Community discussions

MUM Europe 2020
 
MrKimbo
just joined
Topic Author
Posts: 10
Joined: Sun Oct 17, 2010 6:09 pm

FTP load balancing problem

Sun Jul 24, 2011 10:06 am

Hi!

I got a problem with the FTP connection. I have 2 ADSL connection with 2mbs download and 512kbps upload, and I've implemented load balancing using PCC. The HTTP is working fine, but not for the FTP.

Let say I want to upload 4 files via FTP, very large file (>500MB each). So there's will be 4 FTP connections running. Sometimes the upload process using both ADSL, this is okay. But, sometimes it just using 1 ADSL connection for all FTP connections. This looks like random.

My question is: how to tell the mikrotik to use both connections. Let say, each ADSL connection will have 2 maximum FTP connection running at same time. So if I upload 3 files over FTP, 2 connections will be running through ADSL1, and 1 connection will be running through ADSL2.

Regards,
Kimbo
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24383
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: FTP load balancing problem

Mon Jul 25, 2011 11:36 am

show us your PCC configuration please
No answer to your question? How to write posts
 
MrKimbo
just joined
Topic Author
Posts: 10
Joined: Sun Oct 17, 2010 6:09 pm

Re: FTP load balancing problem

Mon Jul 25, 2011 12:35 pm

Hi normis,

I'm using RB750 with Hotspot, and proxy disabled. Following is the configuration:

Mangle:
 0   ;;; Access ADSL Modem
     chain=prerouting action=mark-routing new-routing-mark=to-modem-1 
     passthrough=no dst-address=192.168.0.1 

 1   chain=prerouting action=mark-routing new-routing-mark=to-modem-2 
     passthrough=no dst-address=192.168.1.1 

 2   chain=prerouting action=mark-routing new-routing-mark=to-wifi 
     passthrough=no dst-address=192.168.10.254 

 3   chain=prerouting action=mark-routing new-routing-mark=access-hotspot-pc 
     passthrough=no dst-address=192.168.30.2 

 4   ;;; Pass to Proxy
     chain=postrouting action=mark-packet new-packet-mark=HIT passthrough=no 
     protocol=tcp dst-port=80,81,8080,3128 dscp=12 

 5   ;;; LOAD BALANCE PROXY PCC
     chain=prerouting action=mark-connection new-connection-mark=PROXY-1 
     passthrough=yes connection-state=new in-interface=Proxy 

 6   chain=prerouting action=mark-connection new-connection-mark=PROXY-2 
     passthrough=yes connection-state=new in-interface=Proxy 

 7   chain=prerouting action=mark-connection new-connection-mark=PROXY-1 
     passthrough=yes in-interface=Proxy connection-mark=PROXY-1 

 8   chain=prerouting action=mark-connection new-connection-mark=PROXY-2 
     passthrough=yes in-interface=Proxy connection-mark=PROXY-2 

 9   chain=prerouting action=mark-connection new-connection-mark=PROXY-1 
     passthrough=yes protocol=tcp dst-address-type=!local in-interface=Proxy 
     dst-port=80,81,8080,3128 
     per-connection-classifier=both-addresses-and-ports:2/0 

10   chain=prerouting action=mark-connection new-connection-mark=PROXY-2 
     passthrough=yes protocol=tcp dst-address-type=!local in-interface=Proxy 
     dst-port=80,81,8080,3128 
     per-connection-classifier=both-addresses-and-ports:2/1 

11   chain=prerouting action=mark-routing new-routing-mark=Route-Proxy-1 
     passthrough=yes in-interface=Proxy connection-mark=PROXY-1 

12   chain=prerouting action=mark-routing new-routing-mark=Route-Proxy-2 
     passthrough=yes in-interface=Proxy connection-mark=PROXY-2 

13   ;;; No Load Balancing allowed for these sites
     chain=prerouting action=mark-connection 
     new-connection-mark=NoLB_Connection passthrough=yes 
     dst-address-list=NoLB in-interface=LAN 

14   chain=prerouting action=mark-routing new-routing-mark=NoLB_Routing 
     passthrough=no in-interface=LAN connection-mark=NoLB_Connection 

15   ;;; All sensitive Port using single connection
     chain=prerouting action=mark-connection new-connection-mark=Single_conn 
     passthrough=yes protocol=tcp in-interface=LAN 
     dst-port=2082,2083,2086,2087,2095,2096,443,5656,5353,5953,2408

16 X chain=prerouting action=mark-packet new-packet-mark=Single_pack 
     passthrough=yes in-interface=LAN connection-mark=Single_conn 

