Community discussions

MikroTik App
  4. RouterOS
  5. General

Move from ECMP to PCC load balancing

Post Reply
 
Jacka
Member Candidate
Member Candidate
Topic Author
Posts: 125
Joined: Thu Jan 13, 2011 11:34 am

Move from ECMP to PCC load balancing

Thu Oct 25, 2012 8:09 pm

Hi everyone,

Upgraded today to RouterOS v5.21 and with this upgrade I wanted to finally move to PCC load balacing, because as many said ECMP is outdated.

I followed the example from wiki but the routes aren't working properly don't know what I'm doing wrong if you could help me I would really appreciate.

My config:
Code: Select all
[admin@MikroTik] > ip address print detail 
Flags: X - disabled, I - invalid, D - dynamic 
 0   address=192.168.0.1/24 network=192.168.0.0 interface=LAN1 actual-interface=LAN1 

 1   address=77.XX.X49.142/30 network=77.XX.X49.140 interface=Orange actual-interface=Orange 

 2 D address=18X.XXX.77.105/24 network=18X.XXX.77.0 interface=MTC actual-interface=MTC 
[admin@MikroTik] >
Code: Select all
[admin@MikroTik] > ip firewall mangle print detail 
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=prerouting action=accept dst-address=77.XX.X49.140/30 in-interface=LAN1 

 1   chain=prerouting action=accept dst-address=18X.XXX.77.0/24 in-interface=LAN1 

 2   chain=prerouting action=mark-connection new-connection-mark=Orange passthrough=yes in-interface=Orange connection-mark=no-mark 

 3   chain=prerouting action=mark-connection new-connection-mark=MTC passthrough=yes in-interface=MTC connection-mark=no-mark 

 4   chain=prerouting action=mark-connection new-connection-mark=Orange passthrough=yes dst-address-type=!local in-interface=LAN1 connection-mark=no-mark per-connection-classifier=both-addresses:2/0 

 5   chain=prerouting action=mark-connection new-connection-mark=MTC passthrough=yes dst-address-type=!local in-interface=LAN1 connection-mark=no-mark per-connection-classifier=both-addresses:2/1 

 6   chain=prerouting action=mark-routing new-routing-mark=Orange passthrough=yes in-interface=LAN1 connection-mark=Orange 

 7   chain=prerouting action=mark-routing new-routing-mark=MTC passthrough=yes in-interface=LAN1 connection-mark=MTC 

 8   chain=output action=mark-routing new-routing-mark=Orange passthrough=yes connection-mark=Orange 

 9   chain=output action=mark-routing new-routing-mark=MTC passthrough=yes connection-mark=MTC 
[admin@MikroTik] >
Code: Select all
[admin@MikroTik] > ip route print detail 

 0 A S  dst-address=0.0.0.0/0 gateway=77.XX.X49.141 gateway-status=77.XX.X49.141 reachable via  Orange check-gateway=ping distance=1 scope=30 target-scope=10 routing-mark=Orange 

 1 A S  dst-address=0.0.0.0/0 gateway=18X.XXX.77.1 gateway-status=18X.XXX.77.1 reachable via  MTC check-gateway=ping distance=2 scope=30 target-scope=10 routing-mark=MTC 

 2 A S  dst-address=0.0.0.0/0 gateway=77.XX.X49.141 gateway-status=77.XX.X49.141 reachable via  Orange check-gateway=ping distance=1 scope=30 target-scope=10 

 3   S  dst-address=0.0.0.0/0 gateway=18X.XXX.77.1 gateway-status=18X.XXX.77.1 reachable via  MTC check-gateway=ping distance=2 scope=30 target-scope=10 

 4 ADC  dst-address=77.XX.X49.140/30 pref-src=77.XX.X49.142 gateway=Orange gateway-status=Orange reachable distance=0 scope=10 

 5 ADC  dst-address=18X.XXX.77.0/24 pref-src=18X.XXX.77.105 gateway=MTC gateway-status=MTC reachable distance=0 scope=10 

 6 ADC  dst-address=192.168.0.0/24 pref-src=192.168.0.1 gateway=LAN1 gateway-status=LAN1 reachable distance=0 scope=10 
[admin@MikroTik] >


Image

Thank you.
Top
 
User avatar
Caci99
Forum Guru
Forum Guru
Posts: 1075
Joined: Wed Feb 21, 2007 2:26 pm
Location: Tirane
Contact:
Contact Caci99

Re: Move from ECMP to PCC load balancing

Thu Oct 25, 2012 10:09 pm

Be careful with passthrough=yes, it means that packets will be remarked by the following rules:
Code: Select all
[admin@MikroTik] > ip firewall mangle print detail
Flags: X - disabled, I - invalid, D - dynamic
 0   chain=prerouting action=accept dst-address=77.XX.X49.140/30 in-interface=LAN1

