Community discussions

MikroTik App
 
cvillers
just joined
Topic Author
Posts: 3
Joined: Fri Mar 02, 2012 7:49 am

Load balancing with WANs on same subnet

Fri Mar 02, 2012 10:16 pm

I've implemented PCC with masquerading with multiple WANs as in the example fewi gave in this thread. Both of the WANs I'm masquerading through are on the same subnet, though I'm not entirely certain if that's the issue here. What I'm seeing is that I can connect to internal (10.0.0.0/8 and 192.168.0.0/16) hosts fine, and hosts on the same subnet as the WANs (x.y.80.0/22) also are OK. I can't seem to go beyond that subnet. My IP configuration:
/ip firewall mangle
add action=accept chain=prerouting comment="TODO: filter bogon addresses above this rule" disabled=no dst-address-list=!internal in-interface=ether3 \
    src-address-list=internal
add action=mark-connection chain=prerouting comment="mark incoming 80.66 tcp services" connection-state=new disabled=yes dst-port=1194 in-interface=public-66 \
    new-connection-mark=conn-66 passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="PCC unmarked data connections" disabled=no dst-address-list=!internal dst-address-type=!local in-interface=\
    ether3 new-connection-mark=conn-64 passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting comment="PCC unmarked video connections" disabled=no dst-address-list=!internal dst-address-type=!local in-interface=\
    ether4 new-connection-mark=conn-65 passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting comment="" connection-mark=conn-64 disabled=no new-routing-mark=to-64 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=conn-65 disabled=no new-routing-mark=to-65 passthrough=yes

/ip firewall address-list
add address=10.0.0.0/8 comment="" disabled=no list=internal
add address=192.168.0.0/16 comment="" disabled=no list=internal
add address=10.2.0.0/16 comment="" disabled=no list=internal-net1
add address=10.1.0.0/16 comment="" disabled=no list=internal-net2
add address=10.4.0.0/16 comment="" disabled=no list=internal-net2

/ip firewall filter
add action=accept chain=input comment="allow traffic to the router" connection-state=established disabled=no
add action=accept chain=input comment="allow traffic to the router" connection-state=related disabled=no
add action=drop chain=input comment="drop invalid traffic to the router" connection-state=invalid disabled=no
add action=accept chain=input comment="allow admin traffic to router" disabled=no src-address-list=internal
add action=drop chain=input comment="deny all other traffic to router" disabled=no
add action=accept chain=forward comment="allow traffic through router" connection-state=established disabled=no
add action=accept chain=forward comment="allow traffic through router" connection-state=related disabled=no
add action=drop chain=forward comment="drop invalid traffic through router" connection-state=invalid disabled=no
add action=accept chain=forward comment="allow LAN traffic through router" disabled=no in-interface=ether3
add action=accept chain=forward comment="allow 1194/tcp from public-66 to 192.168.10.190" disabled=no dst-address=192.168.10.190 dst-port=1194 protocol=tcp
add action=drop chain=forward comment="deny all other traffic through router" disabled=no

/ip route print detail
 0 A S  dst-address=0.0.0.0/0 gateway=public-64 gateway-status=public-64 reachable check-gateway=ping distance=1 scope=30 target-scope=10 routing-mark=to-64 

 1 A S  dst-address=0.0.0.0/0 gateway=public-65 gateway-status=public-65 reachable check-gateway=ping distance=1 scope=30 target-scope=10 routing-mark=to-65 

 2 A S  dst-address=0.0.0.0/0 gateway=public-66 gateway-status=public-66 reachable check-gateway=ping distance=1 scope=30 target-scope=10 routing-mark=to-66 

 4 ADC  dst-address=10.1.0.0/16 pref-src=10.1.0.1 gateway=ether1 gateway-status=ether1 unreachable distance=0 scope=200 

 5 ADC  dst-address=10.2.0.0/16 pref-src=10.2.0.1 gateway=ether2 gateway-status=ether2 unreachable distance=0 scope=200 

 6 ADC  dst-address=10.4.0.0/16 pref-src=10.4.0.1 gateway=ether3 gateway-status=ether3 reachable distance=0 scope=10 

 7 ADC  dst-address=x.y.80.0/22 pref-src=x.y.80.65 gateway=public-65,public-64,public-66 
        gateway-status=public-65 reachable,public-64 reachable,public-66 reachable distance=0 scope=10 

 8 ADC  dst-address=192.168.0.0/16 pref-src=192.168.10.104 gateway=ether5 gateway-status=ether5 reachable distance=0 scope=10 

/ip firewall nat
add action=masquerade chain=srcnat comment="GSU outbound traffic" disabled=yes out-interface=public-64
add action=masquerade chain=srcnat comment="80.64 outbound traffic" disabled=no out-interface=public-64
add action=masquerade chain=srcnat comment="GSU video outbound traffic" disabled=yes out-interface=public-65
add action=masquerade chain=srcnat comment="80.65 outbound traffic" disabled=no out-interface=public-65
add action=dst-nat chain=dstnat comment="" disabled=no dst-address=x.y.80.66 dst-port=1194 protocol=tcp to-addresses=192.168.10.190 to-ports=1194
There are a few entries in there for things that are not yet fully configured, so here is a network diagram showing what is currently connected and I would like to have working. You will notice the existing gateway, it's mostly unimportant to this discussion, it just needs to remain in place until the RB1100 is fully working.
NetworkRenumbering.png
I suspect that the issue is not too complicated, but I am new to RouterOS and maybe I just can't see it.
You do not have the required permissions to view the files attached to this post.
 
cvillers
just joined
Topic Author
Posts: 3
Joined: Fri Mar 02, 2012 7:49 am

Re: Load balancing with WANs on same subnet

Mon Mar 12, 2012 5:47 pm

My solution: don't do that. It turns out it wasn't possible to get working properly due to the upstream configuration. So I'm only putting one of the connections through the RB1100, but I think that'll work out OK for me.
 
samsung172
Forum Guru
Forum Guru
Posts: 1186
Joined: Sat Apr 04, 2009 3:45 am
Location: Østfold - Norway
Contact:

Re: Load balancing with WANs on same subnet

Mon Mar 12, 2012 6:11 pm

Or use 1 router to each wan connection. And bound from the 3. behind, where u can put "whatever ip u want to the 2 boxes"
 
logiqit
just joined
Posts: 17
Joined: Thu Jun 09, 2011 5:38 pm

Re: Load balancing with WANs on same subnet

Tue Oct 01, 2013 8:28 pm

Or use 1 router to each wan connection. And bound from the 3. behind, where u can put "whatever ip u want to the 2 boxes"
I am having this issue now, instead of having 3 pcs. of hardware, could we achieve this MetaROUTER's?

Who is online

Users browsing this forum: Bing [Bot], eworm, Feche, Google [Bot], Jobius, MSN [Bot], samwarez, thema1366, tonga and 194 guests