Community discussions

MikroTik App
 
systeq
just joined
Topic Author
Posts: 10
Joined: Mon Nov 22, 2021 1:48 am

Load Balancing / Routing

Mon Nov 22, 2021 2:05 am

Hi

I'm new to MikroTik, so please be gentle :)

So I've managed to get my RB4011 set up and it's primarily working how I want it to, except for one thing. I have 2 WANs (both vdsl) and both are connected and working, My intention is that by default clients will route to WAN1, but fail over to WAN2 if WAN1 is unavailable. A small number of clients (specific IP address) will do the opposite, so WAN2 first with failover to WAN1.

I've set up 4 Routes

Dst. Address 0.0.0.0, Gateway WAN1 PPPoE, Distance 1
Dst. Address 0.0.0.0, Gateway WAN2 PPPoE, Distance 2
Dst. Address 0.0.0.0, Gateway WAN2 PPPoE, Distance 1, Routing Mark: WAN2-First
Dst. Address 0.0.0.0, Gateway WAN1 PPPoE, Distance 2, Routing Mark: WAN2-First

I've then created an Address List for the WAN2-First clients, and a Mangle Rule:
Chain: prerouting, connection mark: no-mark, Src Address List: WAN2-Clients, Action: mark-routing, Routing Mark: WAN2-First.

The default clients work as expected, they use WAN1 and failover to WAN2. The issue is with the WAN2 first clients. If I check their external IP I see they are using WAN2 as expected, however performance is really poor. Monitoring the router I can see that, whilst they are reporting as using WAN2, a large number of the packets being sent are actually going out through WAN1.

If I disable the first 2 routing rules than the WAN2-First clients work correctly. If I change the first two rule and add a routing mark (WAN1-First) everything also works as expected, however that means I would need to create lists for all IPs and define a routing mark for them, which isn't ideal.

Is there a way to have a "default" pair of rules and rules with routing marks, or am I stuck with having to define all IPs and create Mangle rules for them?
 
spynappels
Member Candidate
Member Candidate
Posts: 106
Joined: Mon Oct 25, 2021 12:32 pm
Location: Northern Ireland
Contact:

Re: Load Balancing / Routing

Mon Nov 22, 2021 10:05 am

Do you have any other rules in the prerouting chain?
 
systeq
just joined
Topic Author
Posts: 10
Joined: Mon Nov 22, 2021 1:48 am

Re: Load Balancing / Routing

Mon Nov 22, 2021 1:51 pm

I actually intend to have 4 "groups" eventually, the two I've detailed (WAN1 first with failover and WAN2 first with failover) and WAN1 only and WAN2 only (no failover). So I have rules set up for all of them, though the last 2 aren't in use as of yet. If I disable them entirely it makes no difference.

Other than that the only other rules are 3 "special dummy rules to show fasttrack counters" which were created by default, one of which is prerouting.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Load Balancing / Routing

Mon Nov 22, 2021 4:06 pm

Quick question, what is the purpose of setting up the the router this way?
It sounds like you want to use both WANs at the same time, why not just simply load balance the routers ????

I have two WANIPs and all traffic goes to one except email traffic which is based on a previous only connection to WAN2 (we dont want to give up those email addresses lol)
 
systeq
just joined
Topic Author
Posts: 10
Joined: Mon Nov 22, 2021 1:48 am

Re: Load Balancing / Routing

Mon Nov 22, 2021 4:24 pm

The majority of clients will use WAN1, I only want specific services to use WAN2. Some services are tied to specific IPs, some need to use a specific connection for other reasons. I don't want general traffic using WAN2 at all unless it's an emergency (i.e. WAN1 is down), so simply load balancing based on available bandwidth doesn't serve my needs.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Load Balancing / Routing

Mon Nov 22, 2021 5:24 pm

Super. Start with standard ISP route structure.

ISP1 route distance=5 check-gateway=ping
ISP2 route distance=10

From the above all users will directed to ISP1 and if down go to ISP2.
When ISP 1 comes back online, then all users will head back to ISP1.

(Note; This presumes the WAN connections are from two different providers. There is no such thing as backup from the same provider simply more bandwidth to play with.)

Now the next step is to ensure only some IPs get access to WAN2 normally and do NOT access WAN1.
This is problematic in that its not an entire subnet or some already segregated group of users.
How many IPs are we talking about??

What I would do......
is create a route for all the special cases such that you have the below structure. The action of Lookup in table, means that the router will use the route mark route if available, if its not available (presumably because WAN2 is down), the router will look for the next closest route on the main table and that will be WAN1. If you didnt want WAN2 users to fail over, then one could put in the action of Lookup ONLY in table.

ISP1 route distance=5 check-gateway=ping
ISP2 route distance=10
ISP2 route distance=10 routing-mark=USEWAN2

Then for each user (IP) make a route rule.
Source Address: IPofuser1
Action: Lookup in Table
Table: USEWAN2

Source Address: IPofuser2
Action: Lookup in Table
Table: USEWAN2

Etc.......................
 
systeq
just joined
Topic Author
Posts: 10
Joined: Mon Nov 22, 2021 1:48 am

Re: Load Balancing / Routing

Mon Nov 22, 2021 5:59 pm

Hi

Thanks for the idea, however I've looked at routing rules already and they're not really feasible as they only allow single IPs. Using Mangle rules I can use Address Lists which is a more realistic option.