 1   chain=prerouting action=accept dst-address=18X.XXX.77.0/24 in-interface=LAN1

 2   chain=prerouting action=mark-connection new-connection-mark=Orange passthrough=no in-interface=Orange connection-mark=no-mark

 3   chain=prerouting action=mark-connection new-connection-mark=MTC passthrough=no in-interface=MTC connection-mark=no-mark

 4   chain=prerouting action=mark-connection new-connection-mark=Orange passthrough=yes dst-address-type=!local in-interface=LAN1 connection-mark=no-mark per-connection-classifier=both-addresses:2/0

 5   chain=prerouting action=mark-connection new-connection-mark=MTC passthrough=yes dst-address-type=!local in-interface=LAN1 connection-mark=no-mark per-connection-classifier=both-addresses:2/1

 6   chain=prerouting action=mark-routing new-routing-mark=Orange passthrough=no in-interface=LAN1 connection-mark=Orange

 7   chain=prerouting action=mark-routing new-routing-mark=MTC passthrough=no in-interface=LAN1 connection-mark=MTC

 8   chain=output action=mark-routing new-routing-mark=Orange passthrough=no connection-mark=Orange

 9   chain=output action=mark-routing new-routing-mark=MTC passthrough=no connection-mark=MTC
Try this way.
Top
 
mixig
Member
Member
Posts: 315
Joined: Thu Oct 27, 2011 2:19 pm

Re: Move from ECMP to PCC load balancing

Thu Oct 25, 2012 10:53 pm

yep, need to adjust that passthrough=yes on some places

also check this and you will be ready to go with PCC


http://www.tiktube.com/video/GEfq3hCljL ... uIlGopKGp=

and pdf from that video is here http://mum.mikrotik.com/presentations/US12/steve.pdf
Top
 
Jacka
Member Candidate
Member Candidate
Topic Author
Posts: 125
Joined: Thu Jan 13, 2011 11:34 am

Re: Move from ECMP to PCC load balancing

Fri Oct 26, 2012 2:10 pm

Caci99, mixig thank you!

I've changed the passthrough value yes to no where you told me, but as you can see in the print screen one route is "blue", why is that ? Some websites would open some wouldn't!
And another question is, I don't know what I should I put in mangle dst-address the gateway IP, network IP or static IP ?
Top
 
User avatar
Caci99
Forum Guru
Forum Guru
Posts: 1075
Joined: Wed Feb 21, 2007 2:26 pm
Location: Tirane
Contact:
Contact Caci99

Re: Move from ECMP to PCC load balancing

Fri Oct 26, 2012 3:16 pm

The blue route is normal. It is a backup route if the the other one fails, it has distance=2 which means that if the route with distance=1 will not work, this one would take the job, and the color will change as well to normal.
The fact that some pages do open and some others don't, may indicate that you have a problem with DNS. In PCC configuration it is better to use public DNS rather than those of ISP (unless all internet lines come from the same ISP). You should also redirect users dns requests, so they don't end up using the wrong dns server.
Code: Select all
/ip dns> set servers=8.8.8.8,8.4.4.4 allow-remote-requests=yes
I putted there the google dns servers, but you can use whatever you like from public dns servers
Code: Select all
/ip firewall nat
add chain=dstnat action=redirect to-ports=53 protocol=udp dst-address-type=!local dst-port=53
Top
 
eXtremer
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Fri Nov 26, 2010 10:33 am

Re: Move from ECMP to PCC load balancing

Fri Oct 26, 2012 4:14 pm

He uses google DNS.
Top
 
Jacka
Member Candidate
Member Candidate
Topic Author
Posts: 125
Joined: Thu Jan 13, 2011 11:34 am

Re: Move from ECMP to PCC load balancing

Fri Oct 26, 2012 4:20 pm

/ip firewall mangle add chain=prerouting dst-address=??????? action=accept in-interface=LAN1
/ip firewall mangle add chain=prerouting dst-address=??????? action=accept in-interface=LAN1

In the rule above what IP's should I use ? Static IP or the Gateway IP ?


What's up with the NAT rule you gave me ? port 53 ?


