Dual WAN with BGP - Load balancing and ultimately failover

RouterOS Forwarding Protocols
1

I have 2 ISPs connected on WAN1 and WAN2.
Next I have a /22 IP block that I can announce like /24 blocks on any of the ISP connections, that works fine.
Internally I have PPPoE customers that are assigned addresses from these blocks, each of them then gets a /32 route in the main routing table.

Earlier, when using ROS6 I had a simple setup with 2 static default routes, each of them with a route mark corresponding to one of the ISPs.
I was announcing 2 of the /24 blocks on each WAN, and then I used /firewall mangle to mark new incoming connections from WAN or clients based on which WAN they were belonging to (using address lists in /ip firewall)
Then the packets were route marked based on their connmarks, and one of the two static default routes was thus chosen.
Using this setup I could then manually select which blocks were announced on which WAN simply by editing in /ip firewall address-list.

This way packets from clients were sent out on the correct WAN, and packets to clients were of course forwarded on the corresponding PPPoE connection - there were only one route pr client.

When trying to implement this in ROS7 I run into problems.
Forwarding packets from customers to external is no problem - the route mark specifies which routing table to use, and each of the WAN connections have their own routing table with a default route which is used.

Problem arises with packets coming in return on the same connection.
The route mark specifies the correct routing table - but this table does not contain any routes to the clients.
All /32 routes to internal clients are dynamically created in the Main routing table upon dialing in.

So how do I go about fixing this?

I have a 2 step goal:

  1. Get my setup to work with “static” load balancing as described above, i.e. half of the customers on each WAN
  2. Ultimately I want to set this up with recursive routing and automatic failover so that if one of the WAN connections breaks, the customers (IP blocks) using it are automatically transferred to the other WAN.

So can anyone help me with this or pointing me to the right resources?
Most important now is 1) i.e. solving the address table challenge mentioned above and thus being able to route inbound traffic to the customers.
If I can get that to work I am halfway through (or something) and next I will look into 2) automatic failover.

2

hello,

can you give us some examples output? just 1 line sample could be enough.

Interface and ip address print, for the pppoe server and client.
ip route, from the server to pppoe clients

and where did you put your pppoe client Interface? on separate interface each - or in a broadcast bridge?

3

Thank you for engaging in my problem :slight_smile:

Actually I solved it :wink:
Traffic is connmarked in both directions, but only outgoing traffic is routemarked.
Thus, for ingoing traffic to customers, main routing table is used, and it contains /32 routes generated by PPPoE.

I have also established failover by announcing the subnets mutually with prepend, and using recursive routes for each of the 2 ISP.
Have to make a test at the main firewall one night by pulling the fiber patch cords and verify what happens :slight_smile: