Community discussions

 
Ghino
just joined
Topic Author
Posts: 16
Joined: Tue Feb 26, 2019 7:05 pm

2 wan load balancing with failover problems

Tue Aug 20, 2019 5:29 pm

Hi,
I have configured my router board with YouTube mikrotik video for 2 wan load balancing and failover but I have some problems.
- open news pages is very slow as dns server has some problems to resolve host
- YouTube open slowly an frequently stop during video watching
- I have a raspberry with homeassistant and it can not open from outside . If I disable one of wan I can access correctly

What can I do? For raspberry connected alone on ethernet port there is a way o rules to setup to employ only a wan outside load balancing?
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1795
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: 2 wan load balancing with failover problems

Tue Aug 20, 2019 10:09 pm

Hey

For starters, post your current config: /export hide-sensitive (in-between code tags)
 
Ghino
just joined
Topic Author
Posts: 16
Joined: Tue Feb 26, 2019 7:05 pm

Re: 2 wan load balancing with failover problems

Wed Aug 21, 2019 10:34 am

hi,

this is my configuration wan1 static ip 192.168.89.10 and wan2 192.168.88.10 internal lan 192.168.1.0
# aug/21/2019 09:24:31 by RouterOS 6.45.3
# software id = ZS3Y-57J1
#
# model = RouterBOARD 962UiGS-5HacT2HnT
# serial number = 8A77094AEC63
/interface bridge
add admin-mac=B8:69:F4:39:B2:91 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] comment=ICARO name=WAN1
set [ find default-name=ether2 ] comment=HO disabled=yes name=WAN2
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
disabled=no distance=indoors frequency=auto installation=indoor mode=\
ap-bridge ssid=domus wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX \
disabled=no distance=indoors frequency=auto installation=indoor mode=\
ap-bridge ssid=F3272Fast wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
dynamic-keys supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=pool1 ranges=192.168.1.10-192.168.1.254
/ip dhcp-server
add address-pool=pool1 disabled=no interface=bridge name=dhcp1
/interface bridge port
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=WAN1 list=WAN
add interface=WAN2 list=WAN
add list=WAN
/ip address
add address=192.168.1.1/24 comment=defconf interface=bridge network=192.168.1.0
add address=192.168.88.10/24 interface=WAN2 network=192.168.88.0
add address=192.168.89.10/24 comment=M1100_usb_ip_fisso_dmz disabled=yes \
network=192.168.89.0
add address=192.168.89.10/24 comment=m1100_LAN_dmz interface=WAN1 network=\
192.168.89.0
/ip arp
add address=192.168.1.65 interface=bridge mac-address=B8:27:EB:FC:65:EF
/ip dhcp-client
add dhcp-options=hostname,clientid
/ip dhcp-server lease
add address=192.168.1.65 mac-address=B8:27:EB:FC:65:EF
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.1.1 comment=defconf name=router.lan
add address=8.8.8.8 name=google
/ip firewall address-list
add address=192.168.1.1-192.168.1.2 list=router
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=fasttrack-connection chain=forward dst-port=53 protocol=tcp
add action=fasttrack-connection chain=forward dst-port=53 protocol=udp
/ip firewall mangle
add action=accept chain=prerouting comment=wan1_icaro_prerouting dst-address=\
192.168.89.0/24 in-interface=bridge
add action=accept chain=prerouting comment=wan2_ho_prerouting_wan2 dst-address=\
192.168.88.0/24 in-interface=bridge
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=bridge new-connection-mark=WAN1_conn \
passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=bridge new-connection-mark=WAN2_conn \
passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
in-interface=bridge new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
in-interface=bridge new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_conn \
new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn \
new-routing-mark=to_WAN2 passthrough=yes
add action=accept chain=prerouting comment=router dst-address-list=router
add action=accept chain=forward comment=dns port=53 protocol=tcp
add action=accept chain=forward comment=dns port=53 protocol=udp
add action=accept chain=forward packet-mark="client-dw -pk" port=\
80,443,5222,5223,5228 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=
out,none out-interface=WAN1
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=
out,none out-interface=WAN2
add action=dst-nat chain=dstnat dst-port=53 protocol=udp src-address=\
192.168.1.65 to-addresses=8.8.8.8
/ip route
add check-gateway=ping distance=1 gateway=192.168.89.1 routing-mark=to_WAN1
add check-gateway=ping distance=5 gateway=192.168.88.1 routing-mark=to_WAN2
add comment=static_ip_nodhcp distance=1 gateway=192.168.88.1
add distance=1 gateway=192.168.89.1
/system clock
set time-zone-name=Europe/Rome
/system ntp client
set enabled=yes primary-ntp=37.247.53.178 secondary-ntp=80.211.178.99
/system ntp server
set broadcast=yes enabled=yes
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1795
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: 2 wan load balancing with failover problems

Wed Aug 21, 2019 1:05 pm

you should remove fasttrack (action=fasttrack-connection, 3 instances), as it's not compatible with loadbalancing

"add action=accept chain=prerouting comment=router dst-address-list=router" should be at the beginning of chain / before all LB logic

your default routes should have different distances: ex 1 & 2
add comment=static_ip_nodhcp distance=1 gateway=192.168.88.1
add distance=1 gateway=192.168.89.1
 
Ghino
just joined
Topic Author
Posts: 16
Joined: Tue Feb 26, 2019 7:05 pm

Re: 2 wan load balancing with failover problems

Wed Aug 21, 2019 1:18 pm

Hi,

Thanks for help, I removed fast track entities but I don't know how to move that

add action=accept chain=prerouting comment=router dst-address-list=router" should be at the beginning of chain / before all LB logic
 
Ghino
just joined
Topic Author
Posts: 16
Joined: Tue Feb 26, 2019 7:05 pm

Re: 2 wan load balancing with failover problems

Wed Aug 21, 2019 1:31 pm

lol,

sorry i'm new on mikrotik.. i did.. litterally move up on list :-)


With distance i can modify ratio between use of two wan?
because i would use second wan less than first one, but i don't know if it's possible to achieve that too
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1795
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: 2 wan load balancing with failover problems

Wed Aug 21, 2019 2:11 pm

the default routes are only relevant in context of fail-over: each connection gets assigned to either Wan1 or Wan2 in mangling, only when that link is not up will the default be relevant.

the current load balancing is 50/50
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=bridge new-connection-mark=WAN1_conn \
passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=bridge new-connection-mark=WAN2_conn \
passthrough=yes per-connection-classifier=both-addresses:2/1
 
Ghino
just joined
Topic Author
Posts: 16
Joined: Tue Feb 26, 2019 7:05 pm

Re: 2 wan load balancing with failover problems

Wed Aug 21, 2019 2:19 pm

thanks again ..
is there a way to set 80/20 for example?
or stop on max mb reached dayly from wan2?
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1795
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: 2 wan load balancing with failover problems

Wed Aug 21, 2019 3:16 pm

is there a way to set 80/20 for example?
Not directly, but you can achieve this by being creative: repeat a link multiple times, for 80/20, pretend you have 5 links each good for 20% of traffic: wan1,wan1,wan1,wan1,wan2
Another option, is bandwidth based load-balancing: viewtopic.php?f=2&t=151314
or stop on max mb reached dayly from wan2?
you would have to script that: on regular basis check stats on wanX and if condition met, switch to other. then at midnight switch to default one again.

Who is online

Users browsing this forum: Majestic-12 [Bot] and 98 guests