17   chain=prerouting action=mark-routing new-routing-mark=Single_route 
     passthrough=no in-interface=LAN connection-mark=Single_conn 

18   ;;; NEW Load Balance
     chain=input action=mark-connection new-connection-mark=ADSL-1 
     passthrough=yes connection-state=new in-interface=Speedy-1 

19   chain=input action=mark-connection new-connection-mark=ADSL-2 
     passthrough=yes connection-state=new in-interface=Speedy-2 

20   chain=output action=mark-routing new-routing-mark=jalur-1 passthrough=no 
     connection-mark=ADSL-1 

21   chain=output action=mark-routing new-routing-mark=jalur-2 passthrough=no 
     connection-mark=ADSL-2 

22 X chain=prerouting action=mark-connection new-connection-mark=ADSL-1 
     passthrough=no in-interface=LAN connection-mark=ADSL-1 

23 X chain=prerouting action=mark-connection new-connection-mark=ADSL-2 
     passthrough=no in-interface=LAN connection-mark=ADSL-2 

24 X ;;; AUTOMATIC DISABLE IF PROXY DOWN
     chain=prerouting action=mark-connection new-connection-mark=ADSL-1 
     passthrough=yes protocol=tcp dst-address-type=!local in-interface=LAN 
     dst-port=!80,81,8080,3128 
     per-connection-classifier=both-addresses-and-ports:2/0 

25 X chain=prerouting action=mark-connection new-connection-mark=ADSL-2 
     passthrough=yes protocol=tcp dst-address-type=!local in-interface=LAN 
     dst-port=!80,81,8080,3128 
     per-connection-classifier=both-addresses-and-ports:2/1 

26   ;;; AUTOMATIC ENABLE IF PROXY DOWN
     chain=prerouting action=mark-connection new-connection-mark=ADSL-1 
     passthrough=yes dst-address-type=!local in-interface=LAN 
     per-connection-classifier=both-addresses-and-ports:2/0 

27   chain=prerouting action=mark-connection new-connection-mark=ADSL-2 
     passthrough=yes dst-address-type=!local in-interface=LAN 
     per-connection-classifier=both-addresses-and-ports:2/1 

28   chain=prerouting action=mark-routing new-routing-mark=jalur-1 
     passthrough=yes in-interface=LAN connection-mark=ADSL-1 

29   chain=prerouting action=mark-routing new-routing-mark=jalur-2 
     passthrough=yes in-interface=LAN connection-mark=ADSL-2 
NAT:
 0 X ;;; place hotspot rules here
     chain=unused-hs-chain action=passthrough 

 1   ;;; Local NAT
     chain=srcnat action=masquerade out-interface=PPPoE-1 

 2   chain=srcnat action=masquerade out-interface=PPPoE-2 

 3   chain=srcnat action=masquerade src-address=192.168.10.0/24 

 4   ;;; masquerade hotspot network
     chain=srcnat action=masquerade src-address=192.168.30.0/24 

 5 X ;;; TRANSPARENT DNS
     chain=dstnat action=dst-nat to-ports=53 protocol=tcp in-interface=LAN 
     dst-port=53 

 6 X chain=dstnat action=dst-nat to-ports=53 protocol=udp in-interface=LAN 
     dst-port=53 

 7 X chain=dstnat action=dst-nat to-ports=53 protocol=tcp in-interface=Proxy 
     dst-port=53 

 8 X chain=dstnat action=dst-nat to-ports=53 protocol=udp in-interface=Proxy 
     dst-port=53 

 9 X ;;; TRANSPARANT PROXY SQUID
     chain=dstnat action=dst-nat to-addresses=192.168.20.3 to-ports=3128 
     protocol=tcp src-address-list=IP_Users dst-address-list=!IP_Proxy 
     in-interface=LAN dst-port=80,81,8080,3128 

10 X ;;; TRANSPARENT BIND9
     chain=dstnat action=dst-nat to-addresses=192.168.10.3 to-ports=53 
     protocol=tcp in-interface=Proxy dst-port=53 

11 X chain=dstnat action=dst-nat to-addresses=192.168.10.3 to-ports=53 
     protocol=udp in-interface=Proxy dst-port=53 

12   ;;; Allow Remote Desktop Connection
     chain=dstnat action=dst-nat to-addresses=192.168.10.2 to-ports=3389 
     protocol=tcp dst-address=111.111.111.111 dst-port=3389 

13   chain=dstnat action=dst-nat to-addresses=192.168.10.2 to-ports=3389 
     protocol=tcp dst-address=222.222.222.222 dst-port=3389 

