Community discussions

MikroTik App
 
ashpri
Member Candidate
Member Candidate
Topic Author
Posts: 154
Joined: Sun Oct 14, 2018 3:11 am

WAN Load Balancing Done. Fine tuning questions.

Fri May 06, 2022 2:35 am

So I was looking at this presentation for load balancing https://mum.mikrotik.com/presentations/US12/tomas.pdf (It is an excellent presentation and highly recommended as a Load Balancing guide)

1. One aspect of load balancing is to make sure that when a connection is initiated through one of the ISPs to the router (packet forwarding for internal services), we need to ensure that this connections is routed out from the internal service through the same ISP. I understand this and have implemented it.

2. What I don't understand is he goes on to do the following (page 33):

/ip firewall mangle
add chain=forward connection-mark=no-mark in-interface=ISP_1 action=mark-connection new-connection-mark=WAN1->LANs
add chain=forward connection-mark=no-mark in-interface=ISP_2 action=mark-connection new-connection-mark=WAN2->LANs
add chain=prerouting connection-mark=WAN1->LANs src-address-list=LAN action=mark-routing new-routing-mark=ISP1_Route
add chain=prerouting connection-mark=WAN2->LANs src-address-list=LAN action=mark-routing new-routing-mark=ISP2_Route

The explanation is: connections initiated from the internet to LAN through one ISP should be replied through the same ISP.

My question is: any connections initiated from WAN to LAN on the forward chain should be dropped at the NAT firewall. There is no way for packets from WAN to reach LAN unless it hits the public ip of the router and dstnat-ed inside (hence input chain, not forward). Why is he doing this second step, what am I not understanding?
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: WAN Load Balancing Done. Fine tuning questions.  [SOLVED]

Fri May 06, 2022 5:07 am

Wrong, dstnatted packets go in forward, not in input (unless you'd set the new destination to router itself, but need for that is rare).
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: WAN Load Balancing Done. Fine tuning questions.

Fri May 06, 2022 11:02 am

I find that also not clear on first hand and it is indeed forwarding as stated before by sob.

If you read here WAN1->LANs and WAN2->LANs as new connection mark then read that as, traffic returning from LAN, heading out to one the ISP connections. I assume this notation was used to not confuse it with LAN initiated traffic going to one of the IPS, see page 38.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: WAN Load Balancing Done. Fine tuning questions.

Fri May 06, 2022 1:38 pm

You may also want to read Dischers explanation ( i prefer it over thomas, although both are master classes )
https://mum.mikrotik.com/presentations/US12/steve.pdf
 
ashpri
Member Candidate
Member Candidate
Topic Author
Posts: 154
Joined: Sun Oct 14, 2018 3:11 am

Re: WAN Load Balancing Done. Fine tuning questions.

Fri May 06, 2022 6:04 pm

You may also want to read Dischers explanation ( i prefer it over thomas, although both are master classes )
https://mum.mikrotik.com/presentations/US12/steve.pdf

I read both Tomas and Discher. I needed a dose of contraband to understand Discher.

Who is online

Users browsing this forum: Ahrefs [Bot], ItchyAnkle, menyarito and 85 guests