nat problem between clients

RouterOS General
1

hello and welcome:
UPDATED
i have been looking for solution to my problem now for long time i tried many things i read many threads if you could help or try i will be thankful to you

my problem is when my clients want to use almost any software on pc or device like ps4 or xbox one (creating a party) they always have nat problem but when the host is from outside network it work with no problem

my setup
MT:CCR1009-8G-1s-1s+
i am using hotspot and ip bindings(bypassed) my clients then limit bandwidth using queues [ the reason am doing this is when script disable bypass clients will see the hotspot page (removed login) also queues are not dynamic so i can controll bandwidth using script ]
interface

 0  R  ;;; in                                       192.168.100.1
       ether1                              ether            1500  1578     
 1  R  ;;;                                           192.168.200.1
       ether2                              ether            1500  1578     
 2  R  ;;;                                           192.168.111.1
       ether3                              ether            1500  1578    
 3  R  ;;;                                           192.168.3.1
       ether4                              ether            1500  1578      
 4  R  ;;;                                           192.168.5.1
       ether5                              ether            1500  1580      
 5  R  ;;; out+++++++++++++++
       ether6                              ether            1500  1580

i use 5 routers isp using load-balance :

/ ip firewall mangle
add chain=input in-interface=ether1 action=mark-connection new-connection-mark=ether1_conn
add chain=input in-interface=ether2 action=mark-connection new-connection-mark=ether2_conn
add chain=input in-interface=ether3 action=mark-connection new-connection-mark=ether3_conn
add chain=input in-interface=ether4 action=mark-connection new-connection-mark=ether4_conn
add chain=input in-interface=ether5 action=mark-connection new-connection-mark=ether5_conn


add action=mark-routing chain=output connection-mark=WAN1_conn new-routing-mark=to_ether1
add action=mark-routing chain=output connection-mark=WAN2_conn new-routing-mark=to_ether2
add action=mark-routing chain=output connection-mark=WAN3_conn new-routing-mark=to_ether3
add action=mark-routing chain=output connection-mark=WAN4_conn new-routing-mark=to_ether4
add action=mark-routing chain=output connection-mark=WAN5_conn new-routing-mark=to_ether5


add chain=prerouting dst-address=192.168.100.0/24 in-interface=ether6
add chain=prerouting dst-address=192.168.200.0/24 in-interface=ether6
add chain=prerouting dst-address=192.168.111.0/24 in-interface=ether6
add chain=prerouting dst-address=192.168.3.0/24 in-interface=ether6
add chain=prerouting dst-address=192.168.5.0/24 in-interface=ether6

add action=mark-connection chain=prerouting dst-address-type=!local in-interface=ether6 new-connection-mark=WAN1_conn per-connection-classifier=both-addresses-and-ports:5/0
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=ether6 new-connection-mark=WAN2_conn per-connection-classifier=both-addresses-and-ports:5/1
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=ether6 new-connection-mark=WAN3_conn per-connection-classifier=both-addresses-and-ports:5/2
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=ether6 new-connection-mark=WAN4_conn per-connection-classifier=both-addresses-and-ports:5/3
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=ether6 new-connection-mark=WAN5_conn per-connection-classifier=both-addresses-and-ports:5/4




add action=mark-routing chain=prerouting connection-mark=WAN1_conn in-interface=ether6 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn in-interface=ether6 new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn in-interface=ether6 new-routing-mark=to_WAN3
add action=mark-routing chain=prerouting connection-mark=WAN4_conn in-interface=ether6 new-routing-mark=to_WAN4
add action=mark-routing chain=prerouting connection-mark=WAN5_conn in-interface=ether6 new-routing-mark=to_WAN5



/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether2
add action=masquerade chain=srcnat out-interface=ether3
add action=masquerade chain=srcnat out-interface=ether4
add action=masquerade chain=srcnat out-interface=ether5

