hello i have mikrotik 1100 and i use it as a broadband server
i have 3 starlink routers and i made them baypass mode
i tried some ways to loud balance them but i didn’t get goot results, maybe because they have same ip gateway
192.168.1.1
What is the purpose of using 3 starlinks? No other providers?
The idea of a extra providers is providing more bandwidth I assume as if all co-located thy are apt to use the same satellites etc. and if no signal available for one, likely for all three???
++++++++++++++++++
Please post your config
/export file=anynameyouwish (minus router serial #, any public WANIP information, keys etc. )
Yeah there isn’t a lot of network redundancy (e.g. they’d all go via same earthstation), but there would be more bandwidth with 3…
Re the starlink part… to avoid 192.168.1.1 as gateway you can enable “by-pass” using the starlink app’s setting for each terminal. The “bypass” will get you a “CGNAT” address, which would be unique to each terminal & likely easiest to load balance. Now depending on country/plan/etc, you may be able to enable a public IPv4 address but I believe this is limited to higher-end business plan. The only downside to enabling bypass is the Starlink router’s Wi-Fi no longer works. Starlink website describe the steps:
What is Bypass mode?
Bypass Mode is used to override the Starlink Router and use your own third party router, directly with Starlink.
> Standard(Rectangular) Starlink with Gen 2 router
Bypass mode will completely disable the built-in Starlink WiFi router functionality. An Ethernet Adapter is required to use this feature.
Factory reset the Starlink WiFi router to disable bypass mode.
High Performance and Flat High Performance Starlink with Gen 2 router
Your Starlink kit includes a cable option to connect the power supply to an external RJ45 port, as an option to connect a 3rd party router or mesh system.
If you use your own router or mesh system it will require removing the included Starlink router and using the 3rd party equipment exclusively.
Standard(Circular) Starlink with Gen 1 router
Enabling bypass mode through the Starlink App is not supported. The included Starlink router can be removed and replaced with 3rd party equipment.
Gen 3 Router
Bypass mode is supported on the Starlink Gen3 Router. Manually factory reset the Starlink Gen 3 router to disable bypass mode.
While it might be possible to route even with multiple 192.168.1.1 upstream by interface in route and/or VRFs… If you don’t need starlink’s internal Wi-Fi the by-pass mode is what you’d want to enable.
Beyond that all the other docs, video and articles here about load balancing (PCC, ECMP, etc.) don’t really care if it’s starlink. Since in bypass mode, you’d only get an WAN IP from starlink if there connectivity, a basic check-gateway=ping is likely all that’s needed & that can be set via a DHCP Server script. So a more complicated recursive routing setup is likely not needed for 3 starlink in bypass mode.
Hi Ammo, my impression is that bypass mode (gen2 with adapter) (gen3 built-in) and replacing starlink router directly (gen1) gets you different WANIPs but all the same gateway.
If one just uses the starlink router as per normal, then the IP address provided to your router after starlink, will be identical for all three units, and thats not tenable at all.
Nevertheless, having the same gateway IP will not get in the way of PCC.
So in summary, bypass/replace is the way to go and as stated PCC should work just fine.
That may be true. I’ve never check. But it shouldn’t really matter.
Config be helpful if the enabling bypass doesn’t work… e.g. even with multiple 192.168.1.1… it should still load balance if config was right…
In my experience so far, bypass mode indeed gives 100.64.0.1 as the default gateway to all clients. But that doesn’t matter for load balancing alone because you can indicate both the IP address of a gateway and the interface to use, using the gateway=100.64.0.1%ether1 syntax. Only recursive next-hop search on ROS 6.x has an issue with that.
It indeed requires a business grade plan to get a public IPv4 address, but if you use bypass mode, you get a /56 global IPv6 prefix for each terminal even for a consumer plan.
