Multiplexed Traffic

RouterOS General
1

Hi,

I read a lot of post of load balancing using PCC, NHT and many other metods.

I would like to know if using NHT, could I to multiplex packets through different gateways?

This is what I need to do:


…|----[WAN1]----|
[PC1]----------|…|-----[WAN3]-----[PC2]
…|----[WAN2]----|

PC2 has running a software listening on a port XXXX

PC1 is sending packets to PC2, through WAN1 and WAN2; PC2 is receiving packets through WAN3. (PC1 has two gateways and PC2 has just one gateway)

I need that some packets goes through WAN1 and others through WAN2.

I will appreciate your help.

Thank you for your concern.

2

Any Idea?

Mikrotik People, have you got any idea?

3

Read about Policy Routing:
http://wiki.mikrotik.com/wiki/Manual:PCC#Policy_routing
Mark packets according to your needs and send them through WAN1 or WAN2.

HTH,

4

Ditonet, thank you for your answer.

I already read that, and this don’t work for me, becouse that is PCC (Per Conection Classifier), that means that you are going to mark a conection, not a packet.

I need to mark all the packets that belongs to a conection. And deliver those packets to differents gateways.

I do something that I still testing. This is my configuration:


/ip address

add address=192.168.1.1/24 disabled=no interface=ether5 network=192.168.1.0

#     NAME                                        TYPE             MTU   L2MTU
 0  R  ether1                                      ether            1500 
 1  R  ether2                                      ether            1500  1600 
 2  R  ether3                                      ether            1500  1600 
 3  R  ether4                                      ether            1500  1600 
 4  R  ether5                                      ether            1500  1600 
 5  R  ppp-out1                                    ppp-out          1500 
 6  R  ppp-out4                                    ppp-out          1500 

(both PPP are the USB 3G Modem)

/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    ppp-out1 routing-mark=Mitad1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    ppp-out4 routing-mark=Mitad2 scope=30 target-scope=10

/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=ppp-out1
add action=masquerade chain=srcnat disabled=no out-interface=ppp-out4

/ip firewall mangle
add action=mark-connection chain=prerouting disabled=no in-interface=ether5 \
    new-connection-mark=marca passthrough=yes
add action=mark-packet chain=prerouting disabled=no in-interface=ether5 \
    new-packet-mark=AAA nth=2,1 passthrough=yes
add action=mark-routing chain=prerouting disabled=no in-interface=ether5 \
    new-routing-mark=Mitad1 packet-mark=AAA passthrough=no
add action=mark-packet chain=prerouting disabled=no in-interface=ether5 \
    new-packet-mark=BBB passthrough=yes
add action=mark-routing chain=prerouting disabled=no in-interface=ether5 \
    new-routing-mark=Mitad2 packet-mark=BBB passthrough=no

When I try to ping http://www.google.com, One packet has response and the next doesn´t has.
I set the first rule to count all packets, and the other 4 rules are dividing the traffic and adding route marks.
When the counters begin to count, I can see that all the traffic is divided by two. So the rules are working.

Then I sent traffic through both 3G modem, and I can see in the interface list, how the traffic is divided.

Now my problem is that I’m behind a router and I think that his firewall is dropping the received packets. That is what I try to fix today, and see if the packets are arriving correctly.

Any way, the ping thing that I mentioned, is strange, I need to study more.

If someone has any Idea, will be welcome

Would be great if the mirkotik people can post his opinions.


Thank you.

5

Ok, I solved the router problem and now the packets arrive my PC. I can see the video but very bad.

I was analizing the arrived packets, and I saw that the 50% of the packets are lost.

So, studing this, I discovered that the mikrotik is not masquerading the packets in the right way. All the packets are being masquerading by the first rule that appear in the NAT window. And the other 50% don’t arrive my pc just because are not masquerading as it should.

I change the NAT rules and configure it to masquerade those packets that has a determinated packet marker. But nothing happends, the same if I configure a Route Mark.

this is my new code in the NAT

/ ip firewall nat
0   chain=srcnat action=masquerade routing-mark=Mitad1 out-interface=ppp-out1 

1   chain=srcnat action=masquerade routing-mark=Mitad2 out-interface=ppp-out4

Any Idea to solve this? I will keep trying and thinking how to do that.

6

It seems that you misunderstood my previous post.
In your mangle rules you mark every second packet so you lost 50% of packets.

add action=mark-packet chain=prerouting disabled=no in-interface=ether5 \
    new-packet-mark=AAA nth=2,1 passthrough=yes

In mangle rules you should mark packet according to your needs, eg. source address, specific src or dst port, etc.
Then send marked packets via WAN1 or WAN2.

HTH,

7

ditonet,

Thank you for your reply.

I don’t use the src_add or dst_port, becouse the src_add from the packets will be always the same and only one IP is used. The same with the port and the destination address.
I will try what you say and add to the rule the source address. Something like this.

0   ;;; marco mitad de paquetes
     chain=prerouting action=mark-packet new-packet-mark=AAA passthrough=yes 
     protocol=udp src-address=192.168.1.106 in-interface=ether5 dst-port=1234 
     nth=2,1 

 1   ;;; marco ruteo
     chain=prerouting action=mark-routing new-routing-mark=Mitad1 
     passthrough=no in-interface=ether5 packet-mark=AAA 

 2   chain=prerouting action=mark-packet new-packet-mark=BBB passthrough=yes 
     protocol=udp src-address=192.168.1.106 in-interface=ether5 dst-port=1234 

 3   chain=prerouting action=mark-routing new-routing-mark=Mitad2 passthrough=no
     in-interface=ether5 packet-mark=BBB

I will post my results later.