MikroTik

Community discussions
https://forum.mikrotik.com/

Dual WAN Load Balancing Problems

https://forum.mikrotik.com/viewtopic.php?t=90183

Page 1 of 1

Dual WAN Load Balancing Problems

Posted: Tue Oct 14, 2014 12:32 am
by aquiloni
Hello all!

I followed this http://wiki.mikrotik.com/wiki/Load_Bala ... e_Gateways scenario but I came across some nasty problems!

Instead of separating one LAN subnet into two groups I have two bridges on several LAN interfaces (bridge1 192.168.5.0/24 and bridge2 192.168.10.0/24). I want some communication between those bridges, mainly http and ssh.
After I setup the load balancing, bridge1 goes through ISP1 and bridge2 goes through ISP2 but I lost connection between the bridges completely.

What did I wrong?

Here is my basic configuration:

Interfaces/Bridges:

ros code

/interface bridge
add mtu=1500 name=privat protocol-mode=none
add mtu=1500 name=public protocol-mode=none
add mtu=1500 name=radius protocol-mode=none
add mtu=1500 name=wan protocol-mode=none
/interface bridge port
add bridge=wan interface=ether2
add bridge=privat interface=ether3
add bridge=wan interface=ether1
add bridge=public interface=ether8
add bridge=radius interface=ether6
add bridge=privat interface=ether4
add bridge=radius interface=ether5
add bridge=public interface=ether7
Addresses:

ros code

/ip address
add address=10.0.0.1/24 interface=wan network=10.0.0.0
add address=192.168.10.254/24 interface=privat network=192.168.10.0
add address=172.16.0.1/21 interface=public network=172.16.0.0
add address=192.168.5.254/24 interface=radius network=192.168.5.0
add address=192.168.20.254/24 interface=public network=192.168.20.0
Firewall:

ros code

/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.10.0/24
add action=masquerade chain=srcnat src-address=192.168.5.0/24
add action=masquerade chain=srcnat src-address=172.16.0.0/21
add action=masquerade chain=srcnat src-address=192.168.20.0/24

ros code

/ip firewall mangle
add action=mark-routing chain=prerouting disabled=no new-routing-mark=a1_lan \
    passthrough=no src-address-list=a1_wan_list
add action=mark-routing chain=prerouting disabled=no new-routing-mark=nc_lan \
    passthrough=no src-address-list=nc_wan_list
add action=mark-routing chain=prerouting disabled=no new-routing-mark=a1_lan \
    passthrough=no src-address-list=ap_list
add action=mark-routing chain=prerouting disabled=no new-routing-mark=nc_lan \
    src-address-list=radius_list
IP Route:

ros code

/ip route
add disabled=no distance=1 gateway=10.0.0.138 routing-mark=a1_lan
add disabled=no distance=1 gateway=10.0.0.140 routing-mark=nc_lan
add distance=1 gateway=10.0.0.140

Re: Dual WAN Load Balancing Problems

Posted: Wed Oct 15, 2014 6:50 am
by kei888
Hi folks!

I'm having a problem also using PCC load balancing method on my two ISPs. WAN2 (ISP2) has no traffic even after mangles had been configured.

Here's my script.

Both WAN1 and WAN2 has the same Bandwidth which is 6 Mbps Upload and 6 Mbps Download each link.

Below is the configuration of my Mikrotik RB951G-2HnD (6.20):
/interface bridge
add mtu=1500 name=bridge1-LAN


/interface ethernet
set [ find default-name=ether1 ] disabled=yes mac-address=D4:CA:6D:80:A5:8A
set [ find default-name=ether2 ] mac-address=D4:CA:6D:80:A5:8B name=ether2-WAN1
set [ find default-name=ether3 ] mac-address=D4:CA:6D:80:A5:8C name=ether3-WAN2
set [ find default-name=ether4 ] mac-address=D4:CA:6D:80:A5:8D name=ether4-LAN
set [ find default-name=ether5 ] mac-address=D4:CA:6D:80:A5:8E name=ether5-LAN

/interface vlan
add interface=bridge1-LAN l2mtu=1594 name=vlan10-President vlan-id=10
add interface=bridge1-LAN l2mtu=1594 name=vlan20-Recruiting vlan-id=20
add interface=bridge1-LAN l2mtu=1594 name=vlan30-VoIP vlan-id=30
add interface=bridge1-LAN l2mtu=1594 name=vlan40-Employees vlan-id=40

/interface bridge port
add bridge=bridge1-LAN interface=ether4-LAN
add bridge=bridge1-LAN interface=ether5-LAN


/ip address

add address=192.168.1.5/27 comment="WAN1 GW" interface=ether2-WAN1 network=192.168.1.0
add address=192.168.2.2/30 comment="WAN2 GW" interface=ether3-WAN2 network=192.168.2.0

add address=172.30.8.1/24 comment="Management VLAN" interface=bridge1-LAN network=172.30.8.0
add address=172.16.20.1/28 comment="Recruiting IP Block GW" interface=vlan20-Recruiting network=172.16.20.0
add address=172.16.10.1/27 comment="President IP Block GW" interface=vlan10-President network=172.16.10.0
add address=172.16.30.1/28 comment="VoIP IP Block GW" interface=vlan30-VoIP network=172.16.30.0
add address=172.30.40.1/24 comment="Employees IP Block GW" interface=vlan40-Employees network=172.30.40.0



