Load balancing problem

nightstar · December 30, 2008, 8:59am

Hi! i want to do load balancing between two links.

They have different static public IP addresses and gateways,and i want to masquerade them in the end.

I used guide from the wiki mikrotik “load balancing with two diferrent gateways” or something like that but nothing, it is writen for the version 2.9.x, and some commands doesn’t work (nth 1,1,1) maybe that is the problem?

I use RouterOS version 3.16

Best regards!

Happy new year!

mrz · December 30, 2008, 9:06am

http://wiki.mikrotik.com/wiki/NTH_in_RouterOS_3.x

nightstar · December 30, 2008, 9:25pm

This is my config:

add address=XXX.ZZZ.22.179/24 broadcast=XXX.ZZZ.22.255 comment=“” disabled=no
interface=eth-link1 network=ZZZ.XXX.22.0
add address=172.31.1.23/16 broadcast=172.31.255.255 comment=“” disabled=no
interface=eth-private network=172.31.0.0
add address=XXX.ZZZ.113.3/24 broadcast=XXX.ZZZ.113.255 comment=“” disabled=no
interface=eth-link2 network=XXX.ZZZ.113.0

dst-address=0.0.0.0/0 gateway=XXX.ZZZ.113.1 routing-mark=even scope=30 target-scope=10
add comment=“” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=XXX.ZZZ.22.1 routing-mark=odd scope=30 target-scope=10
##add comment=“” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=XXX.ZZZ.22.1 scope=30 target-scope=10

/ip firewall mangle
add action=mark-connection chain=prerouting comment=“” connection-state=new
disabled=no in-interface=eth-private new-connection-mark=odd nth=2,1
passthrough=yes
add action=mark-routing chain=prerouting comment=“” connection-mark=odd disabled=
no in-interface=eth-private new-routing-mark=odd passthrough=no
add action=mark-connection chain=prerouting comment=“” connection-state=new
disabled=no in-interface=eth-private new-connection-mark=even nth=2,1
passthrough=yes
add action=mark-routing chain=prerouting comment=“” connection-mark=even
disabled=no in-interface=eth-private new-routing-mark=even passthrough=no

/ip firewall nat
add action=src-nat chain=srcnat comment=“” connection-mark=odd disabled=no protocol=tcp to-addresses=XXX.ZZZ.22.179 to-ports=0-65535
add action=src-nat chain=srcnat comment=“” connection-mark=even disabled=no protocol=tcp to-addresses=XXX.ZZZ.113.3 to-ports=0-65535
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=eth-link1
add action=masquerade chain=srcnat comment=“” disabled=no out-interface=eth-link2

It’s working only if i enable gateway that doesn’t have routing mark ##

i’m using Routeros 3.16, this is written for 2.9.X, it is article from wiki mikrotik.

Best regards!

mrz · January 2, 2009, 7:01am

Have read what was in the link I provided in previous post?

In v3.x you need

/ip firewall mangle
add action=mark-connection chain=prerouting connection-state=new \
in-interface=eth-private new-connection-mark=odd nth=2,1 \
passthrough=yes

add action=mark-connection chain=prerouting connection-state=new \
in-interface=eth-private new-connection-mark=even  \
passthrough=yes connection-mark=!odd

nightstar · January 6, 2009, 12:57am

mrz:

Have read what was in the link I provided in previous post?

In v3.x you need

/ip firewall mangle
add action=mark-connection chain=prerouting connection-state=new \
in-interface=eth-private new-connection-mark=odd nth=2,1 \
passthrough=yes

add action=mark-connection chain=prerouting connection-state=new \
in-interface=eth-private new-connection-mark=even  \
passthrough=yes connection-mark=!odd

Yes i readed the link, but i didn’t understand it very much, anyway i change it to what you said, but stil nothing! second link is not creating any traffic, the counters in routing and connection marks is increasing but there is no internet! something is not ok with configuration, but i can’t find it
PLEASE HELP!

