Load balancing question

unridaz · December 21, 2013, 12:22am

Hello,

I have setup two VPN tunnels using a VPN appliance which are on my LAN at 10.4.0.3 and 10.4.0.4.

These tunnels terminate to appliances on the other side, and are also in the same LAN at 10.1.100.3 and 10.1.100.4.

What I would like to do is add a routerboard device in front of the VPN appliances at say 10.4.0.2 and 10.1.100.2 respectively, which will load balance connections which try to use the VPN tunnels.

At first I had this setup using ‘Nth’ and counting packets as 2,1 and 2,2. This worked rather well for pinging, but when I tried to use an actual application like RDP or something else, it was switching routes too fast for communication to be established.

Is there another method of loadbalancing that may be better suited for my design?

I think what I need help with is marking packets properly with Mangle. I’d really love to just do the marking on one side, and then pickup those marks on the other side… is this possible?

Thanks!

noib · December 23, 2013, 10:28pm

Did you try bonding your links ?
http://wiki.mikrotik.com/wiki/Bonding

aaronhun22 · December 23, 2013, 11:25pm

You can only use the Nth rule in routing when marking new connections because all packets need to have the correct source address when responding.

nerdtron · December 26, 2013, 8:21am

You can’t use a vpn channel on constantly changing/switching connection unless you have a way to have the same source address when you switch connection. So either you setup a failover setup or if you have two links, you can have one vpn tunnel each.