can't do the load balancing in 3.0

RouterOS General
1

Dear All
the nth=1,1,0 for adding odd address to the address list is not work in 3.o
but the even works
any help

2

nth option configuration is changed at 3.0, it does not contain ‘counter’ option, there are ‘every’ and ‘packet’.

3

so please how can l generate the even and odd list automatically
or do load balancing

4

nth=1,0 and nth=1,1 configuration required for two lines.

5

Hi Sergjs, i have tryed all to make load balancig on Mikrotik 3 rc5, and i just can’t, this is how i have my mikrotik configured:

_[admin@Controller] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Coneciones P2P
chain=forward action=mark-connection new-connection-mark=ConecTotoP2P passthrough=yes p2p=all-p2p

1 chain=forward action=mark-packet new-packet-mark=PaquetesP2P passthrough=no connection-mark=ConecTotoP2P

2 ;;; odd 102
chain=prerouting action=mark-connection new-connection-mark=odd passthrough=yes connection-state=new
in-interface=Mesh nth=1,0

3 ;;; odd
chain=prerouting action=mark-routing new-routing-mark=odd passthrough=no in-interface=Mesh
connection-mark=odd

4 ;;; even 78
chain=prerouting action=mark-connection new-connection-mark=even passthrough=yes connection-state=new
in-interface=Mesh nth=1,1

5 ;;; even
chain=prerouting action=mark-routing new-routing-mark=even passthrough=no in-interface=Mesh
connection-mark=even
[admin@Controller] /ip firewall mangle> ..
[admin@Controller] /ip firewall> nat
[admin@Controller] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough

1 X ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=10.5.52.0/24

2 X chain=dstnat action=redirect to-ports=8080 dst-address=0.0.0.0/0 in-interface=Mesh dst-port=80
protocol=tcp

3 ;;; odd
chain=srcnat action=src-nat to-addresses=192.168.10.102 to-ports=0-65535 connection-mark=odd

4 ;;; even
chain=srcnat action=src-nat to-addresses=192.168.1.78 to-ports=0-65535 connection-mark=even
[admin@Controller] /ip firewall nat> ..
[admin@Controller] /ip firewall> ..
[admin@Controller] /ip> address
[admin@Controller] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK BROADCAST INTERFACE

0 ;;; hotspot network
10.5.52.1/24 10.5.52.0 10.5.52.255 Mesh
1 ;;; Even
192.168.1.78/24 192.168.1.0 192.168.1.255 Internet2
2 ;;; Odd
192.168.10.102/24 192.168.10.0 192.168.10.255 Internet1
3 D 192.168.50.3/32 192.168.50.1 0.0.0.0 RoamingNET
[admin@Controller] /ip address> ..
[admin@Controller] /ip> ..
[admin@Controller] > int
[admin@Controller] /interface> print
Flags: X - disabled, R - running, D - dynamic, S - slave

NAME TYPE MTU

0 R ether1 ether 1500
1 R ;;; Conectado a QuickWISP LE
Mesh ether 1500
2 R ;;; 2Mbps/256Kbps
Internet2 ether 1500
3 R ether4 ether 1500
4 R ;;; 4Mbps/512Kbps
Internet1 ether 1500
5 R ether6 ether 1500
6 R RoamingNET pptp-out 1460
[admin@Controller] /interface> ..
[admin@Controller] > ip
[admin@Controller] /ip> route
[admin@Controller] /ip route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE

0 A S 0.0.0.0/0 r 192.168.10.1 1 Internet1
1 A S 0.0.0.0/0 r 192.168.1.254 0 Internet2
2 A S 0.0.0.0/0 r 192.168.10.1 0 Internet1
3 A S 10.5.42.0/24 r 192.168.50.1 1 RoamingNET
4 ADC 10.5.52.0/24 10.5.52.1 0 Mesh
5 ADC 192.168.1.0/24 192.168.1.78 0 Internet2
6 ADC 192.168.10.0/24 192.168.10.102 0 Internet1
7 A S 192.168.50.0/24 r 192.168.50.1 1 RoamingNET
8 ADC 192.168.50.1/32 192.168.50.3 0 RoamingNET_


Please if you or somebody else can help me, tell me where is my mistake.

6

Version 3 error, not your mistake. Try 2,0 and 2,1

7

Upps, ok, even in the 3.0rc6 it won’t work? Version 2.x will work?

Thank’s

Juan Téllez

8

In 3.0 nth values should be 2,1 and 2,2. Note that you must set passthrough to yes, if you want those rules to work correctly.

9

sergejs (Mikrotik) reply: “nth=1,0 and nth=1,1 configuration required for two lines.” don’t works in rc6 version. I will test 2,1 and 2,2

10

i tryed with 2,1 and 2,2 and the trafic not pass to the NAT rules, and is not proporcional the trafic betwen odd and even packets.

