I am trying to get some bandwidth management done. I have a 50 MBit DSL on ISP_01, and a 200 Mbit metered connection on ISP_02. The logic should be the following, when the bandwidth from ISP_01 reaches 50 MBit, new connections should be routed over to ISP_02.
The scripts that update the gateways on the default routes on to_ISP1 and to_ISP2 are working perfectly. I have to use a script to update the gateways, I know the default route can be added via the DHCP client, but it does not allow me to set options on the route. The bandwidth scripts on the bandwidth monitor are working too.
The issue I am facing is:
Code: Select all
add action=mark-routing chain=prerouting comment=balancer connection-state=new disabled=yes new-routing-mark=to_ISP1 passthrough=no
When I ping 8.8.8.8, only the first packet goes through ISP_01, the second one does not... when I kill the connection on /ip/firewall/connections, again only 1 packet goes through... when I enable new and related... does also not work... so my question is... what do I have to set here so that all new connections go to ISP_01 using my config. This is the step where I am stuck for now, the next step to this would be adding a disabled mangle rule before the to_ISP1 rule that get activated by the bandwidth monitoring that sends the routing via to_ISP2. If that makes sense.
Any help is greatly appreciated. For reference, the whole config below.
Thanks!
Ben
Code: Select all
/interface bridge
add name=bridge_LAN
/interface ethernet
set [ find default-name=ether1 ] name=ISP_01
set [ find default-name=ether2 ] name=ISP_02
set [ find default-name=ether3 ] name=LAN_01
set [ find default-name=ether4 ] name=LAN_02
set [ find default-name=ether5 ] name=LAN_03
set [ find default-name=sfp1 ] disabled=yes
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp_pool0 ranges=192.168.77.11-192.168.77.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=bridge_LAN name=dhcp1
/port
set 0 name=serial0
/routing table
add disabled=no fib name=to_ISP1
add disabled=no fib name=to_ISP2
/system logging action
set 0 memory-lines=100
/interface bridge port
add bridge=bridge_LAN interface=LAN_01
add bridge=bridge_LAN interface=LAN_02
add bridge=bridge_LAN interface=LAN_03
/ip address
add address=192.168.77.1/24 interface=bridge_LAN network=192.168.77.0
/ip dhcp-client
add add-default-route=no interface=ISP_01
add add-default-route=no interface=ISP_02
/ip dhcp-server network
add address=192.168.77.0/24 dns-server=192.168.77.1 gateway=192.168.77.1
/ip firewall mangle
add action=mark-routing chain=prerouting comment=balancer connection-state=new disabled=yes new-routing-mark=to_ISP1 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ISP_01
add action=masquerade chain=srcnat out-interface=ISP_02
/ip route
add comment=to_ISP_01 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.81.1 pref-src="" routing-table=to_ISP1 scope=30 suppress-hw-offload=no target-scope=10
add comment=to_ISP_02 disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.82.1 pref-src="" routing-table=to_ISP2 scope=30 suppress-hw-offload=no target-scope=10
/system clock
set time-zone-name=Europe/Berlin
/system scheduler
add interval=1s name=to_ISP on-event="to_ISP1\r\
\nto_ISP2" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=nov/15/2022 start-time=16:37:05
/system script
add dont-require-permissions=no name=to_ISP1 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":local newgw [ip\
\_dhcp-client get [find interface=\"ISP_01\"] gateway];\r\
\n:local routegw [/ip route get [find comment=\"to_ISP_01\"] gateway ];\r\
\n:if (\$newgw != \$routegw) do={\r\
\n /ip route set [find comment=\"to_ISP_01\"] gateway=\$newgw;\r\
\n}"
add dont-require-permissions=no name=to_ISP2 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":local newgw [ip\
\_dhcp-client get [find interface=\"ISP_02\"] gateway];\r\
\n:local routegw [/ip route get [find comment=\"to_ISP_02\"] gateway ];\r\
\n:if (\$newgw != \$routegw) do={\r\
\n /ip route set [find comment=\"to_ISP_02\"] gateway=\$newgw;\r\
\n}"
/tool traffic-monitor
add interface=ISP_01 name=LB1 on-event=":log warning \"LB Debug: ISP1 overloaded, switching to ISP2\";\r\
\n/ip firewall mangle set [find comment=\"balancer\"] connection-mark=ISP2_conn\r\
\n" threshold=50000000 traffic=received
add interface=ISP_01 name=LB2 on-event=\
":log warning \"LB Debug: ISP1 ok, switching back to ISP1\";\r\
\n/ip firewall mangle set [find comment=\"balancer\"] connection-mark=ISP1_conn\r\
\n" threshold=30000000 traffic=received trigger=below