Community discussions

MikroTik App
 
stickery
just joined
Topic Author
Posts: 11
Joined: Fri Mar 09, 2018 4:48 am

PCC load balance not working [help]

Fri May 25, 2018 10:44 am

Hello,

im new here at mikrotik and i need to work with pcc load balancing and i don't know what i'm doing wrong with my configuration,
can someon give me the reason why my PCC load balance not working

here's my mangle rules:
 0    chain=prerouting action=accept dst-address=122.54.44.224/30 in-interface=bridge-Residential 
 1    chain=prerouting action=accept dst-address=103.236.166.32/30 in-interface=bridge-Residential 
 2    chain=prerouting action=mark-connection new-connection-mark=conn_WAN1 connection-mark=no-mark in-interface=bridge-WAN1 
 3    chain=prerouting action=mark-connection new-connection-mark=conn_WAN2 connection-mark=no-mark in-interface=bridge-WAN2 
 4    chain=prerouting action=mark-connection new-connection-mark=conn_WAN1 dst-address-type=!local connection-mark=no-mark in-interface=bridge-Residential 
      per-connection-classifier=both-addresses:2/0 
 5    chain=prerouting action=mark-connection new-connection-mark=conn_WAN2 dst-address-type=!local connection-mark=no-mark in-interface=bridge-Residential 
      per-connection-classifier=both-addresses:2/1 
 6    chain=prerouting action=mark-routing new-routing-mark=to_WAN1 connection-mark=conn_WAN1 in-interface=bridge-Residential 
 7    chain=prerouting action=mark-routing new-routing-mark=to_WAN2 connection-mark=conn_WAN2 in-interface=bridge-Residential 
 8    chain=output action=mark-routing new-routing-mark=to_WAN1 connection-mark=conn_WAN1 
 9    chain=output action=mark-routing new-routing-mark=to_WAN2 connection-mark=conn_WAN2 
Here is the screenshot of the WAN connection
Image
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: PCC load balance not working [help]

Fri May 25, 2018 1:47 pm

Not enough info, i.e. no route / nat info.

On a side note, it is per connection based, so you will only see 2nd WAN used with 2nd connection
 
stickery
just joined
Topic Author
Posts: 11
Joined: Fri Mar 09, 2018 4:48 am

Re: PCC load balance not working [help]

Fri May 25, 2018 2:07 pm

Not enough info, i.e. no route / nat info.

On a side note, it is per connection based, so you will only see 2nd WAN used with 2nd connection
sorry

Here's the route and nat

 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  0.0.0.0/0                          122.54.44.225              1
 1 A S  0.0.0.0/0                          103.236.166.33            1
 2 A S  0.0.0.0/0                          122.54.44.225              1
 3   S  0.0.0.0/0                          103.236.166.33            2
 4 ADC  103.236.166.32/30  103.236.166.34  bridge-WAN2               0
 5 ADC  122.54.44.224/30    122.54.44.226    bridge-WAN1               0
 6 ADC  172.16.0.0/19      172.16.0.1      bridge-Residential        0
 
/ip firewall nat
1    chain=srcnat action=masquerade out-interface=bridge-WAN1 log=no log-prefix="" 

2    chain=srcnat action=masquerade out-interface=bridge-WAN2 log=no log-prefix="" 

 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: PCC load balance not working [help]

Fri May 25, 2018 8:44 pm

Apologies, full of flu medication and struggling to concentrate.

I can't see any issues though, from what I can see is that you basically have a exact config from the Wiki manual.

here is another source for the config, maybe read through this and see if it helps:

https://mum.mikrotik.com/presentations/US12/steve.pdf
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: PCC load balance not working [help]

Sat May 26, 2018 12:07 pm

I cannot see which routes use which routing marks, can you use /ip route export instead of /ip route print?

Other than that, in chain=prerouting everyting seems fine, but in chain=output you only translate connection marks to routing marks but you do not assign the connection marks.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: PCC load balance not working [help]

Sat May 26, 2018 3:47 pm

Output uses connection marks set in prerouting (rules 2 and 3).

And I don't see the problem either. It could be typo in route mark's name (but we don't see them).
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: PCC load balance not working [help]

Sat May 26, 2018 4:06 pm

Output uses connection marks set in prerouting (rules 2 and 3).
Is this picture wrong then?

