Community discussions

MikroTik App
 
mikrotik2014
just joined
Topic Author
Posts: 6
Joined: Wed Aug 07, 2013 9:23 am

PCC-DUAL WAN Load Balancing

Wed Aug 07, 2013 10:52 am

hello ,
I've used this way : Mikrotik DUAL WAN Load Balancing using PCC method
Local : 192.168.0.1
DSL MODEM 1 = 10.111.0.1
DSL MODEM 2 = 10.112.0.1

/ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=WAN1
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=WAN2
 
/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=221.132.112.8,8.8.8.8
 
/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting dst-address=10.111.0.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=10.112.0.0/24 action=accept in-interface=Local
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2
 
/ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 routing-mark=to_WAN2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.111.0.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 distance=2 check-gateway=ping
 
/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade
I have successfully completed . :D :o

Now I do three-line and four-line . How do I add an additional line? How can I? 8)
please help me . thanx .
 
Rudios
Forum Veteran
Forum Veteran
Posts: 966
Joined: Mon Mar 11, 2013 12:58 pm
Location: The Netherlands

Re: PCC-DUAL WAN Load Balancing

Wed Aug 07, 2013 12:02 pm

hello ,
I've used this way : Mikrotik DUAL WAN Load Balancing using PCC method
Local : 192.168.0.1
DSL MODEM 1 = 10.111.0.1
DSL MODEM 2 = 10.112.0.1

/ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=WAN1
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=WAN2
 
/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=221.132.112.8,8.8.8.8
 
/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting dst-address=10.111.0.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=10.112.0.0/24 action=accept in-interface=Local
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2
 
/ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 routing-mark=to_WAN2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.111.0.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 distance=2 check-gateway=ping
 
/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade
I have successfully completed . :D :o

Now I do three-line and four-line . How do I add an additional line? How can I? 8)
please help me . thanx .
You have to duplicate all your mangle rules and update them according to the new infp.
Also double your nat rules and your /ip route settings.
Change your per-connection-classifier to 4:0 -> 4:3
Testing setup with: 2 x RB750UP | 2 x RB750GL | 1 x RB951G-2HnD | 1 x RB2011UiAS-IN
 
SomeYoungGuy
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Mon Oct 22, 2012 10:18 am

Re: PCC-DUAL WAN Load Balancing

Tue Jun 17, 2014 12:51 pm

I followed your configuration, and got Dual WAN working great, now im looking for a way to adapt this to act only on a VPN, so i can specifically route traffic over a VPN, and the VPN has the benefit of the dual WAN configuration.

So far what I have is two VPNs VPN1 and VPN2, they are connected and route in and out differently, as they have two different headed IPs.
so: VPN1 = 10.0.0.100 <-> 10.0.0.99
and VPN2 = 10.0.0.101 <-> 10.0.0.98

So now with the same script, rather then using WAN1 and WAN2... im using VPN1 and VPN2.... bit its not working :(

This is my attempt, but traffic only flows over VPN1, since the connection mark only seems to set as "WAN1_conn"
Local : 192.168.1.1
VPN1 = 10.0.0.100(DHCP assigned local) 10.0.0.99 (server)
VPN2 = 10.0.0.101(DHCP assigned local) 10.0.0.98 (server)

/ip firewall mangle
add chain=input in-interface=VPN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=VPN2 action=mark-connection new-connection-mark=WAN2_conn
add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting dst-address=10.0.0.0/24 action=accept in-interface=Local
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2
 
/ip route
add dst-address=X.X.X.X gateway=10.0.0.99 routing-mark=to_WAN1 check-gateway=ping
add dst-address=X.X.X.X gateway=10.0.0.98 routing-mark=to_WAN2 check-gateway=ping
But when i ping X.X.X.X it only goes out via 10.0.0.99 (VPN1).

