Nth Load Balancing does not work in a dual WAN set-up

staticjess · November 29, 2012, 7:28am

Hi Everyone,
I have been bothered with this dilemma, I have set-up a dual wan using this approach: http://wiki.mikrotik.com/wiki/NTH_load_balancing_with_masquerade_(another_approach)

The problem I’m having is that when my ISP 1 is down from the cable of my modem to the their gateway, the Mikrotik still receives an activity and there is no Internet.

This load balancing approach works when I unplug the cable from the ether1 or ether2 of my Mikrotik device. So what happens is that when the my ISP1 is down all the ISP load dont transfer to ISP2.

Below is my configuration on the IP, Mangle, NAT and Route:

IP Address:
/ip address
add address=192.168.1.1/24 comment=Local-Servers disabled=no interface=ether03-LAN network=192.168.1.0
add address=208.1.1.2/24 comment=ISP2-Globe disabled=no interface=ether02-Globe network=208.1.1.0
add address=116.1.1.2/24 comment=ISP1-Eastern disabled=no interface=ether01-Eastern network=116.1.1.0

Mangle:
/ip firewall mangle
add action=add-src-to-address-list address-list=first address-list-timeout=0s chain=“mark new unseen” disabled=no nth=2,1
add action=add-src-to-address-list address-list=second address-list-timeout=0s chain=“mark new unseen” disabled=no nth=2,2
add action=add-src-to-address-list address-list=seen address-list-timeout=0s chain=“mark new unseen” disabled=no
add action=jump chain=“mark new unseen” disabled=no jump-target=“mark connection”
add action=mark-connection chain=“mark connection” disabled=no new-connection-mark=first_conn passthrough=yes src-address-list=first
add action=mark-connection chain=“mark connection” disabled=no new-connection-mark=second_conn passthrough=yes src-address-list=second
add action=mark-routing chain=“mark connection” connection-mark=first_conn disabled=no new-routing-mark=first passthrough=no
add action=mark-routing chain=“mark connection” connection-mark=second_conn disabled=no new-routing-mark=second passthrough=no
add action=mark-connection chain=“mark connection” disabled=no new-connection-mark=first_conn passthrough=yes src-address-list=first
add action=mark-connection chain=“mark connection” disabled=no new-connection-mark=second_conn passthrough=yes src-address-list=second
add action=mark-routing chain=“mark connection” connection-mark=first_conn disabled=no new-routing-mark=first passthrough=no
add action=mark-routing chain=“mark connection” connection-mark=second_conn disabled=no new-routing-mark=second passthrough=no
add action=jump chain=prerouting connection-state=new disabled=no jump-target=“mark connection” src-address-list=local
add action=jump chain=prerouting connection-state=new disabled=no jump-target=“mark new unseen” src-address-list=local
add action=mark-connection chain=input disabled=no in-interface=ether01-ISP1 new-connection-mark=isp1_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=ether02-ISP2 new-connection-mark=isp2_conn passthrough=yes
add action=mark-routing chain=output connection-mark=isp1_conn disabled=no new-routing-mark=to_isp1 passthrough=yes
add action=mark-routing chain=output connection-mark=isp2_conn disabled=no new-routing-mark=to_isp2 passthrough=yes

NAT Rule:
add action=masquerade chain=srcnat comment=NAT-Globe disabled=no out-interface=ether01-ISP1
add action=masquerade chain=srcnat comment=NAT-Eastern disabled=no out-interface=ether02-ISP2

Route:
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=208.1.1.1 routing-mark=first scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=116.1.1.1 routing-mark=second scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=208.1.1.1 routing-mark=to_isp1 scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=116.1.1.1 routing-mark=to_isp2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=116.1.1.1,208.1.1.1 scope=30 target-scope=10

Can anyone help me with this? This is a critical connection for us and our ISP1 connection goes down more than our ISP2 and the business goes down when ISP1 is down. Thanks in advance.

Regards,
Jessie Bautista

infidel · November 30, 2012, 8:49am

Are you using check gateway=ping on your routes? If you are usind dsl modem/router and have the account username/password, you could switch them to bridge mode and ppoe clients on mikrotik, it works better and detects disconnects

staticjess · December 5, 2012, 10:25pm

infidel,
Yes the check ping is enabled. The ISP is in static and I cannot use PPPoE on my clients.

Can anyone assist or check my config if I did it correctly?

Thanks in advanced.

mrz · December 6, 2012, 9:12am

In such setups you must use PCC, it was designed to address flaws of NTH balancing
http://wiki.mikrotik.com/wiki/PCC