Tuesday, February 7, 2023 β€’ Welcome to the πŸ’― No-Nonsense Zone!
πŸ›οΈ Check out Today’s πŸ”₯Amazon logoDeals! πŸ›’

Dual-WAN vs Link Aggregation Explained: Practical Real-World Tips

Share what you're reading!

As promised in the piece about 10Gbps Internet, I’ll explain the differences between Dual-WAN vs Link Aggregation and how to set up each when applicable.

In most homes, both of these features can be unnecessary. They are nice to have but might not be worth the extra cost.

And for that reason, you will not find Dual-WAN or Link Aggregation in every Wi-Fi router. But many support one of the two or even both.

For this post, I use an Asus RT-AX89X, which, like most high-end Asus home routers, comes with these features and flexible network ports. The router also has a ton of LAN ports to spare.

If you have any Asus routers, you’ll find what I describe here closely applicable. The interfaces might differ among router brands, but the general principles of these features remain.

Dual-WAN or Link Aggregation are generally stripped down in home routers — they are not as robust as in enterprise hardware. Still, they are advanced features and, therefore, can be confusing. Keep that in mind.

Asus RT AX89X 10Gbps Internet 4
Dual-WAN: Here’s my Asus RT-AX89X running a 10Gbps Fiber-optic WAN. Note its Gigabit WAN port is available for a second WAN I was about to plug in.

Dual-WAN vs Link Aggregation: (Almost) totally two different things

I’ve gotten many questions where folks mentioned Dual-WAN and Link Aggregation as though they are the same.

While you can use Link Aggregation in a WAN (Internet) connection — a.k.a WAN Link Aggregation — the two are different in nature.

Let’s start with Dual-WAN.

Dual-WAN: It’s a matter of (extra) Internet bandwidth vs speed

When it comes to the Internet connection — a.k.a the wide-area network or WAN — we often talk about speed in megabits per second (Mbps) or even Gigabit per second (Gbps).

Data transmission speeds in a nutshell

As you read this page, keep in mind that each character on the screen, including a space between two words, generally requires one byte of data.

The phrase “Dong Knows Tech,” with no quotes, requires at least 15 bytes, and likely more since the formatting — such as capitalization and font — also needs extra storage space.

One byte equals eight bits.

One million (1,000,000) bits = 1 Megabit (Mb).

Megabits per second (Mbps) — the number of megabits that are manipulated in one second — is the common unit for data transmission nowadays. Based on that, the following are common terms:

  • Fast Ethernet: A connection standard that can deliver up to 100Mbps.
  • Gigabit: That’s short for Gigabit Ethernet (GbE) and generally means transmission speeds in Gigabit per second (Gbps). This is currently the most popular wired connection standard. 1Gbps = 1000Mbps.
  • Gig+: A connection that’s faster than 1Gbps but slower than 2Gbps. It often applies to 2×2 Wi-Fi 6/E or Internet speeds.
  • Multi-Gigabit: That’s multiple gigabits — a link that’s 2Gbps or faster.
  • Multi-Gig: A new BASE-T wired connection standard that delivers 2.5GbE, 5Gbe, or 10GbE, depending on the devices involved, and is also backward compatible with Fast Ethernet and Gigabit.

Multi-Gig explained: It’s more than faster-than-Gigabit speeds

And that’s easy to relate to since we all want to know how fast our connection is. But speed and bandwidth can be two different things. Here’s a scenario:

Suppose you have a 500Mbps broadband connection. On one computer, you run a speed test and indeed get 500Mbps. At that exact moment, if you do the same test on another computer, that one will get 0Mbps. More realistically, you’ll get 250Mbps on the 2nd computer, and the first computer’s test result will also be cut in half.

That’s because 500Mb is also the total bandwidth of your Internet pipe — the max amount of data the connection can deliver at any given time.

So to get two concurrent 500Mbps connections, we’ll have to have a Gigabit (1000Mbps) connection. Or you can get two separate 500Mbps lines — and that’s where Dual-WAN comes into play.

