Mikrotik For ISP

eslamoz · February 11, 2010, 9:20am

Hi all,

We are ISP Company .. at the latest time we used mikrotik 4.4 in our topology.
But we face some problems !!
The most important for this problems is we need all our customers have real ip not virtual and we need to loadbalance our tow bandwidth and finally we need to get the cache and hotspot working and note ( we need our customers to have real IP) detected by rapishare,4shared ..

Here is our topology as shown

Hope all give us an aid to resolve this issues.

eslamoz · February 21, 2010, 7:36am

No one knows what we are doing here ??

is it not supported here in mikrotik

magnavox · February 22, 2010, 8:30am

I suggest you to find an Mikrotik Consultant…

sergejs · February 22, 2010, 8:42am

For the load-balancing you can use different approaches,
http://wiki.mikrotik.com/wiki/Routing
You can try PCC option.
Just add IP addresses to the local interface and do not use NAT rules.
Give us more information about PPP/Virtual cache.

danix · February 22, 2010, 9:07am

esmolz,
can you tell me what equipment you use at your network and how many clients you have with that equipments?
thank you

eslamoz · February 22, 2010, 12:12pm

In PCC Routing it says that:

/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local 
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=wlan1
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=wlan2

/ ip firewall mangle
add chain=input in-interface=wlan1 action=mark-connection new-connection-mark=wlan1_conn
add chain=input in-interface=wlan2 action=mark-connection new-connection-mark=wlan2_conn
add chain=output connection-mark=wlan1_conn action=mark-routing new-routing-mark=to_wlan1     
add chain=output connection-mark=wlan2_conn action=mark-routing new-routing-mark=to_wlan2
add chain=prerouting dst-address=10.111.0.0/24  action=accept in-interface=Local 
add chain=prerouting dst-address=10.112.0.0/24  action=accept in-interface=Local
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:2/0 \
    action=mark-connection new-connection-mark=wlan1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses:2/1 \
    action=mark-connection new-connection-mark=wlan2_conn passthrough=yes
add chain=prerouting connection-mark=wlan1_conn in-interface=Local action=mark-routing new-routing-mark=to_wlan1
add chain=prerouting connection-mark=wlan2_conn in-interface=Local action=mark-routing new-routing-mark=to_wlan2

/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 routing-mark=to_wlan1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 routing-mark=to_wlan2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.111.0.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 distance=2 check-gateway=ping

/ ip firewall nat 
add chain=srcnat out-interface=wlan1 action=masquerade
add chain=srcnat out-interface=wlan2 action=masquerade

And the problem here is

/ ip firewall nat 
add chain=srcnat out-interface=wlan1 action=masquerade
add chain=srcnat out-interface=wlan2 action=masquerade

if we use this 2 rules the clients have Virtual ip NOT REAL IP

So this can’t be use in our company.

for simple introduction we are Internet Service Providers

ALL of our recent topology is Cisco

we need to develope our topology with mikrotik and caching to improve our service

we are using now ( every Cisco 7200 for bandwidth and ip routing about 5 different REAL IP ranges)

Cisco 7200 — Go to —> Dslams --Go to–> ADSL Modems
and another
Cisco 7200 — Go to —> Dslams --Go to–> ADSL Modems

WE NEED TO IMPROVE IT TO BE

Cisco 7200 →
MIKROTIK LoadBalancing/PPP → Caching Server → Dslams → ADSL Modems
Cisco 7200 →

OR TO BE

Cisco 7200 →
MIKROTIK LoadBalancing/PPP →
SWITCH ← Dslams → ADSL Modems
Caching Server →
Cisco 7200 →

This Adsl Modems (every customer) must has his real/public ip to use it over internet for rapidshare, 4shared …

HOPE I explained the topology well else HOPE To Find Good Configuration For this

Chupaka · February 22, 2010, 1:32pm

if you want to use real ips - don’t use src-nat, what’s problem? =)

eslamoz · February 27, 2010, 12:56pm

The problem that internet don’t come out from the server

please help in route my real ip and get it out without problems

Chupaka · February 27, 2010, 4:21pm

how do your ISP supply real IPs to you? is it bridging or routing?

also, what’s your way to distribute internet access? is it direct routing (with modems NATting), or some VPN through the modems?

eslamoz · February 28, 2010, 2:24pm

it is routed ip … via cisco 7200

and the customers use adsl modems to connect via mikrotik PPPoe

Chupaka · March 1, 2010, 8:41pm

routed? it’s brilliant. so all you should do is just assign to the users IPs from different public subnets, so that uplinks load increased equally. you don’t need ‘realtime balancing’ - it’s just impossible if clients have fixed IPs. and you cannot use RouterOS web proxy - it changes request address to router’s address. you should use Squid for absolutely transparent caching

so simply setup ospf or something so that your dslams know current online users’ addresses

eslamoz · March 8, 2010, 2:46pm

can you give me a tutorial for squid caching and how to make this !!

i know this is not related with mikrotik but hope you give me aid .

Chupaka · March 9, 2010, 2:39pm

maybe look at that thread: http://forum.mikrotik.com/t/squid-proxy/34906/2

eslamoz · March 13, 2010, 1:13pm

Thank you For your good reply and support

in my topology i used PER TRAFFIC LOAD BALANCE

and now i’m planning to use SQUID TPROXY without nating

but i’ve a small question

if i used tproxy is this will effect and the cache will work in the real ip customers or it will ignore the real ip and will work only in the virtual ips??

Chupaka · March 13, 2010, 5:11pm

squid in tproxy mode should not change IP addresses at all. absolutely transparent proxying and caching