I have a conundrum. I have max 20 workstations connecting to the internet.
Until a while ago before I got angry I had only 1 ISP - ADSL.
This ADSL is crap but is the only ISP I have nearby that can provide me with a static ip (don't ask why - for now it is what it is)
I need this static ip to connect from the outside to a database and rdp.
It's crap because I have an upper limit of 20 mbps download and 1mbps upload.
Since I have 20 computers connected it fills up rather quickly and my modem just can't handle it so it crashes.
Needless to say the internet connection sucks.
So we bought a LTE (50mbps/50mbps) subscription to route some of the traffic off the ADSL shoulders.
And we bought a RB 3011 UiAS to have better routing capabilites instead of a simple adsl router.
Configurationwise I initially chose bandwidth load balancing where a traffic monitor would run a script to change a connection mark from adsl to lte when a certain bandwidth was attained,
and switched back whenever the bandwidth usage fell.
Problem is that this made the connection very unstable where the switches happened very often resulting in no connectivity at all.
So I changed to a PCC load balancing configuration.
This did not work either when the ADSL modem was configured as the "near" reachable device.
What happened was we got pings of 2s and no connectivity.
What fixed the above was changing the near ISP to LTE (distance=1) and set the ADSL ISP further (distance= 2).
This worked somewhat :
Ping was still 1s but the connections where way faster.
When connected to the router via cable, the internet connection is fast.
When connecting to the router via WiFi, especially a bit further away, the connection starts to get bad or nonexistent if You go to far.
Funny enough Macs connect fine PCs worse - regardless of Wifi or cable.
Even more funny is that when I disable the LTE modem, ping comes down to 20ms and speed test is the aforementioned 20mbps/1mbps.
With the LTE disabled internet seems to work ok-ish everywhere, but it overflows quickly enough, especially when all computers are running.
When both ISPs are enable it seems thath the ping time increases a lot and computers which are further away from the wlan just, dunno, timeout to quickly ? (does this make sense?)
So my question is this:
Why does my ping increase so markedly when I enable the LTE modem and have 2 ISP ?
Can I do anything to rectify this ?
any help is appreciated
Code: Select all
/interface bridge add admin-mac=B8:69:F4:87:45:30 auto-mac=no comment=LAN name=bridge-lan protocol-mode=none /interface ethernet set [ find default-name=ether1 ] advertise=10M-half,10M-full,100M-half,100M-full name=ether1-adsl speed=100Mbps set [ find default-name=ether2 ] speed=100Mbps set [ find default-name=ether3 ] advertise=10M-half,10M-full,100M-half,100M-full name=ether3-lte speed=100Mbps set [ find default-name=ether4 ] speed=100Mbps [..] set [ find default-name=ether10 ] speed=100Mbps set [ find default-name=sfp1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full /ip pool add name=pool-lan ranges=192.168.0.140-192.168.0.185 add name=pool-l2te ranges=10.0.1.0-10.0.1.10 /ip dhcp-server add address-pool=pool-lan disabled=no interface=bridge-lan lease-time=1h name=dhcp-lan /ppp profile add change-tcp-mss=yes dns-server=10.0.1.1 local-address=10.0.1.1 name=l2tp remote-address=pool-l2te use-encryption=yes add change-tcp-mss=yes dns-server=10.0.1.1 local-address=10.0.1.1 name=ovpn remote-address=pool-l2te use-encryption=yes /interface bridge port add bridge=bridge-lan interface=ether7 add bridge=bridge-lan interface=ether8 add bridge=bridge-lan interface=ether9 add bridge=bridge-lan interface=ether10 add bridge=bridge-lan interface=ether6 /interface l2tp-server server set default-profile=l2tp enabled=yes use-ipsec=required /interface list member add interface=ether1-adsl list=WAN add interface=ether3-lte list=WAN add interface=bridge-lan list=LAN add interface=ether6 list=LAN add interface=ether7 list=LAN add interface=ether8 list=LAN add interface=ether9 list=LAN add interface=ether10 list=LAN /ip dhcp-server lease add address=192.168.0.100 mac-address=00:0A:E4:88:AB:4A (<--PostgreSQL database) add address=192.168.0.197 mac-address=00:15:17:DA:26:D0 (<--RDP Gateway) /ip dhcp-server network add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1 