Dual-WAN vs Single-WAN

Generally, in a network, the router handles the WAN connection (or connections in the case of Dual-WAN.) That’s also the case when you use a mesh. Specifically, you can’t make a satellite unit of a Wi-Fi system host an Internet connection, be it the first or second WAN.

The bottom line is that to use Dual-WAN, you need a router with this capability.

Using two Single-WAN routers to host two Internet connections won’t give you a Dual-WAN setup. Instead, you get two local networks, and if you link them somehow, such as via VPN, you’ll still use one of the two WAN connections at a time.

However, Dual-WAN will not increase your Internet speed, only the bandwidth.

Specifically, if you have two separate 500Mbps broadband plans, you will never see the rate of 1000Mbps in a single test. Instead, you’ll be able to get the full 500Mbps on two computers simultaneously. And that can be a good thing (vs using a single 1000Mbps line) since no computer in the network can hog all the Internet bandwidth.

But that’s only the case when you load-balance a Dual-WAN setup.

Dual-WAN: Load-balancing vs failover

Load-balancing is when you use two WAN connections simultaneously to increase the bandwidth. For this reason, it’s most applicable when the two WANs share similar speed grades, such as when you have a Gigabit Cable plan and a Gigabit Fiber-optic line.

When you have two lopsided connections, load-balancing works, too, just not as effectively, there are two scenarios:

  • Equal bandwidth: You divide the bandwidth equally between the two WANs. That’s often referred to as the 1:1 load balance. In this case, the slow WAN will get clogged up very fast, while the fast WAN is hardly used.
  • Proportionate bandwidth: You allocate the network’s Internet usage proportionately between the two WANs according to their speeds. For example, if you load-balance a 900Mbps WAN and a 100Mbps WAN (the former is 9x faster), you can make the first handle 90 percent of the network’s Internet bandwidth and leave the rest 10 percent to the second WAN. That’s a 9:1 load balance.

A proportionate load-balance setup might make sense depending on the speed differences between the two WANs. However, if one is significantly faster than the other, the slow one might never play any role in a load-balance configuration — it’s just not ever needed.

Since load-balancing requires extra resources from the router — it has to deal with two WAN connections at all times — in the case of severely lopsided WAN connections, like the one mentioned above, it’s best to use them in the failover configuration.

This is also my case, I have a 10Gbps Fiber-optic line and a Gigabit Cable plan.

In failover Dual-WAN, you pick the faster WAN as the primary and the slower as the secondary — it’s a backup. The former is in use by default, and the latter will kick in only when the former becomes unavailable. This keeps the network from being disconnected from the Internet.

Failover Dual-WAN is excellent for environments where you can’t afford to go offline while the primary WAN is down.

In reality, there’s still a very brief outage before the router switches from the primary WAN to the secondary. And that brings us to the next part on adjusting the parameters in a Dual-WAN connection.

Dual-WAN setups (on an Asus router): Understanding the standard settings

RT AX89X Dual WAN Failover Web UIRT AX89X Dual WAN Load Balancing Web UI
Dual-WAN: Failover vs Load-Balance (right). Here are the network maps of the Asus RT-AX89X running Dual-WAN in load-balancing vs failover.

Setting up a Dual-WAN connection is simple. It’s the same as setting up a single WAN connection plus another one. Here are the general steps on a supported router:

  1. Identify the network port used for the Primary WAN and another for the Secondary WAN. For this post, I’d use the 10Gbps Base-T Multi-Gig port for the former and the router’s default Gigabit WAN port for the latter.
  2. Connect the WAN ports to their respective internet sources. In my case, they are the 10Gbps Sonic Fiber-optic ONT and the Comcast Cable modem.
  3. Log in to the router’s web interface, go to the WAN (Internet) section, and set up the Dual-WAN accordingly. In my case, I tried both Failover and Load-Balance (one at a time.)

And that’s it. We’re done with the hardware part. It’s easy enough.

RT AX89X Dual WAN FailoverRT AX89X Dual WAN Load Balancing
Dual-WAN settings on an Asus router: Failover vs Load-Balance (right).

With that, let me explain a few basic settings in a Dual-WAN setup via the interface of an Asus router, as shown in the screenshots above. (If you use a different brand, the wording and the settings should be similar.)

