I´m using Router OS 2.9.17 as PPPoE Server with transparent Web-Proxy. All outgoing request to port 80 with source address of the Web-Proxy is mangled with a routing-mark “webtraffic”. Behind this PPPoE-Server there are two ADSL-Lines.
Via Policy-Routing, I loadbalance alle Webtraffic to both ADSL-Lines. Everything seems to work very fine. But If I want to download files via http (> 5 MB), the transfer gets aborted after a short time.
If I do no loadbalancing, the transfer succeeds without any errors. Is this a bug in policy-routing or am I doing something wrong?
What are your timeout settings on connection tracking? What does your load balancing config look like? you say policy routing - are you forcing traffic to a specific line or other, or using ECMP ?
I was discussing ECMP with some collegues and we are quite unsure if it would be reliable. Problems are known with HTTP and Instant Messenger-applications. One idea was if ECMP could be get to work on src-address only, these problems should disappear. i hadn’t the time yet to test anything, but if someone has an idea…
There are a lot of ECMP-related threads in the forum, but i can’t see any with a clear statement from MT, though.
Some “bonding” of cheap xDSL-lines becomes common now and a few competing vendors do offer it with their routers already.
I actually do have an idea for some simple solution that is distributing users/traffic (only) according to source address…
If I find the time to put this up as a test installation I would post some more information.
If your not using NAT then ECMP works perfectly. We have 2 100mb pipes being ECMP’d for outbound traffic and never have issues. I think the problem is that ECMP can’t match on a source if all the sources are the same, ie a natted address. I think you can fix the issue by using policy routing and ‘same’ nat action, i think …
Well I guess you could use mangle rules to do that. I just run my proxy down one line and the rest of traffic down another. This works better anyway if both lines are from different providers.
I spent about three months to get ECMP working with 8 DSL lines (NATted on the DSL modems) and MT as a web proxy. In the end, after many weeks of research and frustration and loosing quite a few customers, I abandoned the idea.
ECMP just simply doesn’t seem to work properly for this application. I had it sort of working by source-routing certain protocols such as IM and SSH and so on but the ECMP on port 80 just kept on breaking which was a bit of a show stopper. There was no specific pattern or time when it would break but it always broke.
I even posted many times on this board specifying my configuration and hoping for a decent reply from Mikrotik. But nothing happened. Recently I attempted doing this differently but using mangle on the input chain and then trying to source route on the output chain…but this apparently this only works with connection marks in version 2.8 and you will see in version 2.9 that policy routing does not regonise connections marks but only routing marks. I still have to downgrade my router to test this theory.
My advice is to stop using ECMP and rather use policy routing before you start loosing customers. And forget about using a proxy server unless you decide to only proxy one of your lines.
I think the Mikrotik guys just got sick of this issue and they aren’t responding any more. Perhaps someone should bring this up at that conference their having in Dallas because there is a presentation on load balacing. Many people are actually trying to do this using multiple cheap DSL lines and bonding is not widely available yet.
Well, if I knew for sure that MT had a solution to load balance two different lines from two different providers, I’d gladly go to Dallas to find out how. Of course, I have to suspect that if those features actualy worked, they’d answer any of the dozens of questions on here as to how. If you search for ‘load balancing’ or ‘ecmp’, there are many dozens of people who have spent many dozens of hours each, and as far as I know, NO ONE has it working the way we’d all like it to work.
ECMP will load balance outbound traffic. If you use NAT and webproxy then you might have extra configuration. You might need policy routing. Policy routing is not as easy as it appears to be, you need routes for the local networks even. Also, multiple providers with different ip space? You have to deal with marking packets that you want to go back out the same interface they came in on.
We have it working just fine. We do not use web proxy however. If you have a specific problem or getting stuck post about it (with specifics).
You are right the Mikrotik staff does not respond to questions about ECMP and load balancing. There is probably a reason for this but who knows.
changeip: Isn’t the point to use a proxy?
Anyway I spent another couple of hours trying to get load balancing working using source routing and a transparent proxy. Of course I cannot do this using 2.9 because the policy routing does not recognise connection marks. So I used another 2.8 router:
dst-nat port 80 calls from certain source addresses to redirect to local proxy
Yes - they say there is ECMP routing as an option, and the manual says that this is a good solution because it’s a ‘‘per session’’ round-robin balancing, so it does not suffer from the problems of per-packet balancing
It worked for us in 2.7, but after a year or so, our Cache drive was getting errors that resulted in having to clear & rebuild the cache once a week or so. We were advised to upgrade to 2.8.x and from that point, we can’t get ECMP routing working with Transparent proxy any longer.
I’ve also bashed my head trying to get LoadBalancing right, after attempts with my Mikrotik & Wingate proxy servers, I just purchased a DLink RV016 router. Can handle 7 Internet lines & works well, just plug and pray… (Excuse the mention of other brands here, but I’m just trying to help my ‘buddies’ )
Some issues with some (especially banking) websites that doesn’t like the idea of one session using more than one IP, but I route through one line only when we encounter that. So it’s not perfect either, but maybe MT guys can download the source from DLink website and get an idea to implement this easily..???
I also think it’s the way (loadbalancing) many of us are going, trying to supply high-bandwidth at low cost…
I’ll be sure to check out the DLink router because I really need to have an alternative that can load balance over multiple lines and do proxy.
I think what must have happened with Mikrotik is they had an underlying change in the architecture of their product which caused this to stop working. So instead of facing up to their customers and telling them it’s too hard to fix they are keeping silent. Damn shame. So 90s.
Ok good luck. I see you’re from Stellenbosch. I’m from Jeffreys Bay. )
The router isn’t ‘available’ in RSA, so you’ll have to import it or get a friend to bring it in… Gatkant van die wêreld… :-0
If you search for ‘load balancing’ or ‘ecmp’, there are many dozens of people who have spent many dozens of hours each, and as far as I know, NO ONE has it working the way we’d all like it to work. 