/ip route
add check-gateway=ping distance=1 gateway=192.168.100.1 routing-mark=to_WAN1
add check-gateway=ping distance=1 gateway=192.168.200.1 routing-mark=to_WAN2
add check-gateway=ping distance=1 gateway=192.168.111.1 routing-mark=to_WAN3
add check-gateway=ping distance=1 gateway=192.168.3.1 routing-mark=to_WAN4
add check-gateway=ping distance=1 gateway=192.168.5.1 routing-mark=to_WAN5
add check-gateway=ping distance=1 gateway=192.168.100.1
add check-gateway=ping distance=2 gateway=192.168.200.1
add check-gateway=ping distance=3 gateway=192.168.111.1
add check-gateway=ping distance=4 gateway=192.168.3.1
add check-gateway=ping distance=5 gateway=192.168.5.1

my dns

servers: 8.8.8.8,8.8.4.4
        dynamic-servers: 
  allow-remote-requests: yes
    max-udp-packet-size: 4096
   query-server-timeout: 2s
    query-total-timeout: 10s
             cache-size: 2048KiB
          cache-max-ttl: 1w
             cache-used: 1438Ki

DHCP clients

 #   INTERFACE                               USE-PEER-DNS ADD-DEFAULT-ROUTE STATUS        ADDRESS           
 0   ether2                                  no           no                bound         192.168.200.2/24  
 1   ether3                                  no           no                bound         192.168.111.2/24  
 2   ether4                                  no           no                bound         192.168.3.2/24    
 3   ether1                                  no           no                bound         192.168.100.2/24  
 4   ether5                                  no           no                bound         192.168.5.2/24

current nat

 0  D chain=dstnat action=jump jump-target=hotspot hotspot=from-client log=no log-prefix="" 

 1  D chain=hotspot action=jump jump-target=pre-hotspot log=no log-prefix="" 

 2  D chain=hotspot action=redirect to-ports=64872 protocol=udp dst-port=53 log=no 
      log-prefix="" 

 3  D chain=hotspot action=redirect to-ports=64872 protocol=tcp dst-port=53 log=no 
      log-prefix="" 

 4  D chain=hotspot action=redirect to-ports=64873 protocol=tcp hotspot=local-dst dst-port=8>
      log=no log-prefix="" 

 5  D chain=hotspot action=redirect to-ports=64875 protocol=tcp hotspot=local-dst 
      dst-port=443 log=no log-prefix="" 

 6  D chain=hotspot action=jump jump-target=hs-unauth protocol=tcp hotspot=!auth log=no 
      log-prefix="" 

 7  D chain=hotspot action=jump jump-target=hs-auth protocol=tcp hotspot=auth log=no 
      log-prefix="" 

 8  D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=80 log=no 
      log-prefix="" 

 9  D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=3128 log=no 
      log-prefix="" 

10  D chain=hs-unauth action=redirect to-ports=64874 protocol=tcp dst-port=8080 log=no 
      log-prefix="" 

11  D chain=hs-unauth action=redirect to-ports=64875 protocol=tcp dst-port=443 log=no 
      log-prefix="" 

12  D chain=hs-unauth action=jump jump-target=hs-smtp protocol=tcp dst-port=25 log=no 
      log-prefix="" 

13  D chain=hs-auth action=redirect to-ports=64874 protocol=tcp hotspot=http log=no 
      log-prefix="" 

14  D chain=hs-auth action=jump jump-target=hs-smtp protocol=tcp dst-port=25 log=no 
      log-prefix="" 

15 X  ;;; place hotspot rules here
      chain=unused-hs-chain action=passthrough log=no log-prefix="" 

16    chain=srcnat action=masquerade out-interface=ether1 log=no log-prefix="" 

17    chain=srcnat action=masquerade out-interface=ether2 log=no log-prefix="" 

18    chain=srcnat action=masquerade out-interface=ether3 log=no log-prefix="" 

19    chain=srcnat action=masquerade out-interface=ether4 log=no log-prefix="" 

20    chain=srcnat action=masquerade out-interface=ether5 log=no log-prefix="" 

21    ;;; masquerade hotspot network
      chain=srcnat action=masquerade src-address=10.0.0.0/24 log=no log-prefix=""

upnp:

    enabled: yes
  allow-disable-external-interface: no
                   show-dummy-rule: yes

upnp interfaces :

 #   INTERFACE                                                                   TYPE     FORCED-EXTERNAL-IP
 0   ether2                                                                      external
 1   ether6                                                                      internal
 2   ether3                                                                      external
 3   ether4                                                                      external
 4   ether1                                                                      external
 5   ether5                                                                      external

route:

