Community discussions

MikroTik App
 
ahmad201020
just joined
Topic Author
Posts: 14
Joined: Fri Jul 05, 2019 10:12 pm

pcc load balancing help

Thu Feb 18, 2021 2:38 pm

is my pcc configration is correct ? or any other suggest
thanks for all
/ip firewall address-list
add address=192.168.88.0/24 list=connected
/ip firewall mangle
add action=accept chain=prerouting dst-address-list=\
    connected src-address-list=connected
add action=mark-connection chain=input connection-mark=\
    no-mark in-interface=pppoe-out1 new-connection-mark=\
    WAN1->ROS passthrough=no
add action=mark-connection chain=input connection-mark=\
    no-mark in-interface=pppoe-out2 new-connection-mark=\
    WAN2->ROS passthrough=no
add action=mark-connection chain=input connection-mark=\
    no-mark in-interface=pppoe-out3 new-connection-mark=\
    WAN3->ROS passthrough=no
add action=mark-connection chain=input connection-mark=\
    no-mark in-interface=pppoe-out4 new-connection-mark=\
    WAN4->ROS passthrough=no
add action=mark-routing chain=output connection-mark=\
    WAN1->ROS new-routing-mark=ISP1_Route passthrough=no
add action=mark-routing chain=output connection-mark=\
    WAN2->ROS new-routing-mark=ISP2_Route passthrough=no
add action=mark-routing chain=output connection-mark=\
    WAN3->ROS new-routing-mark=ISP3_Route passthrough=no
add action=mark-routing chain=output connection-mark=\
    WAN4->ROS new-routing-mark=ISP4_Route passthrough=no
add action=mark-connection chain=forward connection-mark=\
    no-mark in-interface=pppoe-out1 new-connection-mark=\
    WAN1->LANs passthrough=no
add action=mark-connection chain=forward connection-mark=\
    no-mark in-interface=pppoe-out2 new-connection-mark=\
    WAN2->LANs passthrough=no
add action=mark-connection chain=forward connection-mark=\
    no-mark in-interface=pppoe-out3 new-connection-mark=\
    WAN3->LANs passthrough=no
add action=mark-connection chain=forward connection-mark=\
    no-mark in-interface=pppoe-out4 new-connection-mark=\
    WAN4->LANs passthrough=no
add action=mark-routing chain=prerouting connection-mark=\
    WAN1->LANs new-routing-mark=ISP1_Route passthrough=no \
    src-address-list=connected
add action=mark-routing chain=prerouting connection-mark=\
    WAN2->LANs new-routing-mark=ISP2_Route passthrough=no \
    src-address-list=connected
add action=mark-routing chain=prerouting connection-mark=\
    WAN3->LANs new-routing-mark=ISP3_Route passthrough=no \
    src-address-list=connected
add action=mark-routing chain=prerouting connection-mark=\
    WAN4->LANs new-routing-mark=ISP4_Route passthrough=no \
    src-address-list=connected
add action=mark-connection chain=prerouting \
    connection-mark=no-mark dst-address-list=!connected \
    dst-address-type=!local new-connection-mark=LAN->WAN1 \
    passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:4/0 src-address-list=\
    connected
add action=mark-connection chain=prerouting \
    connection-mark=no-mark dst-address-list=!connected \
    dst-address-type=!local new-connection-mark=LAN->WAN2 \
    passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:4/1 src-address-list=\
    connected
add action=mark-connection chain=prerouting \
    connection-mark=no-mark dst-address-list=!connected \
    dst-address-type=!local new-connection-mark=LAN->WAN3 \
    passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:4/2 src-address-list=\
    connected
add action=mark-connection chain=prerouting \
    connection-mark=no-mark dst-address-list=!connected \
    dst-address-type=!local new-connection-mark=LAN->WAN4 \
    passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:4/3 src-address-list=\
    connected
add action=mark-routing chain=prerouting connection-mark=\
    LAN->WAN1 dst-address-list=!connected \
    new-routing-mark=ISP1_Route passthrough=no \
    src-address-list=connected
add action=mark-routing chain=prerouting connection-mark=\
    LAN->WAN2 dst-address-list=!connected \
    new-routing-mark=ISP2_Route passthrough=no \
    src-address-list=connected
add action=mark-routing chain=prerouting connection-mark=\
    LAN->WAN3 dst-address-list=!connected \
    new-routing-mark=ISP3_Route passthrough=no \
    src-address-list=connected
add action=mark-routing chain=prerouting connection-mark=\
    LAN->WAN4 dst-address-list=!connected \
    new-routing-mark=ISP4_Route passthrough=no \
    src-address-list=connected
Last edited by ahmad201020 on Thu Feb 18, 2021 7:43 pm, edited 1 time in total.
 
sindy
Forum Guru
Forum Guru
Posts: 6869
Joined: Mon Dec 04, 2017 9:19 pm

Re: pcc load balanceing help

Thu Feb 18, 2021 6:37 pm

If you assign a routing-mark to WAN->LAN packets, they may end up being sent back to the internet if only a default route exists with that routing-mark, which is typically the case. You haven't shown your /ip route section so hard to say.

PCC can be normally used to assign a routing-mark directly, not to assign a connection-mark and then use another rule to translate the connection-mark into a routing-mark, because the result of the per-connection-classifier is the same for all packets of the same direction of the same connection. I've got no idea whether PCC->routing mark translation is faster or slower than connection-mark->routing-mark translation, but doing both for every single packet is definitely a waste of CPU.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
ahmad201020
just joined
Topic Author
Posts: 14
Joined: Fri Jul 05, 2019 10:12 pm

Re: pcc load balanceing help

Thu Feb 18, 2021 7:32 pm

/ip route
add distance=1 gateway=pppoe-out3 routing-mark=ISP3_Route
add distance=1 gateway=pppoe-out1 routing-mark=ISP1_Route
add distance=1 gateway=pppoe-out2 routing-mark=ISP2_Route
add distance=1 gateway=pppoe-out4 routing-mark=ISP4_Route
add distance=1 gateway=pppoe-out1
add distance=2 gateway=pppoe-out2
add distance=3 gateway=pppoe-out3
add distance=4 gateway=pppoe-out4
 
ahmad201020
just joined
Topic Author
Posts: 14
Joined: Fri Jul 05, 2019 10:12 pm

Re: pcc load balancing help

Thu Feb 18, 2021 7:42 pm

what is your suggest to do for load balancing !
other question - user input and forward to incoming connections from internet interfaces or use prerouting


and thanks for your reply and help
 
sindy
Forum Guru
Forum Guru
Posts: 6869
Joined: Mon Dec 04, 2017 9:19 pm

Re: pcc load balanceing help  [SOLVED]

Thu Feb 18, 2021 8:18 pm

Ah, sorry, I wasn't careful when looking at the first four action=mark-routing rules in prerouting, they are actually used to assign the routing-mark to LAN->WAN packets, not to WAN->LAN ones. The reason is that it is quite unusual to use three groups of connection-mark values (WAN->LAN, LAN->WAN, WAN->ROS) if their only purpose is to be translated to routing-mark values, but maybe there is some context I cannot see.

If there is none, you can save several rules per packet by using the same connection-mark for connections initiated from LAN side (distributed using PCC) and connections initiated from WAN side. There will be only one connection-mark->routing-mark translation rule per WAN (which saves CPU), and you can also use a single common rule per each WAN to assign a connection-mark depending on WAN in-interface per WAN if you replace the separate rules in input and forward chains by a single one in prerouting chain. Doing so doesn't save any CPU, it just centralizes the conifguration and thus reduces the space for typos.

Another optimization point I normally use is to jump to a dedicated connection marking chain as the first rule in prerouting for connection-state=new packets, so that all mid-connection packets go straight to the connection-mark->routing-mark translation rules. This might not make much sense if you only used PCC to assign routing-mark values, but since you use the connection-mark->routing-mark translation anyway (to make sure connections initiated from the internet will be responded properly), it will save CPU also here.

So my set of mangle rules would look as follows:
chain=prerouting connection-state=new action=jump jump-target=pr-cm
chain=prerouting in-interface-list=WAN action=accept
chain=prerouting connection-mark=WAN1 action=mark-routing new-routing-mark=WAN1 passthrough=no
...
chain=prerouting connection-mark=WAN4 action=mark-routing new-routing-mark=WAN4 passthrough=no
chain=pr-cm in-interface=WAN1 action=mark-connection new-connection-mark=WAN1 passthrough=yes
...
chain=pr-cm in-interface=WAN4 action=mark-connection new-connection-mark=WAN4 passthrough=yes
chain=pr-cm connection-mark=no-mark per-connection-classifier=both-addresses-and-ports:4/0 action=mark-connection new-connection-mark=WAN1 passthrough=yes
chain=pr-cm connection-mark=no-mark per-connection-classifier=both-addresses-and-ports:4/3 action=mark-connection new-connection-mark=WAN4 passthrough=yes
chain=output connection-mark=WAN1 action=mark-routing new-routing-mark=WAN1
...
chain=output connection-mark=WAN2 action=mark-routing new-routing-mark=WAN4


