Best method to load balance 2 internet line?

myso · Thu Nov 25, 2010 3:58 pm

Hi,

I'm trying to get a failover solution for my scenario: RB433AH having these interfaces:
- WAN (primary internet),
- PPPoE (backup ADSL connection) and of course
- LAN interface.

I don't need any load balancing.

The basic setup from mikrotik wiki works fine, but I don't understand what are the 10.x.x.x IP addresses in the Multiple host checking setup. May I ask you for a little help here?

Thanks in advance...

Michael

Chupaka · Thu Nov 25, 2010 6:03 pm

Multiple host checking setup

maybe, provide some links?..

myso · Thu Nov 25, 2010 7:06 pm

sorry I thought it was you who wrote the article: http://wiki.mikrotik.com/wiki/Advanced_ ... _Scripting

Chupaka · Fri Nov 26, 2010 12:09 am

oh, you're about that...

10.x.x.x are some fake addresses, they are used only for recursive routes.

a) for any packet from user to Internet, you first set gateway=10.x.x.x

b) then route to that 10.x.x.x address is recursively resolved via one of hosts you are checking by ping

c) after that, route to the host you are checking is resolved via your real gateway

those 10.x.x.x addresses should NOT exist anywhere - just in routing table

myso · Fri Nov 26, 2010 10:10 am

Thanks for the explanation, now I seem to get it

Unfortunately, non of my default routes gets active, I don't know why. See the dump:

/ip route print

Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
0>  S  0.0.0.0/0                          10.1.1.1           1       
1>  S  0.0.0.0/0                          10.2.2.2           1       
2>  S  0.0.0.0/0                          10.2.2.2           2       
3>  S  0.0.0.0/0                          10.1.1.1           2  
4>A S  8.8.4.4/32                         10.18.33.1         1       
5>  SB 8.8.4.4/32                                            20      
6>A S  8.8.8.8/32                         192.168.222.1      1       
7>  SB 8.8.8.8/32                                            20      
8>A S  10.1.1.1/32                        208.67.222.222     1       
9>  S  10.1.1.1/32                        8.8.8.8            1       
10>A S  10.2.2.2/32                        208.67.220.220     1       
11>  S  10.2.2.2/32                        8.8.4.4            1       
12>ADC  10.18.33.0/24      10.18.33.85     SkyNET             0       
13>ADC  10.18.85.0/24      10.18.85.1      LAN                0       
14>ADC  192.168.222.0/24   192.168.222.194 CDMA               0       
15>A S  208.67.220.220/32                  10.18.33.1         1       
16>  SB 208.67.220.220/32                                     20      
17>A S  208.67.222.222/32                  192.168.222.1      1       
18>  SB 208.67.222.222/32                                     20

I'm testing against openDNS and GoogleDNS servers...

Chupaka · Fri Nov 26, 2010 5:51 pm

use 'print detail' - your output doesn't show scopes and routing marks

myso · Mon Nov 29, 2010 8:28 am

I'm sorry, here's the detailed output:

Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
0>  S  dst-address=0.0.0.0/0 gateway=10.1.1.1 
        gateway-status=10.1.1.1 recursive via 192.168.222.1 CDMA 
        check-gateway=ping distance=1 scope=30 target-scope=10 

1>  S  dst-address=0.0.0.0/0 gateway=10.2.2.2 
        gateway-status=10.2.2.2 recursive via 10.18.33.1 SkyNET 
        check-gateway=ping distance=1 scope=30 target-scope=10 

2>  S  dst-address=0.0.0.0/0 gateway=10.2.2.2 
        gateway-status=10.2.2.2 recursive via 10.18.33.1 SkyNET 
        check-gateway=ping distance=2 scope=30 target-scope=10 

3>  S  dst-address=0.0.0.0/0 gateway=10.1.1.1 
        gateway-status=10.1.1.1 recursive via 192.168.222.1 CDMA 
        check-gateway=ping distance=2 scope=30 target-scope=10 