And yes I already use google DNS
The blue route is normal. It is a backup route if the the other one fails, it has distance=2 which means that if the route with distance=1 will not work, this one would take the job, and the color will change as well to normal.
I don't want the second route to be the backup route, I want both of them to work at the same time! And if one of them fails then the good one should work alone.
Top
 
User avatar
Caci99
Forum Guru
Forum Guru
Posts: 1075
Joined: Wed Feb 21, 2007 2:26 pm
Location: Tirane
Contact:
Contact Caci99

Re: Move from ECMP to PCC load balancing

Fri Oct 26, 2012 4:29 pm

/ip firewall mangle add chain=prerouting dst-address=??????? action=accept in-interface=LAN1
/ip firewall mangle add chain=prerouting dst-address=??????? action=accept in-interface=LAN1
According to the wiki page, they should be the IP addresses of the WAN interfaces. But I believe there should be the LAN network, so as to create no loop in the routing table. But I am not sure about it.
The Nat rule with udp port 53, is to redirect dns requests from users. No matter what DNS they put in their PC, they will be redirected to the dns cache of router. This way you are sure you are delivering them the right dns answers.
Top
 
Jacka
Member Candidate
Member Candidate
Topic Author
Posts: 125
Joined: Thu Jan 13, 2011 11:34 am

Re: Move from ECMP to PCC load balancing

Fri Oct 26, 2012 4:36 pm

You didn't answer to my question, both routes work at the same time ? Or the second route works only if the first one is down.
Top
 
User avatar
Caci99
Forum Guru
Forum Guru
Posts: 1075
Joined: Wed Feb 21, 2007 2:26 pm
Location: Tirane
Contact:
Contact Caci99

Re: Move from ECMP to PCC load balancing

Fri Oct 26, 2012 4:37 pm

Caci99 wrote:
The blue route is normal. It is a backup route if the the other one fails, it has distance=2 which means that if the route with distance=1 will not work, this one would take the job, and the color will change as well to normal.


I don't want the second route to be the backup route, I want both of them to work at the same time! And if one of them fails then the good one should work alone.
Ok, look carefully at your routing table. The routes which load balance your traffic are already in place and active
Code: Select all
[admin@MikroTik] > ip route print detail

 0 A S  dst-address=0.0.0.0/0 gateway=77.XX.X49.141 gateway-status=77.XX.X49.141 reachable via  Orange check-gateway=ping distance=1 scope=30 target-scope=10 routing-mark=Orange

 1 A S  dst-address=0.0.0.0/0 gateway=18X.XXX.77.1 gateway-status=18X.XXX.77.1 reachable via  MTC check-gateway=ping distance=2 scope=30 target-scope=10 routing-mark=MTC
The other two routes serve to the router itself, so it can reach the internet as well
Code: Select all
2 A S  dst-address=0.0.0.0/0 gateway=77.XX.X49.141 gateway-status=77.XX.X49.141 reachable via  Orange check-gateway=ping distance=1 scope=30 target-scope=10

 3   S  dst-address=0.0.0.0/0 gateway=18X.XXX.77.1 gateway-status=18X.XXX.77.1 reachable via  MTC check-gateway=ping distance=2 scope=30 target-scope=10
The connections of the router itself don't need to be load balanced, but if you want them to, you can use ecmp there, like:
Code: Select all
2 A S  dst-address=0.0.0.0/0 gateway=77.XX.X49.141, 18X.XXX.77.1 distance=1 scope=30 target-scope=10
Top
 
Jacka
Member Candidate
Member Candidate
Topic Author
Posts: 125
Joined: Thu Jan 13, 2011 11:34 am

Re: Move from ECMP to PCC load balancing

Fri Oct 26, 2012 4:42 pm

Caci99 wrote:
The blue route is normal. It is a backup route if the the other one fails, it has distance=2 which means that if the route with distance=1 will not work, this one would take the job, and the color will change as well to normal.


I don't want the second route to be the backup route, I want both of them to work at the same time! And if one of them fails then the good one should work alone.
Ok, look carefully at your routing table. The routes which load balance your traffic are already in place and active
Code: Select all
[admin@MikroTik] > ip route print detail

 0 A S  dst-address=0.0.0.0/0 gateway=77.XX.X49.141 gateway-status=77.XX.X49.141 reachable via  Orange check-gateway=ping distance=1 scope=30 target-scope=10 routing-mark=Orange

 1 A S  dst-address=0.0.0.0/0 gateway=18X.XXX.77.1 gateway-status=18X.XXX.77.1 reachable via  MTC check-gateway=ping distance=2 scope=30 target-scope=10 routing-mark=MTC
The other two routes serve to the router itself, so it can reach the internet as well
Code: Select all
2 A S  dst-address=0.0.0.0/0 gateway=77.XX.X49.141 gateway-status=77.XX.X49.141 reachable via  Orange check-gateway=ping distance=1 scope=30 target-scope=10

 3   S  dst-address=0.0.0.0/0 gateway=18X.XXX.77.1 gateway-status=18X.XXX.77.1 reachable via  MTC check-gateway=ping distance=2 scope=30 target-scope=10
The connections of the router itself don't need to be load balanced, but if you want them to, you can use ecmp there, like:
Code: Select all
2 A S  dst-address=0.0.0.0/0 gateway=77.XX.X49.141, 18X.XXX.77.1 distance=1 scope=30 target-scope=10
I understand now, still don't know why all websites aren't opening.
Top
 