Don't forget that if you assign routing-mark values in mangle chain output, you must use src-nat or masquerade rules on the WANs. The packets sent by ROS are routed, and therefore their source address is chosen, before the routing-mark is eventually assigned in chain output, and whilst the routing is repeated if a routing-mark is assigned, the source address doesn't change automatically.
EDIT: the paragraph above is valid, but only for connections initiated by ROS itself, which is not your case, so you can ignore it.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
ahmad201020
just joined
Topic Author
Posts: 14
Joined: Fri Jul 05, 2019 10:12 pm

Re: pcc load balancing help

Thu Feb 18, 2021 9:08 pm

i edit my script is it right ?
 
 /ip firewall mangle
add action=jump chain=prerouting connection-state=new jump-target=pr-cm
add action=accept chain=prerouting in-interface-list=WAN
add action=mark-routing chain=prerouting connection-mark=WAN1 new-routing-mark=WAN1 passthrough=no
add action=mark-routing chain=prerouting connection-mark=WAN2 new-routing-mark=WAN2 passthrough=no
add action=mark-routing chain=prerouting connection-mark=WAN3 new-routing-mark=WAN3 passthrough=no
add action=mark-routing chain=prerouting connection-mark=WAN4 new-routing-mark=WAN4 passthrough=no
add action=mark-connection chain=pr-cm in-interface=pppoe-out1 new-connection-mark=WAN1 passthrough=yes
add action=mark-connection chain=pr-cm in-interface=pppoe-out2 new-connection-mark=WAN2 passthrough=yes
add action=mark-connection chain=pr-cm in-interface=pppoe-out3 new-connection-mark=WAN3 passthrough=yes
add action=mark-connection chain=pr-cm in-interface=pppoe-out4 new-connection-mark=WAN4 passthrough=yes
add action=mark-connection chain=pr-cm connection-mark=no-mark dst-address-type=!local new-connection-mark=WAN1 passthrough=yes per-connection-classifier=both-addresses-and-ports:4/0
add action=mark-connection chain=pr-cm connection-mark=no-mark dst-address-type=!local new-connection-mark=WAN2 passthrough=yes per-connection-classifier=both-addresses-and-ports:4/1
add action=mark-connection chain=pr-cm connection-mark=no-mark dst-address-type=!local new-connection-mark=WAN3 passthrough=yes per-connection-classifier=both-addresses-and-ports:4/2
add action=mark-connection chain=pr-cm connection-mark=no-mark dst-address-type=!local new-connection-mark=WAN4 passthrough=yes per-connection-classifier=both-addresses-and-ports:4/3
add action=mark-routing chain=output connection-mark=WAN1 new-routing-mark=WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2 new-routing-mark=WAN2 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN3 new-routing-mark=WAN3 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN4 new-routing-mark=WAN4 passthrough=yes

/ip route
add distance=1 gateway=pppoe-out1 routing-mark=WAN1
add distance=1 gateway=pppoe-out2 routing-mark=WAN2
add distance=1 gateway=pppoe-out3 routing-mark=WAN3
add distance=1 gateway=pppoe-out4 routing-mark=WAN4
add distance=1 gateway=pppoe-out1
add distance=2 gateway=pppoe-out2
add distance=3 gateway=pppoe-out3
add distance=4 gateway=pppoe-out4

/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=pppoe-out2
add action=masquerade chain=srcnat out-interface=pppoe-out3
add action=masquerade chain=srcnat out-interface=pppoe-out4

/interface list
add name=WAN

/interface list member
add interface=pppoe-out1 list=WAN
add interface=pppoe-out2 list=WAN
add interface=pppoe-out3 list=WAN
add interface=pppoe-out4 list=WAN
 
sindy
Forum Guru
Forum Guru
Posts: 6869
Joined: Mon Dec 04, 2017 9:19 pm

Re: pcc load balancing help

Thu Feb 18, 2021 9:20 pm

Seems fine to me. If there is a mistake, it is most likely coming from me :)
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
ahmad201020
just joined
Topic Author
Posts: 14
Joined: Fri Jul 05, 2019 10:12 pm

Re: pcc load balancing help

Thu Feb 18, 2021 9:23 pm

Thank you for your help, I'm grateful to you

Who is online

Users browsing this forum: Bing [Bot], Fesiitis, fredcom, Google [Bot], jimmycr1, nashaden and 207 guests