  • Basic configurations:
    • Primary WAN: This is the main (faster) Internet connection.
    • Secondary WAN: The secondary (slower) Internet connection.
    • Dual-WAN Mode: Either Load Balance or Failover.
  • Auto Network Detection: This part includes the setting for the router to detect when a WAN connection becomes unavailable and behave accordingly. Specifically, in a Failover setup, it will switch to the secondary WAN, and in a Load-Balance setup, it’ll use the available WAN 100%. This section includes the following parameters:
    • Detect Interval: The frequency at which the router will check WAN connections for their online statuses. It’s best to set this number to 30 seconds or longer. A lower value might cause the router to overwork. This is generally the maximum amount of time the network has no Internet when the primary WAN is down — if the Trigger Condition below is set to 1.
    • Failover-applicable settings:
      • Allow fallback: Allow the router to move back to the primary WAN when it becomes available when the secondary WAN is in use.
      • Failover Trigger Condition: The number of consecutive times the primary WAN appears unavailable before the router switches to the secondary WAN. Multiply this number with the value of the Detect Internal above to know how long the router remains disconnected from the Internet before it switches to the secondary WAN.
      • Fallback Trigger Condition: The number of consecutive times the primary WAN appears available before the router switches back to it. Multiply this number with the value of the Detect Internal above to know how long the router keeps using the secondary WAN before it moves back to the primary WAN.
    • Network Monitoring: The methods used for the router to find out if a WAN connection is online. There are two options:
      • DNS Query: It’s fast and safe. However, there’s a chance that the information is cached and therefore not accurate — you might want to set the Trigger value mentioned above to be higher than 1. You need to pick a domain (Resolve Hostname) and an IP address (Resolved IP Address) that belongs to that domain. You can select any of your choosing. Just make sure you use one that has a high uptime. When this domain is down, your router will think your WAN is unavailable. The value in the screenshots is those of Google’s free DNS service. You can use them.
      • Ping Target: An IP address or domain that the router can send a Ping command. This method is effective when it works. However, some domains might block the ping command, especially when that happens frequently. Keep the Trigger value at 1 in this case.
    • Load-Balance-applicable Settings:
      • Load-Balance Configuration: This is the proportionate bandwidth allotment for the two WANs mentioned above. You can enter from 1 to 9 for each WAN depending on how they are different in terms of speeds.
      • Enable Routing rules: You can set rules to make a specific device within the network access a particular public IP address via a specific WAN connection (primary or secondary). Generally, a router supports about 30 such rules, but there’s no need to use them unless you have special purposes.

In my experience, when you have two lopsided WAN connections, like in my case, it’s best to use the Failover setting.

I’ve used that for a few weeks, and it has panned out well. Among other things, I could remove one WAN connection from my personal router and connect it to a test router without causing any issues within my home network.

Asus RT AX89X 10Gbps Internet 3
Dual-WAN: My Asus RT-AX89X with two Internet connections in action.

For most homes, though, Dual-WAN might not be worth the cost or even available. But, in this case, two is definitely better than one.

With that, let’s move on to Link Aggregation.

Link Aggregation: It’s all about local bandwidth

Link Aggregation, also known as bonding or Link Aggregation Group (LAG), is more straightforward than Dual-WAN.

In a nutshell, it’s when you combine two network connections (ports) of the same speed into a single link.

Link Aggregation in business and enterprise applications has a lot of flavors, but for home usage, the most popular, often the only available, is the 802.3ad standard. In consumer-grade applications, this standard applies only to Gigabit ports.

Specifically, you can combine two Gigabit ports into a 2Gbps connection to deliver the combined bandwidth and Failover capacity. If one of the two ports fails, you still get a Gigabit connection from the LAG.

Netgear Orbi RBS860 WAN Link Aggregation
Here’s a router with a 10Gbps WAN port that can be combined with a Gigabit port in a WAN Link Aggregation setup. In this case, you’ll get a 2Gbps connection out of them, which is applicable when your Internet terminal device doesn’t have a Mulit-Gig port but only LAG-ready Gigabit ports.