14   ;;; Allow access to Mikrotik web interface using port 8081
     chain=dstnat action=dst-nat to-addresses=192.168.10.1 to-ports=80 
     protocol=tcp dst-port=8081 
Route:
 0 A S  dst-address=0.0.0.0/0 gateway=192.168.0.1 
        gateway-status=192.168.0.1 reachable Speedy-1 distance=1 scope=30 
        target-scope=10 routing-mark=to-modem-1 

 1 A S  dst-address=0.0.0.0/0 gateway=192.168.1.1 
        gateway-status=192.168.1.1 reachable Speedy-2 distance=1 scope=30 
        target-scope=10 routing-mark=to-modem-2 

 2 A S  dst-address=0.0.0.0/0 gateway=192.168.10.254 
        gateway-status=192.168.10.254 reachable LAN distance=1 scope=30 
        target-scope=10 routing-mark=to-wifi 

 3 A S  ;;; Access Hotspot PCs
        dst-address=0.0.0.0/0 gateway=Hotspot 
        gateway-status=Hotspot reachable distance=1 scope=30 target-scope=10 
        routing-mark=access-hotspot-pc 

 4 A S  ;;; No Load Balancing allowed for these sites
        dst-address=0.0.0.0/0 gateway=PPPoE-2 
        gateway-status=PPPoE-2 reachable distance=1 scope=30 target-scope=10 
        routing-mark=NoLB_Routing 

 5 A S  ;;; All sensitive Port using single connection
        dst-address=0.0.0.0/0 gateway=PPPoE-2 
        gateway-status=PPPoE-2 reachable distance=1 scope=30 target-scope=10 
        routing-mark=Single_route 

 6 A S  ;;; Rapidshare
        dst-address=0.0.0.0/0 gateway=PPPoE-1 
        gateway-status=PPPoE-1 reachable distance=1 scope=30 target-scope=10 
        routing-mark=Rapidshare_route 

 7 A S  ;;; Route PCC
        dst-address=0.0.0.0/0 gateway=PPPoE-1 
        gateway-status=PPPoE-1 reachable check-gateway=ping distance=1 
        scope=30 target-scope=10 routing-mark=jalur-1 

 8 A S  dst-address=0.0.0.0/0 gateway=PPPoE-2 gateway-status=PPPoE-2 reachable 
        check-gateway=ping distance=1 scope=30 target-scope=10 
        routing-mark=jalur-2 

 9 A S  dst-address=0.0.0.0/0 gateway=PPPoE-1 gateway-status=PPPoE-1 reachable 
        distance=1 scope=30 target-scope=10 

10 ADC  dst-address=222.222.222.1/32 pref-src=222.222.222.222 gateway=PPPoE-2 
        gateway-status=PPPoE-2 reachable distance=0 scope=10 

11 ADC  dst-address=111.111.111.1/32 pref-src=111.111.111.111 gateway=PPPoE-1 
        gateway-status=PPPoE-1 reachable distance=0 scope=10 

12 ADC  dst-address=192.168.0.0/24 pref-src=192.168.0.2 gateway=Speedy-1 
        gateway-status=Speedy-1 reachable distance=0 scope=10 

13 ADC  dst-address=192.168.1.0/24 pref-src=192.168.1.2 gateway=Speedy-2 
        gateway-status=Speedy-2 reachable distance=0 scope=10 

14 ADC  dst-address=192.168.10.0/24 pref-src=192.168.10.1 gateway=LAN 
        gateway-status=LAN reachable distance=0 scope=10 

15 ADC  dst-address=192.168.20.0/24 pref-src=192.168.20.1 gateway=Proxy 
        gateway-status=Proxy unreachable distance=0 scope=200 

16 ADC  dst-address=192.168.30.0/24 pref-src=192.168.30.1 gateway=Hotspot 
        gateway-status=Hotspot reachable distance=0 scope=10 
Thank you for your help. I'm appreciate it.

Regards,
Kimbo
Last edited by MrKimbo on Mon Jul 25, 2011 7:05 pm, edited 1 time in total.
 
Feklar
Forum Guru
Forum Guru
Posts: 1726
Joined: Tue Dec 01, 2009 11:46 pm

Re: FTP load balancing problem

Mon Jul 25, 2011 5:26 pm

FTP actually uses two sessions. Port 21 is the control session, and the data transfer session is negotiated off of that. The router can look into that control tunnel and determine a connection is "related" based off of that. Where you mark a connection for FTP, add in another rule with "connection-state=related" and mark it the same as the FTP rule, and place it directly below it. That should fix the issue.
 
