2 WAN WITHOUT LOAD BALANCING

Przemcio71 · Tue Nov 05, 2013 8:26 pm

Hi.
I have CCR-1016-12G.
Everywhere i found manuals and examples for 2 WAN with loadbalancing.
I need example for 2 WAN WITHOUT load balancing for similar configuration:

1WAN with IPsec     ---->  |--------|    ----->  LAN with 2 subnets ex. 10.x.1.1/24 and 10.x.2.1/24
                              CCR
               2WAN ---->  |--------|    -----> LAN with 3 subnets ex. 10.x.5.1/24 10.x.6.1/24 10.x.7.1/24

How configure router beetween:
1WAN <- traffic -> LAN with 2 subnets,
2WAN <- traffic -> LAN with 3 subnets and
LAN with 2 subnets <- traffic -> LAN with 3 subnets.

Maybe i don`t understand something.

P.

tws101 · Tue Nov 05, 2013 11:20 pm

Place a routing mark on LAN 1 both subnets

Place a different routing mark on LAN 2 all 3 subnets.

In routes establish your WAN routes requiring that routing mark corresponding to the LAN you want routed out of it.

As for communication between subnets on different LANs this happen automatically unless you place a firewall filter to block it.

Przemcio71 · Wed Nov 06, 2013 3:50 am

In routes establish your WAN routes requiring that routing mark corresponding to the LAN you want routed out of it

This is problem.
WAN1 and WAN2 is default set for load balancing on CCR ?
If set parameter "distance=1" on both WAN - WAN1 not responding.
WAN1 distance=1 , WAN2 distance=2 - all traffic going to WAN1. Routing-mark not working.
How set routes for 2 WAN without load balancing ?

P.

Rudios · Wed Nov 06, 2013 7:29 am

Why is routing mark not working, what have you configured.
Show your ip firewall mangle rules and ip routes.

bingo220 · Wed Nov 06, 2013 4:44 pm

This config has to work. It hasn't the loadbalancing-mode, but has the Failover-mode.
You have to change "x" in 10.x.5.1 and 10.x.7.254.
Uncheck box "Add default route" in both ISP-connections, if it's using now.
Also change AAA.AAA.AAA.AAA to ip-address of Gateway ISP1 (only IP! not interface-name etc.)
And BBB.BBB.BBB.BBB to ip-address of Gateway ISP2 (only IP! not interface-name etc.)
Other ip addresses used here for ping-checking internet. It's public DNS servers.

/ip firewall address-list
add list=static-wan2 address=10.x.5.1-10.x.7.254 comment="IP to WAN2"

/ip firewall mangle
add action=mark-routing chain=prerouting comment="Mark STATIC route to WAN2" dst-address-type=!local new-routing-mark=to-wan2 src-address-list=static-wan2

/ip route
add comment="STATIC Route-1 to WAN2" distance=1 gateway=192.168.100.2 routing-mark=to-wan2
add comment="STATIC Route-2 to WAN2" distance=2 gateway=192.168.100.1 routing-mark=to-wan2
add comment="Default Route to WAN1" distance=1 gateway=192.168.100.1
add comment="Default Route to WAN2" distance=2 gateway=192.168.100.2
add check-gateway=ping comment="Virtual host for ISP1-host1" distance=1 dst-address=192.168.100.1/32 gateway=151.197.0.38 scope=10
add check-gateway=ping comment="Virtual host for ISP1-host2" distance=2 dst-address=192.168.100.1/32 gateway=4.2.2.1 scope=10
add check-gateway=ping comment="Virtual host for ISP2-host1" distance=1 dst-address=192.168.100.2/32 gateway=151.197.0.39 scope=10
add check-gateway=ping comment="Virtual host for ISP2-host2" distance=2 dst-address=192.168.100.2/32 gateway=4.2.2.2 scope=10
add comment="Static PING way by ISP1-host1" distance=1 dst-address=151.197.0.38/32 gateway=AAA.AAA.AAA.AAA scope=10
add comment="Static PING way by ISP1-host2" distance=1 dst-address=4.2.2.1/32 gateway=AAA.AAA.AAA.AAA scope=10
add comment="Static PING way by ISP2-host1" distance=1 dst-address=151.197.0.39/32 gateway=BBB.BBB.BBB.BBB scope=10
add comment="Static PING way by ISP2-host2" distance=1 dst-address=4.2.2.2/32 gateway=BBB.BBB.BBB.BBB scope=10
add comment="HELP for reverse GW1(1)" distance=20 dst-address=151.197.0.38/32 type=blackhole
add comment="HELP for reverse GW1(2)" distance=20 dst-address=4.2.2.1/32 type=blackhole
add comment="HELP for reverse GW2(1)" distance=20 dst-address=151.197.0.39/32 type=blackhole
add comment="HELP for reverse GW2(2)" distance=20 dst-address=4.2.2.2/32 type=blackhole

Przemcio71 · Fri Nov 08, 2013 6:11 am

Thank you for your interest and patience.
I found another solutions - Policy Based Routing - from Butch Evans blog.
It`s working for me fine. Easy configuration without "blackhole" and next option for expert.

bingo220 - your configuration really has the Failover-mode for VPN with IPsec ?
Thank you for interesting example configuration.
Check it out at the next lesson with RouterOS and more WAN.

P.

bingo220 · Fri Nov 08, 2013 12:57 pm

your configuration really has the Failover-mode for VPN with IPsec ?

I use 2 PPPoE connections, and failover works wonderful.
My example is based on this page.

2 WAN WITHOUT LOAD BALANCING

2 WAN WITHOUT LOAD BALANCING

Re: 2 WAN WITHOUT LOAD BALANCING

Re: 2 WAN WITHOUT LOAD BALANCING

Re: 2 WAN WITHOUT LOAD BALANCING

Re: 2 WAN WITHOUT LOAD BALANCING

Re: 2 WAN WITHOUT LOAD BALANCING

Re: 2 WAN WITHOUT LOAD BALANCING

Who is online