RED Uplink Balancing

The balancing algorithm selects an outgoing link based on source and destination IP address. It does not balance on a per packet basis. The reason is that TCP performance suffers severely when packets are reordered due to different paths in a single TCP connection. Uplink balancing is available with RED 50 and 60.

This means that any transmission with the same source and destination IP address will always take the same interface combination. For example, outgoing packets always on WAN 1 to uplink 1 on Sophos UTM on AWS, incoming packets always from uplink 2 on Sophos UTM on AWS to WAN 1. When a client behind a RED downloads a large file, all incoming packets will be transmitted via one interface only. When a client downloads simultaneous two files from two different servers the incoming packets will be transmitted via either one interface or both interfaces depending on the IP addresses.

Here are the balancing setups:

RED with balancing, Sophos UTM on AWS with one uplink

To configure RED balancing on Sophos UTM on AWS with one uplink, do the following:

  1. Enter the UTM hostname (DNS name or IPv4 address).
  2. Configure the first and the second uplink for balancing.

    Note – Do not enter the same IP or name twice.

RED with balancing, Sophos UTM on AWS with two uplinks in balancing mode

To configure RED balancing on Sophos UTM on AWS with two uplinks in balancing mode, do the following:

  1. Enter two different hostnames (DNS names or IPv4 addresses) for Sophos UTM on AWS.
  2. Configure the first and the second uplink for balancing.
  3. Make sure Sophos UTM on AWS uplink balancing is enabled for the two hostnames and IP addresses in Interfaces & Routing > Interfaces > Uplink Balancing.

RED with one uplink, Sophos UTM on AWS with two uplinks in balancing mode

To configure a RED with one uplink on Sophos UTM on AWS with two uplinks in balancing mode, do the following:

  1. Enter two different hostnames (DNS names or IPv4 addresses) for Sophos UTM on AWS.
  2. Make sure Sophos UTM on AWS uplink balancing is enabled for the two hostnames and IP addresses in Interfaces & Routing > Interfaces > Uplink Balancing.

Note – If uplink balancing is not enabled the dmesg error message 'IPv4: martian source...' will be shown on Sophos UTM on AWS.