-balancing wan interface-health eth0 test 10 type ping
set load-balancing wan interface-health eth0 test 10 target 8.8.8.8
set load-balancing wan interface-health eth0 test 20 type ping
set load-balancing wan interface-health eth0 test 20 target 1.1.1.1
# Failure count - сколько раз тест должен провалиться
set load-balancing wan interface-health eth0 failure-count 3
commit
saveРасширенная конфигурация
Weighted балансировка (разная пропускная способность)
# WAN1: 100 Mbps (вес 2)
# WAN2: 50 Mbps (вес 1)
set load-balancing wan interface-health eth0 nexthop dhcp
set load-balancing wan interface-health eth0 test 10 type ping
set load-balancing wan interface-health eth0 test 10 target 8.8.8.8
set load-balancing wan interface-health eth1 nexthop dhcp
set load-balancing wan interface-health eth1 test 10 type ping
set load-balancing wan interface-health eth1 test 10 target 1.1.1.1
# Правило с весами 2:1
set load-balancing wan rule 1 inbound-interface eth2
set load-balancing wan rule 1 interface eth0 weight 2
set load-balancing wan rule 1 interface eth1 weight 1
commit
saveSource-based балансировка (sticky sessions)
# Балансировка по IP источника (один клиент - один канал)
set load-balancing wan rule 1 inbound-interface eth2
set load-balancing wan rule 1 interface eth0
set load-balancing wan rule 1 interface eth1
set load-balancing wan rule 1 per-packet-balancing disable # Sticky sessions
commit
saveИсключения из балансировки
# Основное правило балансировки
set load-balancing wan rule 1 inbound-interface eth2
set load-balancing wan rule 1 interface eth0
set load-balancing wan rule 1 interface eth1
# Исключение: VPN трафик только через WAN1
set load-balancing wan rule 10 inbound-interface eth2
set load-balancing wan rule 10 interface eth0
set load-balancing wan rule 10 destination port 500 # IKE
set load-balancing wan rule 10 protocol udp
set load-balancing wan rule 11 inbound-interface eth2
set load-balancing wan rule 11 interface eth0
set load-balancing wan rule 11 destination port 4500 # NAT-T
set load-balancing wan rule 11 protocol udp
commit
saveБалансировка по протоколу/порту
# HTTP/HTTPS через оба канала
set load-balancing wan rule 1 inbound-interface eth2
set load-balancing wan rule 1 interface eth0
set load-balancing wan rule 1 interface eth1
set load-balancing wan rule 1 destination port 80,443
set load-balancing wan rule 1 protocol tcp
# Email только через WAN1 (для белого IP)
set load-balancing wan rule 10 inbound-interface eth2
set load-balancing wan rule 10 interface eth0
set load-balancing wan rule 10 destination port 25,587
set load-balancing wan rule 10 protocol tcp
# Все остальное через оба канала
set load-balancing wan rule 100 inbound-interface eth2
set load-balancing wan rule 100 interface eth0
set load-balancing wan rule 100 interface eth1
commit
saveTTL-based health check
# TTL test (альтернатива ping)
set load-balancing wan interface-health eth0 nexthop dhcp
set load-balancing wan interface-health eth0 test 10 type ttl
set load-balancing wan interface-health eth0 test 10 target 8.8.8.8
set load-balancing wan interface-health eth0 test 10 ttl-limit 1 # Минимальный TTL
commit
saveFlush connections при failover
# Сброс существующих соединений при failover
set load-balancing wan flush-connections
commit
saveПримеры конфигураций
Пример 1: Dual WAN с равномерной балансировкой
# WAN интерфейсы
set interfaces ethernet eth0 address dhcp
set interfaces ethernet eth0 description 'ISP1'
set interfaces ethernet eth1 address dhcp
set interfaces ethernet eth1 description 'ISP2'
# LAN интерфейс
set interfaces ethernet eth2 address 192.168.1.1/24
set interfaces ethernet eth2 description 'LAN'
# Health monitoring
set load-balancing wan interface-health eth0 nexthop dhcp
set load-balancing wan interface-health eth0 test 10 type ping
set load-balancing wan interface-health eth0 test 10 target 8.8.8.8
set load-balancing wan interface-health eth0 failure-count 3
set load-balancing wan interface-health eth1 nexthop dhcp
set load-balancing wan interface-health eth1 test 10 type ping
set load-balancing wan interface-health eth1 test 10 target 1.1.1.1
set load-balancing wan interface-health eth1 failure-count 3
# Load balancing rule (50/50)
set load-balancing wan rule 1 inbound-interface eth2
set load-balancing wan rule 1 interface eth0 weight 1