  #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 X S  0.0.0.0/0                          192.168.100.1             1
 1 X S  0.0.0.0/0                          192.168.200.1             1
 2 X S  0.0.0.0/0                          192.168.111.1             1
 3 X S  0.0.0.0/0                          192.168.3.1               1
 4 X S  0.0.0.0/0                          192.168.5.1               1
 6 A S  0.0.0.0/0                          192.168.100.1             1
 7 A S  0.0.0.0/0                          192.168.200.1             1
 8 A S  0.0.0.0/0                          192.168.111.1             1
 9 A S  0.0.0.0/0                          192.168.3.1               1
10 A S  0.0.0.0/0                          192.168.5.1               1
11 A S  0.0.0.0/0                          192.168.100.1             1
12   S  0.0.0.0/0                          192.168.200.1             2
13   S  0.0.0.0/0                          192.168.111.1             3
14   S  0.0.0.0/0                          192.168.3.1               4
15   S  0.0.0.0/0                          192.168.5.1               5
16 X S  0.0.0.0/0                          192.168.100.1             1
                                           192.168.200.1     
                                           192.168.3.1       
                                           192.168.5.1       
                                           192.168.111.1     
17 ADC  10.0.0.0/24        10.0.0.2        ether6                    0
18 ADC  192.168.3.0/24     192.168.3.2     ether4                    0
19 ADC  192.168.5.0/24     192.168.5.2     ether5                    0
20 ADC  192.168.100.0/24   192.168.100.2   ether1                    0
21 ADC  192.168.111.0/24   192.168.111.2   ether3                    0
22 ADC  192.168.200.0/24   192.168.200.2   ether2                    0
2

anyone can help ?

3

???

4

come on guys

5

It looks like you have 1 WAN and LANs.
There is no NAT required between LANs. No 0.0.0.0/0 routes required to route from 1 lan to the next.

If you only have 1 WAN, then you should only have 1 0.0.0.0/0 route.

6

It’s because their IP keeps changing to the NAT traversal technology. Being a client to an external group likely tolerates a changing source IP better than if they try to host.

You’ll either need to sticky some of your users to a particular WAN connection. Alternatively, use your 5 WAN connections smarter. Get access to a facility where you can get bandwidth cheap, could be AWS (although they are pricey or a local data center with a good Internet connection). Put a MikroTik there. Build 5 GRE tunnels, 1 for each WAN connection. Use equal cost multi pathing between your remote unit and the one serving your customers. Perform NAT on the MikroTik in the DC from a single stronger connection (or from two in an active / standby layout). Customer connection tracking will be much more reliable because their public IP will stay more consistent.

7

i can stick client to 1 wan using ip>route>rules>

i tried it and works in making client only use a specific wan but didn’t work for the nat problem

so sticky client to a wan is didn’t solve the problem

8

it is 5 wan and 1 lan

9

Additionally, your NAT rules and routes confuse me …

Your device:
ether1 - Internet1
ether2 - Internet2
ether3 - Internet3
ether4 - Internet4
ether5 - Internet5
ether6 - YourClients

Nat rules:

Why are you masquerading, TCP and UDP separately for anything egressing ether6? Why are you doing this at all? Shouldn’t these IPs just route naturally in your environment? Kill those rules. They are at least useless, at worst harmful:

1 chain=srcnat action=masquerade protocol=tcp src-address=10.0.0.0/24 dst-address=10.0.0.0/24
out-interface=ether6 dst-port=1-65535 log=no log-prefix=“”

2 chain=srcnat action=masquerade protocol=udp src-address=10.0.0.0/24 dst-address=10.0.0.0/24
out-interface=ether6 dst-port=1-65535 log=no log-prefix=“”

3 chain=srcnat action=masquerade src-address=10.0.0.0/24 dst-address=10.0.0.0/24 out-interface=ether6
log=no log-prefix=“”

Why are you dstnat’ing anything that comes in on ports 1 - 9999 of both UDP and TCP and then sending it to 10.0.0.0/24? Get rid of them, again, at least not helping at worst harmful.

