Community discussions

MUM Europe 2020
 
ammar83
just joined
Topic Author
Posts: 19
Joined: Thu Nov 24, 2011 2:00 pm

Problems when using PCC Load Balancer and Squid Cache

Sat Mar 31, 2012 4:53 pm

Hi All,

I have configured MikroTik to Load Balance between two ISPs using PCC and everything works just fine.. Here is the configuration that I've used:
/ip address
add address=66.66.66.66/26 disabled=no interface=ether01_SatGate network=66.66.66.66
add address=77.77.77.77/27 disabled=no interface=ether04_ScopeSky network=77.77.77.77
add address=192.168.0.1/24 disabled=no interface=ether03_Private network=192.168.0.0

/ip firewall mangle
add action=accept chain=prerouting disabled=no dst-address=66.66.66.66/26 in-interface=Private_LAN_Bridge
add action=accept chain=prerouting disabled=no dst-address=77.77.77.77/27 in-interface=Private_LAN_Bridge
add action=mark-connection chain=prerouting disabled=no dst-address=66.66.66.66/26 in-interface=Private_LAN_Bridge new-connection-mark=ISP1_conn passthrough=yes
add action=mark-connection chain=prerouting disabled=no dst-address=77.77.77.77/27 in-interface=Private_LAN_Bridge new-connection-mark=ISP2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no in-interface=ether01_SatGate new-connection-mark=ISP1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no in-interface=ether04_ScopeSky new-connection-mark=ISP2_conn passthrough=yes

add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=Private_LAN_Bridge new-connection-mark=ISP1_conn passthrough=yes per-connection-classifier=both-addresses:9/0
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=Private_LAN_Bridge new-connection-mark=ISP1_conn passthrough=yes per-connection-classifier=both-addresses:9/1
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=Private_LAN_Bridge new-connection-mark=ISP1_conn passthrough=yes per-connection-classifier=both-addresses:9/2
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=Private_LAN_Bridge new-connection-mark=ISP1_conn passthrough=yes per-connection-classifier=both-addresses:9/3
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=Private_LAN_Bridge new-connection-mark=ISP1_conn passthrough=yes per-connection-classifier=both-addresses:9/4
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=Private_LAN_Bridge new-connection-mark=ISP2_conn passthrough=yes per-connection-classifier=both-addresses:9/5
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=Private_LAN_Bridge new-connection-mark=ISP2_conn passthrough=yes per-connection-classifier=both-addresses:9/6
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=Private_LAN_Bridge new-connection-mark=ISP2_conn passthrough=yes per-connection-classifier=both-addresses:9/7
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=Private_LAN_Bridge new-connection-mark=ISP2_conn passthrough=no per-connection-classifier=both-addresses:9/8

add action=mark-routing chain=prerouting connection-mark=ISP1_conn disabled=no in-interface=Private_LAN_Bridge new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=ISP2_conn disabled=no in-interface=Private_LAN_Bridge new-routing-mark=to_ISP2 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP1_conn disabled=no new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP2_conn disabled=no new-routing-mark=to_ISP2 passthrough=yes

/ip firewall nat
add action=dst-nat chain=dstnat comment="Forward HTTP Traffic to Squid" disabled=no dst-port=80 protocol=tcp src-address=!192.168.40.3 to-addresses=192.168.40.3 to-ports=80
add action=src-nat chain=srcnat disabled=no out-interface=ether01_SatGate to-addresses=66.66.66.66
add action=src-nat chain=srcnat disabled=no out-interface=ether04_ScopeSky to-addresses=77.77.77.77

/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=66.66.66.65 routing-mark=to_ISP1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=77.77.77.78 routing-mark=to_ISP2 scope=30 target-scope=10

add check-gateway=ping disabled=no [b]distance=10[/b] dst-address=0.0.0.0/0 gateway=66.66.66.65 scope=30 target-scope=10
add check-gateway=ping disabled=yes distance=20 dst-address=0.0.0.0/0 gateway=77.77.77.78 scope=30 target-scope=10
Now I got Squid installed on a PC server to be used as caching system. I've added the following:
/ip address
add address=192.168.40.1/24 disabled=no interface="ether05 - Squid" network=192.168.40.0

/ip firewall nat
add action=dst-nat chain=dstnat comment="Forward HTTP Traffic to Squid" disabled=no dst-port=80 protocol=tcp src-address=!192.168.40.3 to-addresses=192.168.40.3 to-ports=80
After adding Squid configuration above, PCC stopped working and the load has been directed to the third route (as it has the lowest administrative distance distance=10). As a check if I disable the following routes:
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=66.66.66.65 scope=30 target-scope=10
add check-gateway=ping disabled=yes distance=2 dst-address=0.0.0.0/0 gateway=77.77.77.78 scope=30 target-scope=10
Browsing completely dies!!

Anything can be done to have both PCC and Squid functional at the same time and using the same router board? By the way I am using RB1100 and RouterOS 5.11.
Appreciate your support and thanks in advance for everything..

Ammar

Who is online

Users browsing this forum: n4yeem and 12 guests