Dear All,
Below find config related to Mikrotik RB750G router, running 6.0rc9.
I am trying to configure ISP redundancy in load-balancing mode through a PCC article. Issue is the secondary doesn't work after the primary connection fails, nor can I use both ISPs in load-balancing mode
Some observations I've noted through WebFig are the following:
Interface>Interface – Ok, Traffic being Transmitted and Received on all interfaces
Interface>Ethernet – Ok, Traffic being Transmitted and Received on all interfaces
DNS – Four set, two for one ISP and two for the other ISP
Firewall>NAT – seems ok, traffic being transmitted and received on all interfaces
Firewall>Mangle – there seems to be an issue here since there is no packets (counter still at 0), both for primary and secondary ISP network addresses
Routes>Secondary ISP Gateway is unreachable for static routes
Routes>Nexthops
Gateway state is reachable for both nexthops
Below I am including extracts of the config.
(Please note that IP addresses/MAC Addresses have been left out and replaced with Text).
Should you require further info please let me know
[admin@MikroTik] /interface> print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE MTU L2MTU MAX-L2MTU MAC-ADDRESS
0 R WAN2 ether 1500 1520 1520 -
1 R ether1-gateway ether 1500 1520 1520 -
2 R ether2-master-local ether 1500 1520 1520 -
3 XS ether4-slave-local ether 1500 1520 1520 -
4 XS ether5-slave-local ether 1500 1520 1520 -
---
[admin@MikroTik] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; default configuration
192.168.88.1/24 192.168.88.0 ether2-master-local
1 ;;; Internet Primary
ISP1 IP Address [ISP1 Network Address] ether1-gateway
2 ;;; Internet Secondary
ISP2 IP Address [ISP2 Network Address] WAN2
---
[admin@MikroTik] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=prerouting action=accept dst-address=[ISP1 Network Address] in-interface=ether2-master-local
1 chain=prerouting action=accept dst-address=[ISP2 Network Address] in-interface=ether2-master-local
2 chain=prerouting action=mark-connection new-connection-mark=ether1-gateway_conn passthrough=yes
in-interface=ether1-gateway connection-mark=no-mark
3 chain=prerouting action=mark-connection new-connection-mark=WAN2_conn passthrough=yes in-interface=WAN2
connection-mark=no-mark
4 chain=prerouting action=mark-connection new-connection-mark=ether1-gateway_conn passthrough=yes
dst-address-type=!local in-interface=ether2-master-local connection-mark=no-mark
per-connection-classifier=both-addresses:2/0
5 chain=prerouting action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
dst-address-type=!local in-interface=ether2-master-local connection-mark=no-mark
per-connection-classifier=both-addresses:2/1
6 chain=prerouting action=mark-routing new-routing-mark=to_ether1-gateway passthrough=yes
in-interface=ether2-master-local connection-mark=ether1-gateway_conn
7 chain=prerouting action=mark-routing new-routing-mark=to_WAN2 passthrough=yes
in-interface=ether2-master-local connection-mark=WAN2_conn
8 chain=output action=mark-routing new-routing-mark=to_ether1-gateway passthrough=yes
connection-mark=ether1-gateway_conn
9 chain=output action=mark-routing new-routing-mark=to_WAN2 passthrough=yes connection-mark=WAN2_conn
10 chain=prerouting action=accept
--------------
[admin@MikroTik] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; default configuration
chain=srcnat action=masquerade protocol=0 out-interface=ether1-gateway
1 chain=srcnat action=masquerade out-interface=ether1-gateway
2 chain=srcnat action=masquerade out-interface=WAN2
--------------
[admin@MikroTik] /ip route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 ISP1 Gateway 1
1 S 0.0.0.0/0 ISP2 Gateway 1
2 A S 0.0.0.0/0 ISP1 Gateway 1
3 S 0.0.0.0/0 ISP2 Gateway 2
4 ADC 192.168.88.0/24 192.168.88.1 ether2-master-local 0
5 ADC ISP1 Network Address ISP1 Static IP ether1-gateway 0
6 ADC ISP2 Network Address ISP2 Static IP WAN2 0
---------------