4 chain=dstnat action=dst-nat to-addresses=10.0.0.0/24 to-ports=1-9999 protocol=udp
dst-address=192.168.111.2 in-interface=ether3 dst-port=1-9999 log=no log-prefix=“”

5 chain=dstnat action=dst-nat to-addresses=10.0.0.0/24 to-ports=1-9999 protocol=tcp
dst-address=192.168.111.2 in-interface=ether3 dst-port=1-9999 log=no log-prefix=“”

6 chain=dstnat action=dst-nat to-addresses=10.0.0.0/24 to-ports=1-9999 protocol=udp
dst-address=192.168.200.2 in-interface=ether2 dst-port=1-9999 log=no log-prefix=“”

7 chain=dstnat action=dst-nat to-addresses=10.0.0.0/24 to-ports=1-9999 protocol=tcp
dst-address=192.168.200.2 in-interface=ether2 dst-port=1-9999 log=no log-prefix=“”

8 chain=dstnat action=dst-nat to-addresses=10.0.0.0/24 to-ports=1-9999 protocol=udp
dst-address=192.168.100.2 in-interface=ether1 dst-port=1-9999 log=no log-prefix=“”

9 chain=dstnat action=dst-nat to-addresses=10.0.0.0/24 to-ports=1-9999 protocol=tcp
dst-address=192.168.100.2 in-interface=ether1 dst-port=1-9999 log=no log-prefix=“”

10 chain=dstnat action=dst-nat to-addresses=10.0.0.0/24 to-ports=1-9999 protocol=udp
dst-address=192.168.3.2 in-interface=ether4 dst-port=1-9999 log=no log-prefix=“”

11 chain=dstnat action=dst-nat to-addresses=10.0.0.0/24 to-ports=1-9999 protocol=tcp
dst-address=192.168.3.2 in-interface=ether4 dst-port=1-9999 log=no log-prefix=“”

12 chain=dstnat action=dst-nat to-addresses=10.0.0.0/24 to-ports=1-9999 protocol=udp
dst-address=192.168.5.2 in-interface=ether5 dst-port=1-9999 log=no log-prefix=“”

13 chain=dstnat action=dst-nat to-addresses=10.0.0.0/24 to-ports=1-9999 protocol=tcp
dst-address=192.168.5.2 in-interface=ether5 dst-port=1-9999 log=no log-prefix=“”

Yay, leave these (only these, get rid of everything else):

14 chain=srcnat action=masquerade out-interface=ether1 log=no log-prefix=“”

15 chain=srcnat action=masquerade out-interface=ether2 log=no log-prefix=“”

16 chain=srcnat action=masquerade out-interface=ether3 log=no log-prefix=“”

17 chain=srcnat action=masquerade out-interface=ether4 log=no log-prefix=“”

18 chain=srcnat action=masquerade out-interface=ether5 log=no log-prefix=“”

Routing

Less confusing / bad here. You want a default route for each ISP. You’ll pick one to have the lowest administrative distance and the others with incrementing administrative distances in order of total fail-over which one should be used. These catch traffic that would normally be mapped to an ISP that is down. You will also want a default route to match each routing-mark in your mangles.

Leave all of these:

/ip route
add check-gateway=ping gateway=192.168.100.1 routing-mark=via_public1
add check-gateway=ping gateway=192.168.200.1 routing-mark=via_public2
add check-gateway=ping gateway=192.168.111.1 routing-mark=via_public3
add check-gateway=ping gateway=192.168.3.1 routing-mark=via_public4
add check-gateway=ping gateway=192.168.5.1 routing-mark=via_public5

Get rid of this (also, kill the interface route to ether3 if you have it yet):
/ip route
add check-gateway=ping distance=1 gateway=192.168.200.1,192.168.100.1,192.168.111.1,192.168.3.1,192.168.5.1

Add these:
/ip route
add check-gateway=ping distance=1 gateway=192.168.100.1
add check-gateway=ping distance=2 gateway=192.168.200.1
add check-gateway=ping distance=3 gateway=192.168.111.1
add check-gateway=ping distance=4 gateway=192.168.3.1
add check-gateway=ping distance=5 gateway=192.168.5.1

Mangles

Ya, just start by dropping everything you have in MANGLE. Seriously, kill it all friend.