If not, no packet can first pass through chain=prerouting and later through chain=output. Only chain=input and chain=forward come next to chain=prerouting.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: PCC load balance not working [help]

Sat May 26, 2018 4:52 pm

Picture it correct. Route marking in output is to reply back to connections from outside the right way. And connections initiated from router to outside first take default way unmarked, and first reply packet will get the connection marked.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: PCC load balance not working [help]

Sat May 26, 2018 5:02 pm

Picture it correct. Route marking in output is to reply back to connections from outside the right way. And connections initiated from router to outside first take default way unmarked, and first reply packet will get the connection marked.
Correct, what I had in mind was that if the locally initiated connections should be load-balanced, the per-connection-classifier rule assigning a connection-mark would be necessary in chain=output as well.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: PCC load balance not working [help]

Sat May 26, 2018 5:11 pm

Other than that, I think we are all blind because passthrough=yes is missing in all action=mark-connection rules, and the default behaviour if the parameter is not provided is passthrough=no, so the initial packet of each outgoing connection from LAN is not routing-marked.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: PCC load balance not working [help]

Sun May 27, 2018 2:46 am

Can I use that in WinBox, passthrough is checked by default, as excuse?
 
zainamjed90
just joined
Posts: 9
Joined: Mon Aug 02, 2021 12:41 pm

Re: PCC load balance not working [help]

Mon Aug 02, 2021 12:46 pm

Dear i am facing the same issue with PCC posting my configuration if someone can help

