HOWTO: Dual WAN PCC with Dynamic IP from same ISP

RouterOS General
1

Hi guys,

I knew it was being discussed but I wanted to know how do I achieve this.

My ISP provides an ONR (Optical Network Router), it has 4 port, LAN1 for Internet and LAN2 for Network TV.

Currently the LAN1 is connected to my Mikrotik CHR and LAN2 is connected to my Ubiquiti USG. Both of them obtained different WAN public IP by the same ISP.

I tested both of them able to access internet, I did connect the LAN2 to my USG and configured load balance, it is working well but the speed doesn’t double up, i guess for USG it is simpleload balancing but not “stacking”.

I did some research on MikroTik and believe it can be achieved with PCC.

My WAN interfaces are named “Port 1 - WAN1” and “Port 2 - WAN2” and my LAN interface is named as “Port 5 - LAN”.

I seeking for help from anyone who can review my setting, and how do i update the “Destination Address in Mangle” and “Gateway in Routes” when the “Public IP or Gateway IP” changes
?

I refer to this post http://forum.mikrotik.com/t/howto-dual-wan-pcc-with-dynamic-ip/101969/1 the author does provide a script, how do i amend it to fit my case?

From what i self study so far, i have to create a script in “Scripts” and then use the “Scheduler” to make it runs every 5 minutes so that it will update the Destination Address and Routes when the Public IP changes.

Please let me know if my idea is feasible, open discussion and I thank you everyone for helping.

# Dynamic IP Updater by David Joyce

:local wan0name "wan0";
:local wan1name "wan1";
:global wan0address;
:global wan1address;

:local wan0ip [/ip dhcp-client get [find interface="$wan0name"] value-name=address];
:if ($wan0address != $wan0ip) do={
	:global wan0address [:pick $wan0ip 0 [:find $wan0ip "/"]];
	:local wan0gateway [/ip dhcp-client get  [find interface="$wan0name"] value-name=gateway];
	:local wan0temp [/ip address get [find interface="$wan0name"] value-name=network ]
	:local wan0subnet ($wan0temp . "/" . [:pick $wan0ip ([:find $wan0ip "/"]+1) [:len $wan0ip] ] )
	/ip route set [find comment="wan0"] gateway=$wan0gateway;
	/ip firewall address-list set [find comment="wan0"] address=$wan0subnet;
}

:local wan1ip [/ip dhcp-client get [find interface="$wan1name"] value-name=address];
:if ($wan1address != $wan1ip) do={
	:global wan1address [:pick $wan1ip 0 [:find $wan1ip "/"]];
	:local wan1gateway [/ip dhcp-client get  [find interface="$wan1name"] value-name=gateway];
	:local wan1temp [/ip address get [find interface="$wan1name"] value-name=network ]
	:local wan1subnet ($wan1temp . "/" . [:pick $wan1ip ([:find $wan1ip "/"]+1) [:len $wan1ip] ] )
	/ip route set [find comment="wan1"] gateway=$wan1gateway;
	/ip firewall address-list set [find comment="wan1"] address=$wan1subnet;
}

Below my configuration

# jul/21/2020 07:22:49 by RouterOS 6.45.9
# software id = 
#
#
#
/interface ethernet
set [ find default-name=ether2 ] disable-running-check=no name=\
    "Port 1 - WAN1"
set [ find default-name=ether3 ] disable-running-check=no name=\
    "Port 2 - WAN2"
set [ find default-name=ether4 ] disable-running-check=no name="Port 5 - LAN"
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pool ranges=192.168.8.201-192.168.8.210
/ip dhcp-server
add address-pool=pool interface="Port 5 - LAN" name="DHCP Server"
/interface bridge port
add disabled=yes interface="Port 2 - WAN2"
add interface="Port 1 - WAN1"
/interface list member
add interface="Port 1 - WAN1" list=WAN
add interface="Port 5 - LAN" list=LAN
add interface="Port 2 - WAN2" list=WAN
/ip address
add address=192.168.8.6/24 interface="Port 5 - LAN" network=192.168.8.0
/ip dhcp-client
add dhcp-options=clientid,hostname disabled=no interface="Port 1 - WAN1" \
    use-peer-dns=no
add dhcp-options=clientid,hostname disabled=no interface="Port 2 - WAN2" \
    use-peer-dns=no
/ip dhcp-server network
add address=192.168.8.0/24 dns-server=192.168.8.6 gateway=192.168.8.18 \
    netmask=24
/ip dns
set allow-remote-requests=yes servers=192.168.8.18
/ip firewall mangle
add action=accept chain=prerouting disabled=yes dst-address=10.1.1.0/30 \
    in-interface="Port 5 - LAN"
add action=accept chain=prerouting disabled=yes dst-address=20.1.1.0/30 \
    in-interface="Port 5 - LAN"
add action=mark-connection chain=input comment=INOUT1 disabled=yes \
    in-interface="Port 1 - WAN1" new-connection-mark=WAN1_conn passthrough=\
    yes
add action=mark-routing chain=output connection-mark=WAN1_conn disabled=yes \
    new-routing-mark=to_WAN1 passthrough=yes
add action=mark-connection chain=input comment=INOUT2 disabled=yes \
    in-interface="Port 2 - WAN2" new-connection-mark=WAN2_conn passthrough=no
add action=mark-routing chain=output connection-mark=WAN2_conn disabled=yes \
    new-routing-mark=to_WAN2 passthrough=yes
add action=mark-connection chain=prerouting comment=PCC1 connection-mark=\
    no-mark disabled=yes dst-address-type=!local in-interface="Port 5 - LAN" \
    new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=\
    both-addresses:2/0
add action=mark-routing chain=prerouting connection-mark=WAN1_conn disabled=\
    yes in-interface="Port 5 - LAN" new-routing-mark=to_WAN1 passthrough=yes
add action=mark-connection chain=prerouting comment=PCC2 connection-mark=\
    no-mark disabled=yes dst-address-type=!local in-interface="Port 5 - LAN" \
    new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=\
    both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn disabled=\
    yes in-interface="Port 5 - LAN" new-routing-mark=to_WAN2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat
add action=masquerade chain=srcnat out-interface="Port 1 - WAN1" \
    out-interface-list=WAN
add action=masquerade chain=srcnat out-interface="Port 2 - WAN2" \
    out-interface-list=WAN
/ip route
add check-gateway=ping distance=1 gateway="Port 1 - WAN1" routing-mark=\
    to_WAN1
add check-gateway=ping distance=1 gateway="Port 2 - WAN2" routing-mark=\
    to_WAN2
add distance=1 gateway="Port 1 - WAN1"
add distance=2 gateway="Port 2 - WAN2"
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set www-ssl certificate=fullchain.pem_0 disabled=no
/ip upnp
set allow-disable-external-interface=yes enabled=yes
/ip upnp interfaces
add interface="Port 1 - WAN1" type=internal
add interface="Port 2 - WAN2" type=external
/system clock
set time-zone-name=Asia/Singapore
/system package update
set channel=long-term
2

