Community discussions

MUM Europe 2020
 
DottorT86
just joined
Topic Author
Posts: 7
Joined: Fri Aug 09, 2019 7:51 am

PCC load balance (2 WAN + 6 LAN) but LANs can no longer communicate each other

Wed Feb 12, 2020 11:58 pm

Hi everybody,
A few days ago I activated my second internet connection, and I thought of using both connections at the same time via PCC lod balance.
Both connections are PPPOE type and have dynamic IP but the second connection is behind NAT so i can't use DDNS services to reach my IP address remotly.
I would like to use the PCC load balance only with 3 of the 6 LANs and I would like the remaining 3 to be directed to only one of the two WANs.
To simplify I would like to create such a configuration:
- LAN 1 - PCC (WAN 1 + WAN 2 with failover)
- LAN 2 - PCC (WAN 1 + WAN 2 with failover)
- LAN 3 - PCC (WAN 1 + WAN 2 with failover)
- LAN 4 - WAN 1
- LAN 5 - WAN 1
- LAN 6 - WAN 2
I did step by step tests using the PCC load balance in the beginning only with one LAN and the two WANs.
This is the configuration I've used:

(pppoe-1=WAN 1)
(pppoe-2=WAN 2)
(bridge_1=LAN 1)
(bridge_2=LAN 2)

/ip firewall mangle
add chain=input in-interface=pppoe-1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=pppoe-2 action=mark-connection new-connection-mark=WAN2_conn
add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting dst-address-type=!local in-interface=bridge_1 per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=bridge_1 per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting connection-mark=WAN1_conn in-interface=bridge_1 action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=bridge_1 action=mark-routing new-routing-mark=to_WAN2

/ip route
add dst-address=0.0.0.0/0 gateway=pppoe-1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=pppoe-2 routing-mark=to_WAN2 check-gateway=ping

/ip firewall nat
add chain=srcnat out-interface=pppoe-1 action=masquerade
add chain=srcnat out-interface=pppoe-2 action=masquerade

This configuration works very good.
The first problem came when I tried to apply this configuration to two LANs simultaneously.
This is the configuration I've used:

/ip firewall mangle
# LAN 1
add chain=input in-interface=pppoe-1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=pppoe-2 action=mark-connection new-connection-mark=WAN2_conn
add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting dst-address-type=!local in-interface=bridge_1 per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=bridge_1 per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting connection-mark=WAN1_conn in-interface=bridge_1 action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=bridge_1 action=mark-routing new-routing-mark=to_WAN2
# LAN 2
add chain=input in-interface=pppoe-1 action=mark-connection new-connection-mark=WAN3_conn
add chain=input in-interface=pppoe-2 action=mark-connection new-connection-mark=WAN4_conn
add chain=output connection-mark=WAN3_conn action=mark-routing new-routing-mark=to_WAN3
add chain=output connection-mark=WAN4_conn action=mark-routing new-routing-mark=to_WAN4
add chain=prerouting dst-address-type=!local in-interface=bridge_2 per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=bridge_2 per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN4_conn passthrough=yes
add chain=prerouting connection-mark=WAN3_conn in-interface=bridge_2 action=mark-routing new-routing-mark=to_WAN3
add chain=prerouting connection-mark=WAN4_conn in-interface=bridge_2 action=mark-routing new-routing-mark=to_WAN4

/ip route
add dst-address=0.0.0.0/0 gateway=pppoe-1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=pppoe-2 routing-mark=to_WAN2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=pppoe-1 routing-mark=to_WAN3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=pppoe-2 routing-mark=to_WAN4 check-gateway=ping

/ip firewall nat
add chain=srcnat out-interface=pppoe-1 action=masquerade
add chain=srcnat out-interface=pppoe-2 action=masquerade

Using this configuration it seems that the PCC load balance works with both LANs but the LANs can no longer communicate with each other.
 
Sob
Forum Guru
Forum Guru
Posts: 5143
Joined: Mon Apr 20, 2009 9:11 pm

Re: PCC load balance (2 WAN + 6 LAN) but LANs can no longer communicate each other  [SOLVED]

Thu Feb 13, 2020 12:35 am

First, why WAN3 and WAN4, when you have only two? Keep using marks only for WAN1 and WAN2, you'll save some rules, and it won't be unnecessarily confusing.

Regarding the main problem, you mark all connections from LAN, but you have only one route in alternative routing tables (default one). What happens is that for these packets, router doesn't find route to local connected subnets. You have three options:

a) Don't mark connections when the destination is another LAN.
b) Manually add routes to connected subnets to other routing tables.
c) Use routing rule(s) to override route selection, when destination is any LAN.

Last one is simplest (change it or add another if you use different addresses for LAN, e.g. from 10.0.0.0/8):
/ip route rule
add action=lookup-only-in-table dst-address=192.168.0.0/16 table=main
It tells router that no matter what routing mark packet has, it should look up destination only in main table (which contains connected routes). Extra bonus is that it will allow you to further prune your mangle rules, where instead of (example from after you get rid od WAN3 and WAN4):
/ip firewall mangle
add chain=prerouting connection-mark=WAN1_conn in-interface=bridge_1 action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=bridge_1 action=mark-routing new-routing-mark=to_WAN2
...
add chain=prerouting connection-mark=WAN1_conn in-interface=bridge_2 action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=bridge_2 action=mark-routing new-routing-mark=to_WAN2
...
you can use just two rules for all:
/ip firewall mangle
add chain=prerouting connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
It will mark routing in both directions, which would normally break it for incoming packets, but routing rule overrides that.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
DottorT86
just joined
Topic Author
Posts: 7
Joined: Fri Aug 09, 2019 7:51 am

Re: PCC load balance (2 WAN + 6 LAN) but LANs can no longer communicate each other

Sun Feb 16, 2020 2:09 am

Thank you so much for your reply Sob!
I solved my problem!
I have one last question regarding this configuration.
Would it be possible to ping an IP address (for example google DNS servers or Open DNS servers) for checking failover instead of the IP address of the PPPOE connection?
 
Sob
Forum Guru
Forum Guru
Posts: 5143
Joined: Mon Apr 20, 2009 9:11 pm

Re: PCC load balance (2 WAN + 6 LAN) but LANs can no longer communicate each other

Sun Feb 16, 2020 3:19 am

You're probably looking for this:

viewtopic.php?f=23&t=157048
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
DottorT86
just joined
Topic Author
Posts: 7
Joined: Fri Aug 09, 2019 7:51 am

Re: PCC load balance (2 WAN + 6 LAN) but LANs can no longer communicate each other

Mon Feb 17, 2020 1:05 am

Thank You so much for your reply!
I tried to search for this topic within Mikrotik Wiki but every link I found brought me to a blank page.
As soon as I can I try to perform the configuration following the explanation of Chupaka.
Thank You again!

Who is online

Users browsing this forum: Bing [Bot], CZFan, InoX, MSN [Bot], SiB, vortex, Zamtron and 130 guests