Hi,
I plan to load balance 4 WANs on a CCR1009 using Ether 1-4 for WANs and Ether 5-8 for LANs. From reading the forums here I am wondering if this is right, as Eth 1-4 is a switch, so should I be using Eth 5-8 as WANs?
Also is it possible to remove the default setting of Eth1 as Internet port and Eth2 as LAN port, as I run a script to setup 1-4 as WANS and 5 as LAN, but internet traffic never passes through to 5 unless i use Eth2 as a LAN port and bridge it to Eth 5, so can i just have all ports with no settings so i can setup myself.
Hope someone can help and advise me on the best way forward to use these 8 ports.
Regards
-
-
mpreissner
Member
- Posts: 357
- Joined:
- Location: Columbia, MD
Re: Load Balance on a CCR1009
Port 1-4 on the CCR1009 share a single 1 Gbps link to the CPU. As long as you ISP links do not add up to more than 1 Gbps, you can definitely use those four ports for your WAN connections.
Re: Load Balance on a CCR1009
Well each line is 50Mbs, so thats a max of 200mbs, so it should handle it ok.
The main problem I am having is that after reset on the ccr1009 , eth1 seems to be set for WAN and eth2 seems to be set for LAN, which means the following script wont work, which would be ideal as it does what i want but was written for an rb750.
/ip address
add address=192.168.88.1/24 network=192.168.88.0 broadcast=192.168.88.255 interface=Local
add address=192.168.2.21/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN1
add address=192.168.5.4/24 network=192.168.5.0 broadcast=192.168.5.255 interface=WAN2
add address=public.61.164/30 network=public.61.162 broadcast=public.61.165 interface=WAN3
add address=public.61.148/30 network=public.61.146 broadcast=public.61.149 interface=WAN4
/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
add chain=input in-interface=WAN3 action=mark-connection new-connection-mark=WAN3_conn
add chain=input in-interface=WAN4 action=mark-connection new-connection-mark=WAN4_conn
add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
add chain=output connection-mark=WAN3_conn action=mark-routing new-routing-mark=to_WAN3
add chain=output connection-mark=WAN4_conn action=mark-routing new-routing-mark=to_WAN4
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.5.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=public.61.162/30 action=accept in-interface=Local
add chain=prerouting dst-address=public.61.146/30 action=accept in-interface=Local
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/3 action=mark-connection new-connection-mark=WAN4_conn passthrough=yes
add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting connection-mark=WAN3_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN3
add chain=prerouting connection-mark=WAN4_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN4
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.5.1 routing-mark=to_WAN2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=public.61.163 routing-mark=to_WAN3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=public.61.147 routing-mark=to_WAN4 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.5.1 distance=2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=public.61.163 distance=3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=public.61.147 distance=4 check-gateway=ping
/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade
add chain=srcnat out-interface=WAN3 action=masquerade
add chain=srcnat out-interface=WAN4 action=masquerade
/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=221.132.112.8,8.8.8.8
The main problem I am having is that after reset on the ccr1009 , eth1 seems to be set for WAN and eth2 seems to be set for LAN, which means the following script wont work, which would be ideal as it does what i want but was written for an rb750.
/ip address
add address=192.168.88.1/24 network=192.168.88.0 broadcast=192.168.88.255 interface=Local
add address=192.168.2.21/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN1
add address=192.168.5.4/24 network=192.168.5.0 broadcast=192.168.5.255 interface=WAN2
add address=public.61.164/30 network=public.61.162 broadcast=public.61.165 interface=WAN3
add address=public.61.148/30 network=public.61.146 broadcast=public.61.149 interface=WAN4
/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
add chain=input in-interface=WAN3 action=mark-connection new-connection-mark=WAN3_conn
add chain=input in-interface=WAN4 action=mark-connection new-connection-mark=WAN4_conn
add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
add chain=output connection-mark=WAN3_conn action=mark-routing new-routing-mark=to_WAN3
add chain=output connection-mark=WAN4_conn action=mark-routing new-routing-mark=to_WAN4
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.5.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=public.61.162/30 action=accept in-interface=Local
add chain=prerouting dst-address=public.61.146/30 action=accept in-interface=Local
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/3 action=mark-connection new-connection-mark=WAN4_conn passthrough=yes
add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting connection-mark=WAN3_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN3
add chain=prerouting connection-mark=WAN4_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN4
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.5.1 routing-mark=to_WAN2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=public.61.163 routing-mark=to_WAN3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=public.61.147 routing-mark=to_WAN4 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.5.1 distance=2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=public.61.163 distance=3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=public.61.147 distance=4 check-gateway=ping
/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade
add chain=srcnat out-interface=WAN3 action=masquerade
add chain=srcnat out-interface=WAN4 action=masquerade
/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=221.132.112.8,8.8.8.8
Who is online
Users browsing this forum: jaisal and 34 guests