In terms of the routes these are already in place and working, all "default" clients can use WAN1 and failover to WAN2 without a problem. It's only those with routing rules to direct them down WAN2 that have the issue.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Load Balancing / Routing

Mon Nov 22, 2021 6:18 pm

Up to you, with mangling you lose fastrack advantages in connection tracking but probablly no biggie.
For me I would change how those strange and weird users are segregated.
I would put them on one subnet/vlan if at all possible.

As I said, even if 50 users, I would make up 50 route rules. I hate mangling.
 
systeq
just joined
Topic Author
Posts: 10
Joined: Mon Nov 22, 2021 1:48 am

Re: Load Balancing / Routing

Mon Nov 22, 2021 6:22 pm

It's each to their own I guess, for me that method would be a nightmare to manage.

I've seen other users doing it this way with Mangle rules, so I find it hard to believe it can't work, I just need to understand why those clients are routing some packets down the default WAN rather than everything following the rules.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Load Balancing / Routing

Mon Nov 22, 2021 8:35 pm

If its a nightmare to manage then suggest your hardware design needs improvement.
My method works, why is it so hard to manage?
Statically set DHCP leases and IPs are static!!

If you have a bunch of users with a specific use case, put them on a vlan!
If you dont have the equipment to do that, then thats a network design issue, you need to ensure you are using managed switches and access points.
I have this in my home and I am not even a business but as soon as a network expands, the need is obvious....

Mangling is complicated as you have to ensure that each direction of travel of a packet is controlled and to add failover to that, hurts my brain.
Some here work through it like butta, so hopefully one of the experts will chime in soon!
 
systeq
just joined
Topic Author
Posts: 10
Joined: Mon Nov 22, 2021 1:48 am

Re: Load Balancing / Routing

Mon Nov 22, 2021 8:56 pm

I shouldn't have to re design my whole network just to replace a router, that's completely backwards thinking. The design works perfectly well with my existing router, there's no reason it can't with the Mikrotik.

I have managed switches but it simply makes no sense to create routing rules for single IPs, I would rather create IP groups for the complete range so the mangle rules work than create 70 individual routing rules. Management in IT is generally done with groups and I believe a router should be no exception.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19107
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Load Balancing / Routing

Mon Nov 22, 2021 10:47 pm

Concur, many MT users have asked for more fidelity such as being able to use firewall-address-lists for many more entries and rules than is currently allowed.
Then the addition of only one Route Rule would be required. I agree its a shame this has not been implemented.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Load Balancing / Routing

Mon Nov 22, 2021 10:47 pm

As long as some other rule doesn't interfere (remove routing mark, assign connection mark), it should work like this.

But it's not very efficient way, because now you're checking every single packet against the list. It's better to check only new connections from LAN and give them connection mark. And then have another rule that assigns routing mark based on connection mark.
 
systeq
just joined
Topic Author
Posts: 10
Joined: Mon Nov 22, 2021 1:48 am

Re: Load Balancing / Routing

Mon Nov 22, 2021 11:25 pm

I had seen that suggested elsewhere but with no explanation as to why it was better, so thank you I will certainly change to that.

However I have already tested that method and it doesn't solve the issue I'm seeing. Packets that should be marked and using WAN2 still end up using the default route of WAN1. It's very confusing as it's not all Packets, it's as though they're being split 50/50.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Load Balancing / Routing

Mon Nov 22, 2021 11:40 pm

You can export and post your config, and perhaps someone will spot something you missed.
 
systeq
just joined
Topic Author
Posts: 10
Joined: Mon Nov 22, 2021 1:48 am

Re: Load Balancing / Routing

Wed Nov 24, 2021 1:09 pm

Thanks for your help. I've decided to "resolve" it by adding a mangle rule that marks all connections that haven't matched any other rule, and having all my Routes require a routing mark. It doesn't seem like that should be necessary, but it does at least work and allow me to move on with getting this installed.

I may revisit this at a later date and try to work out why a default (no mark) route doesn't work as expected.
 
systeq
just joined
Topic Author
Posts: 10
Joined: Mon Nov 22, 2021 1:48 am

Re: Load Balancing / Routing

Mon Nov 29, 2021 8:14 pm

So, for anyone else who may have this problem I've finally resolved it.

In my Mangle rules I had the Source Address List set to the various LAN IPs, but it turns out I also need to Specify the Destination Address is not a LAN IP. I tried using Dest Type as not local, which doesn't work, so I created an Address List and used that in the Destination Address List. I presume you could also just specify the Range in the Dst. Address.

I stumbled on this largely by accident, so I'm not entirely sure why it works, just that it does. If anyone with more knowledge than me (that's pretty much everyone) can explain why it works I'm interested to learn.


I also changed the rules so they use connection marks as previously suggested (thank you) which of course didn't resolve the problem but hopefully makes my rules more efficient.

Who is online

Users browsing this forum: Ahrefs [Bot], Amazon [Bot], DanMos79 and 84 guests