eth1 is connected to the internet over LAN/WAN through a server of my students dorm. It needs a DHCP client to work.
As the connection isn’t reliable I need a failover strategy through one of the interfaces, eth1 xor lte1, if one of the connection fails.
Special: I want to keep the DNS configuration using DoH over Cloudflare.
You mention load balance & failover. Do you mean: if BOTH “ether1” (“dorm server with DHCP”) and “lte1” have working internet, split the traffic between them & if one fails all internet traffic goes out the one working one? Or do you want it always using ether1 if it’s working, and only use LTE if ether1 is down?
Also, do you have LTE already setup? e.g. if you unplug ether1, does the Chateau work via the LTE? If so, do a speediest (or several) to get a sense of the LTE speed. Then plugin ether1, and do same speed test with “dorm-server internet”. e.g. If you want to load balance, it’s helpful to know the relative performance of two internet (dhcp and lte), to know HOW to “balance” them.
So it would appear ether1, is a fixed private IP you get from an upstream router?
The LTE would appear to be possibly a public IP that is dynamic (can change)??
Both are dynamic I believe. First step be making sure LTE is working
Out of the box… if LTE is working, and WAN is plugged into ether1… unplugging the ether1 will cause a failover. The issue may not be sufficient e.g. understandably most folk actually want to switch if there is no internet (but the ethernet is still connected). But out-of-box default do failover “manually”.
Essentially ALL failover and/or load balancing requires some “liveness” check. This is usually done by setting “check-gateway=ping” on the default route. With the distance= on the default routes controlling the order of multiple internet routes. In /ip/route, the lowest wins; if two routes have same distance= values, that creates ECMP load balance based on src/dst addresshashing). For background: https://help.mikrotik.com/docs/display/ROS/IP+Routing#IPRouting-Overview .
Yes, LTE is set up and working the speed is around 70 mbps at day and 200 mbps at night (depends of the usage of the cell towers)
Yes, eth1 is connected to the dorm-internet-server and needs a DHCP-client to work to retrieve an IP from the dorm-internet-server. The speed is around 25 mbps at day and 80 mbps at night.
Yes, I want to split the internet traffic between them
Yes, if one fails, all internet traffic should be forwarded to the working port
No, at this point I don’t know how to balance them and what’s important to know. Also it would be helpful to know the setup of the firewall against security breaches.
Yes, eth1 gets a fixed private ID from the dorm-internet-server (router)
I don’t know if the lte1 public ip is dynamic and can change.
Question:
I want to achieve that the lte1 intereface is “selectabel” in the device list and gets a fixed IP. As workaround: Would it work if I create a virtual ethernet interface (virteth1) with a fixed IP and forward the lte1 traffic though the virtual ethernet? Afterwards setup load balancing between eth1 and virteth1…
Okay so this a Chateau unit with an LTE module/capability.
Got it you get LTE of unknown type and thus dont know if the ISP provides a fixed IP, or a dynamic IP that changes?
Dont know if the LTE IP is actually public, or cgnat type, either ?? Can you call them and ask??
Can you confirm that you always get the same IP address from the “dorm server” ???
Reading your statements it would appear to be that you want.
a. User LAN traffic is split between both connections
b. Some method for LAN users to be able to select LTE and bypass the sharing noted in a?? ( not sure why but is it a requirement).
c. each provides failover for the other…
d. any vpn traffic remote connection needs to the router ( for remote access to chateau subnets, to access chateau internet or routerconfig when remote? )
e. any server traffic??
Conceptually speaking,
LTE is roughly double that of dorm wrt throughput.
Thus would PCC 3 connections to provide a 2:1 type ration..
session X goes to LTE
session X +1 goes to dorn
session X+2 goes to LTE
rinse and repeat.
++++++++++++++++++++++++++++++++++++
If you want partition some traffic only to LTE AND make it selectable that is difficult.
I would handle the selectable by creaing a VLAN that only goes to LTE2
I would assign one port on the chateua for that, and create one WLAN associated with that vlan.
Thus you can physically or wifi select the LTE only connection.
However, I would say for simplicity sake, it may not be possible to give that single special port and that LTE only wifi, backup to dorm in case LTE goes down.
