Following discussions about ECMP with Masquerade and similar, we have made a new firewall matcher that will allow you more control and hopefully will overcome the previous limitations, read on:

http://wiki.mikrotik.com/wiki/PCC#Introduction

Very cool my friend! Jumping with joy

Thanks normis.

So next question when is 3.24 going to be released.

i hope this would work on the output chain - ie; connections generated from the router itself. Mainly for l2tp and pptp tunnels in my case.

I vote it to be also in output chain as well!

it's just one more simple firewall matcher - it will work everywhere =)

maybe any plans for TTL matcher? I'm waiting for it for about 1.5 year...

Well as far as i can see you can use any chain there, so it shouldn't be a problem.

But overall a very nice addition

If you have some ready setup to test, ask support for a pre-release package.

Any chance of giving the possibility to check another Ip not only the gateway if there is Internet connection through one gateway or not.???

Testing new system right now. So far working great. haven't seen anything drop so far.

I am watching it though. It seems to act a little more like nth on splitting how it picks which gateway but so far no major issues.

Going to keep testing it more tonight and push it harder with more connections tonight

I second that! The gateway might be up and reachable but internet is down. This is often the case with VSAT connections.

True. For example I could use check-gateway=<IP>, instead of "ping" or "arp" !

yep! Netwatch with possibility to set Routing Table like in Ping command would be nice! feature request? somebody who need this, please write to support

I think we should keep all checks limited to the closest network or else it will start to become ridiculous and dangerous.

Imagine half of the country constantly checking your server's IP address..... and what will happen if that address goes down - router willl drop perfectly working connection? I think there is no point even trying to ask for this.



Well it is NTH it is persistent NTH.

Anyone has any other applications to this feature?

Major servers are designed to be checked, they are powerful machines, load balanced by DNS, on powerful connections, can not be DoS attacked, so what I am saying is that we need the feature to ping a further up IP than the gateway and thats final. If your concerns are valid, than that can be avoided by providing a LIST OF IPs to ping to switch between them, if one fails - start ping the other one etc etc. simple logic. Right MikroTik ?

If we look from that point - all ISPs should have OSPF and BGP on their network one way or other, and should have backups, so that only time when you loose connection it should be because your gateway is dead, and this is now eliminated be check-gateway=ping or arp.

le'ts keep this thread on the topic of PCC not server reliability issues.

Woohoo! Thanks normis.

*emails support for pre-released package*

IMO - wrong!

and here is why - when you ping closest hop, you know this hop is working or not - if it is, then you do not have to worry about that. But in this case your owner of gateway should worry and supply you with route to network if links of gateway by any chance is down.

and most interesting part, if you are pinging some outer address, when route goes down, you adjust your routes and host is available again, your automatic configuration switches to previous configuration and no ping again - so, infinite loop of switching gateways.

and one more thing - do not hijack other threads and stay on topic in this case PCC

You do understand that check-gateway=ping,arp is not enough to know whether a route is OK, right? You know that we need to know if an ISP gateway is up in the case we have a CPE before the MirkoTik Router, right? We can not ping 192.168.1.1 we need to ping the Internet IP of the ISP gateway.

So get to work my friends, I'm sure you can do it and make it in a way that is a problem-free (no loops etc).

that's why you should use 'Routing Table' parameter in Ping command with table that have only one gw, isn't it? =)

Nice fix for the nth load balance.

Question though is will there ever be a fix or patch for ecmp to work correctly?

there is nothing to fix, it just works that way - linux kernel developers made this. this is why we made another method that does what you want.

MikroTik do not change kernel code at all?

