Excessive secondary WAN bandwidth use
I've got a secondary WAN connection set up to run over a metered LTE connection which in theory should work OK because the primary virtually never goes down and so the billable fallback gets next to no use. However the LTE router reports about 20MB of daily traffic through it, split roughly 50:50 up and down. I'm guessing this is the Firewalla performing connectivity tests and similar things.
Is there any way to disable this to avoid running up unnecessary data charges on the secondary WAN? Something like Windows where you can mark it as a metered connection and so no traffic is put across it except on demand, which for this case would be when failover occurs? At the moment I'm being charged for a link that shouldn't be seeing any traffic because of what I assume is Firewalla test traffic.
-
I'd considered that but it's a bit like "fixing" a blowing fuse by replacing it with 12 1/2 gauge fencing wire. In particular I don't want to disable connectivity testing entirely, I still want it active when the link fails over to the secondary, with maybe a single "is this thing still on?" test once a week or so in case of something like the carrier disabling the SIM would be good. Disabling the checking entirely means that I'd only find out if there's a problem when the secondary is actually needed, which defeats the point of automated failover.
So this is probably also a feature request alongside a problem report, the problem is excessive bandwidth usage in the connectivity test, running at around 20MB a day every day, and the feature request is being able to mark a connection as a metered connection as per things like Windows so the system knows not to generate unnecessary traffic on it.
-
Not sure how their accounting works, but if it's just a basic ping it shouldn't really amount to much so either a ping is being counted as a ton of data, or the Firewalla is sending a ton of data or perhaps sending a half-ton frequently enough that it all adds up - can you provide any details on what it's doing, i.e. how much and how often traffic is generated? I've disabled connectivity checks and left it for 24 hours and usage is essentially zero, so all the bandwidth usage was the Firewalla doing connectivity checking.
The situation in this case is that it's not running over a full (expensive) mobile plan which is unnecessary, it's an M2M link that might get used once a year if there's a problem with the fibre primary link. So instead of paying a monthly fee like a standard mobile plan you pay a small amount once a year based on data usage, which should be close to zero if it wasn't for the apparent 20MB a day of connectivity checks.
With the tests disabled, is there any checking done at any point that the link still works? What I'm worried about is that if there is some glitch I won't find out about it until it's time to fail over, at which point the failover won't work.
-
In the end I turned all speed and throughput checks off for the WWAN link, but even with just basic is-the-link-up tests I was getting a lot of false positives resulting in constant alerts that the link had gone down, then two minutes later at the next test that it was back again. The "fix" was to change the test servers and DNS name that was checked and keep winding the threshold down until I stopped getting alerts all the time, something like a 30% success rate.
For the DNS name I used amazon.com which I figure is a DNS entry that a lot of effort goes into making visible/resolvable all the time, for the hosts I used DNS servers at the ISP which are only one or two hops away rather than 1.1.1.1 and 8.8.8.8 and whatever the others were. The easiest way to find which ones to use is to see what DHCP from the ISP gives you as DNS servers, and that's your ping target.
-
No, unfortunately. It would be useful to have, a metered-connection mode where it doesn't do any bandwidth tests and sends a ping perhaps every five minutes and only if that fails does it try multiple pings, DNS lookups, etc. And, for icing on the cake, automatically selects the DNS servers provided by the ISP's DHCP as the ping targets instead of 1.1.1.1/8.8.8.8, which may not incur usage charges.
-
Updating this for anyone that may be researching this issue. The settings are in 3 places as of January, 2025:
- Network Performance > Internet Speed > Test Options
- Network Performance > Internet Quality > Test Options
- Network > [WAN Network] > Connectivity Test
After disabling all 3 for my T-Mobile Cellular gateway which is a secondary WAN, I am no longer seeing any activity on the Firewalla Live Throughput graph for this network. I attempted to identify the upstream DNS server(s) used by T-Mobile but Firewalla returned the local gateway's IP as the T-Mobile gateway is caching DNS, so I just left it off. A google search turned up some IPs but seeing how I don't even know if using a T-Mobile vs. other DNS would negate a potential charge for the ping data, I choose to just leave it off.
Once I confirm 0 data being logged by T-Mobile, I might try enabling the above tests one at a time to determine how much data each is using. Ideally I would like to have the tests enabled.
The T-Mobile plan drops to 3G data after exceeding the monthly usage limit.
Please sign in to leave a comment.
Comments
9 comments