Forwarding packets in different routes to the same destinati

bledar · June 24, 2009, 8:45am

Hi.

I want to configure gw load balancing with 4 WAN connections to different ISPs, with different bandwidth limitation.
It must guarantee that all paths to the destination network are being used.

I need your opinion on how to configure (load balancing) router for forwarding packets in different routes to the same destination, when there is more than one entry in the routing table for the same destination network.
Which is the best way or protocol (RIP, IGRP, EIGRP, OSPF, IS - IS) for my scenario?

I intend to include even internal IP proxy cache feature on configurations.

This will help me very much.

Thank you in advance for helping me.

Chupaka · June 24, 2009, 9:17am

see PCC: http://forum.mikrotik.com/t/new-firewall-matcher-pcc/28077/1

bledar · June 24, 2009, 10:36am

Thank you Chupaka for your help.

But what about IP web proxy, does it works with that configuration?
Does anyone test it before?

thnx

Chupaka · June 24, 2009, 7:45pm

yes, you may set routing marks in prerouting and output chains, to web-proxy should not be the problem

bledar · September 23, 2009, 4:37pm

Hi.

What about messengers, do they have problems using PCC matcher?

Thank you and best regards.

Chupaka · September 23, 2009, 5:02pm

no problems. especially when using ‘both-addresses’ classifier

bledar · September 24, 2009, 7:01am

thank you Chupaka for helping me

bledar · September 24, 2009, 9:19am

I did PCC gateway load balancing configuration with 3 WAN connections.

I intend to do this configuration too for having max speed from proxy cache to clients, but firstly I need to consult with you.
-Is this wright config that I must add to my router?
-New Mangle rules (these ones that I intend to add), must be upper or downer (who must be executed firstly) PCC rules?

config that I intend to add:
[admin@instaler] > ip proxy pr
enabled: yes
src-address: 0.0.0.0
port: 3128
parent-proxy: 0.0.0.0
parent-proxy-port: 0
cache-drive: system
cache-administrator: “webmaster”
max-cache-size: none
cache-on-disk: yes
maximal-client-connections: 600
maximal-server-connections: 600
max-fresh-time: 3d
serialize-connections: yes
cache-hit-dscp: 4

[admin@instaler] ip firewall nat> pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=WAN1
src-address=192.168.0.0/16 action=masquerade
1 chain=srcnat out-interface=WAN2
src-address=192.168.0.0/16 action=masquerade
2 chain=srcnat out-interface=WAN3
src-address=192.168.0.0/16 action=masquerade
3 chain=dstnat in-interface=lan src-address=192.168.0.0/16
protocol=tcp dst-port=80 action=redirect to-ports=800

/ip firewall mangle

add chain=output out-interface=Local dscp=4 action=mark-packet new-packet-mark=proxy-hit passthrough=no comment=“HIT TRAFFIC FROM PROXY”
add chain=prerouting in-interface=Local src-address=192.168.0.0/16 action=mark-packet new-packet-mark=test-up passthrough=no comment=“UP TRAFFIC”

add chain=forward src-address=192.168.0.0/16 action=mark-connection new-connection-mark=test-conn passthrough=yes comment=“CONN-MARK”
add comment=“DOWN-DIRECT CONNECTION” chain=forward in-interface=WAN1 connection-mark=test-conn action=mark-packet new-packet-mark=test-down passthrough=no
add comment=“DOWN-DIRECT CONNECTION” chain=forward in-interface=WAN2 connection-mark=test-conn action=mark-packet new-packet-mark=test-down passthrough=no
add comment=“DOWN-DIRECT CONNECTION” chain=forward in-interface=WAN3 connection-mark=test-conn action=mark-packet new-packet-mark=test-down passthrough=no
add comment=“DOWN-VIA PROXY” chain=output out-interface=Local dst-address=192.168.0.0/16 action=mark-packet new-packet-mark=test-down passthrough=no

[admin@instaler] > queue tree pr
Flags: X - disabled, I - invalid
0 name=“downstream” parent=Local packet-mark=test-down
limit-at=32000 queue=default priority=8
max-limit=32000 burst-limit=0
burst-threshold=0 burst-time=0s

1 name=“upstream” parent=global-in
packet-mark=test-up limit-at=0
queue=default priority=8
max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0s

Chupaka · September 24, 2009, 9:46am

all this seems okay, but you may want to replace your three “DOWN-DIRECT CONNECTION” rules with one, replacing “in-interface=WAN1” with “out-interface=Local”. and… do you really need connection-marks? =)

p.s. reviewed your queues… why ‘default’? maybe you want to use PCQ to divide traffic equally among users?

bledar · September 24, 2009, 11:59am

I dont know how to do that without connection-marks.
Is this config OK with PCQ? Do I need to set up queue type on Simple Queues and Interface Queues to PCQ_Download or PCQ_Upload?

