Community discussions

MikroTik App
  4. RouterOS
  5. General

Slow speeds on second ISP using connection marking  [SOLVED]

Post Reply
 
topbanana
just joined
Topic Author
Posts: 17
Joined: Wed Sep 19, 2018 2:52 pm

Slow speeds on second ISP using connection marking  [SOLVED]

Wed Sep 19, 2018 3:10 pm

I live somewhere with terribly slow broadband, so I've got a second ISP connection and a Mikrotik router to balance it.

When I set up PCC, the second ISP only downloads at around 50 Kbit. But when I manually drop the first ISP's connection, the download on the second ISP boosts to full speed.

To make things simpler, I've also tried using an address list instead of PCC. This segregates the second connection for downloads from certain servers, but it turns out that this still limits me to these low speeds, until ISP1 is disabled. Presumably at this point it is falling through to the default route?

Can anyone spot what I've done wrong?

Many thanks
TB
Code: Select all
/ip dns static
add address=192.168.1.1 name=router
/ip firewall address-list
add address=1.2.3.4 list=ISP2_IP_AddressList
add address=2.3.4.5 list=ISP2_IP_AddressList
/ip firewall filter
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=ether1-WAN1
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface=all-ppp

/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=pppoe-out1 new-connection-mark=ISP1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=pppoe-out2 new-connection-mark=ISP2_conn passthrough=yes
add action=mark-connection chain=prerouting comment="mark download traffic for isp2" connection-mark=no-mark dst-address-list=ISP2_IP_AddressList dst-address-type=!local in-interface=bridge1 new-connection-mark=ISP2_conn passthrough=yes
add action=mark-routing chain=prerouting connection-mark=ISP1_conn in-interface=bridge1 new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=ISP2_conn in-interface=bridge1 new-routing-mark=to_ISP2 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP1_conn new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP2_conn new-routing-mark=to_ISP2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=pppoe-out2
/ip route
add check-gateway=ping distance=1 gateway=pppoe-out1 routing-mark=to_ISP1
add check-gateway=ping distance=1 gateway=pppoe-out2 routing-mark=to_ISP2
add check-gateway=ping distance=2 gateway=pppoe-out1
add check-gateway=ping distance=2 gateway=pppoe-out2
Top
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: Slow speeds on second ISP using connection marking

Wed Sep 19, 2018 5:30 pm

Firewall mangling (used to assign routing-marks in your case) is incompatible with fasttracking because fasttracking skips the mangling for about 99% of all packets. The remaining 1% of packets take the same path like the initial packet and make the connection work but accordingly slowly.

Two choices:
  • either your hardware is powerful enough that you can simply disable the action=fasttrack-connection rule
  • or it is not and then you need to selectively escape fasttracking only for some connections (those using the non-default WAN).
Top
 
topbanana
just joined
Topic Author
Posts: 17
Joined: Wed Sep 19, 2018 2:52 pm

Re: Slow speeds on second ISP using connection marking

Thu Sep 20, 2018 9:09 am

That's the ticket! Thank you so much. I only have slow internet so it seems 'slowpath' is adequate to saturate it.

To help my understanding, why do 1% of packets escape fastpath?
Top
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: Slow speeds on second ISP using connection marking

Thu Sep 20, 2018 10:47 am

why do 1% of packets escape fastpath?
I don't know whether it is actually 2% or 0.05%, but the purpose is to update connection statistics (packet counts, uptime etc.). The bulk of fasttracked packets doesn't escape only mangling but most of firewall processing.
Top
 
topbanana
just joined
Topic Author
Posts: 17
Joined: Wed Sep 19, 2018 2:52 pm

Re: Slow speeds on second ISP using connection marking

Thu Sep 20, 2018 11:16 am

Interesting. Thank you for your help.
Top
 
praetorianwls
just joined
Posts: 8
Joined: Sun Nov 27, 2016 9:42 pm

Re: Slow speeds on second ISP using connection marking

Fri Dec 13, 2019 9:59 pm

Hello,
I just tested my setup with second wan for specific ip from LAN, I had fasttrack, but internet connection on specific ip was dialup slow.
When i disable fasttrack rule, by magic the internet connection via WAN2 for specific ip works fine.
Thanks for the tip sind, it was helpful
Top
 
fmpfmp
just joined
Posts: 1
Joined: Fri Jan 10, 2020 12:40 am

Re: Slow speeds on second ISP using connection marking

Fri Jan 10, 2020 12:42 am

Firewall mangling (used to assign routing-marks in your case) is incompatible with fasttracking because fasttracking skips the mangling for about 99% of all packets. The remaining 1% of packets take the same path like the initial packet and make the connection work but accordingly slowly.

Two choices:
  • either your hardware is powerful enough that you can simply disable the action=fasttrack-connection rule
  • or it is not and then you need to selectively escape fasttracking only for some connections (those using the non-default WAN).
Man, you save my day! Thank you so much.
Top
 
matsoor
just joined
Posts: 1
Joined: Fri Dec 24, 2021 11:50 pm

Re: Slow speeds on second ISP using connection marking

Fri Dec 24, 2021 11:55 pm

Firewall mangling (used to assign routing-marks in your case) is incompatible with fasttracking because fasttracking skips the mangling for about 99% of all packets. The remaining 1% of packets take the same path like the initial packet and make the connection work but accordingly slowly.

Two choices:
  • either your hardware is powerful enough that you can simply disable the action=fasttrack-connection rule
  • or it is not and then you need to selectively escape fasttracking only for some connections (those using the non-default WAN).
Maaan you saved my day. I have been struggling for almost a day with my multiple wans and natting them to my internal server. And it turned out that there is a default filter rule with fasttrack forward. After I disabled it, it started working.
I am totally newbie with mikrotik, so I need to learn a lot
Thank you.
Top
Post Reply

Who is online

Users browsing this forum: GoogleOther [Bot], hoggins, litogorospe and 94 guests
  4. RouterOS
  5. General