Loadbalancing with 2 ISP's

Krisken · May 5, 2014, 2:35pm

Hello!

I’ve tried to set up a loadbalancing setup on a Mikrotik Routerboard RB75GL with ROS v6.12 using this youtube movie : https://www.youtube.com/watch?v=P2Sx5QB9T3A

I have 2 ISP’s:

12Mbit ADSL2 line from provider Belgacom (BGC) on port 1
10Mbit cable line from provider VOO (VOO) on port 2

Port 3, 4 and 5 of the RB75GL are in use for my own network, and have to work like a switch (bridge).

I’ve put my export file on pastebin : http://pastebin.com/x2hU6rSJ

Is there anyone that can look with me where i’ve made a mistake? When i do a speedtest, he only uses port 2, but with the IP of port 1 (external IP).

j7n · May 5, 2014, 3:43pm

I believe these two lines are incorrect.
/ip firewall mangle
add action=mark-connection chain=prerouting dst-address-type=local in-interface=“Bridge LAN” new-connection-mark=mangle_BGC per-connection-classifier=both-addresses-and-ports:1/0
add action=mark-connection chain=prerouting dst-address-type=local in-interface=“Bridge LAN” new-connection-mark=mangle_VOO per-connection-classifier=both-addresses-and-ports:2/0Destination address of the router should be EXcluded, and probably also the directly connected subnets of BGC and VOO. Incoming connections already marked should probably also not be marked again.
/ip firewall mangle
add action=mark-connection chain=prerouting dst-address-type=!local connection-mark=no-mark in-interface=“Bridge LAN” new-connection-mark=mangle_BGC per-connection-classifier=both-addresses-and-ports:1/0
add action=mark-connection chain=prerouting dst-address-type=!local connection-mark=no-mark in-interface=“Bridge LAN” new-connection-mark=mangle_VOO per-connection-classifier=both-addresses-and-ports:2/0I think the distance of the default routes should be higher than the marked ones.
/ip route
add check-gateway=ping distance=3 gateway=“ether 1 - Belgacom”
add check-gateway=ping distance=4 gateway=“ether 2 - Voo”

MovingNetworksFwd · May 5, 2014, 5:21pm

The per connection classifier should be arranged like below. In this config there are 4 sorting rules 2 for each upstream carrier.

add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local new-connection-mark=ISP1_conn per-connection-classifier=src-address:4/0 in-interface=bridge1
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local new-connection-mark=ISP1_conn per-connection-classifier=src-address:4/1 in-interface=bridge1
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local new-connection-mark=ISP2_conn per-connection-classifier=src-address:4/2 in-interface=bridge1
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local new-connection-mark=ISP2_conn per-connection-classifier=src-address:4/3 in-interface=bridge1

As j7n pointed out the gateways of the mangled traffic should be lower than the default gateway (from an engineering standpoint) but don’t necessarily have to be (due to routing marks and independent gateways for those marks) since only unmarked traffic will exit the default gateway anyway and at that point distance becomes irrelevant only until you have more than one gateway per routing mark.

j7n · May 5, 2014, 6:53pm

I would also exclude ports from PCC, as MovingNetworksForward suggested, to keep protocols and web sites requiring multiple connections always see the same address for each client. Otherwise some FTP servers will not work, and some webpages require repeated logins, for example.

Krisken · May 6, 2014, 8:36am

Thank you everyone for your replies!
I’ve changed the script like you told me, but without results. Do i do something else wrong?

http://pastebin.com/XqSa0e00

j7n · May 6, 2014, 7:29pm

Add back the mark-routing actions in the prerouting chain that you appear to have removed, otherwise the connection marks have no effect.

add action=mark-routing chain=prerouting connection-mark=mangle_BGC
in-interface=“Bridge LAN” new-routing-mark=routing_BGC

add action=mark-routing chain=prerouting connection-mark=mangle_VOO
in-interface=“Bridge LAN” new-routing-mark=routing_VOO

If you only use the src-address in PCC, a particular local computer will always get the same routing mark and use the same WAN port. This may or may not be what you want. both-addresses:2/1 and both-addresses:2/0 work fine too.

The distances of the routes for marked packets should be smaller, not greater.

If you have any type of server on your network, I think the two rules in Input should be moved to Prerouting (will handle input to the router too). But first deal with outgoing connections.

add action=mark-connection chain=prerouting in-interface=“ether 1 - Belgacom”
connection-mark=no-mark new-connection-mark=mangle_BGC

add action=mark-connection chain=prerouting in-interface=“ether 2 - Voo”
connection-mark=no-mark new-connection-mark=mangle_VOO