Load Balancing

yaikun94 · April 15, 2016, 9:02am

Hi guys,
I want to ask the difference between these 2 config.
My topology is simple. My router received 2 IP, i has config each ip bandwidth is 5mb to test.
The first one is:

/ip address
add address=30.0.0.1/24 network=30.0.0.0 interface=bridge-local
add address=172.16.10.254/24 network=172.16.10.0 interface=ether1
add address=50.0.0.3/24 network=50.0.0.0 interface=ether3

/ip firewall mangle
chain=input action=mark-connection new-connection-mark=wan1_conn passthrough=yes in-interface=wan1 
chain=input action=mark-connection new-connection-mark=wan2_conn passthrough=yes in-interface=wan2 
chain=output action=mark-routing new-routing-mark=to_wan1 passthrough=yes connection-mark=wan1_conn 
chain=output action=mark-routing new-routing-mark=to_wan2 passthrough=yes connection-mark=wan2_conn 
chain=prerouting action=accept dst-address=172.16.10.0/24 in-interface=bridge-local 
chain=prerouting action=accept dst-address=50.0.0.0/24 in-interface=bridge-local 
 chain=prerouting action=mark-connection new-connection-mark=wan1_conn passthrough=yes dst-address-type=!local in-interface=bridge-local per-connection-classifier=both-addresses-and-ports:2/0 
chain=prerouting action=mark-connection new-connection-mark=wan2_conn passthrough=yes dst-address-type=!local in-interface=bridge-local per-connection-classifier=both-addresses-and-ports:2/1
chain=prerouting action=mark-routing new-routing-mark=to_wan1 passthrough=yes in-interface=bridge-local connection-mark=wan1_conn 
chain=prerouting action=mark-routing new-routing-mark=to_wan2 passthrough=yes in-interface=bridge-local connection-mark=wan2_conn

/ip route
add check-gateway=ping distance=1 dst-address=0.0.0.0/0 gateway=172.16.10.1 routing-mark=to_wan1 scope=30 target-scope=10
add check-gateway=ping distance=1 dst-address=0.0.0.0/0 gateway=50.0.0.1 routing-mark=to_wan2 scope=30 target-scope=10
add check-gateway=ping distance=1 dst-address=0.0.0.0/0 gateway=172.16.10.1 scope=30 target-scope=10
add check-gateway=ping distance=2 dst-address=0.0.0.0/0 gateway=50.0.0.1 scope=30 target-scope=10

/ ip firewall nat 
add chain=srcnat out-interface=ether1 action=masquerade
add chain=srcnat out-interface=ether3 action=masquerade

The second one is:

/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=LAN
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=ISP1
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=ISP2

/ ip firewall mangle
add chain=prerouting dst-address=10.111.0.0/24  action=accept in-interface=LAN
add chain=prerouting dst-address=10.112.0.0/24  action=accept in-interface=LAN
add chain=prerouting in-interface=ISP1 connection-mark=no-mark action=mark-connection \
    new-connection-mark=ISP1_conn
add chain=prerouting in-interface=ISP2 connection-mark=no-mark action=mark-connection \ 
    new-connection-mark=ISP2_conn
add chain=prerouting  in-interface=LAN connection-mark=no-mark dst-address-type=!local \
    per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=ISP1_conn 
add chain=prerouting  in-interface=LAN connection-mark=no-mark dst-address-type=!local \ 
    per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=ISP2_conn
add chain=prerouting connection-mark=ISP1_conn in-interface=LAN action=mark-routing \ 
    new-routing-mark=to_ISP1
add chain=prerouting connection-mark=ISP2_conn in-interface=LAN action=mark-routing \
    new-routing-mark=to_ISP2
add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=to_ISP1     
add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=to_ISP2

/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 routing-mark=to_ISP1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 routing-mark=to_ISP2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.111.0.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 distance=2 check-gateway=ping

/ ip firewall nat 
add chain=srcnat out-interface=ISP1 action=masquerade
add chain=srcnat out-interface=ISP2 action=masquerade

source of the second one: http://wiki.mikrotik.com/wiki/Manual:PCC#Policy_routing

I’m using speedtest for each config and i saw the first one has it up/down rate is 9~10mb (ether1-5mb+ether3-5mb). But the second one only 4~5mb up/down rate.
I know that load balancing bonding only work with 2 router config bonding 2 links. So why the 1st one has it up/down rate like that???
I really appreciate it if someone could help me understand it.
Thanks in advance and sorry for my bad english.

pukkita · April 15, 2016, 9:12am

How did you test with speedtest? Using one or more than one computer?

The main difference between both configs is in the first one traffic is “spread” between both uplinks by PCC taking both addresses and ports as criteria (src and dst), whereas on the second one PCC uses just both addresses.

If the speedtest connections are established on several ports, the first config will spread them amongst the two uplinks, whereas the second one, as just takes src and dst addresses as criteria to distribute connections, all connections will end up going by the same uplink.

yaikun94 · April 15, 2016, 9:50am

Oh! i see.
Tried to change the second one to “both addresses and ports” and the up/down rate become 10M.
But i still don’t understand why it become 10M on speedtest.
Could you pls explain it to me why the traffic rate increased ? What 's the difference between “both addresses” and “both addresses and ports”. Thanks in advance.

pukkita · April 15, 2016, 10:09am

You mean when using just one PC to test speedtest?

If tested from a single PC, the difference could be that several connections are open, so for sure at least several different source ports are used.

per

This means that when using just both addresses the PCC clasiffier will “classify” connections to speedtest to the same mark (as source and destination IPs will be common to all connections to speedtest), whereas when using both addresses and ports, as several source ports will be used for sure, the PCC classifier will spread them amongst the two marks.

yaikun94 · April 15, 2016, 10:27am

Okay,
So that 's means when i using “Both addresses” the packet only go in the route that i have marked right? that’s why speedtest only see traffic of one line right?
And if i use “Both addresses and ports” the packet will be classify into several line so the speedtest see all the line i used right ??
I’m a total newbie in this matter, sorry if i’m not understand it correctly. Searched several links about Load balance and i thinks i know the basic of it. Just can’t imagine how it work in this situation
Thanks for carefully explained it to me =.=!!!

networkfudge · June 19, 2016, 6:01pm

There is no invincible TCP bonding happening, speedtest.net opens multiple connections, that is why you can reach your aggregate speed when using both addresses and ports. It’s great and the best classifier to use for maximum throughput but it breaks many secure sites like banking sites.