Community discussions

 
wanton
just joined
Topic Author
Posts: 16
Joined: Wed Nov 21, 2018 6:06 pm

Long PING on PCC Load balancing

Mon Jul 22, 2019 3:10 pm

Hello,

I have a conundrum. I have max 20 workstations connecting to the internet.

Until a while ago before I got angry I had only 1 ISP - ADSL.
This ADSL is crap but is the only ISP I have nearby that can provide me with a static ip (don't ask why - for now it is what it is)
I need this static ip to connect from the outside to a database and rdp.
It's crap because I have an upper limit of 20 mbps download and 1mbps upload.
Since I have 20 computers connected it fills up rather quickly and my modem just can't handle it so it crashes.
Needless to say the internet connection sucks.

So we bought a LTE (50mbps/50mbps) subscription to route some of the traffic off the ADSL shoulders.
And we bought a RB 3011 UiAS to have better routing capabilites instead of a simple adsl router.

Configurationwise I initially chose bandwidth load balancing where a traffic monitor would run a script to change a connection mark from adsl to lte when a certain bandwidth was attained,
and switched back whenever the bandwidth usage fell.
Problem is that this made the connection very unstable where the switches happened very often resulting in no connectivity at all.

So I changed to a PCC load balancing configuration.
This did not work either when the ADSL modem was configured as the "near" reachable device.
What happened was we got pings of 2s and no connectivity.

What fixed the above was changing the near ISP to LTE (distance=1) and set the ADSL ISP further (distance= 2).

This worked somewhat :
Ping was still 1s but the connections where way faster.
When connected to the router via cable, the internet connection is fast.
When connecting to the router via WiFi, especially a bit further away, the connection starts to get bad or nonexistent if You go to far.
Funny enough Macs connect fine PCs worse - regardless of Wifi or cable.

Even more funny is that when I disable the LTE modem, ping comes down to 20ms and speed test is the aforementioned 20mbps/1mbps.
With the LTE disabled internet seems to work ok-ish everywhere, but it overflows quickly enough, especially when all computers are running.
When both ISPs are enable it seems thath the ping time increases a lot and computers which are further away from the wlan just, dunno, timeout to quickly ? (does this make sense?)

So my question is this:

Why does my ping increase so markedly when I enable the LTE modem and have 2 ISP ?
Can I do anything to rectify this ?

any help is appreciated

My configuration:
/interface bridge
add admin-mac=B8:69:F4:87:45:30 auto-mac=no comment=LAN name=bridge-lan protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] advertise=10M-half,10M-full,100M-half,100M-full name=ether1-adsl speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] advertise=10M-half,10M-full,100M-half,100M-full name=ether3-lte speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
[..]
set [ find default-name=ether10 ] speed=100Mbps
set [ find default-name=sfp1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full

/ip pool
add name=pool-lan ranges=192.168.0.140-192.168.0.185
add name=pool-l2te ranges=10.0.1.0-10.0.1.10

/ip dhcp-server
add address-pool=pool-lan disabled=no interface=bridge-lan lease-time=1h name=dhcp-lan

/ppp profile
add change-tcp-mss=yes dns-server=10.0.1.1 local-address=10.0.1.1 name=l2tp remote-address=pool-l2te use-encryption=yes
add change-tcp-mss=yes dns-server=10.0.1.1 local-address=10.0.1.1 name=ovpn remote-address=pool-l2te use-encryption=yes

/interface bridge port
add bridge=bridge-lan interface=ether7
add bridge=bridge-lan interface=ether8
add bridge=bridge-lan interface=ether9
add bridge=bridge-lan interface=ether10
add bridge=bridge-lan interface=ether6

/interface l2tp-server server
set default-profile=l2tp enabled=yes use-ipsec=required

/interface list member
add interface=ether1-adsl list=WAN
add interface=ether3-lte list=WAN
add interface=bridge-lan list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=ether9 list=LAN
add interface=ether10 list=LAN

/ip dhcp-server lease
add address=192.168.0.100 mac-address=00:0A:E4:88:AB:4A  (<--PostgreSQL database)
add address=192.168.0.197 mac-address=00:15:17:DA:26:D0  (<--RDP Gateway)

