Load Balancing Challenge

djshaunvt · August 16, 2020, 5:34pm

Load Balancing 2 WAN connections (PCC)

Good day I wonder if anyone can help me out here.

I have a cloudcore with one Fiber WAN link for website access of remote clients and 2 other LTE connections.

The LTE connections (Rain 1 and Rain 2) have been setup to be load balanced via PCC and are working well.

My challenge however is that the data package we are on is unavailable from 18:00 till 23:00 and then I would like the load balancing to only make use RAIN 2 connection until 23:00 when the line comes back on…

Initially i had a challenge where pinging the gateway for fail over dint work as obviously the cloudcore couldn’t detect the LTE was done as its gateway was the actual router IP so some users would successfully get to a webpage and some would get the RAIN network is offline screen.

I sorted that out by using recursive routes and the cloudcore now detects the RAIN 1 connection is down when it cant ping the public IP i have specified and the route turns blue and is disabled.

My next challenge is that when RAIN 1 goes down from 18:00 the load balancing takes place over the Fiber and RAIN 2 connection which I dont want.

Below is the routing config if that helps

The load balancing setup although not the same routing mark names is setup from this example below:

Any ideas to solve this i would be very thankful.

Regards

Shaun

/ip address
add address=192.168.0.1/24 interface=LAN
add address=172.16.0.1/24 interface=DMZ
add address=10.111.0.2/24 interface=ISP1
add address=10.112.0.2/24 interface=ISP2

/ip firewall address-list
add list=local-networks address=10.111.0.0/24
add list=local-networks address=10.112.0.0/24
add list=local-networks address=192.168.0.0/24
add list=local-networks address=172.16.0.0/24

/ip firewall mangle
add chain=prerouting src-address-list=local-networks
dst-address-list=local-networks action=accept

------------------------------------ 1 -----------------------------------------------

add chain=prerouting in-interface=ISP1 connection-mark=no-mark
action=mark-connection new-connection-mark=ISP1_conn

add chain=prerouting in-interface=ISP2 connection-mark=no-mark
action=mark-connection new-connection-mark=ISP2_conn

------------------------------------ 2 ------------------------------------------------

add chain=prerouting in-interface=LAN connection-mark=no-mark
dst-address-type=!local per-connection-classifier=both-addresses:2/0
action=mark-connection new-connection-mark=ISP1_conn

add chain=prerouting in-interface=LAN connection-mark=no-mark
dst-address-type=!local per-connection-classifier=both-addresses:2/1
action=mark-connection new-connection-mark=ISP2_conn

add chain=prerouting in-interface=DMZ connection-mark=no-mark
dst-address-type=!local per-connection-classifier=both-addresses:2/0
action=mark-connection new-connection-mark=ISP1_conn

add chain=prerouting in-interface=DMZ connection-mark=no-mark
dst-address-type=!local per-connection-classifier=both-addresses:2/1
action=mark-connection new-connection-mark=ISP2_conn

------------------------------------- 3 ------------------------------------------------

add chain=prerouting connection-mark=ISP1_conn in-interface=LAN
action=mark-routing new-routing-mark=to_ISP1

add chain=prerouting connection-mark=ISP2_conn in-interface=LAN
action=mark-routing new-routing-mark=to_ISP2

add chain=prerouting connection-mark=ISP1_conn in-interface=DMZ
action=mark-routing new-routing-mark=to_ISP1

add chain=prerouting connection-mark=ISP2_conn in-interface=DMZ
action=mark-routing new-routing-mark=to_ISP2

--------------------------------------- 4 -----------------------------------------------------

add chain=output connection-mark=ISP1_conn action=mark-routing
new-routing-mark=to_ISP1

add chain=output connection-mark=ISP2_conn action=mark-routing
new-routing-mark=to_ISP2

/ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 routing-mark=to_ISP1
check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 routing-mark=to_ISP2
check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.111.0.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 distance=2 check-gateway=ping

/ip firewall nat
add chain=srcnat out-interface=ISP1 action=masquerade
add chain=srcnat out-interface=ISP2 action=masquerade

CZFan · August 16, 2020, 6:55pm

LTE is still available between 18:00 - 23:00, but will cost more as those hours are outside the “package” deal.

So the only way to do what you want will need to be done by making use of scrips

djshaunvt · August 16, 2020, 7:01pm

Thanks for your reply.

The question I am asking with the current load balancing scenario is there a way to NOT include the fiber line in the load balancing when the one LTE connection goes down.

Running on only RAIN 2 (LTE Connection) ONLY is what i require during 18:00 till 23:00… I dont want the fiber line to be including in the load balancing during 18:00 till 23:00

I also cant disable the fiber line because i have clients accessing web sites over that line..

CZFan · August 16, 2020, 9:05pm

Yes, if your failover is configured correctly, it will not use the fiber as part of the LB