Bandwidth-based load balancing with failover

theodorepanag · September 26, 2024, 6:31pm

Hello,

I have a hap ax3 in my country house connected to a 5G router. Due to the inconsistency of the performance of 5G carrier i made a wifi connection with a local wisp.
Wisp connection is 30/30 and is far more reliable. I want to configure ax3 to saturate first the wisp connection and after that to go on on wan2 (5g).
I found this very helpful guide https://mum.mikrotik.com/presentations/US12/tomas.pdf and with help from chatgpt i have the folowing script:

# Interface Setup
/interface ethernet
set [ find default-name=ether1 ] name=wan1
set [ find default-name=ether2 ] name=wan2
set [ find default-name=ether3 ] name=lan

# IP Address Assignment
/ip address
add address=192.168.10.2/24 interface=wan1 comment="WAN1 (ISP1)"
add address=192.168.0.2/24 interface=wan2 comment="WAN2 (ISP2)"
add address=192.168.88.1/24 interface=lan comment="Local Network"

# NAT (Network Address Translation)
/ip firewall nat
add chain=srcnat out-interface=wan1 action=masquerade comment="NAT for WAN1"
add chain=srcnat out-interface=wan2 action=masquerade comment="NAT for WAN2"

# Routing Table Configuration
/ip route
add gateway=192.168.10.1 distance=1 routing-table=main comment="Primary Route through WAN1"
add gateway=192.168.0.1 distance=2 routing-table=main comment="Secondary Route through WAN2"

# Mangle Rules for Load Balancing
/ip firewall mangle
# Mark traffic from LAN for WAN1 or WAN2 based on load
add chain=prerouting connection-mark=no-mark in-interface=lan action=mark-connection new-connection-mark=lan->wan1 passthrough=yes comment="Mark new LAN connections to WAN1"
add chain=prerouting connection-mark=lan->wan1 in-interface=lan action=mark-routing new-routing-mark=to_wan1 passthrough=yes comment="Route marked LAN traffic to WAN1"

add chain=prerouting connection-mark=no-mark in-interface=lan action=mark-connection new-connection-mark=lan->wan2 passthrough=yes comment="Mark new LAN connections to WAN2"
add chain=prerouting connection-mark=lan->wan2 in-interface=lan action=mark-routing new-routing-mark=to_wan2 passthrough=yes comment="Route marked LAN traffic to WAN2"

# Mark Sticky Connections (Ensuring established connections stick to their WAN)
/ip firewall mangle
add chain=prerouting connection-mark=lan->wan1 routing-mark=to_wan1 action=mark-connection new-connection-mark=sticky_wan1 passthrough=no
add chain=prerouting connection-mark=lan->wan2 routing-mark=to_wan2 action=mark-connection new-connection-mark=sticky_wan2 passthrough=no

add chain=prerouting connection-mark=sticky_wan1 in-interface=lan action=mark-routing new-routing-mark=to_wan1 passthrough=yes
add chain=prerouting connection-mark=sticky_wan2 in-interface=lan action=mark-routing new-routing-mark=to_wan2 passthrough=yes

# Load Balancing based on Bandwidth
# Ensure traffic uses WAN1 until it hits the 27Mbps limit, then shifts to WAN2
/tool traffic-monitor add interface=wan1 name=wan1-monitor traffic=received threshold=27000000 trigger=above
/tool traffic-monitor add interface=wan1 name=wan1-monitor-down traffic=received threshold=25000000 trigger=below

# Script to shift traffic to WAN2 when WAN1 exceeds bandwidth limit
/system script add name=shift-to-wan2 source={
    :log info "Shifting traffic to WAN2 due to high load on WAN1";
    /ip route disable [find where gateway=192.168.10.1];
    /ip route enable [find where gateway=192.168.0.1];
}

/system script add name=shift-to-wan1 source={
    :log info "Shifting traffic back to WAN1";
    /ip route enable [find where gateway=192.168.10.1];
    /ip route disable [find where gateway=192.168.0.1];
}

