Hello everyone how are you?


Please I need some help

I configured PCC according Mikrotik´s official guide but is not working please help.

ISP1: 300 Mbps

ISP2: 150 Mbps


My configuration


Columns: ADDRESS, NETWORK, INTERFACE

ADDRESS NETWORK INTERFACE

;;; ISP1
192.168.1.254/24 192.168.1.0 ether1

;;; ISP2
192.168.2.254/24 192.168.2.0 ether2

;;; LAN
192.168.88.254/24 192.168.88.0 bridge


MANGLE


Flags: X - disabled, I - invalid; D - dynamic
0 ;;; Block traceroute
chain=prerouting action=change-ttl new-ttl=increment:2 passthrough=yes
log=no log-prefix=""

1 ;;; Accept rule
chain=prerouting action=accept dst-address=192.168.1.0/24
in-interface-list=LAN log=no log-prefix=""

2 chain=prerouting action=accept dst-address=192.168.2.0/24
in-interface-list=LAN log=no log-prefix=""

3 ;;; Mark-Connections
chain=prerouting action=mark-connection new-connection-mark=ISP1_conn
passthrough=no connection-mark=no-mark in-interface=ether1 log=no
log-prefix=""

4 chain=prerouting action=mark-connection new-connection-mark=ISP2_conn
passthrough=no connection-mark=no-mark in-interface=ether2 log=no
log-prefix=""

5 ;;; PCC
chain=prerouting action=mark-connection new-connection-mark=ISP1_conn
passthrough=no dst-address-type=!local connection-mark=no-mark
in-interface-list=LAN per-connection-classifier=both-addresses:2/0 log=no
log-prefix=""

6 chain=prerouting action=mark-connection new-connection-mark=ISP2_conn
passthrough=no dst-address-type=!local connection-mark=no-mark
in-interface-list=LAN per-connection-classifier=both-addresses:2/1 log=no
log-prefix=""

7 ;;; Mark-Routing
chain=prerouting action=mark-routing new-routing-mark=To_ISP1
passthrough=no connection-mark=ISP1_conn in-interface-list=LAN log=no
log-prefix=""

8 chain=prerouting action=mark-routing new-routing-mark=To_ISP2 passthrough=no>
connection-mark=ISP2_conn in-interface-list=LAN log=no log-prefix=""

9 ;;; Output Connections
chain=output action=mark-routing new-routing-mark=To_ISP1 passthrough=no
connection-mark=ISP1_conn log=no log-prefix=""

10 chain=output action=mark-routing new-routing-mark=To_ISP2 passthrough=no
connection-mark=ISP2_conn log=no log-prefix=""


ROUTES

DST-ADDRESS GATEWAY DISTANCE

;;; Default route ISP1
0 s 0.0.0.0/0 192.168.1.1 1
;;; Default route ISP2
1 As 0.0.0.0/0 192.168.2.1 2

;;; PCC to ISP1
2 As 0.0.0.0/0 192.168.1.1 1 To_ISP1
;;; PCC to ISP2
3 As 0.0.0.0/0 190.147.134.1 1 To_ISP2


DAc 192.168.1.0/24 ether1 0
DAc 192.168.2.0/24 ether2 0
DAc 192.168.10.0/24 vlan10 0
DAc 192.168.20.0/24 vlan20 0
DAc 192.168.30.0/24 vlan30 0
DAc 192.168.88.0/24 bridge 0


NAT

Flags: X - disabled, I - invalid; D - dynamic
0 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface=ether1 log=no log-prefix=""
ipsec-policy=out,none

1 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface=ether2 log=no log-prefix=""
ipsec-policy=out,none


FIREWALL


Flags: X - disabled, I - invalid; D - dynamic
0 ;;; Port scan block rule
chain=input action=add-src-to-address-list protocol=tcp psd=21,3s,3,1
address-list=Port Scan Attackers address-list-timeout=1d log=no
log-prefix=""

1 ;;; Portscan block forward udp
chain=input action=add-src-to-address-list protocol=udp psd=21,3s,3,1
address-list=Port Scan Attackers address-list-timeout=1d log=no
log-prefix=""

2 ;;; Portscan block forward tcp
chain=forward action=add-src-to-address-list protocol=tcp psd=21,3s,3,1
address-list=Port Scan Attackers address-list-timeout=1d log=no
log-prefix=""

3 ;;; Portscan block forward udp
chain=forward action=add-src-to-address-list protocol=udp psd=21,3s,3,1
address-list=Port Scan Attackers address-list-timeout=1d log=no
log-prefix=""

4 ;;; Portscan drop
chain=input action=drop src-address-list=Port Scan Attackers log=no
log-prefix=""

5 ;;; defconf: accept established,related,untracked
chain=input action=accept connection-state=established,related,untracked
log=no log-prefix=""

6 X ;;; defconf: accept ICMP
chain=input action=accept protocol=icmp log=no log-prefix=""

7 ;;; defconf: accept to local loopback (for CAPsMAN)
chain=input action=accept dst-address=127.0.0.1 log=no log-prefix=""

8 X ;;; Allow IPSec from VPN server
chain=input action=accept protocol=udp in-interface-list=WAN
dst-port=500,4500,4510,4511 log=no log-prefix=""

9 X ;;; FTP
chain=input action=accept protocol=tcp in-interface=ether2 dst-port=21
log=no log-prefix=""

10 ;;; Drop ICMP
chain=input action=drop protocol=icmp in-interface-list=WAN log=no
log-prefix=""

11 ;;; defconf: drop invalid
chain=input action=drop connection-state=invalid log=no log-prefix=""

12 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid log=no log-prefix=""

13 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new
connection-nat-state=!dstnat in-interface-list=WAN log=no log-prefix=""

14 ;;; Drop bogons lists
chain=forward action=drop dst-address-list=Bogons log=no log-prefix=""

PCC = per connection clasifier

it does not guarantee a perfectly even distribution of traffic, because you have to distribute connections from first packet, in that instant is improbable to predict how much traffic that connection gonna carry

in small environments with low ammount of clients and connections distribution is not even

with lots of connections you will see a more even distribution across time, but in instantaneous traffic you will see some spikes, thats normal

is a common behavior on internet connection load balancing because of the nature of connection establishment and internet services operation

1/3 to 2/3

pcc line 1 → 3/1 ISP 2
pcc line 2 → omited (catch-all) (3/0 and 3/2) ISP 1

both addresses both ports give a very good distribution.