It’s important to note that while you can use a Multi-Gig port as part of a LAG, among home applications, that port will function in the Gigabit mode.

So if you combine a 10Gbps Multi-Gig port and a Gigabit port, you’ll still get a 2Gbps connection. This option is applicable when you don’t have Multi-Gig ports on both ends of a link.

Link Aggregation vs separate ports

If a device (such as a server) has more than one LAN port, you can plug them all into a network. Without Link Aggregation, only one of those ports is used at a given time — the rest is on standby.

In other words, the bandwidth between the device and your network remains at that of whichever port is being used — often the one plugged in last.

Link Aggregation is available on both the WAN and the LAN sides. But in either case, it’s always about the local network — it’s never available in the service line.

A LAG connection is awkward and messy because it requires two network cables.

By the way, for Link Aggregation to work, you need a supported router (or switch) and supported device — most NAS servers have it. In other words, you need support on both ends of the bonded connection.

WAN Link Aggregation: Relatively rare

On the WAN side, Link Aggregation is when you use two network ports on a terminal device (most likely a Cable modem) to connect to two ports on a router as a 2Gbps connection.

Motorola MB8600 Cable Modem 5
WAN Link Aggregation: The Motorola MB8600 is a Cable modem that supports WAN Link Aggregation.

It’s somewhat of a “cheat” way for an Internet service provider to deliver 2Gbps broadband to its customer. With Muti-Gig routers and modems commonplace, WAN Link Aggregation is no longer a popular choice.

Personally, I’ve never used WAN Link Aggregation.

LAN Link Aggregation (on an Asus router): It’s a fantastic bonus

On the other hand, I’ve used LAN Link Aggregation for years.

Indeed, most Asus routers have these features. You can combine its first and second LAN ports into an 802.3ad LAG, and virtually all Synology NAS servers with two or more LAN ports also support 802.3ad Link Aggregation (and other LAG flavors.)

RT AX89X Link Aggregation
LAN Link Aggregation: Steps to enable LAG on an Asus router.

If you have both, the setup steps are easy (I used an Asus router and a Synology NAS server as an example, but if you have a pair of any LAG-supported device and switch/router, the steps are similar):

  1. Create the LAG on the router using its web interface, as shown in the screenshot, using LAN1 and LAN2.
  2. Use two network cables to connect the router’s two LAN ports to the server.
  3. On the server’s end, go to the Network section of the Control Panel and create a bond using the two LAN ports using the Balance-TCP mode, which is a different name for 802.3ad LAG.

Mission accomplished.

Synology Link Aggregation
LAN Link Aggregation: Steps to enable LAG on a Synology server. Note the connection speed.

A couple of years ago, before the age of Multi-Gig, a LAG connection used to be the only easy way to achieve a multi-Gigabit connection to increase local bandwidth — a LAG-enabled server can simultaneously deliver full Gigabit connections to two Gigabit clients.

And that has been the case in my experience. Link Aggregation is a pure bonus.

Dual-WAN vs Link Aggregation

Here’s the recap.

Some routers can simultaneously support two Internet sources, such as Cable and Fiberoptic. That’s a Dual-WAN setup.

In this case, it can have two WAN ports (or it can turn one of its LAN ports into a WAN) or use a USB port as the second WAN to host a cellular dongle.

A Dual-WAN setup increases your network’s chance to remain online during outages (Failover), or you can simultaneously use the two Internet connections to get more bandwidth (Load-Balance).

Link Aggregation, also known as bonding, is where multiple network ports of a router aggregate into a single connection of combined bandwidth. Typically, you can have two Gigabit ports working in tandem to provide a 2Gbps link.

Many routers from known networking vendors have this feature. You can have Link Aggregation in WAN (Internet) or LAN sides.

The former requires a supported modem. And in the latter, your wired client also needs to support it. Most NAS servers do.

Apart from delivering more bandwidth, a Link Aggregation connection is also capable of failover.

While Dual-WAN and Link Aggregation are both about increased bandwidth, they are different in that the former is about using two distinctive broadband connections simultaneously while the latter is about using two identical local connections together as one.

The takeaway

Again, while neither Dual-WAN nor Link Aggregation is a must-have in most home networks, they are a bonus when you can use them.

