Persistent Load Balncing - back again

Caci99 · May 9, 2007, 8:45am

I started aplying Load Balancing Persistent on my MT, following the guide at the wiki:
wiki.mikrotik.com/wiki/Load_Balancing_Persistent
and the discussion at the forum:
forum.mikrotik.com/viewtopic.php?t=8870&highlight=load+balancing

First I want to say that the code at the wiki doesn’t wotk, but I want to get sure also by some of you if I am correct. There are two mangle rules on that code, that are wrong:
add chain=prerouting src-address-list=odd in-interface=Local action=mark-routing
new-routing-mark=odd
I think it should be
add chain=prerouting src-address-list=odd in-interface=Local action=mark-routing
new-routing-mark=odd passthrough=no
Same for the mark routing of address-list even
At least that is what worked for me, after I struggled a lot with the example on the wiki, I noticed that on the above strings the “passthrough=no” was missing. Once added that, the router started working fine.

More of this, I wanted to discuss if someone was able of finding out how to solve the problem when one ISP line is down. This is a real problem, because, mainly you should use two uplinks, to have at least one as backup. I have tested and seen that when one line is down, all the clients belonging to that list will not have access on the outside.

Also, if I would want one PC to point always only on one of the two uplinks, should I place the rule for that at the top of the rules?

Thank you, Toni

Caci99 · May 9, 2007, 3:35pm

Relating to the fact that one PC should always go through one uplink, I did the following:

/ ip firewall mangle
add chain=prerouting src-address=192.168.10.10 in-interface=Local action=mark-connection
new-connection-mark=PC passthrough=yes
add chain=prerouting in-interface=Local connection-mark=PC action=mark-routing
new-routing-mark=PC passthrough=no

/ ip firewall nat
add chain=srcnat connection-mark=PC action=src-nat to-addresses=10.111.0.2
to-ports=0-65535

/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=PC

To notice, that I put the above mangle rules at the top, so this PC will always get this rule and not pass through the others.

Toni

maroon · May 11, 2007, 7:47am

Caci99

what about the example on wiki too?

/ip route add gateway=192.168.1.1 check-gateway=ping
/ip route add gateway=192.168.2.1 distance=2

does anyone find a solution for caci’s problem?

fatonk · May 11, 2007, 8:04am

If you want anything to not match in the existing rules, you can always use ACCEPT, like for e.g. in yuur case you do not need for that pc all these lines, just use on top of all mangle rules:
/ ip firewall mangle
add chain=prerouting src-address=192.168.10.10 in-interface=Local action=accept
and than use NAT for that private IP out the interface you desire.

Regards.

Faton

Caci99 · May 11, 2007, 9:46am

hmm, nice this one Faton, I’ll give it a try at once.

Your example Maroon, wouldn’t it check only at the first time an IP is asigned at one address-list? or is it going to check from time to time, and after discovering one is down, would that clear the whole list and assing those IP to the up-link-list which is working?

I will try it anyway and see if it works.

What about the correction on the Wiki about Load Balncing Persistent? Do you think it needs to be corrected?

fatonk · May 11, 2007, 12:31pm

the problem with this kind of load balance is if one gateway fails than you will experience packet losses, to improve this wiki a good failover script should be applied.

Regards.

Faton

maroon · May 24, 2007, 11:13am

do you have that script?