As a result, there is no trafic at the even interface.

11

Yes juantellez, back to 2.9.46 version for load balance. Mikrotik team: test and correct (if necessary) or explain the correct mode.

12

Mangle:

/ip firewall mangle
add action=log chain=prerouting comment=“” connection-state=new disabled=no
log-prefix=“”
add action=mark-connection chain=prerouting comment=“” connection-state=new
disabled=no new-connection-mark=AAA nth=2,1 passthrough=yes
add action=mark-connection chain=prerouting comment=“” connection-state=new
disabled=no new-connection-mark=BBB nth=2,2 passthrough=yes

Nat:

/ip firewall nat
add action=passthrough chain=srcnat comment=“” connection-mark=AAA disabled=no
out-interface=ether2
add action=passthrough chain=srcnat comment=“” connection-mark=BBB disabled=no
out-interface=ether2


It works, marked connections goes through nat rules.

… and is not proportional the traffic between odd and even packets…

Add those rules and watch counters, you will see that connections are marked even. As I wrote in previous post passthrough must be set. You need it because next nth rule must see connection passed through previous rule in order to match correctly.

13

with 2 rules you will mark as follows if passthrough is not set:

  1. first rule nth=2,1 rule will match every first packet of 2, hence, 50% of all the traffic that is machet by the rules
  2. second rule if passthrough=no will mach ONLY 25% of traffic because in 3.0 you need only one rule to catch traffic not like 2.9
14

Janisk, thank’s for the tip, im testing the config like you say at this momento, but is taking some time to renew the connections, if it work i will post my configuration, so it can help other with this frustrating change on RouterOS.

:smiley:

15

Hi all, thank’s for the help, i finally can make load balancing on RouterOS 3.0rc5. it’s a fact, like janisk say’s, version 3 only need one rule, to say the router to send every first packet of 2 (NTH=2,1). There just have to be one route for the rule, and just 1 rule for nat.

This is a copy of my router configuration:

[admin@Controller] /ip route> print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit

DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE

0 A S 0.0.0.0/0 r 192.168.10.1 0 Internet1
1 A S 0.0.0.0/0 r 192.168.1.254 0 Internet2
2 A S 10.5.42.0/24 r 192.168.50.1 1 RoamingNET
3 ADC 10.5.52.0/24 10.5.52.1 0 Mesh
4 ADC 192.168.1.0/24 192.168.1.78 0 Internet2
5 ADC 192.168.10.0/24 192.168.10.102 0 Internet1
6 A S 192.168.50.0/24 r 192.168.50.1 1 RoamingNET
7 ADC 192.168.50.1/32 192.168.50.3 0 RoamingNET
[admin@Controller] /ip route> ..
[admin@Controller] /ip> ..
[admin@Controller] > ip firewall mangle
[admin@Controller] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Coneciones P2P
chain=forward action=mark-connection new-connection-mark=ConecTotoP2P passthrough=yes p2p=all-p2p

1 chain=forward action=mark-packet new-packet-mark=PaquetesP2P passthrough=no connection-mark=ConecTotoP2P

2 ;;; 2 mb
chain=prerouting action=mark-connection new-connection-mark=2Mb passthrough=yes connection-state=new
in-interface=Mesh nth=2,1

3 ;;; 2Mb
chain=prerouting action=mark-routing new-routing-mark=2Mb passthrough=no in-interface=Mesh
connection-mark=2Mb
[admin@Controller] /ip firewall mangle> ..
[admin@Controller] /ip firewall> nat
[admin@Controller] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough

1 X ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=10.5.52.0/24

2 X chain=dstnat action=redirect to-ports=8080 dst-address=0.0.0.0/0 in-interface=Mesh dst-port=80
protocol=tcp

3 ;;; 2Mb
chain=srcnat action=src-nat to-addresses=192.168.1.78 to-ports=0-65535 connection-mark=2Mb


It work’s fine, not exactly 50% of trafic in each interface but i think it is becouse interface Internet1 has 4Mbps and Internet2 2Mbps speed.

Attached is a graphic of the 2 interfaces

Good luck to all.

16

Hi!

I have 2 different ISP, diffrent Gateway, different IP with xDSL dial in. I haven’t static IP. My ISP disconect the connection once in 24 hour. Thats way I couldn’t set src-nat, jut masquarade.

Could somebody help me for setup this?

