Community discussions

MikroTik App
 
haris013
just joined
Topic Author
Posts: 13
Joined: Mon Jun 18, 2018 2:13 am

Problem with PCC load balancing

Wed Feb 17, 2021 10:26 am

Hello,

I have the following setup with 2 WAN and I have a strange problem, I want to distribute more traffic at WAN2, So I have created one more PCC rule.

The setup is:
interface bridge
add admin-mac=08:55:31:04:D2:14 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country=greece disabled=no \
    distance=indoors frequency=2462 installation=indoor mode=ap-bridge ssid=\
    AENAOSHOP.GR wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add name=WAN1
add name=WAN2
add include=WAN1,WAN2 name=balance
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" \
    group-ciphers=tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik \
    unicast-ciphers=tkip,aes-ccm
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool1 ranges=10.0.3.10-10.0.3.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge name=dhcp1
/interface bridge port
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add interface=ether2 list=WAN2
add interface=ether1 list=WAN1
/ip address
add address=10.0.3.1/24 interface=bridge network=10.0.3.0
add address=192.168.0.100/24 interface=ether2 network=192.168.0.0
add address=192.168.1.100/24 interface=ether1 network=192.168.1.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=1m
/ip dhcp-server network
add address=10.0.3.0/24 gateway=10.0.3.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,1.0.0.1
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input dst-port=8291 in-interface=ether1 protocol=tcp
add action=accept chain=input dst-port=8291 in-interface=ether2 protocol=tcp
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface=!bridge
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=balance
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.1.0/24 in-interface=\
    bridge
add action=accept chain=prerouting dst-address=192.168.0.0/24 in-interface=\
    bridge
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=ether1 new-connection-mark=ISP1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=ether2 new-connection-mark=ISP2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=bridge new-connection-mark=ISP1_conn \
    passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=bridge new-connection-mark=ISP2_conn \
    passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=bridge new-connection-mark=ISP2_conn \
    passthrough=yes per-connection-classifier=both-addresses-and-ports:2/2
add action=mark-routing chain=prerouting connection-mark=ISP1_conn \
    in-interface=bridge new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=ISP2_conn \
    in-interface=bridge new-routing-mark=to_ISP2 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP1_conn \
    new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP2_conn \
    new-routing-mark=to_ISP2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether2
/ip route
add check-gateway=ping distance=1 gateway=8.8.8.8 routing-mark=to_ISP1
add check-gateway=ping distance=2 gateway=8.8.4.4 routing-mark=to_ISP1
add check-gateway=ping distance=1 gateway=8.8.4.4 routing-mark=to_ISP2
add check-gateway=ping distance=2 gateway=8.8.8.8 routing-mark=to_ISP2
add check-gateway=ping distance=1 gateway=8.8.8.8
add check-gateway=ping distance=1 gateway=8.8.4.4
add check-gateway=ping disabled=yes distance=1 gateway=192.168.0.1
add check-gateway=ping disabled=yes distance=1 gateway=192.168.1.1
add distance=1 dst-address=8.8.4.4/32 gateway=192.168.0.1 scope=10
add distance=20 dst-address=8.8.4.4/32 type=blackhole
add distance=1 dst-address=8.8.8.8/32 gateway=192.168.1.1 scope=10
add distance=20 dst-address=8.8.8.8/32 type=blackhole
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/lcd interface pages
set 0 interfaces="sfp1,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8\
    ,ether9,ether10"
/system clock
set time-zone-name=Europe/Athens
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Image
Image

So we have 3 PCC rules, 2/0 ISP1, 2/1 ISP2, 2/2 ISP2, but it seems there is no traffic at my last rule 2/2 ISP2. Also connections seems to be distributed evenly 50-50 and there are not more connection at ISP2.

Is something wrong with the setup?

these are the connections and the routes:

Image

Image
 
msatter
Forum Guru
Forum Guru
Posts: 2045
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Problem with PCC load balancing

Wed Feb 17, 2021 12:56 pm

I like to use 3/1 - 1/1 and 1/1 can be omited because it catches all just as no PCC would do. Set passthrough=no
This will give you 33% on wan 1 and 66% on wan2.
4/1 - 1/1 gives a 25% - 75% split. etc.

When passthrough is needed then use 3/0 - 3/1 - 3/2 Wan 1 - 2 - 2 (33% - 66%)
Loving my freedom and so, no Twitter, no Facebook/Instagram/WhatsApp, no Apple and no Google/Alphabet, no Amazon/Cloudfront/AWS.

Running:
RouterOS 6.49Beta / Winbox 3.27 64bits
 
egrhtj
just joined
Posts: 2
Joined: Thu Feb 18, 2021 12:38 pm

Re: Problem with PCC load balancing

Thu Feb 18, 2021 1:09 pm

When passthrough is needed then use 3/0 - 3/1 - 3/2 Wan 1 - 2 - 2 (33% - 66%)





snaptube vidmate

Who is online

Users browsing this forum: Moba and 60 guests