Community discussions

MUM Europe 2020
 
rini
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 76
Joined: Wed Sep 22, 2010 1:28 am

PCC load balance 2 diferent ISP

Fri Dec 16, 2011 12:50 am

hi there. i have problem with pcc

I have two DIFFERENT ISP with PPPOE

ISP1 is 4Mbps
ISP2 is 2Mbps

configuration is like this

/ip firewall mangle

add action=accept chain=prerouting disabled=no dst-address=xx.xxx.xx.0/24 in-interface=LOCAL
add action=accept chain=prerouting disabled=no dst-address=xx.xxx.xx.0/24 in-interface=LOCAL
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no in-interface=ISP1 new-connection-mark=LINE1 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no in-interface=ISP2 new-connection-mark=LINE2 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=LOCAL new-connection-mark=LINE1 passthrough=yes per-connection-classifier=both-addresses:3/0
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=LOCAL new-connection-mark=LINE1 passthrough=yes per-connection-classifier=both-addresses:3/1
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=LOCAL new-connection-mark=LINE2 passthrough=yes per-connection-classifier=both-addresses:3/2
add action=mark-routing chain=prerouting connection-mark=LINE1 disabled=no in-interface=LOCAL new-routing-mark=TO_LINE1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=LINE2 disabled=no in-interface=LOCAL new-routing-mark=TO_LINE2 passthrough=yes
add action=mark-routing chain=output connection-mark=LINE1 disabled=no new-routing-mark=TO_LINE1 passthrough=yes
add action=mark-routing chain=output connection-mark=LINE2 disabled=no new-routing-mark=TO_LINE2 passthrough=yes

/ip firewall nat

add chain=srcnat out-interface=ISP1 action=masquerade
add chain=srcnat out-interface=ISP2 action=masquerade

/ip route

add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ISP1 routing-mark=TO_LINE1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ISP2 routing-mark=TO_LINE2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ISP1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=ISP2 scope=30 target-scope=10

/ip dns

allow remote request is yes and servers i put one dns of ISP1 and one dns of ISP2


i think i have problems with the dns

anyone can help ?
Last edited by rini on Sun Dec 25, 2011 11:44 pm, edited 2 times in total.
 
rini
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 76
Joined: Wed Sep 22, 2010 1:28 am

Re: PCC load balance 2 diferent ISP

Sun Dec 18, 2011 6:50 pm

ANYONE ?
 
rini
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 76
Joined: Wed Sep 22, 2010 1:28 am

Re: PCC load balance 2 diferent ISP

Sun Dec 25, 2011 11:45 pm

where are the experts of mikrotik?
 
User avatar
Caci99
Forum Guru
Forum Guru
Posts: 1065
Joined: Wed Feb 21, 2007 2:26 pm
Location: Tirane
Contact:

Re: PCC load balance 2 diferent ISP

Mon Dec 26, 2011 10:31 pm

Your mange part is not correct.
All your mark-routing rules should have passthrough=no, so packets are not processed any more.

Also, when you mark packets with in interface=Public Interface (ISP1 and ISP2) you should use chain=input.
These two rules make possible that the connections of router itself come and go via the same interface.

As for the DNS you better use public dns servers rather than ISP DNS Servers. That is because ISP may block
DNS requests from IP that are not of their own.

You should have a mangle rule set like this:
/ip firewall mangle

add action=mark-connection chain=input connection-mark=no-mark disabled=no in-interface=ISP1 new-connection-mark=LINE1 passthrough=yes
add action=mark-connection chain=input connection-mark=no-mark disabled=no in-interface=ISP2 new-connection-mark=LINE2 passthrough=yes
add action=mark-routing chain=output connection-mark=LINE1 disabled=no new-routing-mark=TO_LINE1 passthrough=no
add action=mark-routing chain=output connection-mark=LINE2 disabled=no new-routing-mark=TO_LINE2 passthrough=no
add action=accept chain=prerouting disabled=no dst-address=Your local network/24 in-interface=LOCAL
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=LOCAL new-connection-mark=LINE1 passthrough=yes per-connection-classifier=both-addresses:3/0
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=LOCAL new-connection-mark=LINE1 passthrough=yes per-connection-classifier=both-addresses:3/1
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=LOCAL new-connection-mark=LINE2 passthrough=yes per-connection-classifier=both-addresses:3/2
add action=mark-routing chain=prerouting connection-mark=LINE1 disabled=no in-interface=LOCAL new-routing-mark=TO_LINE1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=LINE2 disabled=no in-interface=LOCAL new-routing-mark=TO_LINE2 passthrough=yes
-Toni-
Don't crash the ambulance, whatever you do
 
godovic
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Sun Mar 08, 2009 11:52 pm

Re: PCC load balance 2 diferent ISP

Tue Dec 27, 2011 1:55 pm

Do I need PCC if I have 2 two PPPoE links from the same provider - same gateway...

I know that PCC keeps connections but if the gateway is same?

tnx
 
User avatar
Caci99
Forum Guru
Forum Guru
Posts: 1065
Joined: Wed Feb 21, 2007 2:26 pm
Location: Tirane
Contact:

Re: PCC load balance 2 diferent ISP

Tue Dec 27, 2011 2:45 pm

Do I need PCC if I have 2 two PPPoE links from the same provider - same gateway...

I know that PCC keeps connections but if the gateway is same?

tnx
Yes, you will still need the PCC configuration. That is because nowadays servers do require
not only username and password for authentication, but they do also look at the IP the request
is coming from, so a change in the IP would brake the connection with the servers.
-Toni-
Don't crash the ambulance, whatever you do

Who is online

Users browsing this forum: Google Feedfetcher and 76 guests