Am I barking up the wrong tree here?? or is there better way to load balance / combine multiple VPN links. Essentially what im trying to achieve is to have either a VPN array - or some bonded VPN or something like that, so that if one of the ISP's / links goes down, traffic simply flows over the other without modification.

This is in an attempt to make sip calls over a "robust" VPN, a VPN that uses any number on internet connections.
 
kei888
newbie
Posts: 47
Joined: Fri Feb 07, 2014 7:54 am

Re: PCC-DUAL WAN Load Balancing

Wed Oct 15, 2014 8:44 am

Hi folks!

I'm having a problem also using PCC load balancing method on my two ISPs. WAN2 (ISP2) has no traffic even after mangles had been configured.

Here's my script.

Both WAN1 and WAN2 has the same Bandwidth which is 6 Mbps Upload and 6 Mbps Download each link.

Below is the configuration of my Mikrotik RB951G-2HnD (6.20):
/interface bridge
add mtu=1500 name=bridge1-LAN


/interface ethernet
set [ find default-name=ether1 ] disabled=yes mac-address=D4:CA:6D:80:A5:8A
set [ find default-name=ether2 ] mac-address=D4:CA:6D:80:A5:8B name=ether2-WAN1
set [ find default-name=ether3 ] mac-address=D4:CA:6D:80:A5:8C name=ether3-WAN2
set [ find default-name=ether4 ] mac-address=D4:CA:6D:80:A5:8D name=ether4-LAN
set [ find default-name=ether5 ] mac-address=D4:CA:6D:80:A5:8E name=ether5-LAN

/interface vlan
add interface=bridge1-LAN l2mtu=1594 name=vlan10-President vlan-id=10
add interface=bridge1-LAN l2mtu=1594 name=vlan20-Recruiting vlan-id=20
add interface=bridge1-LAN l2mtu=1594 name=vlan30-VoIP vlan-id=30
add interface=bridge1-LAN l2mtu=1594 name=vlan40-Employees vlan-id=40

/interface bridge port
add bridge=bridge1-LAN interface=ether4-LAN
add bridge=bridge1-LAN interface=ether5-LAN


/ip address

add address=192.168.1.5/27 comment="WAN1 GW" interface=ether2-WAN1 network=192.168.1.0
add address=192.168.2.2/30 comment="WAN2 GW" interface=ether3-WAN2 network=192.168.2.0

add address=172.30.8.1/24 comment="Management VLAN" interface=bridge1-LAN network=172.30.8.0
add address=172.16.20.1/28 comment="Recruiting IP Block GW" interface=vlan20-Recruiting network=172.16.20.0
add address=172.16.10.1/27 comment="President IP Block GW" interface=vlan10-President network=172.16.10.0
add address=172.16.30.1/28 comment="VoIP IP Block GW" interface=vlan30-VoIP network=172.16.30.0
add address=172.30.40.1/24 comment="Employees IP Block GW" interface=vlan40-Employees network=172.30.40.0



/ip firewall mangle EXPORT
add action=mark-connection chain=input comment="Dual WAN Load Balancing w/ Fail Over" in-interface=ether2-WAN1 new-connection-mark=WAN1_mark \
passthrough=no
add action=mark-connection chain=input comment="Dual WAN Load Balancing w/ Fail Over" in-interface=ether3-WAN2 new-connection-mark=WAN2_mark \
passthrough=no

add action=mark-routing chain=output comment="Dual WAN Load Balancing w/ Fail Over" connection-mark=WAN1_mark new-routing-mark=to_ISP1 passthrough=no
add action=mark-routing chain=output comment="Dual WAN Load Balancing w/ Fail Over" connection-mark=WAN2_mark new-routing-mark=to_ISP2 passthrough=no

add chain=prerouting comment="Dual WAN Load Balancing w/ Fail Over" dst-address=192.168.1.0/27 in-interface=bridge1-LAN
add chain=prerouting comment="Dual WAN Load Balancing w/ Fail Over" dst-address=192.168.2.0/30 in-interface=bridge1-LAN

