Polish MUM load balancing with PCC question

xins · March 8, 2010, 11:41am

Hello first I let you see my config (it contains only commands from MUM presentacion http://mum.mikrotik.com/presentations/PL10/balancing.pdf)

[admin@RB433_APC] > interface ethernet print
Flags: X - disabled, R - running, S - slave 
 #    NAME      MTU   MAC-ADDRESS       ARP        MASTER-PORT      SWITCH     
 0 R  local     1500  00:0C:42:52:8C:37 enabled   
 1 R  WAN_ADSL  1500  00:0C:42:52:8C:38 enabled    none             switch1    
 2 R  WAN_DSL1  1500  00:0C:42:52:8C:39 enabled    none             switch1    


[admin@RB433_APC] > ip address print 
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         BROADCAST       INTERFACE              
 0 X 10.1.0.1/24        10.1.0.0        10.1.0.255      wlan1                  
 1   192.168.1.233/24   192.168.1.0     192.168.1.255   WAN_ADSL               
 2   83.14.8.110/29     83.14.8.104     83.14.8.111     WAN_DSL1               
 3   192.168.88.254/24  192.168.88.0    192.168.88.255  local                  


[admin@RB433_APC] > ip firewall nat export 

/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no out-interface=\
    WAN_ADSL
add action=masquerade chain=srcnat comment="" disabled=no out-interface=\
    WAN_DSL1

/ip firewall mangle
add action=accept chain=prerouting comment="" disabled=no dst-address=\
    83.14.8.104/29 src-address=192.168.88.0/24
add action=accept chain=prerouting comment="" disabled=no dst-address=\
    192.168.1.0/24 src-address=192.168.88.0/24
add action=accept chain=prerouting comment="" disabled=no dst-address=\
    192.168.88.0/24 src-address=192.168.88.0/24
add action=mark-connection chain=prerouting comment="" connection-mark=\
    no-mark disabled=no in-interface=WAN_ADSL new-connection-mark=ADSL_conn \
    passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-mark=\
    no-mark disabled=no in-interface=WAN_DSL1 new-connection-mark=DSL_conn \
    passthrough=yes
add action=jump chain=prerouting comment="" connection-mark=no-mark disabled=\
    no in-interface=local jump-target=policy_routing
add action=mark-routing chain=prerouting comment="" connection-mark=ADSL_conn \
    disabled=no new-routing-mark=ADSL_traffic passthrough=yes src-address=\
    192.168.88.0/24
add action=mark-routing chain=prerouting comment="" connection-mark=DSL_conn \
    disabled=no new-routing-mark=DSL_traffic passthrough=yes src-address=\
    192.168.88.0/24
add action=mark-routing chain=output comment="" connection-mark=ADSL_conn \
    disabled=no new-routing-mark=ADSL_traffic passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=DSL_conn \
    disabled=no new-routing-mark=DSL_traffic passthrough=yes
add action=mark-connection chain=policy_routing comment="" disabled=no \
    dst-address-type=!local new-connection-mark=ADSL_conn passthrough=yes \
    per-connection-classifier=dst-port:2/0
add action=mark-connection chain=policy_routing comment="" disabled=no \
    dst-address-type=!local new-connection-mark=DSL_conn passthrough=yes \
    per-connection-classifier=dst-port:2/1


[admin@RB433_APC] > ip route print 
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  0.0.0.0/0                          83.14.8.105        1       
 1 A S  0.0.0.0/0                          192.168.1.1        1       
 2 A S  0.0.0.0/0                          83.14.8.105        2       
 3   S  0.0.0.0/0                          192.168.1.1        3       
 4 ADC  83.14.8.104/29     83.14.8.110     WAN_DSL1           0       
 5 ADC  192.168.1.0/24     192.168.1.233   WAN_ADSL           0       
 6 ADC  192.168.88.0/24    192.168.88.254  local              0

and when i go to connections i see that diffrent ports get diffrent conn mark:

so evrything should be right? but it is not…

becouse in interface tab traffic goes only trought WAN_DSL1 which have lower distance in routes.

maby im doing something wrong but Megis said “that is all you need to make it work”

and i try with diffrent PCC classifiers with no luck so far…

macgaiver · March 8, 2010, 12:02pm

Problem might be related to fact that one of your “WAN IPs” is from private range. and traffic simple can’t get back to router.

xins · March 8, 2010, 12:47pm

its just my another RB there conected to the ADSL line. and thats give me some thoughts. but when i disable WAN_DSL1 interface it switches to ADSL internet (after i added ping gateway in /ip routes) and it works fine..

and when i switch on WAN_DSL it goes back to DSL. it works like backup link not like load balancing… so what those mangle rules are doing?

macgaiver · March 8, 2010, 1:31pm

Well conntrack shows that connections are marked properly,

If mark-routing rules are counting packets, then marks are applied properly.

Torch will allow you to see what traffic is leaving the interface.

Only reason I can see of this disbalance if a fact that these connections can’t get traffic trough the second connection.

Does your both DSL uses same address range?

If you have 3rd routerboard, try to set up it as load balancing and leave 1 router for one DSL, other router for other DSL, Use ECMP on load balancing router (1 simple route with 2 gateways) and use masquerade on both DSL routers.

xins · March 8, 2010, 2:00pm

yes they are counting packets… even equaly…

ECMP like you say is out of the question becouse of banking problem or other stuf like games and so on.

I want PCC for both-addresses parameter.

torch shows only some arp and dhcp packets on WAN_ADSL and all traffic on WAN_DSL… its madness.

its should work.

AND no those dsl don’t have same networks. ADSL have dynamic address so i use router beetween ADSL and load balancing router.
and if simple load balance work (meaning two gateways in one route) so why this doesn’t? i think there is some stupid error hiding in the back

Muqatil · March 8, 2010, 2:21pm

NetworkPro made a good conf script with PCC http://wiki.mikrotik.com/wiki/NetworkPro_on_Combining_NATed_Links
You should take a look, it works with webproxy too.
Respect to the author.

xins · April 7, 2010, 7:27pm

I see it now… it was’nt MT… it was my neted network. when i put two public networks it works just fine(just great i mean :D)