I am looking to load balance my routers NATing over multiple IP address. I have my own public subnet and am hoping to use a /29 or /28 to nat out to my provider.
The goal I have to to nat a group of private subnets. Lets say 192.168.0.0/22 for example I want to nat out over 6 IP addresses *.*.*.1-*.*.*.*6.
The ultimate goal is to not have a single IP over loaded with NAT and to not have to assign a public IP per subnet.
I like the idea of it being dynamic as well so I just simply add intern subnets to be included in the NAT and it still load over the multiple IPs.
I have research on the forums here but not sure I'm finding anything that is quite what I'm looking for.
Any suggestions?
Thanks!
Re: NAT out over multiple IPs
This was working for me (with two addresses only):
https://wiki.mikrotik.com/wiki/ECMP_loa ... masquerade
The idea is to send packets starting connections, be them forwarded or originated locally, randomly through the N addresses, and to mark for use of the same IP packets received from outside.
It does coarse grain (connection based) load balancing, amounting basically to what you want: sharing the NAT workload. In my case I wanted to use two different connections as a poor company's bonding. If you want to have different routers doing the NAT/gateway, you could have them as "plain" routers, and have the remaining ones use the code in the HOWTO above mnus the masquerade, just to mark which gateway originated or should receive the load. In theory it should work.
https://wiki.mikrotik.com/wiki/ECMP_loa ... masquerade
The idea is to send packets starting connections, be them forwarded or originated locally, randomly through the N addresses, and to mark for use of the same IP packets received from outside.
It does coarse grain (connection based) load balancing, amounting basically to what you want: sharing the NAT workload. In my case I wanted to use two different connections as a poor company's bonding. If you want to have different routers doing the NAT/gateway, you could have them as "plain" routers, and have the remaining ones use the code in the HOWTO above mnus the masquerade, just to mark which gateway originated or should receive the load. In theory it should work.
Re: NAT out over multiple IPs
Your first sentence makes me uncertain - do you have a single router or you want to load balance the task among several routers?
For mere distribution of the NAT among several IP addresses on the same physical interface, the easiest method is to use a single action=src-nat rule with to-addresses set to a range or subnet.
If the embedded rules of Mikrotik's implementation do not satisfy you (because they don't prefer diversity and seem to start using another address from the pool only to avoid a port conflict or exhaustion), or because you don't have a continuous interval of addresses to use for the purpose, it is enough to use any load distribution classifier to choose among multiple action=src-nat rules with a single to-addresses each. You can use random or per-connection-classifier, because the /ip firewall nat table only handles the initial packet of each connection and all the subsequent ones inherit the srcnat and dstnat addresses assigned to that first packet.
For mere distribution of the NAT among several IP addresses on the same physical interface, the easiest method is to use a single action=src-nat rule with to-addresses set to a range or subnet.
If the embedded rules of Mikrotik's implementation do not satisfy you (because they don't prefer diversity and seem to start using another address from the pool only to avoid a port conflict or exhaustion), or because you don't have a continuous interval of addresses to use for the purpose, it is enough to use any load distribution classifier to choose among multiple action=src-nat rules with a single to-addresses each. You can use random or per-connection-classifier, because the /ip firewall nat table only handles the initial packet of each connection and all the subsequent ones inherit the srcnat and dstnat addresses assigned to that first packet.