set load-balancing wan rule 1 interface eth1 weight 1
set load-balancing wan rule 1 per-packet-balancing disable
# NAT
set nat source rule 100 outbound-interface name eth0
set nat source rule 100 source address 192.168.1.0/24
set nat source rule 100 translation address masquerade
set nat source rule 101 outbound-interface name eth1
set nat source rule 101 source address 192.168.1.0/24
set nat source rule 101 translation address masquerade
commit
saveПример 2: Primary-Backup конфигурация
# WAN интерфейсы
set interfaces ethernet eth0 address dhcp
set interfaces ethernet eth0 description 'Primary ISP (100 Mbps)'
set interfaces ethernet eth1 address dhcp
set interfaces ethernet eth1 description 'Backup ISP (50 Mbps)'
set interfaces ethernet eth2 address 192.168.1.1/24
# Health monitoring
set load-balancing wan interface-health eth0 nexthop dhcp
set load-balancing wan interface-health eth0 test 10 type ping
set load-balancing wan interface-health eth0 test 10 target 8.8.8.8
set load-balancing wan interface-health eth1 nexthop dhcp
set load-balancing wan interface-health eth1 test 10 type ping
set load-balancing wan interface-health eth1 test 10 target 1.1.1.1
# Primary-Backup (вес 100:1)
set load-balancing wan rule 1 inbound-interface eth2
set load-balancing wan rule 1 interface eth0 weight 100
set load-balancing wan rule 1 interface eth1 weight 1
# NAT
set nat source rule 100 outbound-interface name eth0
set nat source rule 100 source address 192.168.1.0/24
set nat source rule 100 translation address masquerade
set nat source rule 101 outbound-interface name eth1
set nat source rule 101 source address 192.168.1.0/24
set nat source rule 101 translation address masquerade
commit
saveПример 3: Weighted балансировка с исключениями
# WAN интерфейсы (100 Mbps и 50 Mbps)
set interfaces ethernet eth0 address dhcp
set interfaces ethernet eth1 address dhcp
set interfaces ethernet eth2 address 192.168.1.1/24
# Health monitoring
set load-balancing wan interface-health eth0 nexthop dhcp
set load-balancing wan interface-health eth0 test 10 type ping
set load-balancing wan interface-health eth0 test 10 target 8.8.8.8
set load-balancing wan interface-health eth1 nexthop dhcp
set load-balancing wan interface-health eth1 test 10 type ping
set load-balancing wan interface-health eth1 test 10 target 1.1.1.1
# VPN всегда через WAN1 (для стабильного IP)
set load-balancing wan rule 10 inbound-interface eth2
set load-balancing wan rule 10 interface eth0
set load-balancing wan rule 10 protocol esp
set load-balancing wan rule 11 inbound-interface eth2
set load-balancing wan rule 11 interface eth0
set load-balancing wan rule 11 destination port 500,4500
set load-balancing wan rule 11 protocol udp
# Основной трафик: weighted балансировка 2:1
set load-balancing wan rule 100 inbound-interface eth2
set load-balancing wan rule 100 interface eth0 weight 2
set load-balancing wan rule 100 interface eth1 weight 1
# NAT
set nat source rule 100 outbound-interface name eth0
set nat source rule 100 source address 192.168.1.0/24
set nat source rule 100 translation address masquerade
set nat source rule 101 outbound-interface name eth1
set nat source rule 101 source address 192.168.1.0/24
set nat source rule 101 translation address masquerade
commit
saveПример 4: Triple WAN
# Три WAN канала
set interfaces ethernet eth0 address dhcp
set interfaces ethernet eth0 description 'ISP1 - Fiber 200 Mbps'
set interfaces ethernet eth1 address dhcp
set interfaces ethernet eth1 description 'ISP2 - Cable 100 Mbps'
set interfaces ethernet eth3 address dhcp
set interfaces ethernet eth3 description 'ISP3 - LTE 50 Mbps (Backup)'
set interfaces ethernet eth2 address 192.168.1.1/24
# Health monitoring для всех каналов
set load-balancing wan interface-health eth0 nexthop dhcp
set load-balancing wan interface-health eth0 test 10 type ping
set load-balancing wan interface-health eth0 test 10 target 8.8.8.8
set load-balancing wan interface-health eth1 nexthop dhcp
set load-balancing wan interface-health eth1 test 10 type ping
set load-balancing wan interface-health eth1 test 10 target 1.1.1.1
set load-balancing wan interface-health eth3 nexthop dhcp
set load-balancing wan interface-health eth3 test 10 type ping
set load-balancing wan interface-health eth3 test 10 target 9.9.9.9