/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1 netmask=24

/ip firewall address-list
add address=192.168.0.0/24 list=LAN_VPN
add address=10.0.1.0/24 list=L2TP_VPN
add address=192.168.1.0/24 list=Connected
add address=192.168.2.0/24 list=Connected
add address=192.168.0.0/24 list=Connected

/ip firewall filter
add action=accept chain=input connection-state=established,related,untracked
add action=drop chain=input connection-state=invalid
add action=accept chain=input src-address-list=LAN_VPN
add action=accept chain=input src-address-list=Connected
add action=accept chain=input protocol=icmp
add action=accept chain=input port=1022 protocol=tcp
add action=accept chain=input port=1194 protocol=tcp
add action=accept chain=input port=1701,500,4500 protocol=udp
add action=accept chain=input log=yes protocol=ipsec-esp
add action=drop chain=input
add action=accept chain=forward ipsec-policy=in,ipsec
add action=accept chain=forward ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward connection-state=established,related
add action=accept chain=forward connection-state=established,related,untracked
add action=drop chain=forward connection-state=invalid
add action=accept chain=forward src-address-list=LAN_VPN
add action=accept chain=forward src-address-list=Connected
add action=accept chain=forward src-address-list=L2TP_VPN
add action=accept chain=forward connection-nat-state=dstnat in-interface-list=WAN
add action=drop chain=forward
add action=accept chain=input dst-port=4500 protocol=udp
add action=accept chain=input dst-port=500 protocol=udp
add action=accept chain=input dst-port=1701 protocol=udp

/ip firewall mangle
add action=accept chain=prerouting dst-address-list=Connected src-address-list=Connected
add action=mark-routing chain=prerouting dst-port=110,995,143,993,25,465,587 new-routing-mark=LTE-Route passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting dst-port=500,4500,1701 new-connection-mark=ADSL passthrough=yes protocol=udp
add action=mark-routing chain=prerouting new-routing-mark=ADSL-Route passthrough=yes protocol=udp src-port=500,4500,1701
add action=accept chain=prerouting connection-state="" log=yes src-address=10.0.1.0/24 src-address-list=L2TP_VPN
add action=accept chain=prerouting dst-address=192.168.1.0/24

add action=mark-connection chain=prerouting comment="Per Connection Classifier Load Balancing - Per Steve Discher" connection-mark=no-mark dst-address-type=!local in-interface=bridge-lan new-connection-mark=ADSL passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge-lan new-connection-mark=LTE passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=ADSL in-interface=bridge-lan new-routing-mark=ADSL-Route passthrough=yes
add action=mark-routing chain=prerouting connection-mark=LTE in-interface=bridge-lan new-routing-mark=LTE-Route passthrough=yes
add action=mark-routing chain=output connection-mark=ADSL new-routing-mark=ADSL-Route passthrough=yes
add action=mark-routing chain=output connection-mark=LTE new-routing-mark=LTE-Route passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether1-adsl new-connection-mark=ADSL passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether3-lte new-connection-mark=LTE passthrough=yes

/ip firewall nat
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface=ether1-adsl src-address-list=LAN_VPN
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface=ether3-lte src-address-list=LAN_VPN
add action=dst-nat chain=dstnat connection-mark=ADSL dst-port=3389 protocol=tcp routing-mark=ADSL-Route src-address=46.175.47.252 to-addresses=192.168.0.197 to-ports=3389
add action=dst-nat chain=dstnat dst-port=5432 protocol=tcp src-address=46.175.47.252 to-addresses=192.168.0.100 to-ports=5432

add action=dst-nat chain=dstnat dst-port=8282 in-interface=ether1-adsl protocol=tcp to-addresses=192.168.0.80 to-ports=8282

/ip route
add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=LTE-Route
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=ADSL-Route

add check-gateway=ping distance=1 gateway=192.168.2.1 pref-src=192.168.2.2
add check-gateway=ping distance=2 gateway=192.168.1.1 pref-src=192.168.1.2 (<--distance to ADSL modem = 2) 

Who is online

Users browsing this forum: Google [Bot] and 41 guests