Community discussions

MikroTik App
 
TechBros
just joined
Topic Author
Posts: 4
Joined: Sun Apr 14, 2019 12:43 am

Load Balancing and

Sat Jan 09, 2021 11:39 am

Hello Everyone,
I provide internet to my apartment building. Each of my clients connect through PPPOE. To avoid downtimes I have got 3 uplinks from 3 different ISPs. I connect to my uplinks with PPPOE authentication. I want to load balance all three of my uplinks so that I can make proper use of the connections. I am using a hAP AC2 routerboard.
  • Port 1, 2 and 3 are used for uplinks.
  • Port 4 used for my home network with a DHCP server running.
  • Port 5 is running a PPPOE server, which is connected to a unmanaged Cisco Gigabit switch to connect my clients.
I do not have much experience with RouterOS, and following the tutorials online I have came up with the following configuration. But my clients keep complaining about connection drops and ridiculously slow speed. When requesting a new connection it takes anything between 3-30 seconds for the connection to establish.
/interface pppoe-client
add disabled=no interface=ether1 name=pppoe-out1 password=uddin user=\
    uddin
add disabled=no interface=ether2 name=pppoe-out2 password=uddin user=\
    uddin
add disabled=no interface=ether3 name=pppoe-out3 password=onu user=onu
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=15Mb ranges=10.10.150.2-10.10.150.254
add name=dhcp_pool12 ranges=10.10.10.2-10.10.10.254
/ip dhcp-server
add address-pool=dhcp_pool12 disabled=no interface=ether4 lease-time=\
    10w name=dhcp1
/ppp profile
add dns-server=8.8.8.8 local-address=10.10.150.1 name=15MB only-one=yes \
    remote-address=15Mb
/queue type
add kind=pcq name=15mb_Upload pcq-classifier=src-address pcq-rate=150M
/queue simple
add burst-time=10s/10s name=15mb queue=15mb_Upload/15mb_Download target=\
    10.10.150.0/24
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface pppoe-server server
add default-profile=15MB disabled=no interface=ether5 max-mru=1480 max-mtu=\
    1480 mrru=1500 one-session-per-host=yes service-name=PPPoE
/ip address
add address=10.10.10.1/24 comment=DHCP_lan interface=ether4 network=\
    10.10.10.0
add address=10.10.150.0/24 comment=lan interface=ether5 network=10.10.150.0
/ip dhcp-server network
add address=10.10.10.0/24 gateway=10.10.10.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall nat
add action=masquerade chain=srcnat
/ip route
add check-gateway=ping distance=1 gateway=pppoe-out3,pppoe-out1,pppoe-out2
/ppp secret
add name=drrt_2a password=1234 profile=15MB service=pppoe
Is there any obvious mistakes I am making in my configuration? Expert advice is needed and will be greatly appreciated.
 
DarkNate
Member Candidate
Member Candidate
Posts: 270
Joined: Fri Jun 26, 2020 4:37 pm