User avatar
Caci99
Forum Guru
Forum Guru
Posts: 1075
Joined: Wed Feb 21, 2007 2:26 pm
Location: Tirane
Contact:
Contact Caci99

Re: Move from ECMP to PCC load balancing

Fri Oct 26, 2012 8:20 pm

what are your masquerade rules?
Top
 
Jacka
Member Candidate
Member Candidate
Topic Author
Posts: 125
Joined: Thu Jan 13, 2011 11:34 am

Re: Move from ECMP to PCC load balancing

Sat Oct 27, 2012 11:53 am

what are your masquerade rules?
25 ;;; Added by webbox
chain=srcnat action=masquerade out-interface=Orange

26 chain=srcnat action=masquerade out-interface=MTC
Top
 
User avatar
Caci99
Forum Guru
Forum Guru
Posts: 1075
Joined: Wed Feb 21, 2007 2:26 pm
Location: Tirane
Contact:
Contact Caci99

Re: Move from ECMP to PCC load balancing

Sat Oct 27, 2012 12:08 pm

Your masquerade rules look fine, but why are they so down the order? Number 25 and 26. Usually they are on top.
So far your config looks good, so everything should work fine. Are you still having problems? Can you see the distribution of the packets in the interface table? The distribution should not be as obvious at first glance, but more over a period of time.
Top
 
Jacka
Member Candidate
Member Candidate
Topic Author
Posts: 125
Joined: Thu Jan 13, 2011 11:34 am

Re: Move from ECMP to PCC load balancing

Sat Oct 27, 2012 9:03 pm

Your masquerade rules look fine, but why are they so down the order? Number 25 and 26. Usually they are on top.
So far your config looks good, so everything should work fine. Are you still having problems? Can you see the distribution of the packets in the interface table? The distribution should not be as obvious at first glance, but more over a period of time.
Because in front of masquerade rules are port forwarding rules.
I will test further on Monday.
Top
 
Jacka
Member Candidate
Member Candidate
Topic Author
Posts: 125
Joined: Thu Jan 13, 2011 11:34 am

Re: Move from ECMP to PCC load balancing

Mon Oct 29, 2012 8:56 am

Website aren't opening...

Some screenshots...


Image

Image

Image
Top
 
Jacka
Member Candidate
Member Candidate
Topic Author
Posts: 125
Joined: Thu Jan 13, 2011 11:34 am

PCC load balancing + Webproxy in transparent mode

Mon Nov 19, 2012 11:19 am

Hello again,

Tried many things but still couldn't move from ECMP to PCC load balancing, because when using PCC websites won't load and I thing I just found what the problem could, the problem is when Webproxy is enabled (transparent mode).
My question is, how to configure PCC so it would work fine with webproxy enabled ?

My config:
Code: Select all
/ip firewall mangle
add chain=prerouting dst-address=77.XX.X49.142/30 action=accept in-interface=LAN
add chain=prerouting dst-address=18X.XXX.77.105/24 action=accept in-interface=LAN
add chain=prerouting in-interface=Provider_1 connection-mark=no-mark action=mark-connection new-connection-mark=Provider_1 passthrough=no
add chain=prerouting in-interface=Provider_2 connection-mark=no-mark action=mark-connection new-connection-mark=Provider_2 passthrough=no
add chain=prerouting in-interface=LAN1 connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=Provider_1 passthrough=yes
add chain=prerouting in-interface=LAN1 connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=Provider_2 passthrough=yes
add chain=prerouting connection-mark=Provider_1 in-interface=LAN1 action=mark-routing new-routing-mark=Provider_1 passthrough=no
add chain=prerouting connection-mark=Provider_2 in-interface=LAN1 action=mark-routing new-routing-mark=Provider_2 passthrough=no
add chain=output connection-mark=Provider_1 action=mark-routing new-routing-mark=Provider_1 passthrough=no
add chain=output connection-mark=Provider_2 action=mark-routing new-routing-mark=Provider_2 passthrough=no

/ip route 
add dst-address=0.0.0.0/0 gateway=77.XX.X49.141 routing-mark=Provider_1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=18X.XXX.77.1 routing-mark=Provider_2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=77.XX.X49.141 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=18X.XXX.77.1 distance=2 check-gateway=ping

/ip firewall nat 
add action=dst-nat chain=dstnat disabled=no dst-port=80 protocol=tcp to-addresses=192.168.0.1 to-ports=8080
Top
Post Reply

Who is online

Users browsing this forum: adwlodaro, aTan, Bing [Bot], jcjc81, Semrush [Bot] and 142 guests
  4. RouterOS
  5. General