/ip firewall mangle EXPORT
add action=mark-connection chain=input comment="Dual WAN Load Balancing w/ Fail Over" in-interface=ether2-WAN1 new-connection-mark=WAN1_mark \
passthrough=no
add action=mark-connection chain=input comment="Dual WAN Load Balancing w/ Fail Over" in-interface=ether3-WAN2 new-connection-mark=WAN2_mark \
passthrough=no

add action=mark-routing chain=output comment="Dual WAN Load Balancing w/ Fail Over" connection-mark=WAN1_mark new-routing-mark=to_ISP1 passthrough=no
add action=mark-routing chain=output comment="Dual WAN Load Balancing w/ Fail Over" connection-mark=WAN2_mark new-routing-mark=to_ISP2 passthrough=no

add chain=prerouting comment="Dual WAN Load Balancing w/ Fail Over" dst-address=192.168.1.0/27 in-interface=bridge1-LAN
add chain=prerouting comment="Dual WAN Load Balancing w/ Fail Over" dst-address=192.168.2.0/30 in-interface=bridge1-LAN

add action=mark-connection chain=prerouting comment="Dual WAN Load Balancing w/ Fail Over" dst-address-type=!local in-interface=bridge1-LAN \
new-connection-mark=WAN1_mark per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting comment="Dual WAN Load Balancing w/ Fail Over" dst-address-type=!local in-interface=bridge1-LAN \
new-connection-mark=WAN2_mark per-connection-classifier=both-addresses-and-ports:2/1

add action=mark-routing chain=prerouting comment="Dual WAN Load Balancing w/ Fail Over" connection-mark=WAN1_mark in-interface=bridge1-LAN \
new-routing-mark=to_ISP1 passthrough=no
add action=mark-routing chain=prerouting comment="Dual WAN Load Balancing w/ Fail Over" connection-mark=WAN2_mark in-interface=bridge1-LAN \
new-routing-mark=to_ISP2 passthrough=no


/ip firewall mangle PRINT

0 ;;; Dual WAN Load Balancing w/ Fail Over
chain=input action=mark-connection new-connection-mark=WAN1_mark passthrough=no in-interface=ether2-WAN1 log=no
log-prefix=""

1 ;;; Dual WAN Load Balancing w/ Fail Over
chain=input action=mark-connection new-connection-mark=WAN2_mark passthrough=no in-interface=ether3-WAN2 log=no
log-prefix=""

2 ;;; Dual WAN Load Balancing w/ Fail Over
chain=output action=mark-routing new-routing-mark=to_ISP1 passthrough=no connection-mark=WAN1_mark log=no log-prefix=""

3 ;;; Dual WAN Load Balancing w/ Fail Over
chain=output action=mark-routing new-routing-mark=to_ISP2 passthrough=no connection-mark=WAN2_mark log=no log-prefix=""

4 ;;; Dual WAN Load Balancing w/ Fail Over
chain=prerouting action=accept dst-address=192.168.1.0/27 in-interface=bridge1-LAN log=no log-prefix=""

5 ;;; Dual WAN Load Balancing w/ Fail Over
chain=prerouting action=accept dst-address=192.168.2.0/30 in-interface=bridge1-LAN log=no log-prefix=""

6 ;;; Dual WAN Load Balancing w/ Fail Over
chain=prerouting action=mark-connection new-connection-mark=WAN1_mark passthrough=yes dst-address-type=!local
in-interface=bridge1-LAN per-connection-classifier=both-addresses-and-ports:2/0 log=no log-prefix=""

7 ;;; Dual WAN Load Balancing w/ Fail Over
chain=prerouting action=mark-connection new-connection-mark=WAN2_mark passthrough=yes dst-address-type=!local
in-interface=bridge1-LAN per-connection-classifier=both-addresses-and-ports:2/1 log=no log-prefix=""

8 ;;; Dual WAN Load Balancing w/ Fail Over
chain=prerouting action=mark-routing new-routing-mark=to_ISP1 passthrough=no in-interface=bridge1-LAN
connection-mark=WAN1_mark log=no log-prefix=""

9 ;;; Dual WAN Load Balancing w/ Fail Over
chain=prerouting action=mark-routing new-routing-mark=to_ISP2 passthrough=no in-interface=bridge1-LAN
connection-mark=WAN2_mark log=no log-prefix=""


/ip route
add check-gateway=ping comment="WAN1 GW" distance=1 gateway=192.168.1.1 routing-mark=to_ISP1
add check-gateway=ping comment="WAN2 GW" distance=1 gateway=192.168.2.1 routing-mark=to_ISP2
add check-gateway=ping comment="Normal Default Route excep for 'Distance set to 1'" distance=1 gateway=210.213.67.65
add check-gateway=ping distance=2 gateway=202.78.78.189


/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether2-WAN1
add action=masquerade chain=srcnat out-interface=ether3-WAN2
Thank you.
All times are UTC+03:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/