add action=mark-connection chain=prerouting comment="Dual WAN Load Balancing w/ Fail Over" dst-address-type=!local in-interface=bridge1-LAN \
new-connection-mark=WAN1_mark per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting comment="Dual WAN Load Balancing w/ Fail Over" dst-address-type=!local in-interface=bridge1-LAN \
new-connection-mark=WAN2_mark per-connection-classifier=both-addresses-and-ports:2/1

add action=mark-routing chain=prerouting comment="Dual WAN Load Balancing w/ Fail Over" connection-mark=WAN1_mark in-interface=bridge1-LAN \
new-routing-mark=to_ISP1 passthrough=no
add action=mark-routing chain=prerouting comment="Dual WAN Load Balancing w/ Fail Over" connection-mark=WAN2_mark in-interface=bridge1-LAN \
new-routing-mark=to_ISP2 passthrough=no


/ip firewall mangle PRINT

0 ;;; Dual WAN Load Balancing w/ Fail Over
chain=input action=mark-connection new-connection-mark=WAN1_mark passthrough=no in-interface=ether2-WAN1 log=no
log-prefix=""

1 ;;; Dual WAN Load Balancing w/ Fail Over
chain=input action=mark-connection new-connection-mark=WAN2_mark passthrough=no in-interface=ether3-WAN2 log=no
log-prefix=""

2 ;;; Dual WAN Load Balancing w/ Fail Over
chain=output action=mark-routing new-routing-mark=to_ISP1 passthrough=no connection-mark=WAN1_mark log=no log-prefix=""

3 ;;; Dual WAN Load Balancing w/ Fail Over
chain=output action=mark-routing new-routing-mark=to_ISP2 passthrough=no connection-mark=WAN2_mark log=no log-prefix=""

4 ;;; Dual WAN Load Balancing w/ Fail Over
chain=prerouting action=accept dst-address=192.168.1.0/27 in-interface=bridge1-LAN log=no log-prefix=""

5 ;;; Dual WAN Load Balancing w/ Fail Over
chain=prerouting action=accept dst-address=192.168.2.0/30 in-interface=bridge1-LAN log=no log-prefix=""

6 ;;; Dual WAN Load Balancing w/ Fail Over
chain=prerouting action=mark-connection new-connection-mark=WAN1_mark passthrough=yes dst-address-type=!local
in-interface=bridge1-LAN per-connection-classifier=both-addresses-and-ports:2/0 log=no log-prefix=""

7 ;;; Dual WAN Load Balancing w/ Fail Over
chain=prerouting action=mark-connection new-connection-mark=WAN2_mark passthrough=yes dst-address-type=!local
in-interface=bridge1-LAN per-connection-classifier=both-addresses-and-ports:2/1 log=no log-prefix=""

8 ;;; Dual WAN Load Balancing w/ Fail Over
chain=prerouting action=mark-routing new-routing-mark=to_ISP1 passthrough=no in-interface=bridge1-LAN
connection-mark=WAN1_mark log=no log-prefix=""

9 ;;; Dual WAN Load Balancing w/ Fail Over
chain=prerouting action=mark-routing new-routing-mark=to_ISP2 passthrough=no in-interface=bridge1-LAN
connection-mark=WAN2_mark log=no log-prefix=""


/ip route
add check-gateway=ping comment="WAN1 GW" distance=1 gateway=192.168.1.1 routing-mark=to_ISP1
add check-gateway=ping comment="WAN2 GW" distance=1 gateway=192.168.2.1 routing-mark=to_ISP2
add check-gateway=ping comment="Normal Default Route excep for 'Distance set to 1'" distance=1 gateway=210.213.67.65
add check-gateway=ping distance=2 gateway=202.78.78.189


/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether2-WAN1
add action=masquerade chain=srcnat out-interface=ether3-WAN2
Thank you.

Who is online

Users browsing this forum: sindy and 82 guests