4>A S  dst-address=8.8.4.4/32 gateway=10.18.33.1 
        gateway-status=10.18.33.1 reachable SkyNET distance=1 scope=10 
        target-scope=10 

5>  SB dst-address=8.8.4.4/32 type=blackhole distance=20 

6>A S  dst-address=8.8.8.8/32 gateway=192.168.222.1 
        gateway-status=192.168.222.1 reachable CDMA distance=1 scope=10 
        target-scope=10 

7>  SB dst-address=8.8.8.8/32 type=blackhole distance=20 

8>A S  dst-address=10.1.1.1/32 gateway=208.67.222.222 
        gateway-status=208.67.222.222 recursive via 192.168.222.1 CDMA 
        check-gateway=ping distance=1 scope=10 target-scope=10 

9>  S  dst-address=10.1.1.1/32 gateway=8.8.8.8 
        gateway-status=8.8.8.8 recursive via 192.168.222.1 CDMA 
        check-gateway=ping distance=1 scope=10 target-scope=10 

10>A S  dst-address=10.2.2.2/32 gateway=208.67.220.220 
        gateway-status=208.67.220.220 recursive via 10.18.33.1 SkyNET 
        check-gateway=ping distance=1 scope=10 target-scope=10 

11>  S  dst-address=10.2.2.2/32 gateway=8.8.4.4 
        gateway-status=8.8.4.4 recursive via 10.18.33.1 SkyNET 
        check-gateway=ping distance=1 scope=10 target-scope=10 

12>ADC  dst-address=10.18.33.0/24 pref-src=10.18.33.85 gateway=SkyNET 
        gateway-status=SkyNET reachable distance=0 scope=10 

13>ADC  dst-address=10.18.85.0/24 pref-src=10.18.85.1 gateway=LAN 
        gateway-status=LAN reachable distance=0 scope=10 

14>ADC  dst-address=192.168.222.0/24 pref-src=192.168.222.194 gateway=CDMA 
        gateway-status=CDMA reachable distance=0 scope=10 

15>A S  dst-address=208.67.220.220/32 gateway=10.18.33.1 
        gateway-status=10.18.33.1 reachable SkyNET distance=1 scope=10 
        target-scope=10 

16>  SB dst-address=208.67.220.220/32 type=blackhole distance=20 

17>A S  dst-address=208.67.222.222/32 gateway=192.168.222.1 
        gateway-status=192.168.222.1 reachable CDMA distance=1 scope=10 
        target-scope=10 

18>  SB dst-address=208.67.222.222/32 type=blackhole distance=20

Chupaka · Mon Nov 29, 2010 5:38 pm

/ip route nexthop print

p.s. where are routing marks for your default gateways?..

myso · Tue Nov 30, 2010 9:30 am

/ip route print detail (with routing marks)

Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
 0   S  dst-address=0.0.0.0/0 gateway=10.1.1.1
        gateway-status=10.1.1.1 recursive via 192.168.222.1 CDMA
        check-gateway=ping distance=1 scope=30 target-scope=10
        routing-mark=ISP1

 1   S  dst-address=0.0.0.0/0 gateway=10.2.2.2
        gateway-status=10.2.2.2 recursive via 10.18.33.1 SkyNET
        check-gateway=ping distance=2 scope=30 target-scope=10
        routing-mark=ISP1

 2   S  dst-address=0.0.0.0/0 gateway=10.2.2.2
        gateway-status=10.2.2.2 recursive via 10.18.33.1 SkyNET
        check-gateway=ping distance=1 scope=30 target-scope=10
        routing-mark=ISP2

 3   S  dst-address=0.0.0.0/0 gateway=10.1.1.1
        gateway-status=10.1.1.1 recursive via 192.168.222.1 CDMA
        check-gateway=ping distance=2 scope=30 target-scope=10
        routing-mark=ISP2

