Community discussions

MikroTik App
 
Atanas
just joined
Topic Author
Posts: 19
Joined: Fri Jan 25, 2019 8:53 am

Load Balancing with PCC - chains, loops?

Mon May 15, 2023 1:59 pm

Hello,

Please, someone explain me in more details some ideas in the following examples of PCC load balancing (LB), which I cannot understand:
1.https://help.mikrotik.com/docs/display/ ... Classifier
2.https://help.mikrotik.com/docs/display/ ... classifier

In both examples there is the following explanation:
With policy routing, it is possible to force all traffic to the specific gateway, even if traffic is destined to the host (other than gateway) from the connected networks. This way routing loop will be generated and communications with those hosts will be impossible. To avoid this situation we need to allow usage of the default routing table for traffic to connected networks:
/ip firewall mangle
add chain=prerouting dst-address=10.111.0.0/30  action=accept in-interface=ether3
add chain=prerouting dst-address=10.112.0.0/30  action=accept in-interface=ether3
If traffic to a host is directed entirely throughout one of possible gateways, it is not obligatory to get into a loop, isn’t it? The nexthop may have better or preferred route to the host than returning traffic back to the source, hasn’t it?
How exactly those mangle rules prevent policy routing through the specific gateway, say in reaching dst-address=8.8.8.8/32?
Isn’t the default routing table allowed by default, why do we need those explicit rules?
Please explain the entire section in as much details as possible.

------

Obviously, there can be different approaches for connection marking. In the first example only “prerouting” chain is used, whereas in the second one “input” and “output” chains are used.
In the later example there are also the following rows:
add action=mark-connection chain=prerouting connection-mark=no-mark connection-state=new dst-address-type=!local in-interface=ether_LAN new-connection-mark=ISP1 per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark connection-state=new dst-address-type=!local in-interface=ether_LAN new-connection-mark=ISP2 per-connection-classifier=both-addresses:2/1
May they be replaced with the following?:
add action=mark-connection chain=forward connection-mark=no-mark connection-state=new in-interface=ether_LAN new-connection-mark=ISP1 per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=forward connection-mark=no-mark connection-state=new in-interface=ether_LAN new-connection-mark=ISP2 per-connection-classifier=both-addresses:2/1
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Load Balancing with PCC - chains, loops?

Mon May 15, 2023 5:01 pm

Forward chain is late to mark..........
 
Atanas
just joined
Topic Author
Posts: 19
Joined: Fri Jan 25, 2019 8:53 am

Re: Load Balancing with PCC - chains, loops?

Mon May 15, 2023 5:32 pm

I see, but isn’t Output chain late as well, here in example 2 ?:
/ip firewall mangle
add chain=prerouting connection-mark=ISP1_conn in-interface=ether3 action=mark-routing new-routing-mark=to_ISP1
add chain=prerouting connection-mark=ISP2_conn in-interface=ether3 action=mark-routing new-routing-mark=to_ISP2
add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=to_ISP1
add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=to_ISP2
https://wiki.mikrotik.com/wiki/File:Routing_Diagram.jpg
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Load Balancing with PCC - chains, loops?

Mon May 15, 2023 6:03 pm

Output chain is typically used for traffic leaving from the router itself as is the last stop before traffic leaves..........

Who is online

Users browsing this forum: Google [Bot], Turbovix and 45 guests