Hello I’m very new around here but I thought I’d share my approach with dhcp scripts. I don’t like the periodic script approach because there’s a possibility that you find out before the script does. This dhcp hook script approach better follows the dynamic IP’s lifecycle.

{
    /log/info message="starting dhcp script on wan0"
    :local rmark "to_wan0"
    :local count [/ip route print count-only where comment="pcc-wan0"]
    :if ($bound=1) do={
        :if ($count = 0) do={
            /log/info message="starting dhcp add routes for wan0";
            /ip route add gateway=$"gateway-address" distance=50 comment="pcc-wan0" routing-table=$rmark;            
            /ip route add gateway=$"gateway-address" distance=100 comment="ppp-default-wan0";
            /log/info message="finished dhcp add routes on wan0";
        } else={
            :if ($count = 1) do={
                :local test [/ip route find where comment="pcc-wan0"]
                :if ([/ip route get $test gateway] != $"gateway-address") do={
                    /ip route set $test gateway=$"gateway-address"
                }          
            } else={ 
                :error "Multiple routes found"         
            }
        }
    } else={
        /log/info message="start removing dhcp routes on wan0";
        /ip route remove [find comment="pcc-wan0"];
        /ip route remove [find comment="ppp-default-wan0"];
        /log/info message="finished removing dhcp routes on wan0";
    }
    /log/info message="finishing dhcp script on wan0"
}

So this appears to work in at least works in the basic up/down direction:
Why 2 routes ? We’re updating 2 different routing tables.
Whats with all the logging ? If any of the dhcp script fails for any reason it appears to be completely silent.
Question do my find commands work across routing tables? It appears to, but this is not verified carefully.

3

You talk about two public IPs you get from the ONR.

So the first question is - does the ISP shape the traffic (limit bandwidth) per IP address or per physical link?

Second, even if you had two independent WAN uplinks (from different ISPs), a single connection can only use one of the WAN uplinks (unless you have public IPs in your LAN, or unless you’ve got another router somewhere in the cloud which will do the NAT and your home router would set up tunnels to this cloud router via the WANs).

And PCC cannot change anything about it, it is just a way how to distribute the whole connections among the WANs.

So if you use a multi-connection bandwidth test, you should get the aggregate bandwidth if the ISP limits bandwidth per public IP and not per ONR. With a single-connection bandwidth test, you’ll always get just the bandwidth of a single connection.

4

I am interested any speed test with a PC directly connected to both ONT ports, separately then run simultaneously.
I am curious to see if you have ONE PIPE for volume or two pipes.

For example do you have a single pool of 200 which all is available to internet and they cap the TV to 100 (shared)
Individual test 200/200 internet, 100/100 TV.
Simultaneous test 150/150 internet 50/50 TV.
Note: if no cap then each would show 200/200 and if run test at the same time more like 100/100 each

For example do you have a single pool of 300 distributed hard coded 200 to internet, 100 to TV (which is the same as separate pools as one wouldnt know the difference)>
In which case the tests will always show 200/200 and 100/100 regardless.


In any case, what your asking for is bonding which is very expensive and has to be supported by the ISP.