# Weighted балансировка 4:2:1 (200 Mbps : 100 Mbps : 50 Mbps)
set load-balancing wan rule 1 inbound-interface eth2
set load-balancing wan rule 1 interface eth0 weight 4
set load-balancing wan rule 1 interface eth1 weight 2
set load-balancing wan rule 1 interface eth3 weight 1
# NAT для всех
set nat source rule 100 outbound-interface name eth0
set nat source rule 100 source address 192.168.1.0/24
set nat source rule 100 translation address masquerade
set nat source rule 101 outbound-interface name eth1
set nat source rule 101 source address 192.168.1.0/24
set nat source rule 101 translation address masquerade
set nat source rule 102 outbound-interface name eth3
set nat source rule 102 source address 192.168.1.0/24
set nat source rule 102 translation address masquerade
commit
saveИнтеграция с облачными платформами
Yandex Cloud
При развертывании Load Balancing в Yandex Cloud учитывайте особенности платформы:
Dual WAN с Yandex Cloud Internet Gateway:
# Основной канал через Yandex Cloud NAT Gateway
set interfaces ethernet eth0 address 10.0.1.10/24
set interfaces ethernet eth0 description 'Yandex Cloud NAT Gateway'
# Резервный канал через Elastic IP
set interfaces ethernet eth1 address 10.0.2.10/24
set interfaces ethernet eth1 description 'Elastic IP Backup'
# LAN
set interfaces ethernet eth2 address 192.168.1.1/24
# Health monitoring с Yandex Cloud DNS
set load-balancing wan interface-health eth0 nexthop 10.0.1.1
set load-balancing wan interface-health eth0 test 10 type ping
set load-balancing wan interface-health eth0 test 10 target 77.88.8.8 # Yandex DNS
set load-balancing wan interface-health eth1 nexthop 10.0.2.1
set load-balancing wan interface-health eth1 test 10 type ping
set load-balancing wan interface-health eth1 test 10 target 8.8.8.8
# Primary-Backup балансировка
set load-balancing wan rule 1 inbound-interface eth2
set load-balancing wan rule 1 interface eth0 weight 100
set load-balancing wan rule 1 interface eth1 weight 1
# Cloud Logging интеграция
set system syslog host 10.0.0.10 facility daemon level info
commitМониторинг с Yandex Monitoring:
#!/bin/bash
# /config/scripts/yc-monitoring.sh
# Send metrics to Yandex Monitoring
WAN1_STATUS=$(show load-balancing wan interface-health eth0 | grep -c "reachable")
WAN2_STATUS=$(show load-balancing wan interface-health eth1 | grep -c "reachable")
# Export metrics via Unified Agent
echo "wan1_status $WAN1_STATUS" > /tmp/metrics.txt
echo "wan2_status $WAN2_STATUS" >> /tmp/metrics.txtVK Cloud
Интеграция Load Balancing с VK Cloud (Mail.ru Cloud Solutions):
Dual WAN с VK Cloud:
# Primary через VK Cloud NAT
set interfaces ethernet eth0 address 10.0.1.10/24
set interfaces ethernet eth0 description 'VK Cloud Primary'
# Backup через Floating IP
set interfaces ethernet eth1 address 10.0.2.10/24
set interfaces ethernet eth1 description 'VK Cloud Backup'
set interfaces ethernet eth2 address 192.168.1.1/24
# Health check с VK Cloud metadata service
set load-balancing wan interface-health eth0 nexthop 10.0.1.1
set load-balancing wan interface-health eth0 test 10 type ping
set load-balancing wan interface-health eth0 test 10 target 169.254.169.254
set load-balancing wan interface-health eth0 test 20 type ping
set load-balancing wan interface-health eth0 test 20 target 8.8.8.8
set load-balancing wan interface-health eth1 nexthop 10.0.2.1
set load-balancing wan interface-health eth1 test 10 type ping
set load-balancing wan interface-health eth1 test 10 target 8.8.8.8
# Weighted балансировка
set load-balancing wan rule 1 inbound-interface eth2
set load-balancing wan rule 1 interface eth0 weight 2
set load-balancing wan rule 1 interface eth1 weight 1
commitМониторинг и диагностика
Просмотр статуса load balancing
# Показать статус load balancing
show load-balancing wan
# Вывод включает:
# - Статус каждого интерфейса (active/inactive)
# - Последний результат health check
# - Текущий nexthop
# - Статистика использованияПроверка health checks
# Детальная информация о health checks
show load-balancing wan interface-health
# Статус тестов для конкретного интерфейса
show load-balancing wan interface-health eth0Просмотр правил
# Конфигурация load balancing
show configuration load-balancing wan
# Показать правила
show configuration load-balancing wan ruleСтатистика балансировки
# Счетчики пакетов/байтов по интерфейсам
show interfaces ethernet eth0 statistics