No harm done anyway becuase the other ports and other wifi are being used for PCC and thus will have backkup failover working in both directions.
and 2. The LTE ISP allocation of IPs is dynamic and cgnat. Thanks for the hint to call them
It’s always the same IP adress from the “dorm server”
a. True, this includes LAN and WiFi.
b. Not really a requirement, it’s optional / a backup solution “in case of something’s wrong, one thing works”
c. True
d. Yes, a WireShark connection to the private network. Atm there is only one “main” subnet.
e. Yes, my Homelab Server on eth4 that’s planned to be exposed over Cloudflare Tunnel. Cloudflare configuration will be made on the server.
Thanks for showing me the way through this rabbit hole Haven’t thought of some points you’ve mentioned.
[1] the definition of “unlimited” that many ISP’s use can vary from “almost unlimited, but don’t do too much streaming/downloading, or else …” to “I mean no more than xx GB/month, noone needs to use more than that”, it would be a rare case that they actually mean “unlimited”.
Okay so b. b for bogus, there is no special requirment for people to access the OTHER WAN.
Since both will be available thru PCC we dont care about b.
Since each will failover to the other we dont care about b.
Now for the tough question.
Can you forward any ports on the dorm server router to your router?
I Suspect not.
Hence this makes life very challenging.
If you could pay for an upgrade on LTE to a proper public IP, not cgnat then you can do more stuff.
++++++++++++++++++++++++++++++++++++++++++++++
Now I know why doing the server over cloudflare…
Suggest zerotier as well for any kind of external connection to the router for config purposes.
Good think is that your router supports cloudflare.
You could also do BTH WIreguard but I am no expert on that.
Basically your router and your remote devices are sent to a relay server that MT has and the connection is done there.
Supposedly works well.
However, this has nothign to do with PCC…which should work fine
Just for clearification:
“Selectabel” by the means of ‘lte1 isn’t selectable as any other interface on the Mikrotik Frontend’.
lte1 isn’t allocated to / used by a bridge or any other device.
Therefore I think RouterOS lte1 interface is a “special kid” and uses some other internal methods for providing internet access to all interfaces.
Yesn’t. It is “unlimited” in case of fair use. And fair use is a wide term. Users with a similiar contract as mine were kicked of their contract by using over 1TB/month. I don’t think that I’ll reach those numbers, I would have to download holiday videos in 4k in a huge amount.
Yes that’s one idea, Load Balancing over PCC (Per Connection Classifier). I think one of the videos I mentioned in the 1st post uses this method.
As mentioned before the lte1 interface isn’t selectable over the RouterOS frontend so this tutorial isn’t working for me.
Regarding b. … so let’s forget b. and focus on the main stuff.
Regarding port forwarding: No, I don’t have virtual/physical access to the dorm server / router and I can’t config stuff there. It’s more or less just an ISP.
Regarding static IP: Yes it’s possible to get an public, dynamic IPv4 address for 50€ but I want to avoid that as folks mentioned in the O2 telefonica DE forums that this solution isn’t working properly. Therefore my idea was to forward the lte1 traffic to an virtual interface that manages the connection and this virtual interface would have a fixed IP. So “linking” eth1 and the virtual interface would be possible. This might be bogus as well and the idea just comes from my stomache.
Routing Table is used to switch between the interfaces based on availability and other conditions
I don’t get the “routable setup” part where the speaker talks about using Private IPv4 addresses with Layer2 and Layer 3. Could someone please explain it to me? https://www.youtube.com/watch?v=BSJrplxIs6w&t=1337s
Also the passthrough part isn’t clear to me. I’m “” atm.
Does it mean that I can passthrough the lte1 connection to a bridge/virtual device/…, put that on the WAN table for firewall rules and create a load balancer / PCC over that?
The video is a high overview that helps to understand technology, opportunities and points to start but it doesn’t go deep enough to actually know “what to do” / how to get in action and setup a load balancer.
The essentials remain the same, the problem seems to be how to setup LTE, forget about load balancing at the moment, on the chateau.
Did you find the LTE interface tab I displayed?
Did you try and select LTE APN and insert the information provided by the provider ( or perhaps the MODEM ) not sure the entry point for adding an ISP ???
Yes, I’ve got a mangle rule set to lte1. I believe this was made by Mikrotik or their support:
Otherwise please tell me what kind of rules do you mean?
Also it would be helpful to know the setup of the firewall against security breaches.
Haven’t thought of some points you’ve mentioned.
” atm. 
