Community discussions

MikroTik App
 
Almohalla
just joined
Topic Author
Posts: 10
Joined: Fri Jan 15, 2016 7:31 pm

4 WAN Load balancing on 2 separated LANs on the same RB

Mon Apr 29, 2019 5:22 pm

I'm trying to do 4 ISP load balancing to 2 LANs on the same routerboard (RB1100xa4) Each LAN gets 2 WANs. Using PCC.
This topology explaining what i'm trying to do:
topolgy-min.jpg
It works but sometimes Bridge2 can reach ISP_1 & ISP_2 and download from them only instead of downloading from its specified wans ( ISP_3 & ISP_4)

Here is my configurations: Load Balancing ISP_1 & ISP_2 for Bridge1:
/ip firewall mangle add action=accept chain=prerouting disabled=no dst-address-list=balance in-interface=Bridge1
/ip address add address=192.168.111.1/24 interface=Bridge1
/ip address add address=192.168.1.33/24 interface=ISP_1
/ip address add address=192.168.2.33/24 interface=ISP_2
/ip firewall mangle add chain=input in-interface=ISP_1 action=mark-connection new-connection-mark=ISP1_conn
/ip firewall mangle add chain=input in-interface=ISP_2 action=mark-connection new-connection-mark=ISP2_conn
/ip firewall mangle add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=to_ISP1
/ip firewall mangle add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=to_ISP2
/ip firewall mangle add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=Bridge1
/ip firewall mangle add chain=prerouting dst-address=192.168.4.0/24 action=accept in-interface=Bridge1
/ip firewall mangle add chain=prerouting dst-address-type=!local in-interface=Bridge1 per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=ISP3_conn passthrough=yes
/ip firewall mangle add chain=prerouting dst-address-type=!local in-interface=Bridge1 per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=ISP4_conn passthrough=yes
/ip firewall mangle add chain=prerouting connection-mark=ISP3_conn in-interface=Bridge1 action=mark-routing new-routing-mark=to_ISP1
/ip firewall mangle add chain=prerouting connection-mark=ISP4_conn in-interface=Bridge1 action=mark-routing new-routing-mark=to_ISP2
/ip route add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_ISP1 check-gateway=ping
/ip route add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_ISP2 check-gateway=ping
/ip route add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
/ip route add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping
/ip firewall nat add action=masquerade chain=srcnat src-address=192.168.111.0/24  disabled=no
/ip firewall nat add chain=srcnat out-interface=ISP_1 action=masquerade
/ip firewall nat add chain=srcnat out-interface=ISP_2 action=masquerade
Load Balancing ISP_3 & ISP_4 for Bridge2:
/ip firewall mangle add action=accept chain=prerouting disabled=no dst-address-list=balance in-interface=Bridge2
/ip address add address=192.168.112.1/24 interface=Bridge2
/ip address add address=192.168.3.33/24 interface=ISP_3
/ip address add address=192.168.4.33/24 interface=ISP_4
/ip firewall mangle add chain=input in-interface=ISP_3 action=mark-connection new-connection-mark=ISP3_conn
/ip firewall mangle add chain=input in-interface=ISP_4 action=mark-connection new-connection-mark=ISP4_conn
/ip firewall mangle add chain=output connection-mark=ISP3_conn action=mark-routing new-routing-mark=to_ISP3
/ip firewall mangle add chain=output connection-mark=ISP4_conn action=mark-routing new-routing-mark=to_ISP4
/ip firewall mangle add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Bridge2
/ip firewall mangle add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Bridge2
/ip firewall mangle add chain=prerouting dst-address-type=!local in-interface=Bridge2 per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=ISP1_conn passthrough=yes
/ip firewall mangle add chain=prerouting dst-address-type=!local in-interface=Bridge2 per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=ISP2_conn passthrough=yes
/ip firewall mangle add chain=prerouting connection-mark=ISP3_conn in-interface=Bridge2 action=mark-routing new-routing-mark=to_ISP3
/ip firewall mangle add chain=prerouting connection-mark=ISP4_conn in-interface=Bridge2 action=mark-routing new-routing-mark=to_ISP4
/ip route add dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_ISP3 check-gateway=ping
/ip route add dst-address=0.0.0.0/0 gateway=192.168.4.1 routing-mark=to_ISP4 check-gateway=ping
/ip route add dst-address=0.0.0.0/0 gateway=192.168.3.1 distance=1 check-gateway=ping
/ip route add dst-address=0.0.0.0/0 gateway=192.168.4.1 distance=2 check-gateway=ping
/ip firewall nat add action=masquerade chain=srcnat src-address=192.168.112.0/24  disabled=no
/ip firewall nat add chain=srcnat out-interface=ISP_3 action=masquerade
/ip firewall nat add chain=srcnat out-interface=ISP_4 action=masquerade
Is this way correct for what I need as in the topology in that image ? Please help.
You do not have the required permissions to view the files attached to this post.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: 4 WAN Load balancing on 2 separated LANs on the same RB

