Community discussions

MikroTik App
 
TomRoyls
just joined
Topic Author
Posts: 1
Joined: Sat Nov 20, 2021 1:30 pm

Unable to load balance https traffic

Sat Nov 20, 2021 2:22 pm

Hi everyone.

I have 2 internet connections and try to setup load balancing for them. I managed to get it working mostly, but I cant manage to get https (all other traffic types are working as expected) traffic to use the second wan at all. If I check the connections tab, the connections are marked correctly, but all the traffic is still using wan1.
Is there anything else that I have to change in order to load balance https traffic?

This is my config:
# nov/20/2021 14:06:57 by RouterOS 6.47.8
# model = RB750Gr3
/interface bridge port
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge interface=bonding1
/interface list member
add interface=bridge list=LAN
add interface=ether1-wan list=WAN
add interface=pppoe-out1 list=WAN
add interface=ether2-wan list=WAN
/ip firewall mangle
add action=accept chain=prerouting in-interface=ether1-wan
add action=accept chain=prerouting in-interface=ether2-wan
add action=accept chain=prerouting in-interface=pppoe-out1
add action=mark-connection chain=input in-interface=ether1-wan \
    new-connection-mark=wan1_conn passthrough=yes
add action=mark-connection chain=input in-interface=ether2-wan \
    new-connection-mark=wan2_conn passthrough=yes
add action=mark-connection chain=input in-interface=pppoe-out1 \
    new-connection-mark=wan1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local new-connection-mark=wan1_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/0 src-address=\
    10.0.0.0/24
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local dst-port=22,80,183,8080,5060,2222 \
    new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:2/1 protocol=tcp src-address=10.0.0.0/24
add action=mark-connection chain=prerouting connection-mark=no-mark dst-port=\
    443,5000-6000 new-connection-mark=wan2_conn passthrough=yes protocol=tcp \
    src-address=10.0.0.102
add action=mark-routing chain=prerouting connection-mark=wan2_conn new-routing-mark=to_wan2 passthrough=yes src-address=10.0.0.0/24
add action=mark-routing chain=prerouting connection-mark=wan1_conn new-routing-mark=to_wan1 passthrough=yes src-address=10.0.0.0/24
add action=mark-routing chain=prerouting connection-mark=no-mark new-routing-mark=to_wan1 passthrough=yes src-address=10.0.0.0/24
/ip route
add check-gateway=ping comment=to_wan1 distance=1 gateway=11.11.11.11 routing-mark=to_wan1
add check-gateway=ping comment=to_wan2 distance=1 gateway=22.22.22.22 routing-mark=to_wan2
add check-gateway=ping comment=fallback_wan1 distance=3 gateway=11.11.11.11
add check-gateway=ping comment=fallback_wan2 distance=4 gateway=22.22.22.22
What I expect:
TCP ports 22,80,183,8080,5060,2222 should get load balanced on all systems
TCP ports 443, 5000-6000 should get load balanced only on one system
everything else should use wan1 with wan2 as a fallback

so far everything has been working fine, except for TCP 443 (https), which is always using wan1 even if I move it into the general balancing rule and I have absolutely no idea why.

Any help with this would be greatly appreciated.
Best regards
Tom

Who is online

Users browsing this forum: jaclaz and 53 guests