Help with load balancing setup (dynamic addresses)

robertmena · June 26, 2010, 1:43pm

Hi,

I have the following scenario:

1 RB750G Router OS 3.31
4 DSL/Cable connections with dynamic IP addresses
1 LAN (fixed IP address)

I’d like to load balance those four links (they all have the same speed).

So far I’ve done this /the default conf:

add add-default-route=yes comment=“default configuration” default-route-distance=0 disabled=no interface=ether1-gateway use-peer-dns=yes
use-peer-ntp=yes
add add-default-route=yes comment=“” default-route-distance=0 disabled=no interface=ether3-gateway use-peer-dns=yes use-peer-ntp=yes
add add-default-route=yes comment=“” default-route-distance=0 disabled=no interface=ether4-gateway use-peer-dns=yes use-peer-ntp=yes
add add-default-route=yes comment=“” default-route-distance=0 disabled=no interface=ether5-gateway use-peer-dns=yes use-peer-ntp=yes

add action=masquerade chain=srcnat comment=“default configuration” disabled=no out-interface=ether1-gateway

I’ve read the PCC manual (http://wiki.mikrotik.com/wiki/PCC) but got some questions. The first of all is what do I have to change in those commands in order to use the dynamic address instead of the ip (which is dynamic)?

Pre routing

In the PCC we have

add chain=prerouting dst-address=10.111.0.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=10.112.0.0/24 action=accept in-interface=Local

In the pcc those are the network addresses of the “point-to-point” connection. In my case I don’t know that (and they will change over time anyway).

Q - What do I have to use instead of dst-address?

Default routing

In the PCC we have

add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:2/0
action=mark-connection new-connection-mark=wlan1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:2/1
action=mark-connection new-connection-mark=wlan2_conn passthrough=yes

Q - Is this local (lowercase) a keyword?
Q - Since I am going to have 4 wans do I just copy the lines (with the changes to the wlan2_conn (mark) being replaced with the other 2 wans? What do I put in the per-connection-classifier=both-addresses:2/0 ? Do I use 4/0 4/1 4/2 4/3 ?

Outgoing route

In the PCC we have

/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 routing-mark=to_wlan1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 routing-mark=to_wlan2 check-gateway=ping

Q - In my case do I replace the gateway with what?

check gateway

In the pcc we have

add dst-address=0.0.0.0/0 gateway=10.111.0.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 distance=2 check-gateway=ping

Q - What do I put instead of the gateway address?

Regards.

greencomputing · June 28, 2010, 9:29pm

that interesting question . whenever some one will address your local dynamic ip got on local ppoed end, there is a flag that will exclude that
it’s marked with mangle rule : on all mangle you have dst-address-type=!local . this means that everything sent to local address belonging to the router will not fall in this marking rules. I see that on the PCC wiki a more specific case is shown where you ave also a specific accept rule to use .
without it in case of pppoe (with dynamic ips) it’s working for my configuration using 4.10RoS just becasue mangle is avoided by dst-address-type!=local . no mngle action will be taken and the packet will be routed follwoing canonical ip routing.

\

yes local is a literal with the meaning that the address is a local router address. let’s say if on that interface you have ip 172.22.25.4 and the network is a /24 , so you should consider local everything directed to 172.22.25.0/24 (it make no sense to force a routing trough other route or worstly … generate a loop!)

About pcc classifier I suggest you to not use both addresses but just src ip address (avoiding that site restriction checks on src ip will generate failure on you web browsing). About numeric ratios to use 4/0 4/1 4/2 4/3 items.

3)
For this just set as default gateway the route trough the PPP link. for example if one pppoe link established is pppoe-interface-A and you wan use as one of default gatew just write down :

/ ip route
add dst-address=0.0.0.0/0 gateway=pppoe-inteface-A routing-mark=to_wlan1 check-gateway=ping
and if you have pppoe-intefrface-B link just add another rule like the previous with the new gateway the name of the second interface.

4) exactly like the 3) without mangle mark and using diffferen preferences

Hoping it will help you!!!

For gururs on the forum, please let us know understand this :

add chain=prerouting dst-address=10.111.0.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=10.112.0.0/24 action=accept in-interface=Local
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:2/0
action=mark-connection new-connection-mark=wlan1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:2/1
action=mark-connection new-connection-mark=wlan2_conn passthrough=yes

becasue we specify dst-address-type=!local , why it’s needed the accept action rule before them? I I personally had to add it in the past for static ip addresses because without it a loop was generated ) . now using 4.10 (and pppoe link) it is not required : why ?

ciao

Chupaka · July 3, 2010, 4:51pm

greencomputing:

For gururs on the forum, please let us know understand this :

add chain=prerouting dst-address=10.111.0.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=10.112.0.0/24 action=accept in-interface=Local
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:2/0
action=mark-connection new-connection-mark=wlan1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:2/1
action=mark-connection new-connection-mark=wlan2_conn passthrough=yes

becasue we specify dst-address-type=!local , why it’s needed the accept action rule before them? I I personally had to add it in the past for static ip addresses because without it a loop was generated ) . now using 4.10 (and pppoe link) it is not required : why ?

ciao

in that example, 10.11?.0.0/24 is your local network, and by those rules you do not route to the Internet all packets from 10.111.0.0/24 to 10.112.0.0/24 and vice versa

greencomputing · July 4, 2010, 11:23am

the example was quite self evident… you are answring on something alredy clear .

the main question is as already asked : if we use the dst-address-type!=local , why we need to specify also local routes? my question was exactly on all the other scenarios excpet what you emntion (the only alread really clear)…

Chupaka · July 4, 2010, 12:28pm

by “local routes” you mean “in-interface=Local” in third rule?..

greencomputing · July 7, 2010, 5:37am

Ciao
exactly I mean that rules. I’m thinking this : while I exclude local rules to be catched by routing marking using the extra parameter dst-address-type != local, why I need to add also something like :
add chain=prerouting dst-address=X.Y.Z.L/24 action=accept in-interface=Local ?

where X.Y.Z.L/24 is a net direcltly connected by means of router interfaces?

Chupaka · July 7, 2010, 10:15am

I see… “dst-address-type=local” means “addresses, that the router owns”. i.e. if you added “192.168.0.1/24” address to the router, only 192.168.0.1 is local, and 192.168.2-254 are just unicast addresses (and are not local ones)