/ip firewall mangle

add action=mark-connection chain=input comment=“MARK INCOMING WAN” connection-mark=no-mark in-interface=ether1 new-connection-mark=cm_in_public1
add action=mark-connection chain=input connection-mark=no-mark in-interface=ether2 new-connection-mark=cm_in_public2
add action=mark-connection chain=input connection-mark=no-mark in-interface=ether3 new-connection-mark=cm_in_public3
add action=mark-connection chain=input connection-mark=no-mark in-interface=ether4 new-connection-mark=cm_in_public4
add action=mark-connection chain=input connection-mark=no-mark in-interface=ether5 new-connection-mark=cm_in_public5

add action=mark-routing chain=output connection-mark=cm_in_public1 new-routing-mark=via_public1
add action=mark-routing chain=output connection-mark=cm_in_public2 new-routing-mark=via_public2
add action=mark-routing chain=output connection-mark=cm_in_public3 new-routing-mark=via_public3
add action=mark-routing chain=output connection-mark=cm_in_public4 new-routing-mark=via_public4
add action=mark-routing chain=output connection-mark=cm_in_public5 new-routing-mark=via_public5

add action=jump chain=prerouting comment=“JUMP → LOADBALANCE” dst-address-type=!local in-interface=ether6 jump-target=loadbalance src-address=10.0.0.0/24

add action=mark-connection chain=loadbalance new-connection-mark=cm_lb_1 per-connection-classifier=both-addresses-and-ports:5/0
add action=mark-connection chain=loadbalance new-connection-mark=cm_lb_2 per-connection-classifier=both-addresses-and-ports:5/1
add action=mark-connection chain=loadbalance new-connection-mark=cm_lb_3 per-connection-classifier=both-addresses-and-ports:5/2
add action=mark-connection chain=loadbalance new-connection-mark=cm_lb_4 per-connection-classifier=both-addresses-and-ports:5/3
add action=mark-connection chain=loadbalance new-connection-mark=cm_lb_5 per-connection-classifier=both-addresses-and-ports:5/4

add action=mark-routing chain=prerouting connection-mark=cm_lb_1 in-interface=ether6 new-routing-mark=via_public1 passthrough=no
add action=mark-routing chain=prerouting connection-mark=cm_lb_2 in-interface=ether6 new-routing-mark=via_public2 passthrough=no
add action=mark-routing chain=prerouting connection-mark=cm_lb_3 in-interface=ether6 new-routing-mark=via_public3 passthrough=no
add action=mark-routing chain=prerouting connection-mark=cm_lb_4 in-interface=ether6 new-routing-mark=via_public4 passthrough=no
add action=mark-routing chain=prerouting connection-mark=cm_lb_5 in-interface=ether6 new-routing-mark=via_public5 passthrough=no

add chain=prerouting dst-address=192.168.100.0/24 action=accept in-interface=ether6
add chain=prerouting dst-address=192.168.200.0/24 action=accept in-interface=ether6
add chain=prerouting dst-address=192.168.111.0/24 action=accept in-interface=ether6
add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=ether6
add chain=prerouting dst-address=192.168.5.0/24 action=accept in-interface=ether6

Replace your mangles with:

/ip firewall mangle add action=add-src-to-address-list address-list=inet1 address-list-timeout=0s chain=“mark new unseen” disabled=no nth=5,1
/ip firewall mangle add action=add-src-to-address-list address-list=inet2 address-list-timeout=0s chain=“mark new unseen” disabled=no nth=5,2
/ip firewall mangle add action=add-src-to-address-list address-list=inet3 address-list-timeout=0s chain=“mark new unseen” disabled=no nth=5,3
/ip firewall mangle add action=add-src-to-address-list address-list=inet4 address-list-timeout=0s chain=“mark new unseen” disabled=no nth=5,4
/ip firewall mangle add action=add-src-to-address-list address-list=inet5 address-list-timeout=0s chain=“mark new unseen” disabled=no nth=5,5
/ip firewall mangle add action=add-src-to-address-list address-list=seen address-list-timeout=0s chain=“mark new unseen” disabled=no
/ip firewall mangle add action=jump chain=“mark new unseen” disabled=no jump-target=“mark connection”

/ip firewall mangle add action=mark-connection chain=“mark connection” disabled=no new-connection-mark=inet1 passthrough=yes src-address-list=inet1
/ip firewall mangle add action=mark-connection chain=“mark connection” disabled=no new-connection-mark=inet2 passthrough=yes src-address-list=inet2
/ip firewall mangle add action=mark-connection chain=“mark connection” disabled=no new-connection-mark=inet3 passthrough=yes src-address-list=inet3
/ip firewall mangle add action=mark-connection chain=“mark connection” disabled=no new-connection-mark=inet4 passthrough=yes src-address-list=inet4
/ip firewall mangle add action=mark-connection chain=“mark connection” disabled=no new-connection-mark=inet5 passthrough=yes src-address-list=inet5