Thanks:
Szilard

17

If you have a DSL router, bring an static private address to the microtik, with both connections. That way you could do the SRC-NAT

18

Here shipping a script simply to balance 5 lines adsl tested RC9.
I expect them gray, greetings

/interface pppoe-client
add ac-name=“” add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=“”
dial-on-demand=no disabled=no interface=adsl1 max-mru=1480 max-mtu=1480
mrru=disabled name=“arnet1” password=“" profile=default
service-name=“” use-peer-dns=no user="
add ac-name=“” add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=“”
dial-on-demand=no disabled=no interface=adsl2 max-mru=1480 max-mtu=1480
mrru=disabled name=“arnet2” password=“" profile=default
service-name=“” use-peer-dns=no user="
add ac-name=“” add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=“”
dial-on-demand=no disabled=no interface=adsl3 max-mru=1480 max-mtu=1480
mrru=disabled name=“arnet3” password=“" profile=default
service-name=“” use-peer-dns=no user="
add ac-name=“” add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=“”
dial-on-demand=no disabled=no interface=adsl4 max-mru=1480 max-mtu=1480
mrru=disabled name=“arnet4” password=“" profile=default
service-name=“” use-peer-dns=no user="
add ac-name=“” add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=“”
dial-on-demand=no disabled=no interface=adsl5 max-mru=1480 max-mtu=1480
mrru=disabled name=“arnet5” password=“" profile=default
service-name=“” use-peer-dns=no user="


/ip firewall mangle
add action=mark-packet chain=prerouting comment=“Mark NTH1”
connection-state=new disabled=no new-packet-mark=adsl1 nth=5,1
passthrough=yes
add action=mark-packet chain=prerouting comment=“Mark NTH 2”
connection-state=new disabled=no new-packet-mark=adsl2 nth=5,2
passthrough=yes
add action=mark-packet chain=prerouting comment=“Mark NTH 3”
connection-state=new disabled=no new-packet-mark=adsl3 nth=5,3
passthrough=yes
add action=mark-packet chain=prerouting comment=“Mark NTH 4”
connection-state=new disabled=no new-packet-mark=adsl4 nth=5,4
passthrough=yes
add action=mark-packet chain=prerouting comment=“Mark NTH 5”
connection-state=new disabled=no new-packet-mark=adsl5 nth=5,5
passthrough=yes
add action=mark-connection chain=prerouting comment=“Mark connection ADSL1
disabled=no new-connection-mark=adsl1 packet-mark=adsl1
passthrough=yes
add action=mark-routing chain=prerouting comment=”" disabled=no
new-routing-mark=adsl1 packet-mark=adsl1 passthrough=no
add action=mark-connection chain=prerouting comment=“Mark connection ADSL2
disabled=no new-connection-mark=adsl2 packet-mark=adsl2
passthrough=yes
add action=mark-routing chain=prerouting comment=”" disabled=no
new-routing-mark=adsl2 packet-mark=adsl2 passthrough=no
add action=mark-connection chain=prerouting comment=“Mark connection ADSL3
disabled=no new-connection-mark=adsl3 packet-mark=adsl3
passthrough=yes
add action=mark-routing chain=prerouting comment=”" disabled=no
new-routing-mark=adsl3 packet-mark=adsl3 passthrough=no
add action=mark-connection chain=prerouting comment=“Mark connection ADSL4
disabled=no new-connection-mark=adsl4 packet-mark=adsl4
passthrough=yes
add action=mark-routing chain=prerouting comment=”" disabled=no
new-routing-mark=adsl4 packet-mark=adsl4 passthrough=no
add action=mark-connection chain=prerouting comment=“Mark connection ADSL5
ADSL5” disabled=no new-connection-mark=adsl5 packet-mark=adsl5
passthrough=yes
add action=mark-routing chain=prerouting comment=“” disabled=no
new-routing-mark=adsl5 packet-mark=adsl5 passthrough=no

/ip firewall nat
add action=masquerade chain=srcnat comment=“” connection-mark=adsl1
disabled=no out-interface=arnet1
add action=masquerade chain=srcnat comment=“” connection-mark=adsl2
disabled=no out-interface=arnet2
add action=masquerade chain=srcnat comment=“” connection-mark=adsl3
disabled=no out-interface=arnet3
add action=masquerade chain=srcnat comment=“” connection-mark=adsl4
disabled=no out-interface=arnet4
add action=masquerade chain=srcnat comment=“” connection-mark=adsl5
disabled=no out-interface=arnet5
add action=masquerade chain=srcnat comment=“nat default” disabled=no


/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=arnet1
routing-mark=adsl1
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=arnet2
routing-mark=adsl2
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=arnet3
routing-mark=adsl3
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=arnet4
routing-mark=adsl4
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=arnet5
routing-mark=adsl5

19

See the “bold”, is it possible for gateway using name instad of IP Address?? I Think I miss your mean for IP Address configuration, can you explain it to me?

Thanks

20

The example from gmeyer works great!!! I use the same configuration but with three adsl lines. Thanks for the help.
I use x86 based sys, intel core 2 duo, 1 gb ram, runing ROS 3.2 L5 license.

Have you a failover script for that config??? that would be great!!!