Thanks in advance!

nightstar · January 7, 2009, 11:14pm

Help?

nightstar · January 8, 2009, 1:13pm

Ok, i tried to search the forum from the beggining, i tried something like this: http://forum.mikrotik.com/t/cant-do-the-load-balancing-in-3-0/15298/1 Mr. Gmeyer guide,
but nothing…still the same thing: traffic is always going through the one gateway that doesn’t have routing mark, if i disable this static route, there is no internet at all!

Yes i know that this problem is maybe already answered and solved for a hundreds time, but i can’t find the answer, please point me to some link where i can find answer.

Mary Christmass!

galaxynet · January 30, 2009, 7:28pm

/interfaces
add address=XXX.ZZZ.22.179/24 broadcast=XXX.ZZZ.22.255 comment=“” disabled=no
interface=eth-link1 network=ZZZ.XXX.22.0

add address=172.31.1.23/16 broadcast=172.31.255.255 comment=“” disabled=no
interface=eth-private network=172.31.0.0

add address=XXX.ZZZ.113.3/24 broadcast=XXX.ZZZ.113.255 comment=“” disabled=no
interface=eth-link2 network=XXX.ZZZ.113.0

I am assuming here that the below came about as a result of; export /ip route

src-addr=0.0.0.0/0 dst-address=0.0.0.0/0 gateway=XXX.ZZZ.113.1 routing-mark=even scope=30 target-scope=10
This should be your ‘default’ route - when ‘nothing’ matches this will - so remove the routing mark.

No idea where you got these two from…
add comment=“” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=XXX.ZZZ.22.1 routing-mark=odd scope=30 target-scope=10

##add comment=“” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=XXX.ZZZ.22.1 scope=30 target-scope=10

There should be routing tables, /ip route rules
They should look something like this…

dst-addr=0.0.0.0/0 routing-mark=odd action=lookup table=odd
dst-addr=0.0.0.0/0 routing-mark=even action=lookup table=even

Last rule is the ‘default’, if nothing above matches then go ‘here’ -
dst-addr=0.0.0.0/0 action=lookup table=main

The two routing tables should read;

even
dst-addr=0.0.0.0/0 gateway=XXX.ZZZ.113.1

odd
dst-addr=0.0.0.0/0 gateway=XXX.ZZZ.22.1 (I am guess that 22.1 is the actual gateway for that network)

/ip firewall mangle - should be in the following order;
add action=mark-connection chain=prerouting comment=“” connection-state=new
disabled=no in-interface=eth-private new-connection-mark=odd nth=2,1
passthrough=yes

add action=mark-connection chain=prerouting comment=“” connection-state=new
disabled=no in-interface=eth-private new-connection-mark=even nth=2,1
passthrough=yes
remove the nth=2,1 for this rule

add action=mark-routing chain=prerouting comment=“” connection-mark=odd disabled=
no in-interface=eth-private new-routing-mark=odd passthrough=no

add action=mark-routing chain=prerouting comment=“” connection-mark=even
disabled=no in-interface=eth-private new-routing-mark=even passthrough=no

/ip firewall nat
add action=src-nat chain=srcnat comment=“” connection-mark=odd disabled=no protocol=tcp to-addresses=XXX.ZZZ.22.179 to-ports=0-65535

add action=src-nat chain=srcnat comment=“” connection-mark=even disabled=no protocol=tcp to-addresses=XXX.ZZZ.113.3 to-ports=0-65535
These two rules above ONLY src-nat TCP connections - you need to also do UDP connections (DNS is UDP that must be allowed…) or you remove these two rules and modify the rules below to include the connection mark odd/even

add action=masquerade chain=srcnat comment=“” disabled=no out-interface=eth-link1

add action=masquerade chain=srcnat comment=“” disabled=no out-interface=eth-link2

R/

Thom

MasterofDisaster · January 31, 2009, 8:18am

I used the tutorial for v2… and I only changed the nth for the first rule to nth=2,1 and for the second rule to nth=2,2
It works!