Re: Load Balancing and

Sat Jan 09, 2021 12:45 pm

Load Balancing three WANs? Easy
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=pppoe-out1 new-connection-mark=ISP1_conn passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=pppoe-out2 new-connection-mark=ISP2_conn passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=pppoe-out3 new-connection-mark=ISP3_conn passthrough=no
#For HTTPS TCP
add action=mark-connection chain=prerouting comment="HTTPS traffic" \
    connection-mark=no-mark dst-address-list=!not_in_internet \
    dst-address-type=!local dst-port=80,443 in-interface-list=LAN \
    new-connection-mark=ISP1_conn passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:3/0 protocol=tcp
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-list=!not_in_internet dst-address-type=!local dst-port=80,443 \
    in-interface-list=LAN new-connection-mark=ISP2_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:3/1 protocol=tcp
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-list=!not_in_internet dst-address-type=!local dst-port=80,443 \
    in-interface-list=LAN new-connection-mark=ISP3_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:3/2 protocol=tcp
#For QUIC traffic
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-list=!not_in_internet dst-address-type=!local dst-port=80,443 \
    in-interface-list=LAN new-connection-mark=ISP1_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:3/0 protocol=udp
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-list=!not_in_internet dst-address-type=!local dst-port=80,443 \
    in-interface-list=LAN new-connection-mark=ISP2_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:3/1 protocol=udp
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-list=!not_in_internet dst-address-type=!local dst-port=80,443 \
    in-interface-list=LAN new-connection-mark=ISP3_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:3/2 protocol=udp
#For anything else to achieve bandwidth aggregation in the case of SCTP/Multi-Threading support
add action=mark-connection chain=prerouting \
    connection-mark=no-mark dst-address-list=!not_in_internet \
    dst-address-type=!local in-interface-list=LAN new-connection-mark=\
    ISP1_conn nth=3,1 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-list=!not_in_internet dst-address-type=!local \
    in-interface-list=LAN new-connection-mark=ISP2_conn nth=3,2 passthrough=\
    yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-list=!not_in_internet dst-address-type=!local \
    in-interface-list=LAN new-connection-mark=ISP3_conn nth=3,3 passthrough=\
    yes

add action=mark-routing chain=prerouting connection-mark=ISP1_conn \
    in-interface-list=LAN new-routing-mark=to_ISP1 passthrough=no
add action=mark-routing chain=prerouting connection-mark=ISP2_conn \
    in-interface-list=LAN new-routing-mark=to_ISP2 passthrough=no
add action=mark-routing chain=prerouting connection-mark=ISP3_conn \
    in-interface-list=LAN new-routing-mark=to_ISP3 passthrough=no
add action=mark-routing chain=output connection-mark=ISP1_conn \
    new-routing-mark=to_ISP1 out-interface=pppoe-out1 passthrough=no
add action=mark-routing chain=output connection-mark=ISP2_conn \
    new-routing-mark=to_ISP2 out-interface=pppoe-out2 passthrough=no
add action=mark-routing chain=output connection-mark=ISP3_conn \
    new-routing-mark=to_ISP3 out-interface=pppoe-out3 passthrough=no
 
Sob
Forum Guru
Forum Guru
Posts: 6469
Joined: Mon Apr 20, 2009 9:11 pm

Re: Load Balancing and

Sat Jan 09, 2021 6:22 pm

Here you have it with explanation how it works:

https://wiki.mikrotik.com/wiki/Manual:PCC
Excessive quoting is useless and annoying. If you use it, please consider if you could do without it.
 
sindy
Forum Guru
Forum Guru
Posts: 6657
Joined: Mon Dec 04, 2017 9:19 pm

Re: Load Balancing and

Sat Jan 09, 2021 6:33 pm

There are also multiple discussions here on the forum which discourage from including the remote address and port into the PCC hash, because some services, which redirect the user among multiple servers and at the same time are security-obsessed, have problems if the user session redirected to another server after authentication arrives from a different address than the previous authentication session did.

As you will be providing internet connection to customers with unpredictable behaviour, it is better to stay at the safe side and avoid such mysterious problems by distributing the traffic among the uplinks (and thus public IPs) in a manner which will guarantee that the same user will always get the same public address. It definitely makes the traffic distribution less even, but it saves a lot of headache.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
eldoncito2019
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Fri Jun 14, 2019 1:07 pm

Re: Load Balancing and

Sat Jan 09, 2021 6:52 pm

please read this thread and adapt it to your needs, it worked very well for me
viewtopic.php?f=23&t=157048
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 5926
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Load Balancing and

Sat Jan 09, 2021 8:12 pm

Three ISPs and multiple clients sounds like you have single home user equipment to do so.........
How many apartments?
Do they each get a public IP? or are you sharing 3 public IPs to a private network and then distributing IPs to clients on your private network?
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!

Who is online

Users browsing this forum: sindy, Urajmal and 216 guests