# Traffic Monitor Events
/tool traffic-monitor set wan1-monitor on-event=shift-to-wan2
/tool traffic-monitor set wan1-monitor-down on-event=shift-to-wan1

# Failover Configuration (Using Netwatch to check the status of gateways)
/tool netwatch add host=192.168.10.1 down-script="/ip route disable [find where gateway=192.168.10.1]" up-script="/ip route enable [find where gateway=192.168.10.1]"
/tool netwatch add host=192.168.0.1 down-script="/ip route disable [find where gateway=192.168.0.1]" up-script="/ip route enable [find where gateway=192.168.0.1]"

# DHCP Client for WAN Interfaces
/ip dhcp-client
add interface=wan1 comment="DHCP Client for WAN1"
add interface=wan2 comment="DHCP Client for WAN2"

Due to remote location of the country house i cannot test it. Can anyone tell me if this script is up to date to v7.16 ROS ?

Thanks in advance

anav · September 27, 2024, 10:34am

Since you used chatgpt, does that mean you understand the config, or really dont have a clue??

theodorepanag · September 27, 2024, 11:22am

The script is based on the pdf that i linked in my post. It is not a generic answer of chatgpt. I can understand most part of the config. I know that in v7 many things have changed in the configuration of ROS and i have no idea how old the pdf is.
Can anyone tell me if it is v7 compatible?

edit: i’ve found out that the pdf was created in 2012. It will not work.
Can anyone tell me if there is anyway to make this happen in ROS v7?

anav · September 27, 2024, 5:10pm

Of course the foundation of the pdf is solid, and one only need to tweak it for RoS changes.

I dont see the current config of the router to understand the setup you have vis-a-vis any subnets, firewall rules and existing routes.
/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc.)

Perhaps the biggest difference is how non standard routes are handled.
Basically, in V7 one needs to create the special table and then a route for that table
and then either mangle rules point to the route or a routing rule points to the route.

theodorepanag · September 27, 2024, 6:20pm

Thanks for explaining the logic in v7. I ll have that in mind when I modyfing the configuration.

I dont see the current config of the router to understand the setup you have vis-a-vis any subnets, firewall rules and existing routes.
/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc.)

I will reset the router.
Router ip 192.168.88.1
wan 1 router on 192.168.10.1 (dhcp server)
wan 2 router on 192.168.0.1 (dhcp server)

ax3 will have dhcp server on 192.168.88.0 for wifi & lan (ether 3-5) clients

that’s all.

K0NCTANT1N · September 27, 2024, 9:26pm

I found a way out for my self with route recursion and PCC balancing

anav · September 28, 2024, 5:14pm

The op was not asking for PCC, but more load balancing in the traditional way.
Yes you can somewhat load balance on PCC but its not as good at the pdf method which is more geared towards LB but a tad more complicated.

anav · September 28, 2024, 9:13pm

Where is the the rest of the router config, firewall rules etc…
Would seem you need to just follow the pdf real close.
Connected networks etc…

The only real change I see is the special table routes. The rest seems to be close to good as is.
/ip route
add gateway=192.168.10.1 distance=1 routing-table=main comment=“Primary Route through WAN1”
add gateway=192.168.0.1 distance=2 routing-table=main comment=“Secondary Route through WAN2”

Then you need the additional special table routes: The first modification, there are very few!!
/ip route
add gateway=192.168.10.1 routing-table=useWAN1 comment=“Traffic for WAN1”
add gateway=192.168.0.1 routing-table=useWAN2 comment=“Traffic for WAN2”

NOTE: By the way if there is no traffic directly to the router ( aka VPNs, or no traffic directly to the LANs, no port forwarding, you can probably get away with skipping both sets of mangles, he has included. ).

Nothing else I see on quick perusal, needs to be changed for vers7!

JulioAlbanese · October 10, 2024, 11:13am

Thank you.