MrKimbo
just joined
Topic Author
Posts: 10
Joined: Sun Oct 17, 2010 6:09 pm

Re: FTP load balancing problem

Mon Jul 25, 2011 5:39 pm

Hi Feklar,

Thanks for the answer. However, I'm not too familiar with mikrotik. Could you please give me an example of the setting?
 
Feklar
Forum Guru
Forum Guru
Posts: 1726
Joined: Tue Dec 01, 2009 11:46 pm

Re: FTP load balancing problem

Mon Jul 25, 2011 6:37 pm

/ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=Single_conn passthrough=yes in-interface=LAN connection-state=related place-before=16
 
MrKimbo
just joined
Topic Author
Posts: 10
Joined: Sun Oct 17, 2010 6:09 pm

Re: FTP load balancing problem

Mon Jul 25, 2011 7:10 pm

I'm sorry before. This code:
15   ;;; All sensitive Port using single connection
     chain=prerouting action=mark-connection new-connection-mark=Single_conn 
     passthrough=yes protocol=tcp in-interface=LAN 
     dst-port=2082,2083,2086,2087,2095,2096,443,5656,5353,5953,2408,[color=#FF0000]21[/color] 
Should be:
15   ;;; All sensitive Port using single connection
     chain=prerouting action=mark-connection new-connection-mark=Single_conn 
     passthrough=yes protocol=tcp in-interface=LAN 
     dst-port=2082,2083,2086,2087,2095,2096,443,5656,5353,5953,2408
I place port 21 on that mangle just for test using one ADSL connection only.
And, in this case/problem I want it to be running using both connections.

I will try your code, I hope it working.
 
Feklar
Forum Guru
Forum Guru
Posts: 1726
Joined: Tue Dec 01, 2009 11:46 pm

Re: FTP load balancing problem

Mon Jul 25, 2011 7:49 pm

The other method would be to change your PCC classifier, you have it set to "both-addresses-and-ports" and change it to "both-addresses". I went with that method above because you had that very specific rule for it listed. By taking out the port variables, PCC is a little less random, as long as the src and dst IP are the same it always uses the same route, which doesn't break things like banking web sites, forums, and in your case FTP sessions.
 
MrKimbo
just joined
Topic Author
Posts: 10
Joined: Sun Oct 17, 2010 6:09 pm

Re: FTP load balancing problem

Mon Jul 25, 2011 8:04 pm

Feklar, I've tried it but still no luck :( I test it with 4 FTP connection (upload 4 files to same server).
 
Feklar
Forum Guru
Forum Guru
Posts: 1726
Joined: Tue Dec 01, 2009 11:46 pm

Re: FTP load balancing problem

Mon Jul 25, 2011 8:10 pm

What method did you try? Modifying PCC or the first suggestion?

Completely clear out the contentions table under IP->Firewall->Connections. The router remembers what route it's used for previous connections and will use it again if it can. Clearing out the connections table makes it forget a previous connection.
 
MrKimbo
just joined
Topic Author
Posts: 10
Joined: Sun Oct 17, 2010 6:09 pm

Re: FTP load balancing problem

Mon Jul 25, 2011 8:16 pm

I try both of them.

So, this mean I have to clear out the connection entry every time I want to upload some files?
 
MrKimbo
just joined
Topic Author
Posts: 10
Joined: Sun Oct 17, 2010 6:09 pm

Re: FTP load balancing problem

Tue Jul 26, 2011 3:34 pm

Any better method than that?

If someone have better solution, please help me :)
 
Feklar
Forum Guru
Forum Guru
Posts: 1726
Joined: Tue Dec 01, 2009 11:46 pm

Re: FTP load balancing problem

Tue Jul 26, 2011 6:38 pm

No you don't have to clear it out every time, since old rules/connections may be applying it's just to clear it out this once. A reboot also works to clear out the connections table.

Please do an /export of your current mangle rules. I want to see if there is something that was missed or that has changed.
 
Ehman
Member
Member
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

Re: FTP load balancing problem

Wed Oct 16, 2013 2:44 am

Ive got the same problem and changing from: both-addresses-and-ports to both-addresses will cause a severe performance decrease, I have a 3WAN PCC balancing config, and both-addresses-and-ports worked like a charm, what now??! I need the performance of both-addresses-and-ports but need the stability of both-addresses

I only want the PCC to be both-addresses with stuck up connections like FTP, and banking websites where you have to log in constantly due to PCC changing WAN at random, but you cant mark is, because the majority of websites uses port 443 and not port 80 aymore :(


you guys have no idea how awesome this both-addresses-and-ports is!!

Who is online

Users browsing this forum: anom3, darkprocess, pioccd and 48 guests