Need Solution for that design

mfrabbibd · June 1, 2017, 11:57am

Dear Mikrotik Experts,
I need your help to design this kind of setup. I’ve a 20Km Single Core Fiber Optical Transmission. I’ve taken 2 ISP’s connection which are respectively ISP-1 (WAN1) - 180.161.159.157/30 (30Mbps) & ISP-2 (WAN2)- 182.211.157.166/30 (20Mbps). Now I have RB260GSP Mikrotik Switch on both ends and a Mikrotik RB1100Ahx2 Router with Mikrotik CRS 125-24G-1S-RM Switch. In that case, I want to create Load Balance with Failover on Mikrotik RB1100Ahx2 (ether1-ISP1 & ether2-ISP2). Ether3 of Mikrotik RB1100Ahx2 will be my LAN (172.16.0.1/29). I want to distribute total 50Mbps Internet Connection (30Mbps from ISP1+20Mbps from ISP2) among 5 clients. When both ISP’s are Online, all the clients should use desire bandwidth and when any ISP is down, all the clients should share the amount of bandwidth provided by other ISP.
What should I do in that case? Please help me or guide me the proper way.
Thanks for reading my thread.
My Network Design.jpg

mfrabbibd · June 1, 2017, 7:35pm

Any updates…!

Discmandj · June 1, 2017, 9:37pm

Hi , in First mikrotik rb260 you Need to connect your 2 isp Modems WITHOUT adding ip addresses, Bridge Port 1 to 3 so that mikrotik use as Switch , the do. the Same on Second mikrotik rb260 . On this way you have to do the failover load Balance on rb 1100 with qos Regel for every ip you wich to give your Clients .
Best regard

Gesendet von iPhone mit Tapatalk

mfrabbibd · June 2, 2017, 2:25am

Thanks for your response. RB260gsp is already a switch and in bridge mood by default. How do I saperate two public ip on the second RB260gsp?

Discmandj · June 2, 2017, 6:48am

Hallo you Need to use it as Switch 2 you will separate the isp in rb1100.

Gesendet von iPhone mit Tapatalk

Discmandj · June 2, 2017, 6:49am

If you can wait Till tonight i will send you the Wohle configuration when im at home

Gesendet von iPhone mit Tapatalk

mfrabbibd · June 2, 2017, 3:37pm

Dear Discmandj, should I create 2 vlan on 1st rb260gsp and do the same 2vlan on 2nd RB260gsp as well? Don’t understand what to do! it would be so kind of you if you help by giving the whole configuration! I badly need this solution but couldn’t find any clue on the web or I don’t have any idea what clue should I search on google. I’ll be really grateful to you. Waiting for you.
Thanks once again.

mfrabbibd · June 2, 2017, 7:11pm

Dear Discmandj, are you doing something for me! Need your help.
Regards

Discmandj · June 2, 2017, 7:57pm

Hi ,
so Lets Start ,
first mikrotik on th ISP side RB260GSP.
/interface bridge
add name=Netz
/interface bridge port
add bridge=Netz interface=ether1 first ISP
add bridge=Netz interface=ether2 second ISP
add bridge=Netz interface=ether3 Line to Fiber Optic Converter
do not put any IP addrese here just a link between ISP Modem and Mikrotik.

Second Mikrotik :
/interface bridge
add name=Netz
/interface bridge port
add bridge=Netz interface=ether1 here ether one go to Mikrotik RB1100 ether1
add bridge=Netz interface=ether2 here ether 2 go to mikrotik rb 1100 ether2
add bridge=Netz interface=ether3 Line to Fiber Optic Converter

now the most work is on the RB1100
/queue simple
add max-limit=25M/25M name=Client1 target=172.16.0.2/32
add max-limit=10M/10M name=Client2 target=172.16.0.3/32
add max-limit=5M/5M name=Client3 target=172.16.0.4/32
add max-limit=5M/5M name=Client4 target=172.16.0.5/32
add max-limit=5M/5M name=Client5 target=172.16.0.6/32

/ip address
add address=180.161.159.157/30 interface=ether1 network=180.161.159.156
add address=182.211.157.166/30 interface=ether2 network=182.211.157.164
add address=172.16.0.1/24 interface=ether3 network=172.16.0.0

/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=tcp
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=udp
add action=drop chain=input dst-port=53 in-interface=ether2 protocol=udp
add action=drop chain=input dst-port=53 in-interface=ether2 protocol=tcp

/ip firewall mangle
add chain=prerouting dst-address=180.161.159.157 in-interface=ether3
add chain=prerouting dst-address=182.211.157.166 in-interface=ether3
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=ether1 new-connection-mark=ISP1
add action=mark-connection chain=prerouting connection-mark=no-mark
in-interface=ether2 new-connection-mark=ISP2
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface=ether3 new-connection-mark=ISP1
per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark
dst-address-type=!local in-interface=ether3 new-connection-mark=ISP2
per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=ISP1 in-interface=
ether3 new-routing-mark=To_ISP1 passthrough=no
add action=mark-routing chain=prerouting connection-mark=ISP2 in-interface=
ether3 new-routing-mark=To_ISP2 passthrough=no
add action=mark-routing chain=output connection-mark=ISP1 new-routing-mark=
To_ISP1 passthrough=no
add action=mark-routing chain=output connection-mark=ISP2 new-routing-mark=
To_ISP2 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether2
/ip route
add check-gateway=ping distance=1 gateway=(Gateway ISP 1) routing-mark=To_ISP1
add check-gateway=ping distance=1 gateway=(Gateway ISP 2) routing-mark=To_ISP2
add check-gateway=ping distance=1 gateway=Gateway ISP 1
add check-gateway=ping distance=2 gateway=Gateway ISP 2

now the switch last one:
just bridge the port you want to use in switch

here you are good to go , if you need any furthur help , just write me !
PS> WARNING WARNING WARNING please do never give your Public IP from ISP on any website Hackers will be glad to have such IPs to Hack your Router i hope the IP you give it here is an example IP , otherwise delete it as soon as possible .
in my Config i have a simple DDOS Attack blocker under firewall gemacht so it will save you from outside hack.
best regard

mfrabbibd · June 3, 2017, 2:31am

Thanks a lot Discmandj, can I get your social networking invitation to chat with you for a while? it was so kind of you. The ip’s r demo. I’ve a question, RB260gsp only works through web browser not winbox so how should I put command for RB260gsp?
Thanks

Discmandj · June 3, 2017, 7:44am

Hi , Go to Bridge then press add bridge Name it whatever you want and put this 3 ether Ports in that bridge

Gesendet von iPhone mit Tapatalk

Discmandj · June 3, 2017, 7:46am

A new Tip , if you want you can change the rb250 with 2 Layer 2 layer3 Switch it will work too

Gesendet von iPhone mit Tapatalk