Thank you again for your help!

/ip firewall mangle

add chain=output out-interface=Local dscp=4 action=mark-packet new-packet-mark=proxy-hit passthrough=no comment=“HIT TRAFFIC FROM PROXY”
add chain=prerouting in-interface=Local src-address=192.168.0.0/16 action=mark-packet new-packet-mark=test-up passthrough=no comment=“UP TRAFFIC”

add chain=forward src-address=192.168.0.0/16 action=mark-connection new-connection-mark=test-conn passthrough=yes comment=“CONN-MARK”
add comment=“DOWN-DIRECT CONNECTION” chain=forward out-interface=Local connection-mark=test-conn action=mark-packet new-packet-mark=test-down passthrough=no
add comment=“DOWN-VIA PROXY” chain=output out-interface=Local dst-address=192.168.0.0/16 action=mark-packet new-packet-mark=test-down passthrough=no

/ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=all passthrough=no

/queue type add name=“PCQ_download” kind=pcq pcq-rate=0 pcq-classifier=dst-address
/queue type add name=“PCQ_upload” kind=pcq pcq-rate=0 pcq-classifier=src-address

/queue tree add parent=global-in queue=PCQ_download packet-mark=all
/queue tree add parent=global-out queue=PCQ_upload packet-mark=all

Chupaka · September 24, 2009, 1:14pm

what’s ‘all’ mark? why have you mixed this?.. you already have ‘test-up’ and ‘test-down’!

bledar · September 24, 2009, 1:55pm

Oh, this one I think is wright

/ip firewall mangle

add chain=output out-interface=Local dscp=4 action=mark-packet new-packet-mark=proxy-hit passthrough=no comment=“HIT TRAFFIC FROM PROXY”
add chain=prerouting in-interface=Local src-address=192.168.0.0/16 action=mark-packet new-packet-mark=test-up passthrough=no comment=“UP TRAFFIC”

add chain=forward src-address=192.168.0.0/16 action=mark-connection new-connection-mark=test-conn passthrough=yes comment=“CONN-MARK”
add comment=“DOWN-DIRECT CONNECTION” chain=forward out-interface=Local connection-mark=test-conn action=mark-packet new-packet-mark=test-down passthrough=no
add comment=“DOWN-VIA PROXY” chain=output out-interface=Local dst-address=192.168.0.0/16 action=mark-packet new-packet-mark=test-down passthrough=no

/queue type add name=“PCQ_download” kind=pcq pcq-rate=0 pcq-classifier=dst-address
/queue type add name=“PCQ_upload” kind=pcq pcq-rate=0 pcq-classifier=src-address

/queue tree add parent=global-in queue=PCQ_download packet-mark=test-down
/queue tree add parent=global-out queue=PCQ_upload packet-mark=test-up

But do I need to set up queue type on Simple Queues and Interface Queues to PCQ_Download or PCQ_Upload?

Chupaka · September 24, 2009, 6:10pm

well, I’d better use this

/ip firewall mangle

add chain=output out-interface=Local dscp=4 action=mark-packet new-packet-mark=proxy-hit passthrough=no comment=“HIT TRAFFIC FROM PROXY”
add chain=prerouting in-interface=Local ~~> src-address=192.168.0.0/16>~~ action=mark-packet new-packet-mark=test-up passthrough=no comment=“UP TRAFFIC”

~~> add chain=forward src-address=192.168.0.0/16 action=mark-connection new-connection-mark=test-conn passthrough=yes comment=“CONN-MARK”>~~
add comment=“DOWN-DIRECT CONNECTION” chain=forward out-interface=Local ~~> connection-mark=test-conn>~~ action=mark-packet new-packet-mark=test-down passthrough=no
add comment=“DOWN-VIA PROXY” chain=output out-interface=Local ~~> dst-address=192.168.0.0/16>~~ action=mark-packet new-packet-mark=test-down passthrough=no

