Community discussions

 
rbuserdl
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 75
Joined: Thu Mar 22, 2018 1:53 pm

Load balancing not working properly

Wed May 15, 2019 5:01 pm

Hello,

I am trying to setup a load balancing to accomplish the following:
- PCs in 192.168.0.8 - 192.168.0.191 range -> Go out through ISP2 (Claro)
- PCs in 192.168.0.192 - 192.168.0.254 range -> Go out through ISP1 (Fibertel)

At the end I will attach the code
I have 4 default routes (2 considering marks and 2 without marks), I mean routes to 0.0.0.0/0
- When the default route (whithout mark) is ISP1 (With less distance), machines which go out through ISP1 works fine but machines which go out through ISP2 works with "issues"
- When the default route (whithout mark) is ISP2 (With less distance), machines which go out through ISP2 works fine but machines which go out through ISP1 works with "issues"
The "issues" are the following:
I can navigate to Internet and I can see all pages but all pages take a long time to appear (10-20 seconds to be fully loaded)
Without any mark, all machines go out through the same ISP, and they works fine, in both cases, with ISP1 and ISP2

This is the code:
/ip firewall mangle
add action=accept chain=prerouting dst-address=Isp1Network in-interface=bridge
add action=accept chain=prerouting dst-address=Isp2Network in-interface=bridge
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether1-wan1 new-connection-mark=Fibertel_con passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether2-wan2 new-connection-mark=Claro_con passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address=!192.168.0.0/24 new-connection-mark=Celulares_con passthrough=yes src-address=192.168.0.9-192.168.0.191
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address=!192.168.0.0/24 new-connection-mark=Libre_con passthrough=yes src-address=192.168.0.192/26
add action=mark-routing chain=prerouting connection-mark=Fibertel_con new-routing-mark=A_Fibertel passthrough=yes src-address=192.168.0.0/24
add action=mark-routing chain=prerouting connection-mark=Claro_con new-routing-mark=A_Claro passthrough=yes src-address=192.168.0.0/24
add action=mark-routing chain=prerouting connection-mark=Libre_con new-routing-mark=A_Fibertel passthrough=yes src-address=192.168.0.0/24
add action=mark-routing chain=prerouting connection-mark=Celulares_con new-routing-mark=A_Claro passthrough=yes src-address=192.168.0.0/24
add action=mark-routing chain=output connection-mark=Fibertel_con new-routing-mark=A_Fibertel passthrough=yes
add action=mark-routing chain=output connection-mark=Claro_con new-routing-mark=A_Claro passthrough=yes
add action=mark-packet chain=prerouting connection-mark=Celulares_con new-packet-mark=Celulares passthrough=yes
add action=mark-packet chain=prerouting connection-mark=Restringido_con new-packet-mark=Restringido passthrough=yes

/ip route
add comment=Fibertel disabled=yes distance=1 gateway=ISP1GW routing-mark=A_Fibertel
add comment=Claro disabled=yes distance=1 gateway=ISP2GW routing-mark=A_Claro
add check-gateway=ping distance=15 gateway=ISP2GW
Packet marks are for other pourposes
The other route is dinamyc, because of this, it does not appear in the export.

Any idea why is the problem?

Thanks in advance.
Regards
Damián
 
rbuserdl
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 75
Joined: Thu Mar 22, 2018 1:53 pm

Re: Load balancing not working properly

Wed May 15, 2019 5:05 pm

Both routes with marks are disabled now because of the issue
 
sindy
Forum Guru
Forum Guru
Posts: 3015
Joined: Mon Dec 04, 2017 9:19 pm

Re: Load balancing not working properly  [SOLVED]

Wed May 15, 2019 10:08 pm

Use of routing-mark is not compatible with fasttracking of transit (forwarded) packets in firewall which is present in the default firewall rules. So disable the rule in chain=forward of /ip firewall filter which says action=fasttrack-connection and the loading of pages should become equally fast via both ISPs.

The point is that not all packets eligible for fasttracking are actually fasttracked (i.e. actually bypass most of the firewall processing), so those which are not fasttracked do make it to the destination via their proper WAN because they get a proper routing-mark. The fasttracked ones take the default route and as they have a wrong source address, they are dropped on the way or at least ignored in the destination.

Depending on your hardware model and WAN link speeds, your CPU may be bored or glow red without fasttracking. If it glows red (/tool profile will tell you), read this.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
rbuserdl
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 75
Joined: Thu Mar 22, 2018 1:53 pm

Re: Load balancing not working properly

Wed May 15, 2019 11:22 pm

Aaaaaand, you did it again!!! hehehehehe
Thanks a lot Sindy, I should give you a part of my salary xD

I still could not read your other post, I will read it tomorrow morning. But the fasttrack rule is now disabled and Load Balancing is working fine.
CPU is about 5%, no problem
Everything is working fine!!

Regards!
Damián

Who is online

Users browsing this forum: No registered users and 79 guests