 4 A S  dst-address=8.8.4.4/32 gateway=10.18.33.1
        gateway-status=10.18.33.1 reachable SkyNET distance=1 scope=10
        target-scope=10

 5   SB dst-address=8.8.4.4/32 type=blackhole distance=20

 6 A S  dst-address=8.8.8.8/32 gateway=192.168.222.1
        gateway-status=192.168.222.1 reachable CDMA distance=1 scope=10
        target-scope=10

 7   SB dst-address=8.8.8.8/32 type=blackhole distance=20

 8 A S  dst-address=10.1.1.1/32 gateway=208.67.222.222
        gateway-status=208.67.222.222 recursive via 192.168.222.1 CDMA
        check-gateway=ping distance=1 scope=10 target-scope=10

 9   S  dst-address=10.1.1.1/32 gateway=8.8.8.8
        gateway-status=8.8.8.8 recursive via 192.168.222.1 CDMA
        check-gateway=ping distance=1 scope=10 target-scope=10

10 A S  dst-address=10.2.2.2/32 gateway=208.67.220.220
        gateway-status=208.67.220.220 recursive via 10.18.33.1 SkyNET
        check-gateway=ping distance=1 scope=10 target-scope=10

11   S  dst-address=10.2.2.2/32 gateway=8.8.4.4
        gateway-status=8.8.4.4 recursive via 10.18.33.1 SkyNET
        check-gateway=ping distance=1 scope=10 target-scope=10

12 ADC  dst-address=10.18.33.0/24 pref-src=10.18.33.85 gateway=SkyNET
        gateway-status=SkyNET reachable distance=0 scope=10

13 ADC  dst-address=10.18.85.0/24 pref-src=10.18.85.1 gateway=LAN
        gateway-status=LAN reachable distance=0 scope=10

14 ADC  dst-address=192.168.222.0/24 pref-src=192.168.222.194 gateway=CDMA
        gateway-status=CDMA reachable distance=0 scope=10

15 A S  dst-address=208.67.220.220/32 gateway=10.18.33.1
        gateway-status=10.18.33.1 reachable SkyNET distance=1 scope=10
        target-scope=10

16   SB dst-address=208.67.220.220/32 type=blackhole distance=20

17 A S  dst-address=208.67.222.222/32 gateway=192.168.222.1
        gateway-status=192.168.222.1 reachable CDMA distance=1 scope=10
        target-scope=10

18   SB dst-address=208.67.222.222/32 type=blackhole distance=20

/ip route nexthop print

0 address=8.8.4.4 gw-state=recursive forwarding-nexthop=10.18.33.1 scope=10 check-gateway=icmp gw-check-ok=yes

 1 address=8.8.8.8 gw-state=recursive forwarding-nexthop=192.168.222.1 scope=10 check-gateway=icmp gw-check-ok=yes

 2 address=10.1.1.1 gw-state=recursive forwarding-nexthop=192.168.222.1 scope=10 check-gateway=icmp gw-check-ok=no

 3 address=10.2.2.2 gw-state=recursive forwarding-nexthop=10.18.33.1 scope=10 check-gateway=icmp gw-check-ok=no

 4 address=10.18.33.1 gw-state=reachable scope=10 check-gateway=none

 5 address=192.168.222.1 gw-state=reachable scope=10 check-gateway=none

 6 address=208.67.220.220 gw-state=recursive forwarding-nexthop=10.18.33.1 scope=10 check-gateway=icmp gw-check-ok=yes

 7 address=208.67.222.222 gw-state=recursive forwarding-nexthop=192.168.222.1 scope=10 check-gateway=icmp gw-check-ok=yes

A noob question: Are the routing marks needed even in a setup without loadbalancing? is there anything else needed to be setup together with the routing marks in default routes?