show interfaces ethernet eth1 statistics
# Conntrack для проверки распределения
sudo conntrack -L | wc -lТестирование failover
# Отключить интерфейс для теста
set interfaces ethernet eth0 disable
commit
# Проверить статус
show load-balancing wan
# Включить обратно
delete interfaces ethernet eth0 disable
commitЛогирование
# Логи load balancing
show log | match "wan lb"
show log | match "load-balancing"
# Real-time мониторинг
monitor log | match "wan lb"Устранение неполадок
Проблема: Health check постоянно fail
Диагностика:
# Проверка статуса
show load-balancing wan interface-health eth0
# Ручная проверка ping
ping 8.8.8.8 interface eth0 count 5
# Проверка routing
show ip route
# Проверка firewall
show firewallРешение:
# Изменить target для health check
delete load-balancing wan interface-health eth0 test 10 target
set load-balancing wan interface-health eth0 test 10 target 1.1.1.1
# Увеличить failure count
set load-balancing wan interface-health eth0 failure-count 5
# Использовать TTL вместо ping
set load-balancing wan interface-health eth0 test 10 type ttl
commit
saveПроблема: Балансировка не работает
Диагностика:
# Проверка статуса
show load-balancing wan
# Проверка rules
show configuration load-balancing wan rule
# Проверка NAT
show nat source rulesРешение:
# Убедиться, что NAT настроен для всех WAN
set nat source rule 100 outbound-interface name eth0
set nat source rule 101 outbound-interface name eth1
# Проверить inbound-interface в rules
show configuration load-balancing wan rule 1
# Flush connections для обновления
set load-balancing wan flush-connections
commit
saveПроблема: Sticky sessions не работают
Причина: Per-packet balancing включен.
Решение:
# Отключить per-packet balancing
set load-balancing wan rule 1 per-packet-balancing disable
commit
saveПроблема: VPN не работает после failover
Причина: VPN требует стабильного IP.
Решение:
# Исключить VPN из балансировки
set load-balancing wan rule 10 inbound-interface eth2
set load-balancing wan rule 10 interface eth0 # Только primary WAN
set load-balancing wan rule 10 protocol esp
set load-balancing wan rule 11 inbound-interface eth2
set load-balancing wan rule 11 interface eth0
set load-balancing wan rule 11 destination port 500,4500
set load-balancing wan rule 11 protocol udp
commit
saveЛучшие практики
- Правильный выбор метода балансировки
# Active-Backup - для надежности
set load-balancing wan rule 1 interface eth0 weight 100
set load-balancing wan rule 1 interface eth1 weight 1
# Round-robin - для равномерного использования
set load-balancing wan rule 1 interface eth0 weight 1
set load-balancing wan rule 1 interface eth1 weight 1
# Weighted - для разной пропускной способности
set load-balancing wan rule 1 interface eth0 weight 2
set load-balancing wan rule 1 interface eth1 weight 1- Надежный health monitoring
set load-balancing wan interface-health eth0 test 10 type ping
set load-balancing wan interface-health eth0 test 10 target 8.8.8.8
set load-balancing wan interface-health eth0 test 20 type ping
set load-balancing wan interface-health eth0 test 20 target 1.1.1.1
set load-balancing wan interface-health eth0 failure-count 3- Sticky sessions для стабильности
set load-balancing wan rule 1 per-packet-balancing disable- Исключения для критичных сервисов
# VPN всегда через один канал
set load-balancing wan rule 10 interface eth0
set load-balancing wan rule 10 protocol esp- NAT для всех WAN
set nat source rule 100 outbound-interface name eth0
set nat source rule 101 outbound-interface name eth1- Мониторинг и алерты
set system task-scheduler task wan-monitor interval '*/5 * * * *'
set system task-scheduler task wan-monitor executable path '/config/scripts/monitor-wan.sh'- Flush connections при failover
set load-balancing wan flush-connections- Документирование конфигурации
set interfaces ethernet eth0 description 'ISP1 - Primary - 100 Mbps'
set interfaces ethernet eth1 description 'ISP2 - Backup - 50 Mbps'- Тестирование failover
set interfaces ethernet eth0 disable
# Проверить работу через WAN2
delete interfaces ethernet eth0 disable- Логирование
set system syslog file wan-lb.log facility daemon level infoДополнительные ресурсы
Следующие шаги
- Policy Routing - расширенная маршрутизация
- Firewall - защита WAN интерфейсов
- NAT - NAT для множественных WAN
- High Availability - VRRP + Load Balancing