netmask=24 /ip firewall address-list add address=192.168.0.0/24 list=LAN_VPN add address=10.0.1.0/24 list=L2TP_VPN add address=192.168.1.0/24 list=Connected add address=192.168.2.0/24 list=Connected add address=192.168.0.0/24 list=Connected /ip firewall filter add action=accept chain=input connection-state=established,related,untracked add action=drop chain=input connection-state=invalid add action=accept chain=input src-address-list=LAN_VPN add action=accept chain=input src-address-list=Connected add action=accept chain=input protocol=icmp add action=accept chain=input port=1022 protocol=tcp add action=accept chain=input port=1194 protocol=tcp add action=accept chain=input port=1701,500,4500 protocol=udp add action=accept chain=input log=yes protocol=ipsec-esp add action=drop chain=input add action=accept chain=forward ipsec-policy=in,ipsec add action=accept chain=forward ipsec-policy=out,ipsec add action=fasttrack-connection chain=forward connection-state=established,related add action=accept chain=forward connection-state=established,related,untracked add action=drop chain=forward connection-state=invalid add action=accept chain=forward src-address-list=LAN_VPN add action=accept chain=forward src-address-list=Connected add action=accept chain=forward src-address-list=L2TP_VPN add action=accept chain=forward connection-nat-state=dstnat in-interface-list=WAN add action=drop chain=forward add action=accept chain=input dst-port=4500 protocol=udp add action=accept chain=input dst-port=500 protocol=udp add action=accept chain=input dst-port=1701 protocol=udp /ip firewall mangle add action=accept chain=prerouting dst-address-list=Connected src-address-list=Connected add action=mark-routing chain=prerouting dst-port=110,995,143,993,25,465,587 new-routing-mark=LTE-Route passthrough=yes protocol=tcp add action=mark-connection chain=prerouting dst-port=500,4500,1701 new-connection-mark=ADSL passthrough=yes protocol=udp add action=mark-routing chain=prerouting new-routing-mark=ADSL-Route passthrough=yes protocol=udp src-port=500,4500,1701 add action=accept chain=prerouting connection-state="" log=yes src-address=10.0.1.0/24 src-address-list=L2TP_VPN add action=accept chain=prerouting dst-address=192.168.1.0/24 add action=mark-connection chain=prerouting comment="Per Connection Classifier Load Balancing - Per Steve Discher" connection-mark=no-mark dst-address-type=!local in-interface=bridge-lan new-connection-mark=ADSL passthrough=yes per-connection-classifier=both-addresses:2/0 add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge-lan new-connection-mark=LTE passthrough=yes per-connection-classifier=both-addresses:2/1 add action=mark-routing chain=prerouting connection-mark=ADSL in-interface=bridge-lan new-routing-mark=ADSL-Route passthrough=yes add action=mark-routing chain=prerouting connection-mark=LTE in-interface=bridge-lan new-routing-mark=LTE-Route passthrough=yes add action=mark-routing chain=output connection-mark=ADSL new-routing-mark=ADSL-Route passthrough=yes add action=mark-routing chain=output connection-mark=LTE new-routing-mark=LTE-Route passthrough=yes add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether1-adsl new-connection-mark=ADSL passthrough=yes add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether3-lte new-connection-mark=LTE passthrough=yes /ip firewall nat add action=masquerade chain=srcnat ipsec-policy=out,none out-interface=ether1-adsl src-address-list=LAN_VPN add action=masquerade chain=srcnat ipsec-policy=out,none out-interface=ether3-lte src-address-list=LAN_VPN add action=dst-nat chain=dstnat connection-mark=ADSL dst-port=3389 protocol=tcp routing-mark=ADSL-Route src-address=188.8.131.52 to-addresses=192.168.0.197 to-ports=3389 add action=dst-nat chain=dstnat dst-port=5432 protocol=tcp src-address=184.108.40.206 to-addresses=192.168.0.100 to-ports=5432 add action=dst-nat chain=dstnat dst-port=8282 in-interface=ether1-adsl protocol=tcp to-addresses=192.168.0.80 to-ports=8282 /ip route add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=LTE-Route add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=ADSL-Route add check-gateway=ping distance=1 gateway=192.168.2.1 pref-src=192.168.2.2 add check-gateway=ping distance=2 gateway=192.168.1.1 pref-src=192.168.1.2 (<--distance to ADSL modem = 2)