Hello everyone,
I am trying to do a PCC for load balancing. I have succeeded using the wiki example with one local interface. Now there is a modification with my network, I have introduced another local interface. How do I modify my PCC config to allow traffic coming from this interface enjoy the load balance?
thanks, I’ll appreciate your help
/ ip firewall mangle
add chain=input in-interface=LOCAL2 action=mark-connection new-connection-mark=LOCAL2_conn
add chain=input in-interface=LOCAL3 action=mark-connection new-connection-mark=LOCAL3_conn
add chain=output connection-mark=LOCAL2_conn action=mark-routing new-routing-mark=to_LOCAL2
add chain=output connection-mark=LOCAL3_conn action=mark-routing new-routing-mark=to_LOCAL3
add chain=prerouting dst-address=172.16.5.64/28 action=accept in-interface=LOCAL
add chain=prerouting dst-address=196.255.62.224/28 action=accept in-interface=LOCAL
/ ip firewall mangle
add chain=prerouting dst-address-type=!local in-interface=LOCAL per-connection-classifier=both-addresses:2/0 \
action=mark-connection new-connection-mark=LOCAL2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LOCAL per-connection-classifier=both-addresses:2/1 \
action=mark-connection new-connection-mark=LOCAL3_conn passthrough=yes
/ ip firewall mangle
add chain=prerouting connection-mark=LOCAL2_conn in-interface=LOCAL action=mark-routing new-routing-mark=to_LOCAL2
add chain=prerouting connection-mark=LOCAL3_conn in-interface=LOCAL action=mark-routing new-routing-mark=to_LOCAL3
/ ip route
add dst-address=0.0.0.0/0 gateway=172.16.5.65 routing-mark=to_LOCAL2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=172.16.6.65 routing-mark=to_LOCAL3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=172.16.5.65 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=172.16.6.65 distance=2 check-gateway=ping
/ ip firewall nat
add chain=srcnat out-interface=LOCAL2 action=masquerade
add chain=srcnat out-interface=LOCAL3 action=masquerade
you have to local interface(client)???ot what
fewi
September 7, 2010, 6:37pm
3
Just duplicate the PCC lines for the second LAN interface. Your first LAN interface appears to be called LOCAL. If your second LAN interface is called LAN2, you’d keep this:
/ ip firewall mangle
add chain=prerouting dst-address-type=!local in-interface=LOCAL per-connection-classifier=both-addresses:2/0 \
action=mark-connection new-connection-mark=LOCAL2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LOCAL per-connection-classifier=both-addresses:2/1 \
action=mark-connection new-connection-mark=LOCAL3_conn passthrough=yes
And add directly below it:
/ ip firewall mangle
add chain=prerouting dst-address-type=!local in-interface=LAN2 per-connection-classifier=both-addresses:2/0 \
action=mark-connection new-connection-mark=LOCAL2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LAN2 per-connection-classifier=both-addresses:2/1 \
action=mark-connection new-connection-mark=LOCAL3_conn passthrough=yes
And ensure that those lines are directly below one another, and before the mangle rules that set the routing marks.
I tried to duplicate my PCC rules for the second LAN (WIFI). Below is my new mangle rules:
/ ip firewall mangle
add chain=input in-interface=LOCAL2 action=mark-connection new-connection-mark=LOCAL2_conn
add chain=input in-interface=LOCAL3 action=mark-connection new-connection-mark=LOCAL3_conn
add chain=output connection-mark=LOCAL2_conn action=mark-routing new-routing-mark=to_LOCAL2
add chain=output connection-mark=LOCAL3_conn action=mark-routing new-routing-mark=to_LOCAL3
/ ip firewall mangle
add chain=prerouting dst-address=172.16.5.64/28 action=accept in-interface=LOCAL
add chain=prerouting dst-address=196.255.62.224/28 action=accept in-interface=LOCAL
/ ip firewall mangle
add chain=prerouting dst-address=172.16.5.64/28 action=accept in-interface=WIFI
add chain=prerouting dst-address=196.255.62.224/28 action=accept in-interface=WIFI
/ ip firewall mangle
add chain=prerouting dst-address-type=!local in-interface=LOCAL per-connection-classifier=both-addresses:2/0 \
action=mark-connection new-connection-mark=LOCAL2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=LOCAL per-connection-classifier=both-addresses:2/1 \
action=mark-connection new-connection-mark=LOCAL3_conn passthrough=yes
/ ip firewall mangle
add chain=prerouting dst-address-type=!local in-interface=WIFI per-connection-classifier=both-addresses:2/0 \
action=mark-connection new-connection-mark=LOCAL2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=WIFI per-connection-classifier=both-addresses:2/1 \
action=mark-connection new-connection-mark=LOCAL3_conn passthrough=yes
/ ip firewall mangle
add chain=prerouting connection-mark=LOCAL2_conn in-interface=LOCAL action=mark-routing new-routing-mark=to_LOCAL2
add chain=prerouting connection-mark=LOCAL3_conn in-interface=LOCAL action=mark-routing new-routing-mark=to_LOCAL3
/ ip firewall mangle
add chain=prerouting connection-mark=LOCAL2_conn in-interface=WIFI action=mark-routing new-routing-mark=to_LOCAL2
add chain=prerouting connection-mark=LOCAL3_conn in-interface=WIFI action=mark-routing new-routing-mark=to_LOCAL3
/ ip route
add dst-address=0.0.0.0/0 gateway=172.16.5.65 routing-mark=to_LOCAL2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=196.255.62.225 routing-mark=to_LOCAL3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=172.16.5.65 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=196.255.62.225 distance=2 check-gateway=ping
/ ip firewall nat
add chain=srcnat out-interface=LOCAL2 action=masquerade
add chain=srcnat out-interface=LOCAL3 action=masquerade
After this, everything slows down drastically. The two Internet interface (LOCAL2 & LOCAL3) was now dragging, I could hardly hit 200kbps (the two interface is hit 1.5Mbps when working fine). It picks up anytime I disable LOCAL3 failing over to LOCAL2. what could be wrong pls?
I think, the problem was not MT, I restarted the second internet interface, everything now works fine.!
Thanks fewi for your assistance