/interface ethernet
set [ find default-name=ether1 ] comment="WAN "
set [ find default-name=ether2 ] comment="LAN "
set [ find default-name=ether3 ] comment="Wireless LAN"
set [ find default-name=ether4 ] comment="Executive LAN" disabled=yes
/interface vlan
add interface=ether1 name=GERRY-202.69.x.x-VLAN-60 vlan-id=60
add interface=ether1 name=PERN-121.52..x.x-VLAN-50 vlan-id=50
add interface=ether1 name=PTCL-172.20.10.1-Vlan-40 vlan-id=40
add interface=ether1 name=PTCL-192.168.1.1-VLAN-20 vlan-id=20
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/queue simple
add burst-limit=55M/55M burst-time=3s/3s max-limit=50M/50M name=queue1 target=172.15.0.0/16
add burst-limit=50M/50M burst-time=3s/3s max-limit=50M/50M name=queue2 target=172.16.0.0/16
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=ether2 list=LAN
add interface=ether3 list=LAN
/ip address
add address=172.15.5.13/16 comment="Executive Gateway" disabled=yes interface=ether2 network=172.15.0.0
add address=172.15.6.250/16 comment="Campus Gateway" interface=ether2 network=172.15.0.0
add address=192.168.1.23/24 interface=PTCL-192.168.1.1-VLAN-20 network=192.168.1.0
add address=202.69.x.x interface=GERRY-202.69.x.x-VLAN-60 network=202.69.x.x
add address=121.52.x.x comment=WAN-PERN interface=PERN-121.52.x.x-VLAN-50 network=121.52.x.x
add address=172.16.11.5/16 comment="WIRELESS LAN" interface=ether3 network=172.16.0.0
add address=172.20.10.63/24 interface=PTCL-172.20.10.1-Vlan-40 network=172.20.10.0
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=172.15.5.1-172.16.5.254 list="Campus Internet"
add address=172.15.4.30 list=Zain
/ip firewall filter
add action=accept chain=input dst-port=80 in-interface=GERRY-202.69.x.x-VLAN-60 protocol=tcp
add action=accept chain=input dst-port=8291 in-interface=GERRY-202.69.x.x-VLAN-60 protocol=tcp
/ip firewall mangle
add action=accept chain=prerouting dst-address=172.15.0.0/16 in-interface-list=LAN
add action=accept chain=prerouting dst-address=172.16.0.0/16 in-interface-list=LAN
add action=accept chain=prerouting dst-address=121.52.152.x.x in-interface-list=LAN
add action=accept chain=prerouting dst-address=202.69.x.x in-interface-list=LAN
add action=accept chain=prerouting dst-address=192.168.1.0/24 in-interface-list=LAN
add action=accept chain=prerouting dst-address=172.20.10.0/24 in-interface-list=LAN
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=PTCL-192.168.1.1-VLAN-20 \
new-connection-mark=PTCL-192.168.1.1-VLAN-20 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=GERRY-202.69.x.x-VLAN-60 \
new-connection-mark=GERRY-202.69.x.x-VLAN-60 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=PERN-121.52.x.x-VLAN-50 \
new-connection-mark=PERN-121.52.x.x-VLAN-50 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=PTCL-172.20.10.1-Vlan-40 \
new-connection-mark=PTCL-172.20.10.1-Vlan-40 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN \
new-connection-mark=GERRY-202.69.x.x-VLAN-60 passthrough=yes per-connection-classifier=both-addresses:4/3
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN \
new-connection-mark=PTCL-172.20.10.1-Vlan-40 passthrough=yes per-connection-classifier=src-address:4/2
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN \
new-connection-mark=PERN-121.52.x.x-VLAN-50 passthrough=yes per-connection-classifier=both-addresses:4/2
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN \
new-connection-mark=PTCL-192.168.1.1-VLAN-20 passthrough=yes per-connection-classifier=src-address:4/0
add action=mark-routing chain=prerouting connection-mark=PTCL-192.168.1.1-VLAN-20 in-interface-list=LAN \
new-routing-mark=to_PTCL-192.168.1.1-VLAN-20 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=PTCL-172.20.10.1-Vlan-40 in-interface-list=LAN \
new-routing-mark=to_PTCL-172.20.10.1-Vlan-40 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=GERRY-202.69.x.x-VLAN-60 in-interface-list=LAN \
new-routing-mark=to_GERRY-202.69.x.x-VLAN-60 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=PERN-121.52.x.x-VLAN-50 in-interface-list=LAN \
new-routing-mark=to_PERN-121.52.x.x-VLAN-50 passthrough=yes
add action=mark-routing chain=output connection-mark=PTCL-192.168.1.1-VLAN-20 new-routing-mark=\
to_PTCL-192.168.1.1-VLAN-20 passthrough=yes
add action=mark-routing chain=output connection-mark=GERRY-202.69.x.x-VLAN-60 new-routing-mark=\
to_GERRY-202.69.x.x-VLAN-60 passthrough=yes
add action=mark-routing chain=output connection-mark=PERN-121.52.x.x-VLAN-50 new-routing-mark=\
to_PERN-121.52.x.x-VLAN-50 passthrough=yes
add action=mark-routing chain=output connection-mark=PTCL-172.20.10.1-Vlan-40 new-routing-mark=\
to_PTCL-172.20.10.1-Vlan-40 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=PTCL-172.20.10.1-Vlan-40
add action=masquerade chain=srcnat out-interface=PTCL-192.168.1.1-VLAN-20
add action=masquerade chain=srcnat out-interface=GERRY-202.69.x.x-VLAN-60
add action=masquerade chain=srcnat out-interface=PERN-121.52.x.x-VLAN-50
/ip route
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=to_PTCL-192.168.1.1-VLAN-20
add check-gateway=ping distance=1 gateway=202.69.49.73 routing-mark=to_GERRY-202.69.x.x-VLAN-60
add check-gateway=ping distance=1 gateway=121.52.152.225 routing-mark=to_PERN-121.52.x.x-VLAN-50
add distance=1 gateway=172.20.10.1
add check-gateway=ping distance=2 gateway=192.168.1.1
add check-gateway=ping distance=2 gateway=202.69.x.x
add check-gateway=ping distance=2 gateway=121.52.x.x
/system clock
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: PCC load balance not working [help]

Mon Aug 02, 2021 5:35 pm

 
Cablenut9
Long time Member
Long time Member
Posts: 542
Joined: Fri Jan 08, 2021 5:30 am

Re: PCC load balance not working [help]

Mon Aug 02, 2021 7:34 pm

His method doesn't work well in v7 for some reason, so the fix for me is to condense everything into rules that directly mark routes based on the PCC.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: PCC load balance not working [help]

Tue Aug 03, 2021 6:14 pm

Thanks Cable, didnt realize it was for V7. Not sure if V7 is wrong and needs to be adjusted or MUM after V7 will produce an updated PCC presentation. :-)

Who is online

Users browsing this forum: GoogleOther [Bot] and 54 guests