Chupaka · Tue Nov 30, 2010 3:52 pm

arrrrgh, I see... sorry - I had no place to test this kind of setup =)

you should not use "check-gateway=ping" for 10.x.x.x gateways - they even don't exist...
here's the changes: http://wiki.mikrotik.com/index.php?titl ... ldid=18512

as far as I can see, no more changes is required

myso · Tue Nov 30, 2010 5:53 pm

Well, thanks very much for the corrections, it works now. Perhaps you should add (just for some routing beginners like me) that you need to add something like this to have it work (with the Routing marks):

/ip firewall mangle
add action=mark-routing chain=prerouting src-address=192.168.33.0/24 new-routing-mark=ISP1

Thanks again

Michael

Chupaka · Tue Nov 30, 2010 11:06 pm

Well, thanks very much for the corrections, it works now.

thank you for the testing =)

Perhaps you should add (just for some routing beginners like me) that you need to add something like this to have it work (with the Routing marks):
Code: Select all
/ip firewall mangle
add action=mark-routing chain=prerouting src-address=192.168.33.0/24 new-routing-mark=ISP1

the article is about failover, not balancing or something, so

Let's suppose <...> we have some policy routing rules, so all outgoing traffic is marked with ISP1 (which goes to GW1) and ISP2 (which goes to GW2) marks

myso · Wed Dec 01, 2010 12:45 pm

OK OK

my last question? is this setup possible to use without the ISP routing marks? i don't want to blanace the traffic load - I'd just like to have a primary GW and a backup GW and use this advanced routing for failover (with double check against 4 high availability servers).

Chupaka · Wed Dec 01, 2010 6:40 pm

actually, you need to check 2 servers via 1st gateway. if first gateway is down, there's no sense to check whether gw2 is working =)

yep, just remove routing mark ISP1 from routes and remove routes with ISP2 mark

pszemaz · Thu Jan 26, 2012 11:01 pm

Hi all!
First of all, I know this topic is old, but it is the right topic for me.
I "fight" on my MKT with "Advanced Routing Failover without Scripting"
http://wiki.mikrotik.com/wiki/Advanced_ ... _Scripting

I've got 2 WAN connections, and 2 LAN (LAN2 I do not use, so lets say there is only LAN1).

If I do not use /ip route (s) from that wiki art, and use mangle as I paste later everything works fine.
All trafic from WAN1 goes out from WAN1, (the same for WAN2).
I although do default routes without marks for outgoing traffic from MKT itself.
That all works.

Now below I'll copy/paste my settings (ip, mangle, routes) whitch does not work.
I think the problem is in mangle, because I tried few arts about failover and

In Chupaka Wiki there are no routes without marks. If I don't use routs without marks I have no internet connection..
Chupaka wrote:

so all outgoing traffic is marked with ISP1 (which goes to GW1) and ISP2 (which goes to GW2) marks

I don't know how mark ALL OUTGOING traffic. As I wrote above, I use some default routes without marks to have internet connection.

HERE IP ROUTES that works for me, but no failover here (and I want to have it):

 0 A S  dst-address=0.0.0.0/0 gateway=94.87.83.254 
        gateway-status=94.87.83.254 reachable via  WAN1 
        distance=1 scope=30 target-scope=10 routing-mark=to_WAN1 

 3   S  dst-address=0.0.0.0/0 gateway=192.168.0.0 
        gateway-status=192.168.0.0 unreachable distance=2
        target-scope=10 routing-mark=to_WAN2 

 6 A S  dst-address=0.0.0.0/0 gateway=94.87.83.254 
        gateway-status=94.87.83.254 reachable scope=30 target-scope=10 

 7   S  dst-address=0.0.0.0/0 gateway=192.168.0.0 
        gateway-status=192.168.0.0 unreachable distance=2 target-scope=10 

16 ADC  dst-address=192.168.0.0/24 pref-src=192.168.0.59 gateway=WAN2 
        gateway-status=WAN2 reachable distance=0 scope=10 