Dual-WAN requires extra monthly data costs, so it’s not feasible or necessary. However, many routers support LAG, and if you have a server that also supports it, there’s no reason you shouldn’t get an additional network cable and try it out.

Share what you just read!

Comments are subject to approval, redaction, or removal.

It's generally faster to get answers via site/page search. Please be mindful that your question/comment is one of many Dong Knows Tech receives daily. Β 

  1. Strictly no bigotry, profanity, trolling, violence, or spamming -- including unsolicited bashing/praising/plugging a product/brand (β€’).
  2. You're presumed to have read this page in its entirety, including related posts and links in previous comments -- questions already addressed will likely be ignored.
  3. Be reasonable, attentive, and respectful! (No typo-laden, broken-thought, or cryptic comments, please!)

(β€’) Per the πŸ’―no-nonsense policy, all comments with an external link are scrutinized, and most links are redacted. Do not leave a comment if you're, in any capacity, representing a company/product mentioned here! Instead, send Dong Knows Tech a private message or use a PR channel.

If you intend to violate any of the rules above, you'll only waste your time.

Thank you!

30 thoughts on “Dual-WAN vs Link Aggregation Explained: Practical Real-World Tips”

  1. Excellent article. Dual WAN is a great option for load balancing. The only issue i have with it is the disabling of AI Protection. That is my struggle. I do run Skynet and Diversion for extra security etc. but i do like Trend Micro’s service through the ASUS routers.

  2. I am looking at doing a failover or dual wan setup for a client. One ISP will be Starlink and the second will be a Local ISP that is much slower. I have been asked a question regarding port forwarding. If an incoming request comes on the secondary ISP connection will it get to the target of the forwarding rule. Starlink does not allow port forwarding so the client wants to use the secondary ISP which provides a static IP to access devices inside the network.

    • Port forwarding and Dynamic DNS can be tricky with Dual-WAN, Ronald — you have two WAN IPs, and neither is persistent. It seems to be even more complicated in your situation because it seems your first WAN doesn’t give you a private WAN IP. The only way to make this work is likely via the load-balance setup, with the one with the static IP being the primary.

      • In my case the second wan is persistent with a static IP from the ISP. That is what is being used currently to access the device inside the network. The client wants to continue to use this method while increasing the primary WAN speed to the Starlink connection. The question is whether the router (AUS GT AX-11000) will monitor the second WAN connection and forward any incoming requests while the primary WAN is active. I was thinking that load balancing would work for this purpose. The Starlink is 300Mbps and the secondary is 25 Mpbs. The client is located in a rural area without too many choices for ISP’s

        • This can work, but you will need enterprise equipment as they have been doing multi-wan for ages now. Luckily, used enterprise gear is quite cheap (see watchguard and fortigate), and you can still set up the asus as the primary router if you want to double-nat, or as an access point and switch if you let the enterprise gear handle all the routing.

  3. Dong, excellent reviews as always. I am thinking of setting up dual-WAN in the load-balancing configuration on my Asus GT-AX6000, with two 1Gbps WAN feeds from two different providers. One of the 1Gbps feeds is over fibre, so it is symmetrical with 1Gbps on both uplink and downlink. The other 1Gbps feed is over cable, which is asymmetrical with 1Gbps on the downlink but only 40Mbps on the uplink. Is there a way to ensure or at least make it more likely that when I am uploading or upstreaming large quantities of data, the router will choose the faster of the two uplinks, i.e., the 1Gbps uplink over the fibre-based feed?

    Thanks so much. -Sid.

    • I’d just go 2:1, or 3:1, Sid. Unfortunately Asus doesn’t (yet) allow for separating downloading from uploading. If you do a lot of upload, it’s best to use failover, which I’ve been using.

    • Enterprise routers are much, much smarter in terms of managing multi-wan than consumer or smb routers ime. And since used enterprise equipment is cheap, I would get one of these to manage the multi-wan since it will automatically ‘know’ what you’re doing and put the data out of the pipes needed to optimize the use.