Well they should. And if its too much work, they should give the kernel job to others, aka outsource it he he.

kernel is open-source www.kernel.org =)

My freeend ) to outsource a job means to let someone else do it for little money overseas or something. Of course the Linux kernel is open source.

but you should just post bug report - and they'll fix it for no money )))))

Sure. If its not a RouterOS specific issue.

as it was said, it's kernel 'feature', not ROS =)

Thanks for reply normis.

there is no need to complicate simple things. to achieve effect you can already have but not in so direct way. i am stressing once more - your only concern is that link to any number of gateways is working and you can pass data there. For ease of explanation, lets make diagram

A - B - C - D

before A are your clients, your network stretches and includes B, in case of link failure between A and B you will want your host A react and change routing, so it can reach default GW B, lets say through link E and that is it. If your main GW that is B drops link from B to C, that is concern of B not of A, because B will have to adjust its routing table so, you can reach out, now you use your backup provider to get your clients internet in the wild. For that you can use various dynamic routing protocols, eg: OSPF, but initiator of change in routing table will always be host that got link broken, not some obscure host across the network.

I have read your explanation Janis K, and I am sure that from your perspective you could be right that there is no need to complicate things. MikroTik is free to decide whether or not to implement such feature.

But I warn you:

Every time a RouterOS user connects an ADSL modem, a SOHO "Broadband Router", some DOCSIS modems, some 3G modems etc etc etc THAT IS IN NAT MODE they will not be able to use check-gateway to know if that link to the Internet is good or not. They will become frustrated with the product, as usual, and either give up on it, or get on your nerves about it.

And when a veteran RouterOS user needs to use a GW that is a NAT he would need to implement a script and that's work overtime that the user would rather not waste to discover the hot water (=the right working script) every time.

RouterOS as a product can be much more automated and easier for the customer. Is MikroTik willing to improve on this matter? Stability is more important And ease of use will make more happy customers.

By the way I am so happy for PCC very useful!

p.s. and even in a lot of cases when GW is not NAT, Internet connectivity through it is lost, due to upstream ISP problems. Happens all the time. So the problem is bigger, so MikroTik should take action.

then use netwach to ping some host and take actions weather it is up or down.

What NAT have to do with all this???? Clients are not sending anything - router is. And router is sending it from its local-ip , so no NAT is required for that address - it is in the same network as gateway.

there is wrong in PCC Wiki in those rules


per-connection-classifier=src-address,dst-address must be
per-connection-classifier=src-address,src-port

or it will be invalid .

i just tried PCC and it works fine until now .

Nop, example is correct. No matter how many connections from address A to address B will be always marked the same aand sent via same gateway.

I'd say, 'it depends' =) both examples are correct you should use the example you need

what if that gateway goes down? how can I implement high availability?

"add dst-address=0.0.0.0/0 gateway=10.111.0.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 distance=2 check-gateway=ping
"
does this?

If gateway goes down and you have "check-gateway" in the routes - those routes will become inactive and packets will be routed by other available route.

thx. Do You have any idea what performance can I achive with this config? I'd need more than 1-3Gbit/s.. I think with this I can implement Server Load Balancing - Gateways become Servers in the Farm and clients become the users of the servers...

Picture is unclear for me. Server load balancing is more a NATing not routing - isn't it?

Guys, I hate to disagree, but the rules from the wiki contain a syntax error under 3.24

If you just paste the example, you get the following:



It looks like the acceptable syntax has changed?


jw

ok we have updated the manual slightly

Can't you use <tab> button - it is so easy to see where changes are exactly! If you just copy/paste configuration without thinking what you are doing it end up as a big problem one time.

Normis,

Thanks very much for the wiki update and new facility. I have not yet got it to work, but am still plugging away at it. It looks like exactly what I need.

macgaiver

Yes, I can and did use the tab button (one of the world's great inventions, right after the delete key). But the Wiki should be correct, no?


jw

Both examples are correct.. so what is the difference?
How can I force one WAN port with 50% and the two others WAN ports with 25%?

tnx

Divide traffic into 4 streams and send first 2 on the first gateway. (use both addresses as separator)

Note that this is not per packet load balancing, so it will not be 50/25/25 all the time. - More connections/clients you will have closer to those numbers you will get.

Hello,
new PCC matcher is proprietary Mikrotik solution or implementation of open source code? I am interested in how this new thing works. Many thanks.

read the link in the first post of this thread. it's very simple, there is nothing special