17 ADC  dst-address=192.168.33.0/24 pref-src=192.168.33.1 gateway=LAN2 
        gateway-status=LAN2 reachable distance=0 scope=10 

18 ADC  dst-address=192.168.168.0/24 pref-src=192.168.168.1 gateway=LAN1 
        gateway-status=LAN1 reachable distance=0 scope=10 

19 ADC  dst-address=94.87.83.224/27 pref-src=94.87.83.242 gateway=WAN1 
        gateway-status=WAN1 reachable distance=0 scope=10

So here are my basic settings (I made to have failover withous script, but it does not work):

HOST1A - 8.8.8.8
HOST1B - 8.8.4.4
HOST2A - 208.67.220.220
HOST2B - 208.67.222.222

Fake GW1 - 172.16.1.1
Fake GW2 - 172.16.2.2

GW1: 94.87.83.254
GW2: 192.168.0.1

ip address print detail 

 0   address=192.168.168.1/24 network=192.168.168.0 interface=LAN1 actual-interface=LAN1 
 1   address=192.168.0.59/24 network=192.168.0.0 interface=WAN2 actual-interface=WAN2 
 2   address=192.168.33.1/24 network=192.168.33.0 interface=LAN2 actual-interface=LAN2 
 3 D address=94.87.83.242/27 network=94.87.83.224 interface=WAN1 actual-interface=WAN1

/ip firewall mangle print detail

 0   ;;; DEFAULT ROUTING table for traffic from LAN to connected (WAN) networks
     chain=prerouting action=accept dst-address=94.87.83.0/24
     in-interface=LAN1 

 1   chain=prerouting action=accept dst-address=192.168.0.0/24 
     in-interface=LAN1 

 2   ;;; INPUT in WAN1, out WAN1
     chain=input action=mark-connection new-connection-mark=WAN1_conn 
     passthrough=yes in-interface=WAN1 

 3   chain=output action=mark-routing new-routing-mark=to_WAN1 
	 passthrough=no connection-mark=WAN1_conn 

 4   ;;; INPUT in WAN2, out WAN2
     chain=input action=mark-connection new-connection-mark=WAN2_conn 
     passthrough=yes in-interface=WAN2 

 5   chain=output action=mark-routing new-routing-mark=to_WAN2 
	 passthrough=no connection-mark=wan2_conn 

 6   ;;; Forward in WAN1, out WAN1
     chain=forward action=mark-connection new-connection-mark=WAN1_forward 
     passthrough=yes connection-state=new in-interface=WAN1 

 7   chain=prerouting action=mark-routing new-routing-mark=to_WAN1 
     passthrough=no in-interface=LAN1 connection-mark=WAN1_forward 

 8   ;;; Forward in WAN2, out WAN2
     chain=forward action=mark-connection new-connection-mark=WAN2_forward 
     passthrough=yes connection-state=new in-interface=WAN2 

 9   chain=prerouting action=mark-routing new-routing-mark=to_WAN2 
     passthrough=no in-interface=LAN1 connection-mark=WAN2_forward

/ip route print detail

 0 A S  dst-address=0.0.0.0/0 gateway=172.16.1.1 
		gateway-status=172.16.1.1 recursive via 94.87.83.254 WAN1 
        distance=1 scope=30 target-scope=10 routing-mark=to_WAN1 

 1   S  dst-address=0.0.0.0/0 gateway=172.16.2.2 
		gateway-status=172.16.2.2 recursive via 192.168.0.1 WAN2 
        distance=2 scope=30 target-scope=10 routing-mark=to_WAN1 

 2 A S  dst-address=0.0.0.0/0 gateway=172.16.2.2 
		gateway-status=172.16.2.2 recursive via 192.168.0.1 WAN2 
        distance=1 scope=30 target-scope=10 routing-mark=to_WAN2 

 3   S  dst-address=0.0.0.0/0 gateway=172.16.1.1 
		gateway-status=172.16.1.1 recursive via 94.87.83.254 WAN1 
        distance=2 scope=30 target-scope=10 routing-mark=to_WAN2 

