PCC Failover/Load balancing going wrong

RouterOS Beginner Basics
1

Hello,

I’m having problems with my PCC mangle rules. Everything works fine when both connections are up, and when I look at connection tracking, all established connections via our plusnet connection are marked with WanPN connection mark and all established connections via out virginmedia connection are marked with WanVM. Perfect!

However, when I disable one of the connections, for example, the plusnet one. Even if I clear all tracked connections, I still see items with “WanPN” and when I look at the properties, the return IP address is the virginmedia ip address, not the plusnet one.

I can only imagine my PCC rules are “deciding” which connection to send data on (regardless on whether the connection is up or not) and connections are still being marked with “WanPN”. When it gets to the routing table, its going out on the virginmedia route?

Here are my mange rules:

 0    ;;; Force LAN to use main routing table for Connected Networks
      chain=prerouting action=accept dst-address=A.A.A.A/29 in-interface=LAN log=no log-prefix="" 

 1    chain=prerouting action=accept dst-address=B.B.B.B/29 in-interface=LAN log=no log-prefix="" 

 2    ;;; Add Connection Marks for Outbound Traffic (PCC Rules) for UDP (VoIP/DNS/etc)
      chain=prerouting action=mark-connection new-connection-mark=WanPNVoIP passthrough=yes protocol=udp dst-address-type=!local connection-mark=no-mark in-interface=LAN per-connection-classifier=both-addresses:2/0 log=no log-prefix="" 

 3    chain=prerouting action=mark-connection new-connection-mark=WanVMVoIP passthrough=yes protocol=udp dst-address-type=!local connection-mark=no-mark in-interface=LAN per-connection-classifier=both-addresses:2/1 log=no log-prefix="" 

 4    ;;; Add Connection Marks for Outbound Traffic (PCC Rules) for Data
      chain=prerouting action=mark-connection new-connection-mark=WanPN passthrough=yes dst-address-type=!local connection-mark=no-mark in-interface=LAN per-connection-classifier=both-addresses:2/0 log=no log-prefix="" 

 5    chain=prerouting action=mark-connection new-connection-mark=WanVM passthrough=yes dst-address-type=!local connection-mark=no-mark in-interface=LAN per-connection-classifier=both-addresses:2/1 log=no log-prefix="" 
 
 6    ;;; Add Connection Marks for Inbound Traffic (Depending on Subnet) for UDP (VoIP/DNS/etc)
      chain=prerouting action=mark-connection new-connection-mark=WanPNVoIP passthrough=yes protocol=udp dst-address=A.A.A.A/29 connection-mark=no-mark log=no log-prefix="" 

 7    chain=prerouting action=mark-connection new-connection-mark=WanVMVoIP passthrough=yes protocol=udp dst-address=B.B.B.B/29 connection-mark=no-mark log=no log-prefix="" 

 8    ;;; Add Connection Marks for Inbound Traffic (Depending on Subnet) for Data
      chain=prerouting action=mark-connection new-connection-mark=WanPN passthrough=yes dst-address=A.A.A.A/29 connection-mark=no-mark log=no log-prefix="" 

 9    chain=prerouting action=mark-connection new-connection-mark=WanVM passthrough=yes dst-address=B.B.B.B/29 connection-mark=no-mark log=no log-prefix="" 

10    ;;; Add Packet Marks for High Priority VoIP Traffic (For Queues)
      chain=prerouting action=mark-packet new-packet-mark=HPVoIP passthrough=yes connection-mark=WanPNVoIP log=no log-prefix="" 

11    chain=prerouting action=mark-packet new-packet-mark=HPVoIP passthrough=yes connection-mark=WanVMVoIP log=no log-prefix="" 

12    ;;; Add Routing Marks (LAN Traffic) for VoIP
      chain=prerouting action=mark-routing new-routing-mark=RoutePN passthrough=yes connection-mark=WanPNVoIP in-interface=LAN log=no log-prefix="" 

13    chain=prerouting action=mark-routing new-routing-mark=RouteVM passthrough=yes connection-mark=WanVMVoIP in-interface=LAN log=no log-prefix="" 

14    ;;; Add Routing Marks (LAN Traffic) for Data
      chain=prerouting action=mark-routing new-routing-mark=RoutePN passthrough=yes connection-mark=WanPN in-interface=LAN log=no log-prefix="" 

15    chain=prerouting action=mark-routing new-routing-mark=RouteVM passthrough=yes connection-mark=WanVM in-interface=LAN log=no log-prefix="" 

16    ;;; Add Routing Marks (For Router Traffic)
      chain=output action=mark-routing new-routing-mark=RoutePN passthrough=yes connection-mark=WanPN log=no log-prefix="" 

17    chain=output action=mark-routing new-routing-mark=RouteVM passthrough=yes connection-mark=WanVM log=no log-prefix=""

In the above rules… any unmarked UDP connections are marked as WanPNVoIP or WanVMVoIP and everything else WanPN or WanVM. The reason for this is because I mark all packets with HPVoIP if the connections are marked with WanPNVoIP or WanVMVoIP so that I can prioritise that traffic in queues over everything else.

I have two routes for each connection - here is the exported routes:

add check-gateway=ping distance=1 gateway=A.A.A.A routing-mark=RoutePN
add check-gateway=ping distance=1 gateway=B.B.B.B routing-mark=RouteVM
add check-gateway=ping distance=1 gateway=B.B.B.B
add check-gateway=ping distance=1 gateway=A.A.A.A

In all the examples above, I’ve edited out public ip addresses and subnets with A.A.A.A for anything to do with plusnet, B.B.B.B for virginmedia.

Just to re-iterate… When both connections are up, all connections under connection tracking are marked with the correct connection mark. Once I disable a connection, for example the plusnet one, I will still have connections appearing as “WanPN” but when looking at the connection information, the return address is the virginmedia one.

Any help would be appreciated

2

PCC rules only mark connections, they don’t care what happens next (they have no control over it). Similar with following route marking rules, they only give routing marks to packets (based on connection marks), but it still doesn’t decide where will they go. It’s the actual routing decision that happens after prerouting.

Normally if you have packet marked with routing mark X, router will look in routing table X and because it contains default route (= valid for any destination), it will use it. If the connection is not available, your check-gateway parameter will make the route inactive and because there’s not any other in table X, router will instead search in main routing table and will succeed there.

If you don’t like it and you’d rather reject such packets, you can add another unreachable route with higher distance:

/ip route
add distance=10 routing-mark=RoutePN type=unreachable
add distance=10 routing-mark=RouteVM type=unreachable

Or another way would be routing rule.

3

Yeah I think I was just getting confused.

So basically, if there are route marks present and all gateways for that route mark are down, it was fall to the default routing table and send out traffic based on the priority of the gateways in the default table that are reachable?

Cheers,

Matt

4

Yes.