PCC load balancing - one IP should always use just one GW

eXtremer · October 18, 2013, 1:07pm

Hi all,

If someone could help me with this one I would really appreciate. I need one IP in my LAN to use all the time just one gateway (provider) and not both providers I have, how to accomplish this? Please in examples, I will not be able to do something with theory.

What I’ve tried to do and didn’t work:

/ip firewall mangle add action=mark-routing chain=prerouting disabled=nо new-routing-mark=Provider1 passthrough=no src-address=192.168.0.10

/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=77.89.ХХХ.ХХ routing-mark=Provider1 scope=30 target-scope=10

/ip route rule add src-address=192.168.0.10 action=lookup table=Provider1

Thank you.

Rudios · October 19, 2013, 6:59am

Create a mark-connection rule instead and enable passthrough.
Use the same routing mark as used by the desired pcc rule.

aacable · October 19, 2013, 11:18am

eXtremer:

Hi all,

If someone could help me with this one I would really appreciate. I need one IP in my LAN to use all the time just one gateway (provider) and not both providers I have, how to accomplish this? Please in examples, I will not be able to do something with theory.
What I’ve tried to do and didn’t work:
1.
/ip firewall mangle add action=mark-routing chain=prerouting disabled=nо new-routing-mark=Provider1 passthrough=no src-address=192.168.0.10
/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=77.89.ХХХ.ХХ routing-mark=Provider1 scope=30 target-scope=10
/ip route rule add src-address=192.168.0.10 action=lookup table=Provider1
Thank you.

Some examples here . . .
http://aacable.wordpress.com/2012/04/14/howto-exempt-any-user-website-from-mikrotik-pcc/

eXtremer · October 19, 2013, 1:42pm

Hey guys could you give me please the exact rules for my situation, I’m not too god in configuring Mikrotik and I have to guess what you meant to say.

If I use this rule, no website will open.

/ip firewall mangle add action=mark-connection chain=prerouting disabled=no new-connection-mark=Provider1 passthrough=yes src-address=192.168.0.250

/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=77.89.ХХХ.ХХ routing-mark=Provider1 scope=30 target-scope=10

I can’t find the example suitable in my case, could you point it out please, thank you.

Rudios · October 19, 2013, 6:00pm

Please post your current mangle and route rules

eXtremer · October 20, 2013, 8:10am

Mangle:

/ip firewall mangle
add action=accept chain=prerouting disabled=no dst-port=80 protocol=tcp
add action=accept chain=prerouting disabled=no dst-address=192.168.0.0/24
add action=accept chain=prerouting disabled=no dst-address=188.XXX.XX.0/24 in-interface=LAN1
add action=accept chain=prerouting disabled=no dst-address=77.XX.XXX.140/30 in-interface=LAN1
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no in-interface=Provider_2 new-connection-mark=Provider_2 passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no in-interface=Provider_1 new-connection-mark=Provider_1 passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=LAN1 new-connection-mark=Provider_2 passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=LAN1 new-connection-mark=Provider_1 passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=Provider_1 disabled=no in-interface=LAN3 new-routing-mark=Provider_1 passthrough=no
add action=mark-routing chain=prerouting connection-mark=Provider_2 disabled=no in-interface=LAN1 new-routing-mark=Provider_2 passthrough=no
add action=mark-routing chain=prerouting connection-mark=Provider_1 disabled=no in-interface=LAN1 new-routing-mark=Provider_1 passthrough=no
add action=mark-routing chain=output connection-mark=Provider_2 disabled=no new-routing-mark=Provider_2 passthrough=no
add action=mark-routing chain=output connection-mark=Provider_1 disabled=no new-routing-mark=Provider_1 passthrough=no
add action=accept chain=output disabled=no dst-address=192.168.0.0/24
add action=mark-connection chain=output connection-mark=no-mark disabled=no dst-address-type=!local new-connection-mark=Provider_2 passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=output connection-mark=no-mark disabled=no dst-address-type=!local new-connection-mark=Provider_1 passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=output connection-mark=Provider_2 disabled=no new-routing-mark=Provider_2 passthrough=no
add action=mark-routing chain=output connection-mark=Provider_1 disabled=no new-routing-mark=Provider_1 passthrough=no
[admin@MikroTik] >

Route:

/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=77.XX.XXX.141 routing-mark=Provider_1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=188.XXX.XX.1 routing-mark=Provider_2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=188.XXX.XX.1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=77.XX.XXX.141 scope=30 target-scope=10
[admin@MikroTik] >

Thank you.

eXtremer · October 23, 2013, 1:29pm

No solution?

Rudios · October 24, 2013, 10:32am

There are some rules that are not clear to me.
add action=accept chain=prerouting disabled=no dst-port=80 protocol=tcp
add action=accept chain=prerouting disabled=no dst-address=192.168.0.0/24
add action=mark-routing chain=prerouting connection-mark=Provider_1 disabled=no in-interface=LAN3 new-routing-mark=Provider_1 passthrough=no
add action=accept chain=output disabled=no dst-address=192.168.0.0/24
add action=mark-connection chain=output connection-mark=no-mark disabled=no dst-address-type=!local new-connection-mark=Provider_2 passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=output connection-mark=no-mark disabled=no dst-address-type=!local new-connection-mark=Provider_1 passthrough=yes per-connection-classifier=both-addresses:2/1And I think you should enable passthrough for the following
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no in-interface=Provider_2 new-connection-mark=Provider_2 passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no in-interface=Provider_1 new-connection-mark=Provider_1 passthrough=noBack to the question, if you would like to force a specific system to always use the same one Provider add the following.
Add them above the two PCC rules
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=LAN1 new-connection-mark=Provider_1 passthrough=yes src-address=192.168.0.10

eXtremer · October 25, 2013, 7:19am

Thank you, Rudios

I think the issue is solved but I will still monitor the situation to see if it works 100% as it should.