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
set 12 default-vlan-id=0
set 13 default-vlan-id=0
set 14 default-vlan-id=0
set 15 default-vlan-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip dhcp-client option
add code=121 name=star value=0x20C0A8640100000000202278FFF40000000000647FFF05
/ip dhcp-server option
add code=121 name=Classless-Route value=
0x20C0A8640100000000202278FFF40000000000647FFF05
/interface bridge port
add bridge=OUT interface=ether4
add bridge=OUT interface=ether5
add bridge=OUT interface=ether6
add bridge=OUT interface=ether7
add bridge=OUT interface=ether8
add bridge=OUT interface=ether9 unknown-multicast-flood=no
unknown-unicast-flood=no
add bridge=OUT interface=ether10
add bridge=OUT interface=ether11
add bridge=OUT interface=ether12
add bridge=OUT interface=ether13
/interface bridge settings
set use-ip-firewall=yes
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface list member
add comment=defconf interface=OUT list=LAN
add comment=defconf interface=STARLINK list=WAN
add comment=defconf interface=STARLINK2 list=WAN
add comment=defconf interface=STARLINK3 list=WAN
/ip address
add address=192.168.77.1/24 interface=OUT network=192.168.77.0
/ip dhcp-client
add add-default-route=no dhcp-options=star,star disabled=no interface=
STARLINK script=“:global dhcpClientIF \$interface ; :global dhcpClientCR
_(\$\"lease-options\" → \"121\")” use-peer-dns=no use-peer-ntp=
no
add add-default-route=no dhcp-options=star,star disabled=no interface=
STARLINK2 script=“":global dhcpClientIF \$interface ; :global dhcpClien
tCR (\$\"lease-options\" → \"121\")"” use-peer-dns=no
use-peer-ntp=no
add add-default-route=no dhcp-options=star,star disabled=no interface=
STARLINK3 script=“":global dhcpClientIF \$interface ; :global dhcpClien
tCR (\$\"lease-options\" → \"121\")"” use-peer-dns=no
use-peer-ntp=no
/ip dhcp-server network
add address=192.168.77.0/24 dhcp-option=Classless-Route gateway=192.168.77.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=9h cache-size=5000KiB servers=
1.1.1.1,8.8.8.8
/ip firewall mangle
add action=accept chain=prerouting src-address=192.168.77.0/24
add action=mark-connection chain=prerouting comment=NEW in-interface=STARLINK
new-connection-mark=LINE-1 passthrough=yes
add action=mark-connection chain=prerouting in-interface=STARLINK2
new-connection-mark=LINE-2 passthrough=yes
add action=mark-connection chain=prerouting in-interface=STARLINK3
new-connection-mark=LINE-3 passthrough=yes
add action=mark-connection chain=prerouting in-interface=OUT
new-connection-mark=LINE-1 passthrough=yes per-connection-classifier=
both-addresses:3/0
add action=mark-connection chain=prerouting in-interface=OUT
new-connection-mark=LINE-2 passthrough=yes per-connection-classifier=
both-addresses:3/1
add action=mark-connection chain=prerouting in-interface=OUT
new-connection-mark=LINE-3 passthrough=yes per-connection-classifier=
both-addresses:3/2
add action=mark-routing chain=prerouting connection-mark=LINE-1 in-interface=
OUT new-routing-mark=CON-S1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=LINE-2 in-interface=
OUT new-routing-mark=CON-S2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=LINE-3 in-interface=
OUT new-routing-mark=CON-S3 passthrough=yes
add action=mark-routing chain=output connection-mark=LINE-1 new-routing-mark=
CON-S1 passthrough=yes
add action=mark-routing chain=output connection-mark=LINE-2 new-routing-mark=
CON-S2 passthrough=yes
add action=mark-routing chain=output connection-mark=LINE-3 new-routing-mark=
CON-S3 passthrough=yes
add action=accept chain=prerouting dst-address=100.64.0.0/10
add action=mark-connection chain=input disabled=yes in-interface=STARLINK
new-connection-mark=ISP1-CON passthrough=yes
add action=mark-connection chain=input disabled=yes in-interface=STARLINK2
new-connection-mark=ISP2-CON passthrough=yes
add action=mark-connection chain=input disabled=yes in-interface=STARLINK3
new-connection-mark=ISP3-CON passthrough=yes
add action=mark-routing chain=output connection-mark=ISP1-CON disabled=yes
new-routing-mark=TO-ISP1 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP2-CON disabled=yes
new-routing-mark=TO-ISP2 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP3-CON disabled=yes
new-routing-mark=TO-ISP3 passthrough=yes
/ip firewall nat
add action=accept chain=dstnat disabled=yes
add action=masquerade chain=srcnat comment=“defconf: masquerade”
out-interface-list=WAN
add action=masquerade chain=srcnat comment=“masquerade hotspot network”
src-address=192.168.77.0/24
/ip route
add check-gateway=ping comment=NEW distance=1 gateway=100.64.0.1%STARLINK
routing-mark=CON-S1
add comment=NEW distance=2 gateway=100.64.0.1%STARLINK routing-mark=CON-S1
add check-gateway=ping comment=NEW distance=1 gateway=100.64.0.1%STARLINK2
routing-mark=CON-S2
add comment=NEW distance=2 gateway=100.64.0.1%STARLINK2 routing-mark=CON-S2
add check-gateway=ping comment=NEW distance=1 gateway=100.64.0.1%STARLINK3
routing-mark=CON-S3
add comment=NEW distance=2 gateway=100.64.0.1%STARLINK3 routing-mark=CON-S3
add check-gateway=ping comment=NEW disabled=yes distance=1 gateway=
100.64.0.1%STARLINK routing-mark=TO-ISP1
add check-gateway=ping comment=NEW disabled=yes distance=1 gateway=
100.64.0.1%STARLINK2 routing-mark=TO-ISP2
add check-gateway=ping comment=NEW disabled=yes distance=1 gateway=
100.64.0.1%STARLINK3 routing-mark=TO-ISP3
add disabled=yes distance=1 gateway=TTYE-LINK routing-mark=pptp
add disabled=yes distance=1 gateway=
/ip service
set www port=81
set ssh port=2299
set www-ssl disabled=no
/ppp aaa
set use-circuit-id-in-nas-port-id=yes use-radius=yes
pp secret
Nothing jumps out as wrong in your config, but I did not review with fine-tooth comb.
