Hi, I’m currently configuring my router - CCR1009 for the so popular Dual WAN with Failover using PCC. I’m using multiple VLANs. Here’s my configuration:
/ip firewall mangle
add action=mark-connection chain=input in-interface=ether1
new-connection-mark=WAN1-conn
add action=mark-connection chain=input in-interface=ether2
new-connection-mark=WAN2-conn
add action=mark-routing chain=output connection-mark=WAN1-conn
new-routing-mark=route_to_ISP1
add action=mark-routing chain=output connection-mark=WAN2-conn
new-routing-mark=route_to_ISP2
add chain=prerouting dst-address=networkISP1/30 in-interface=LAN-bridge
add chain=prerouting dst-address=netowrkISP2/27 in-interface=LAN-bridge
add chain=prerouting dst-address=networkISP1/30 in-interface=AP
add chain=prerouting dst-address=netowrkISP2/27 in-interface=AP
add chain=prerouting dst-address=networkISP1/30 in-interface=Work1
add chain=prerouting dst-address=netowrkISP2/27 in-interface=Work1
add action=mark-connection chain=prerouting dst-address-type=!local
in-interface=LAN-bridge new-connection-mark=WAN1-conn
per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting dst-address-type=!local
in-interface=LAN-bridge new-connection-mark=WAN2-conn
per-connection-classifier=both-addresses:2/1
add action=mark-connection chain=prerouting dst-address-type=!local
in-interface=AP new-connection-mark=WAN1-conn
per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting dst-address-type=!local
in-interface=AP new-connection-mark=WAN2-conn
per-connection-classifier=both-addresses:2/1
add action=mark-connection chain=prerouting dst-address-type=!local
in-interface=Work1 new-connection-mark=WAN1-conn
per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting dst-address-type=!local
in-interface=Work1 new-connection-mark=WAN2-conn
per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1-conn
in-interface=LAN-bridge new-routing-mark=route_to_ISP1
add action=mark-routing chain=prerouting connection-mark=WAN2-conn
in-interface=LAN-bridge new-routing-mark=route_to_ISP2
add action=mark-routing chain=prerouting connection-mark=WAN1-conn
in-interface=AP new-routing-mark=route_to_ISP1
add action=mark-routing chain=prerouting connection-mark=WAN2-conn
in-interface=AP new-routing-mark=route_to_ISP2
add action=mark-routing chain=prerouting connection-mark=WAN1-conn
in-interface=Work1 new-routing-mark=route_to_ISP1
add action=mark-routing chain=prerouting connection-mark=WAN2-conn
in-interface=Work1 new-routing-mark=route_to_ISP2
All got passthrough=yes, but I’m not sure is this OK? First problem is that classifier is both-addresses, but connections from one device doesn’t go through the same gateway everytime. I’m thinking of this configuration
add action=mark-connection chain=prerouting dst-address-type=!local
in-interface=LAN-bridge new-connection-mark=WAN1-conn
per-connection-classifier=both-addresses:2/0 passthrough=yes
add action=mark-connection chain=prerouting dst-address-type=!local
in-interface=LAN-bridge new-connection-mark=WAN2-conn
per-connection-classifier=both-addresses:2/1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN1-conn
in-interface=LAN-bridge new-routing-mark=route_to_ISP1 passthrough=no
add action=mark-routing chain=prerouting connection-mark=WAN2-conn
in-interface=LAN-bridge new-routing-mark=route_to_ISP2 passthrough=no
For the DNS I’m using openDNS addresses 208.67.220.220 and every PC receives them and queries directly these servers. So, for over 100 clients which I got how much I must configure the TTL and cache and start the DNS server on the router for faster query? Thank you.