Mikrotik RB load balancing with failover

rock777 · October 19, 2014, 7:02pm

Hi All,

I'm trying to use the below script in order to load balance a 2 different WAN Links for my internal networks (LAN1, LAN2, and LAN3)
I have 2 unequal Bandwidth WAN Links, and I’m looking forward to load balancing and failover them in order to get more bandwidth for my users and minimize downtime, but after testing the speed on speedtest.net I can see it’s not improving at all.
Could you please help me out and take a look to my script so you can analyze it and tell me what I am doing wrong.

Thank you in advance for your help,

Mikrotik RB interfaces:
ISP1-ether7= WAN1
ISP2-ether9= WAN2
LAN1-ether1= LAN1
LAN2-ether2= LAN2
LAN3-ether3= LAN3

/ip address
add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 interface=LAN1-ether1
add address=192.168.2.1/24 network=192.168.2.0 broadcast=192.168.2.255 interface=LAN2-ether2
add address=192.168.3.1/24 network=192.168.3.0 broadcast=192.168.3.255 interface=LAN3-ether3
add address= 1.1.1.1/24 network=1.1.1.1/0 broadcast=1.1.1.255 interface=ISP1-ether7
add address= 2.2.2.2/24 network=2.2.2.0 broadcast=2.2.2.255 interface=ISP2-ether9

/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=8.8.8.8.8,8.8.4.4

/ip firewall mangle

add chain=input in-interface=ISP1-ether7 action=mark-connection new-connection-mark=ISP1-Link
add chain=input in-interface=ISP2-ether9 action=mark-connection new-connection-mark=ISP2-Link

add chain=output connection-mark=ISP1-Link action=mark-routing new-routing-mark=to_ISP1
add chain=output connection-mark=ISP2-Link action=mark-routing new-routing-mark=to_ISP2

add chain=prerouting dst-address=1.1.1.0/24 action=accept in-interface=LAN1-ether1
add chain=prerouting dst-address=1.1.1.0/24 action=accept in-interface=LAN2-ether2
add chain=prerouting dst-address=1.1.1.0/24 action=accept in-interface=LAN3-ether3
add chain=prerouting dst-address=2.2.2.0/24 action=accept in-interface=LAN1-ether1
add chain=prerouting dst-address=2.2.2.0/24 action=accept in-interface=LAN2-ether2
add chain=prerouting dst-address=2.2.2.0/24 action=accept in-interface=LAN3-ether3

\

add chain=prerouting dst-address-type=!local in-interface=LAN1-ether1
per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark= ISP1-Link passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LAN2-ether2
per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark= ISP1-Link passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LAN3-ether3
per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark= ISP1-Link passthrough=yes

add chain=prerouting dst-address-type=!local in-interface=LAN1-ether1
per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=ISP2-Link passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LAN2-ether2
per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=ISP2-Link passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LAN3-ether3
per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=ISP2-Link passthrough=yes

add chain=prerouting dst-address-type=!local in-interface=LAN1-ether1
per-connection-classifier=both-addresses-and-ports:2/2 action=mark-connection new-connection-mark=ISP2-Link passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LAN2-ether2
per-connection-classifier=both-addresses-and-ports:2/2 action=mark-connection new-connection-mark=ISP2-Link passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LAN3-ether3
per-connection-classifier=both-addresses-and-ports:2/2 action=mark-connection new-connection-mark=ISP2-Link passthrough=yes

\

add chain=prerouting connection-mark=ISP1-Link in-interface=LAN1-ether1 action=mark-routing new-routing-mark=to_ISP1
add chain=prerouting connection-mark=ISP1-Link in-interface=LAN2-ether2 action=mark-routing new-routing-mark=to_ISP1
add chain=prerouting connection-mark=ISP1-Link in-interface=LAN3-ether4 action=mark-routing new-routing-mark=to_ISP1

add chain=prerouting connection-mark=ISP2-Link in-interface=LAN1-ether1 action=mark-routing new-routing-mark=to_ISP2
add chain=prerouting connection-mark=ISP2-Link in-interface=LAN2-ether2 action=mark-routing new-routing-mark=to_ISP2
add chain=prerouting connection-mark=ISP2-Link in-interface=LAN3-ether3 action=mark-routing new-routing-mark=to_ISP2

\

/ip route
add dst-address=0.0.0.0/0 gateway=1.1.1.1 routing-mark=to_ISP1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=2.2.2.2 routing-mark=to_ISP2 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=1.1.1.1 distance=2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=2.2.2.2 distance=1 check-gateway=ping

/ip firewall nat
add chain=srcnat out-interface=ISP1-ether7 action=masquerade
add chain=srcnat out-interface=ISP2-ether9 action=masquerade
add chain=srcnat out-interface=ISP2-ether9 action=srcnat To-Address=My-NAT-Real-IP-for-WAN2-users (note: this rule should be set otherwise the WAN2 connected users wouldn’t be able to access the internet since they didn’t get
NAT’ed dynamically)