 4 A S  dst-address=8.8.4.4/32 gateway=192.168.0.1 
		gateway-status=192.168.0.1 reachable via  WAN2 distance=1 
        scope=10 target-scope=10 

 5   SB dst-address=8.8.4.4/32 type=blackhole distance=20 

 6 A S  dst-address=8.8.8.8/32 gateway=94.87.83.254 
		gateway-status=94.87.83.254 reachable via  WAN1 
        distance=1 scope=10 target-scope=10 

 7   SB dst-address=8.8.8.8/32 type=blackhole distance=20 

 8 A S  dst-address=172.16.1.1/32 gateway=208.67.222.222 
        gateway-status=208.67.222.222 recursive via 94.87.83.254 WAN1 
		check-gateway=ping distance=1 scope=10 target-scope=10 

 9   S  dst-address=172.16.1.1/32 gateway=8.8.8.8 
		gateway-status=8.8.8.8 recursive via 94.87.83.254 WAN1 
        check-gateway=ping distance=1 scope=10 target-scope=10 

10 A S  dst-address=172.16.2.2/32 gateway=208.67.220.220 
        gateway-status=208.67.220.220 recursive via 192.168.0.1 WAN2 
		check-gateway=ping distance=1 scope=10 target-scope=10 

11   S  dst-address=172.16.2.2/32 gateway=8.8.4.4 
		gateway-status=8.8.4.4 recursive via 192.168.0.1 WAN2 
        check-gateway=ping distance=1 scope=10 target-scope=10 

12 ADC  dst-address=192.168.0.0/24 pref-src=192.168.0.59 
		gateway=WAN2 gateway-status=WAN2 reachable distance=0 scope=10 


13 ADC  dst-address=192.168.33.0/24 pref-src=192.168.33.1 
		gateway=LAN2 gateway-status=LAN2 reachable distance=0 scope=10 

14 ADC  dst-address=192.168.168.0/24 pref-src=192.168.168.1 
		gateway=LAN1 gateway-status=LAN1 reachable distance=0 scope=10 

15 ADC  dst-address=94.87.83.224/27 pref-src=94.87.83.242 
		gateway=WAN1 gateway-status=WAN1 reachable distance=0 scope=10 

16 A S  dst-address=208.67.220.220/32 gateway=192.168.0.1 
		gateway-status=192.168.0.1 reachable via  WAN2 
        distance=1 scope=10 target-scope=10 

17   SB dst-address=208.67.220.220/32 type=blackhole distance=20 

18 A S  dst-address=208.67.222.222/32 gateway=94.87.83.254 
		gateway-status=94.87.83.254 reachable via  WAN1 
        distance=1 scope=10 target-scope=10 

19   SB dst-address=208.67.222.222/32 type=blackhole distance=20

Please check my mangle rules. Thank you.

pszemaz

newranman · Sat Oct 13, 2012 8:43 am

Here is post of mine with a working config

http://forum.mikrotik.com/viewtopic.php?f=2&t=66294

Randy Newman

Best method to load balance 2 internet line?

Re: Best method to load balance 2 internet line?

Re: Best method to load balance 2 internet line?

Re: Best method to load balance 2 internet line?

Re: Best method to load balance 2 internet line?

Re: Best method to load balance 2 internet line?

Re: Best method to load balance 2 internet line?

Re: Best method to load balance 2 internet line?

Re: Best method to load balance 2 internet line?

Re: Best method to load balance 2 internet line?

Re: Best method to load balance 2 internet line?

Re: Best method to load balance 2 internet line?

Re: Best method to load balance 2 internet line?

Re: Best method to load balance 2 internet line?

Re: Best method to load balance 2 internet line?

Re: Best method to load balance 2 internet line?

Re: Best method to load balance 2 internet line?

Who is online