Community discussions

MikroTik App
 
thecon
just joined
Topic Author
Posts: 2
Joined: Thu Feb 16, 2023 10:00 am

Beginner question about load balancing with PCC

Wed Mar 01, 2023 9:42 pm

Hello to everybody.

I have a Mikrotik Chateau LTE12 with routerOS 7.7 and would like to load balance and have redundancy with an LTE connection and a PPPoE connection (to a bridged modem from my ISP).

Using this help (Example 3: PCC) from here (https://help.mikrotik.com/docs/display/ ... g-Routes.2) and from other sources, I have managed to achieve that. When I bring down the lte1 interface, traffic from my LAN (i.e. port2) or wifi, is automatically routed via pppoe-out1 and vice versa.

I have a bridge and it contains everything except ether1 (reserved for the PPPoE) and a zerotier interface I have installed. Everything else is pretty much standard after a fresh installation (with defaults).

This is my code (it is a bit different from the above link):
/routing/table
add fib name=to_lte1
add fib name=to_pppoe-out1

/ip/firewall/mangle
add chain=prerouting dst-address=10.223.57.71/24  action=accept in-interface=bridge
add chain=prerouting dst-address=91.140.74.51/24 action=accept in-interface=bridge
add chain=input in-interface=lte1       connection-mark=no-mark action=mark-connection new-connection-mark=lte1_conn  passthrough=yes
add chain=input in-interface=pppoe-out1 connection-mark=no-mark action=mark-connection new-connection-mark=pppoe-out1 passthrough=yes
add chain=prerouting in-interface=bridge connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=lte1_conn       passthrough=yes
add chain=prerouting in-interface=bridge connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=pppoe-out1_conn passthrough=yes
add chain=prerouting connection-mark=lte1_conn       in-interface=bridge action=mark-routing new-routing-mark=to_lte1       passthrough=no
add chain=prerouting connection-mark=pppoe-out1_conn in-interface=bridge action=mark-routing new-routing-mark=to_pppoe-out1 passthrough=no
add chain=output connection-mark=lte1_conn       action=mark-routing new-routing-mark=to_lte1
add chain=output connection-mark=pppoe-out1_conn action=mark-routing new-routing-mark=to_pppoe-out1

/ip/firewall/nat
add chain=srcnat out-interface=lte1 action=masquerade
add chain=srcnat out-interface=pppoe-out1 action=masquerade
... and these are my questions:

1) Both my lte1 interface and my pppoe-out1 interface have dynamic IP addresses (10.223.57.71 and 91.140.74.51 respectively), and they change in wild patterns (i.e. not just in /24 mask). How can I reflect that to the first two lines of my firewall mangle?

2) On the link provided, it also has this:
/ip route
add gateway=10.111.0.1@main routing-table=to_ISP1 check-gateway=ping
add gateway=10.112.0.1@main routing-table=to_ISP2 check-gateway=ping
but I cannot convert it to my setup. What can I do? (of course "to_ISP1" and "to_ISP2" is now "to_lte1" and "to_pppoe-out1").

3) on the 3rd and 4th lines of /ip/firewall/mangle, can I use "add chain=prerouting" instead of "add chain=input"?
4) on the 3rd, 4th, 5th and 6th lines of the mangle, is "passthrough=yes" needed?
5) on the 7th and 8th lines of mangle, is "passthrough=no" needed?
6) with my current setup, i suspect that I don't have the combined bandwidth of my ISP (100/10 mbps) and the LTE (which varies at arount 10-20mbps). Is it because I don't have a perfect setup? How can I verify that?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19100
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Beginner question about load balancing with PCC

Wed Mar 01, 2023 10:41 pm

VERY GOOD question. I do not know the answer but am guessing you may need to script something for that level of complexity.
Hopefully others will chime in.
 
thecon
just joined
Topic Author
Posts: 2
Joined: Thu Feb 16, 2023 10:00 am

Re: Beginner question about load balancing with PCC

Fri Mar 03, 2023 11:05 am

It's a bit quiet here, but on top of my head, perhaps those dynamic IPs can get a "name" of sorts and then use that "name" in the firewall so that you don't have to use a script.

Who is online

Users browsing this forum: cdblue, Google [Bot], koolandrew and 49 guests