/queue type add name=“PCQ_download” kind=pcq pcq-rate=0 pcq-classifier=dst-address
/queue type add name=“PCQ_upload” kind=pcq pcq-rate=0 pcq-classifier=src-address

/queue tree add parent=global-> out > queue=PCQ_download packet-mark=test-down
/queue tree add parent=global-> in > queue=PCQ_upload packet-mark=test-up[/color]

about what simple queues you are asking?..

bledar · September 25, 2009, 8:25am

I asked for this queue simple:
'default' or 'PCQ'
[admin@MikroTik] /queue simple> pr
Flags: X - disabled, I - invalid, D - dynamic
0 name="conn 1" target-addresses=192.168.1.101/32 dst-address=0.0.0.0/0
interface=Local parent=none direction=both priority=5
queue=default/default limit-at=200k/200k max-limit=500k/500k
burst-limit=1500k/1500k burst-threshold=400k/400k burst-time=10s/10s
total-queue=default

and for queue interface

I must put 'default' or PCQ

[admin@MikroTik] /queue interface> pr
Flags: D - dynamic

INTERFACE QUEUE

0 Local default
1 spare default
2 WAN1 default
3 WAN 2 default
4 WAn 3 default
5 Public4 default
6 WAN2 default
7 WAN3 default

Thank you.

Chupaka · September 25, 2009, 6:28pm

don’t touch interface queue type.

what is that simple queue for? use either simple queues or queue tree, especially if you don’t know how they work simultaneously

bledar · September 26, 2009, 3:17pm

I use simple queue for having more bandwidth for an period of time (ex. 10s).
But on my configuration queue simple rules seems that does not work properly.
Please, what I must change for making them to work?

queue config:

[admin@MikroTik] /queue tree> pr
Flags: X - disabled, I - invalid
0 name="queue1" parent=global-out packet-mark=test-down limit-at=0
queue=PCQ_download priority=8 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s

1 name="queue2" parent=global-in packet-mark=test-up limit-at=0
queue=PCQ_upload priority=8 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s

[admin@MikroTik] > queue interface pr
Flags: D - dynamic

INTERFACE QUEUE

0 Local default
1 spare default
2 WAN1 ethernet-default
3 WAN-eth 2 ethernet-default
4 WAN-eth 3 ethernet-default
5 Public4 default
6 WAN2 default
7 WAN3 default

[admin@MikroTik] > queue type pr
0 name="default" kind=pfifo pfifo-limit=50

1 name="ethernet-default" kind=pfifo pfifo-limit=50

2 name="wireless-default" kind=sfq sfq-perturb=5 sfq-allot=1514

3 name="synchronous-default" kind=red red-limit=60 red-min-threshold=10
red-max-threshold=50 red-burst=20 red-avg-packet=1000

4 name="hotspot-default" kind=sfq sfq-perturb=5 sfq-allot=1514

5 name="PCQ_download" kind=pcq pcq-rate=0 pcq-limit=50
pcq-classifier=dst-address pcq-total-limit=3500

6 name="PCQ_upload" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address
pcq-total-limit=3500

7 name="default-small" kind=pfifo pfifo-limit=10

[admin@MikroTik] > queue simple pr
Flags: X - disabled, I - invalid, D - dynamic
0 name="Komp 1" target-addresses=192.168.12.101/32 dst-address=0.0.0.0/0
interface=Local parent=none direction=both priority=5
queue=default/default limit-at=200k/200k max-limit=500k/500k
burst-limit=1500k/1500k burst-threshold=400k/400k burst-time=10s/10s
total-queue=default

1 name="Komp 2" target-addresses=192.168.12.102/32 dst-address=0.0.0.0/0
interface=Local parent=none direction=both priority=5
queue=default/default limit-at=200k/200k max-limit=500k/500k
burst-limit=1500k/1500k burst-threshold=400k/400k burst-time=10s/10s
total-queue=default

2 name="Komp 3" target-addresses=192.168.12.103/32 dst-address=0.0.0.0/0
interface=Local parent=none direction=both priority=5
queue=default/default limit-at=200k/200k max-limit=500k/500k
burst-limit=1500k/1500k burst-threshold=400k/400k burst-time=10s/10s
total-queue=default

Thank you for your help!

Chupaka · September 26, 2009, 8:56pm

just