What problems are you seeing? Does internet work & just slow? Or, traffic going out only one starlink? Etc…
it gives me slow speed not more than 140mp
like i use only 1 starlink
when i use only 1 gives me 150-200
when i use 3 with this config gives me less than 180
because in my country the service is expensive and slow
also when i use bandwidth test the traffic from only one starlink
How exactly do you test the speed? Are you aware that a single session can only use a single WAN?
Also, as you have only posted part of your configuration, is there no action=fasttrack-connection rule in /ip firewall filter?
i test by bandwidth test and by speedtest by cable 1g
i don’t enable fast track? should i?
Ah, speed is the underlying issue, not config…
@sindy point here is important – each TCP (or UDP) connection goes out ONLY one starlink. Any advantage to multiple starlinks is based on there are MANY IP connections that can be distributed. In other words, the bandwidth from starlink is NOT “bonded” as a single link.
The other thing I’d mention in starlink, bandwidth is a SHARED media between all users — roughly similar to an LTE network in moving car*. Since both the satellites move, this also affects the speed since signal levels. Things like usage of other users (beyond your 3 starlinks) effect speed too. And there is still a finite bandwidth available from satellites to earthstation, that can be an issue too.
Adding more terminals may not actually double/triple/etc the speed — since add more terminals still have to share same satellite bandwidth. And by adding a 2nd, 3rd, etc., it actually reduce the potential of the 1st since the system has more terminal to distribute bandwidth between.
Not saying it bad idea to have multiple starlinks, but doubt you see 3x speeds regardless of how you measure it.
One trick to test speed is use a BitTorrent client to download Ubuntu from the magnet links: https://ubuntu.com/download/alternative-downloads
What this does is create way more connections that can be distributed over the 3 starlinks, so you’d have more connections to better evaluate speed.
You seem to keep assuming we have all got crystal balls allowing us to add the parts you haven’t written. So my crystal ball tells me you are using the Mikrotik bandwidth test utility and speedtest**.net by Ookla**. Is that correct?
No, of course you should not, as fasttracked packets skip mangle rules and other steps of the regular path. But since you have only posted the part of the confguration you assumed to be relevant, and since I don’t know what you know and what you don’t, I had to ask.
If my assumptions regarding the exact speed testing tools you use are correct, there is no wonder that all the test traffic always goes via just one of the Starlinks, because you tell the per-connection-classifier to use only both-addresses to calculate the hash that determines which connection-mark to assign, and therefore which Starlink terminal to use. And both Mikrotik bandwidth test and Ookla’s speedtest.net can use multiple sessions to test, however, both use not only the same IP address of the local client (logically) but also the same IP address of the remote server, so the sessions only differ by client side port (for TCP; for UDP the scenario is more complicated but the difference is still only in ports).
So for testing, change the hash mode of per-connection-classifier to both-addresses-and-ports. Before starting the test, reset the counters on the action=mark-connection and action=mark-routing mangle rules. Then start the test and watch the counters grow. Also, Oookla only uses like 6 sessions when testing download and other 6 sessions when testing upload, so the distribution of the load across the Starlinks may still not be equal even with hash mode set to both-addresses-and-ports.
For production, any other hash mode than src-address can cause trouble if your clients connect to websites that use multiple IP addresses but are paranoid about security, because when redirecting the client’s application session from one server to another, such web sites check that the requests to the new server come from the same public address like before. So use of src-address is the only hash mode that avoids this, but it intrinsically means that each particular client only uses one particular Starlink terminal.
The only way to deal with this would be to have a server on a public IP somewhere in a data center, create a tunnel via each Starlink to that datacenter, let the PCC rules spread the traffic among the tunnels using both-addresses-and-ports (or even using ECMP without any mangle rules), and let the server on the public IP forward the traffic to the internet and do the NAT. But such a server would be yet another “single point of failure” in your network.
As many already have said, you can’t add and summarize bandwidth that way. However you can distrubute the load/sessions.
I thought he’s talking about cooling system load distribution or something with “loud balance”… Fans are loud for sure.
Using multiple devices with the same IP address … many exemples here in this forum.
This is just one of these : http://forum.mikrotik.com/t/access-multiple-devices-with-same-ip-address/106788/1
General idea is to give each device a unique IP address so you can differentiate [and route] them in your network , and then DST-NAT to that one common IP address the devices have on interface exit.
Select and address them with your unique address. Problem is more complex if your application insists on using that common same IP address, or if they are all on the same ethernet interface.
But for load balancing you can choose the IP address, and connect each Starlink to a separate interface.
Starlink satellite has 16Gbps bandwidth AFAIK (“Each antenna has a limit of 4Gbps, the satellites has 4”). Does the “Starlink for business” terminal combine multiple home Starlink bands? There can be something like 40 dishes in one cell, each getting 180Mbps. It is not because my neighborg added 2 dishes recently, that my speed dropped.
I’m not sure they have that much licensed spectrum to use the full capacity of the satellites… but I haven’t followed the FCC filings recently (and certainly not international ones)