Networking – How to properly configure the Load Balancing Router

home-networkingnetworkingrouterwireless-networkingwireless-router

Setup Description

I have a TP-Link TL-R470T+ Load Balancing router setup at my home.
Here is a link to the entire setup along with the routers connected etc.
As can be seen from the diagram, I have three different ISPs (for extra redundancy) – all PPPoE connections.

Problem

The main reason I purchased the Load Balancer was that we wanted an uninterrupted connection. However, the connection often goes off for a few seconds to a couple of minutes, kicking users out of zoom call, logging them out of remote servers, etc.
Currently, we've set it up in Load Balancing mode. Link backup hasn't been enabled because that causes only one ISP to be active at a given time. However, we also require the bandwidth, as at any point in time, there are approximately 20 devices connected.

Possible Issues

The possible issues that I can think of are

ISP failure – Very less probable as all thee ISPs will need to fail
at the same time
Load Balancer Configuration – Some setting in the Load Balancer Configuration I'm missing?
Too many routers/Devices connected – The official documentation of the Load Balancer (Link here) says the device can support up
to 10,000 connections, while we have only around 20-25 devices
connected
An issue with the router configuration? – All the routers are set up with the following configurations
- Mode – access point mode
- SSID – all have the same SSIDs and passwords
- Channel Interference – Shouldn't be an issue, as the routers are on different floors, and different ones have been configured for different channels.

Another thing I'd like to know is is it impractical to expect a seamless connection from a load-balancer? (E.g. No dropped frames in a video call even when one of the ISPs goes off). If so, is there a better alternative?

I've called the official technical support group multiple times. They suggest some tweaks like updating firmware, changing the DNS, etc, but most of them haven't produced any good results.
Any help would be appreciated! Thanks in advance!

PS: I'd posted this Question on the Network Engineering Stack Exchange, but was redirected here!

Edit

Adding some of the suspicious entries of the system log

Module	Level	Content	Comment
Firewall	WARNING	Detected Ping of Death attack. Dropped x packets. (This occurs quite often)	This happens often, but is quite spaced out
PPPoE Client	WARNING	WAN2: PPPoE sending PADI timeout.	Happens once in a while
Firewall	NOTICE	Detected ARP Conflict. Dropped x packets	This occurs rarely, but when it occurs, there are multiple similar logs, in a small time interval, leading to loss of many packets
Firewall	Warning	Detected suspected ARP attack packets. Be careful	Don't know what to make of this. Comes once in a while

Hope this can throw some additional light!

Best Answer

I'll only answer this part first:

is it impractical to expect a seamless connection from a load-balancer? (E.g. No dropped frames in a video call even when one of the ISPs goes off). If so, is there a better alternative?

With a basic "load balancer" this is very difficult to achieve as far as I know, simply because each of the 3 ISPs requires you to use a different IP address to access the Internet.¹

So whenever the link through ISP 1 goes down, all TCP connections made using that ISP's IP address are as good as gone – there is no way to migrate them to a different endpoint at all, much less without losing any packets. The same also applies to most UDP-based applications (there are a few which support endpoint roaming, but most video streaming protocols do not).

It's quite possible (though I have no way to confirm) that it is actually an unexpected ISP switch that causes all existing connections to die. You should watch your router's system logs or check what is being reported as your "public" IP address from the affected computer.

One possible workaround is to set up a VPN that uses a roaming-capable protocol (WireGuard in particular works well), and always make the video calls through that VPN. This works because your video connection will be using the VPN server's IP address the whole time, regardless of which ISP you're using to reach that server.

(But even with a roaming-capable protocol, there can still be some packet loss – if the link to the current ISP dies (i.e. switchover is unexpected), the server will not be aware of what just happened on your end and will just continue sending packets to your old address until it gets informed of the new endpoint. The protocol needs to be designed to buffer and retransmit if necessary.)

¹ (Large enterprise networks use BGP to share the same IP addresses across multiple ISP connections, but this can only be done with the ISPs' cooperation and has quite a few additional costs.)

Related Solutions

Networking – Application Optimized Routing on a load balancing router

With respect to IPv4:

A TCP connection (not UDP, not Multicast, etc) upon which sessions applications establish to conduct transactions and present content is between one and only one source IP:port, and one and only one destination IP:port. The protocol does not permit one-to-many connections for a single session, as far as the public Internet is concerned. Due to the stateful nature of TCP, while it may be possible to have several private hosts conduct parts of a single session, brokered by a load-balancer, it is likely not practical.

The route between these two IP:port hosts may be infinitely dynamic, insofar as neither host runs out of resources or exceeds any timers. This includes gracefully handling out-of-sequence packets, as long as no limits, hard or soft, are exceeded.

This means that in order to load-balance a session over two separate links in the outbound direction, both paths must be able to forward traffic from the same source IP to the same destination IP.

When the two links belong to the same ISP, this is usually not a problem, unless there are strict source IP filters (explicit or implicit) on each connection. In fact, if no specific restrictions, one can balance in the outbound direction over two separate links without any assistance from the ISP.

Not so for load-balancing the inbound traffic, however. The ISP almost always has to step in to enable load-balancing in the inbound direction.

Lets assume the ISP is onboard with implementing load balancing for you:

One of the easiest ways to accomplish this is to assign you your own subnet, apart from the usual networks served by the DSLAM. This subnet could be as small as a single /32 host, or, for an office, perhaps even several hundred hosts.

For reliable load balancing between two IP links and customer premise equipment (CPE), the load balancer ought to have at least 3 separate interfaces, and the two ISP-facing interfaces ought to belong to two different networks, to eliminate any ambiguous routing or switching decisions

Say one of your ISP-facing load-balancer interfaces is 10.2.2.2/30, the other 10.2.2.254/30. Your CPE network is 65.172.1.0/24 and the load balancer's CPE-facing interface is 65.172.1.1.

Your load-balacner would have to do some form of the following:

ip route 0.0.0.0 0.0.0.0 10.2.2.1
ip route 0.0.0.0 0.0.0.0 10.2.2.253

This creates two static default routes of equal priority to each connection to the ISP.

On a cisco router behaving as a load balancer, the default method was to load-balance per destination, as the way route-cache flow works, it's less work for the router. However, there was the option

ip load-sharing per-packet

which would forward traffic that has more than one equivalent route, in a round-robin out both interfaces.

ip load-sharing per-destination

sets it back to its default scheme.

This setup would load-balance your outbound connections.

Your ISP would have to configure these two static routes on their device, with the same per-packet or per-destination option, most likely the former:

ip route 65.172.1.0 255.255.255.0 10.2.2.2
ip route 65.172.1.0 255.255.255.0 10.2.2.254

If set up properly on both sides, both your load balancer's WAN interfaces ought to report the same packet-per-second received, and the same packet-per-second transmitted statistics.

The features you inquire about are very similar to per-packet load-sharing and per-destination. However, if its the same ISP, you can safely leave it on per-packet; The 'optimized' option is more for those load-balancing two connections to different providers. Note that changing this option only affects your outbound traffic, and has no effect on inbound.

It's quite unlikely that you'll be able to implement a two-way load-balanced connection without help (and likely a fee) from your ISP. Your ISP ought to be able to advise you on settings that suit your situation.

However, it is in my opinion, given what I know about your network design, that there will be any noticeable trouble with per-packet.