Tue Apr 30, 2019 4:21 pm

It works but sometimes Bridge2 can reach ISP_1 & ISP_2 and download from them only instead of downloading from its specified wans ( ISP_3 & ISP_4)
What exactly means "sometimes"?

You have default routes (with dst-address=0.0.0.0/0) without any routing-mark assigned (two with distance=1 and two with distance=2.

If the routing doesn't find any active route with the required routing-mark matching a packet's destination address, it uses a matching route from routing table main (i.e. with no routing-mark). So if both WAN3 and WAN4 are down, routes via WAN1 and WAN2 will be used also by packets coming in via bridge2.

To prevent this, you have to either use routes with dst-address=0.0.0.0/0 type=blackhole distance=10 routing-mark=to-ISPx (where x=3 and 4), and another pair of to prevent the reverse scenario (packets from bridge1 leaving via WAN3 or WAN4 if both WAN1 and WAN2 are down), or to use four rules like routing-mark=to-ISPx action=lookup-only-in-table table=to-ISPx in the /ip route rule configuration branch for the same purpose.
 
Almohalla
just joined
Topic Author
Posts: 10
Joined: Fri Jan 15, 2016 7:31 pm

Re: 4 WAN Load balancing on 2 separated LANs on the same RB  [SOLVED]

Fri May 03, 2019 3:29 pm

To prevent this, you have to either use routes with dst-address=0.0.0.0/0 type=blackhole distance=10 routing-mark=to-ISPx (where x=3 and 4), and another pair of to prevent the reverse scenario (packets from bridge1 leaving via WAN3 or WAN4 if both WAN1 and WAN2 are down), or to use four rules like routing-mark=to-ISPx action=lookup-only-in-table table=to-ISPx in the /ip route rule configuration branch for the same purpose.
Thank you so much, sindy. That's helped me to make each group use internet from its specified WANs.
I also added each bridge's interfaces in an interface list (In. Interface List: instead of In. Interface:) and used them in mangle rules.
 
walidmadkour
just joined
Posts: 2
Joined: Mon Apr 06, 2020 8:55 pm

Re: 4 WAN Load balancing on 2 separated LANs on the same RB

Wed Apr 21, 2021 1:11 pm

Dear can you please share the final script
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19109
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: 4 WAN Load balancing on 2 separated LANs on the same RB

Thu Apr 22, 2021 5:45 pm

Yes, as your response was not clear.
Sindy pointed out you didnt address failure of ISP1 or ISP2 and if the routes are available the router will route folks to the available routes.

However it seems you are saying your config was incomplete for some cases which caused the leakage??
 
walidmadkour
just joined
Posts: 2
Joined: Mon Apr 06, 2020 8:55 pm

Re: 4 WAN Load balancing on 2 separated LANs on the same RB

Thu Apr 22, 2021 7:36 pm

Untitled Diagram.jpg
Dear,

As shown in the diagram, I want two separate networks on the same device,
However, LAN 1 goes out through the WAN1 and WAN2 only, and LAN2 goes out through WAN3 & WAN4 only .
Thanks in advance .
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: Amazon [Bot], DanMos79 and 87 guests