  4. One potential problem with two WAN connections setup in a failover configuration, is that a failure on the slower connection can go un-noticed. Better to load balance proportionately, if for no other reason than insuring that the slower connection is alive and well. If nothing else, force a low bandwidth device to use the slower connection, again, just so you know its working.

    FYI. Peplink has a whole line of Balance routers (a dozen or so models) that derive their name from balancing the load between multiple (not just two) WAN connections.

    • That’s generally incorrect, Michael. In my experience, if you unplug the slower (and unused) WAN, the router would know it; the interval I mentioned in the post check BOTH connections. I don’t think any home (or small business) needs more than Dual-WAN. πŸ™‚

      • I used to run triple wan at home and we ran triple wan at a site for a while to have redundancy between 2x isps and enough bandwidth for our needs. It all depends on what type of bandwidth the isps can provide. I know there are places that still only have dsl speeds and mobile hotspots as options, and the Internet access at locations like these can be made a lot more stable with more and more wan connections.

  5. Hi Dong,

    I have a specific question regarding SPF+ connections. My Netgear MS510TXM 10Gb capable switch has 2 x SPF+ ports that are not utilised and all my RJ45 ports full.

    I was considering adding a dual port SPF+ network card to my Synology NAS and utilising one (or both with LAG). I have been researching this and got confused about these SPF+ ports and the potential need for ‘transceiver modules’.

    My NAS is only 1-2 meters from the switch , so the question is what cable or adapter (or both) do I need to connect the switch and NAS via direct SPF+ to SPF+.

      • Thanks for that, what about these ‘transceiver modules’ ? do I need to buy them or can I just plug a direct connect 10G capable copper cable between the Netgear switch and the SPF+ on the NAS.

        I am really confused about the cable connection and if the switch needs anything else to connect over 2 meters or so.

  6. Do you know if the router and the switch both have to support link aggregation for it to work or if you can get away with just the switch having it? (can the client aggregate independently of the server, basically – I assume it’s a no)

    My ISP are giving me a DOCSIS 3.1 Modem/Router with 1.2Gbps down speeds, but only 1G ports. I have a 10Gbe switch, my desktop has a 10Gbe NIC, I have 2 x XT8s I can use the 2.5Gbps ports on – I just think there won’t be a way of getting >1Gbps internet connection out of my modem unless there’s a magic way of taking combined internet out of 2 ports at once.

      • Thanks Dong. I’m in Europe (Malta) and I’m worried about the amount I need to invest in a new modem for the extra 200mbps speed at 1.2g instead of 1g – plus no idea if my cable company will allow me to change from their hardware. You generally don’t see people buying their own cable DOCSIS modems here (ADSL modems are more common), you’ll struggle even to find one that isn’t a US import on European Amazon sites.

        I might see if I can get a cheap/free spare that allows a MAC address spoof to play around with before I invest in an expensive one with a 2.5g port – see if it just connects or they need to do stuff their side. That missing 200mbps is going to annoy my OCD until they finally offer a proper multi-gig connection!

  7. afaik, asus and nas’ link aggregation is called LACP. Will Static Link Aggregation (which is called LAG) from, for example, two TPLink TL-SG105E switches give the same Failover capacity. If one of the two ports fails, the connection will not be interrupted and transfered back and forth by the other port?

    • Generally, in all cases of 2-port LA for home and smb, the notion of Failover is implied, Keir — at worst the involved party or parties will disable the aggregation when one of the two ports is not live.

  8. Hey, Dong.

    Question for ya. You said you have a 10 gig sfp set up with your router for another internet connection. I recently got att 5 gig and was wondering my options to connect the gateway to a router that supports the speeds, but most routers only have a 2.5 gig port. With the ASUS router you have, is it just a simple β€œbuy a rj45 to sfp+ to connect the 5gig WAN port on the modem to the 10 gig sfp WAN port on the ASUS router?

  9. Hi Dong, Link aggregation while not so common at home is of course almost compulsory for physical servers in the commercial world, both for reliability and for performance. When putting in a VMware ESX host I would often use four or more 1 Gb/s connections just for the VMs to use. Plus probably another 4 for IP based storage and two each for management and vMotion.


Leave a Comment