/ip firewall mangle add action=mark-routing chain=“mark connection” connection-mark=inet1 disabled=no new-routing-mark=inet1 passthrough=no
/ip firewall mangle add action=mark-routing chain=“mark connection” connection-mark=inet2 disabled=no new-routing-mark=inet2 passthrough=no
/ip firewall mangle add action=mark-routing chain=“mark connection” connection-mark=inet3 disabled=no new-routing-mark=inet3 passthrough=no
/ip firewall mangle add action=mark-routing chain=“mark connection” connection-mark=inet4 disabled=no new-routing-mark=inet4 passthrough=no
/ip firewall mangle add action=mark-routing chain=“mark connection” connection-mark=inet5 disabled=no new-routing-mark=inet5 passthrough=no

/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=inet1 disabled=no new-routing-mark=inet1 passthrough=no src-address-list=inet1
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=inet2 disabled=no new-routing-mark=inet2 passthrough=no src-address-list=inet2
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=inet3 disabled=no new-routing-mark=inet3 passthrough=no src-address-list=inet3
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=inet4 disabled=no new-routing-mark=inet4 passthrough=no src-address-list=inet4
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=inet5 disabled=no new-routing-mark=inet5 passthrough=no src-address-list=inet5

/ip firewall mangle add action=jump chain=prerouting connection-state=new disabled=no jump-target=“mark connection” src-address=10.0.0.0/24

/ip firewall mangle add action=jump chain=prerouting connection-state=new disabled=no jump-target=“mark new unseen” src-address-list=10.0.0.0/24

10

dear idlemind i just tried your method but unfortunately i still have the same problem

11

Push IPv6 to your clients and get rid of NAT? Except that won’t work with the 5 Internet connections load balanced the way you have them.

12

ok so how can i setup ipv6 to 5 wan i have no idea about ipv6 but i have it installed

13

Lots of options. With the 5 separate Internet connections though you either need to aggregate them back to a DC using ECMP and out a single larger Internet connection. Alternatively, assign IPv6 subnets from each allocation to different customers.

Think of it like you got a /24 of IPv4 from each provider and didn’t use NAT.

14

i still dont know how to do ipv6 in my router if anyone know how please relaying on you guys thanks idlemind
UPDATED topic still have problem with nat
if anyone would help thanks

update :i have forgot to say that clients have tp link routers so maybe the problem is double nat here ? how to solve it

15

IPv6

In IPv4 you’re able to hide the true source address of your client. In PCC load balancing some connections appear sourced from ISP1 while others from ISP2 or ISP3. In IPv6 you’d likely get a prefix for each ISP connection. If you’ve been assigned a prefix by your RIR you could do BGP with the upstream providers.

Individual prefix per ISP connection (5 total) or no native IPv6 at all

  1. Rent rack space and bandwidth in a nearby data center facility with enough upstream capacity to handle at least all 5 smaller local ISP connections.
  2. Place a router in the data center
  3. Form a tunnel on each ISP connection to your data center
  4. Bond or use equal cost load balancing over the tunnels
  5. Obtain a single IPv6 prefix from the data center provider or your RIR and advertise it out there.

Perform BGP over each ISP connection at the local router (Have an assigned prefix from a RIR and upstream will do BGP)

  1. Form a BGP neighbor relationship on each ISP connection.
  2. Choose which prefixes you’ll allow (filters) on each inbound ISP connection. This will give you more specific routes on one or some ISP connections to certain destinations causing them to be used over others.
  3. Accept a default route from each to support failing over if one particular connection fails.
16

maybe it will work but it sound hard and cost much isn’t there another way

17

Sometimes you need a little money to party with the big kids!

That said, you could look at doing BGP with Hurricane Electric. I’m not sure if it would be covered with their free product. It would also require you to have an allocation from your RIR. Here in the US the smallest allocation, /48, is $250 USD a year. That still would leave you with a BGP based load balancing mechanism of accepting routes for certain prefixes on certain connections and not others. Not really ideal.

Another low cost option is to get an allocation from your upstream on each WAN if they support it and pass an allocation down from ISP1 to one client and another client gets a prefix from ISP2. This would bind the client to ISP1 and ISP2 respectively for IPv6 connectivity. This again may not be ideal from an ideal load balancing perspective.