Community discussions

MikroTik App
 
thejerry
just joined
Topic Author
Posts: 2
Joined: Fri Nov 19, 2021 12:54 pm

Load balancing - slow loading of websites and more

Sat Nov 27, 2021 7:37 pm

Hi, I bought a Mikrotik RouterBOARD RB962UiGS-5HacT2HnT hAP and this is my first experience with RouterOS. My main goal is to have Load balancing with ISP via DSL WAN1 (connected to Mikrotik from ISP router) and ISP Starlink WAN2 (connected to Mikrotik directly from the Starlink brick, so I am not using Starlink router).
On the first I tried a quick setup. When I connected to one ISP at the time, everything worked great.
I use this tutorial for setup of Load balancing https://youtu.be/GeuuNE3EPBA - should be same setup as well recommended MUM https://mum.mikrotik.com/presentations/ ... 749570.pdf

WAN1 has distance 1 and WAN2 distance 2. I set it up like this, because Starlink WAN2 has a faster download than DSL WAN1.

I get in the Route List Starlink WAN2 as unreachable. I tried a few things to change but nothing helped. I decided to change Check gateway from ping to arp and that was it! Starlink WAN2 is from now on reachable.
If I try to disconnect Starlink WAN2 failover works pretty well. For example, youtube play video without interruption. When I connected WAN2 back, youtube stopped playing video and some apps like Signal showed “disconnected”. In RouterOS everything looks fine, like the handover worked.

Another issue is that loading of websites is really slow. It can take like a minute before it loads the UI of youtube. Another example, if I want to check speed on speedtest, it takes +-1 minute to “finding optimal server” and sometimes it will never find the optimal server or the speed check fails.
Sometimes websites does not loads at all and showing: This site can’t be reached - ERR_CONNECTION_CLOSED

Once again, if I use one ISP at the time, everything works great.

Please, anyone have some suggestions on how I could resolve these issues?


I would be happy if I can benefit from both ISPs at the same time. Like when I am downloading some game from steam, it would combine speeds. But that only works with link aggregation, right?
# nov/27/2021 18:27:03 by RouterOS 6.49.1
# software id = I2IK-I1QG
#
# model = RB962UiGS-5HacT2HnT
# serial number = E7D00F3639D9
/interface bridge
add admin-mac=DC:2C:6E:3D:37:41 auto-mac=no comment=defconf name=bridge1
/interface ethernet
set [ find default-name=ether3 ] comment="ether3 - WAN1 - Tmobile" name=WAN1
set [ find default-name=ether1 ] comment="ether1 - WAN2 - Starlink" name=WAN2
/interface wireless
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
    20/40/80mhz-XXXX country="czech republic" disabled=no distance=indoors \
    frequency=auto installation=indoor mode=ap-bridge ssid=Metaverse \
    wireless-protocol=802.11 wps-mode=disabled
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
    dynamic-keys supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=Sveta \
    supplicant-identity="" unicast-ciphers=tkip,aes-ccm
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    country="czech republic" disabled=no distance=indoors frequency=auto \
    installation=indoor mode=ap-bridge name="wlan1 Sveta" security-profile=\
    Sveta ssid=Na_konci_sveta wireless-protocol=802.11 wps-mode=disabled
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 name=defconf
/interface bridge port
add bridge=bridge1 comment=defconf interface=ether4
add bridge=bridge1 comment=defconf interface=ether5
add bridge=bridge1 comment=defconf interface=sfp1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface="wlan1 Sveta"
add bridge=bridge1 interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge1 list=LAN
add comment=defconf interface=WAN2 list=WAN
add interface=WAN1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge1 network=\
    192.168.88.0
/ip dhcp-client
add add-default-route=no disabled=no interface=WAN1
add add-default-route=no disabled=no interface=WAN2
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=accept chain=prerouting dst-address=10.0.0.0/24 in-interface=\
    bridge1
add action=accept chain=prerouting dst-address=100.64.0.0/10 in-interface=\
    bridge1
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=bridge1 new-connection-mark=\
    WAN1_conn passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=bridge1 new-connection-mark=\
    WAN2_conn passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=bridge1 new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=bridge1 new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_conn \
    new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn \
    new-routing-mark=to_WAN2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ip route
add check-gateway=ping distance=1 gateway=10.0.0.138 routing-mark=to_WAN1
add check-gateway=arp distance=1 gateway=100.127.255.7 routing-mark=to_WAN2
add check-gateway=arp distance=1 gateway=100.127.255.7
add check-gateway=ping distance=2 gateway=10.0.0.138
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bridge1 type=internal
add interface=WAN2 type=external
/system clock
set time-zone-name=Europe/Prague
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19109
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Load balancing - slow loading of websites and more  [SOLVED]

Sat Nov 27, 2021 11:22 pm

Your mangle rules seem a tad off..... note one set of the rules needs to move (from spot 2 to spot 5)

(1 should be 1)
/ip firewall mangle
add action=accept chain=prerouting dst-address=10.0.0.0/24 in-interface=\
bridge1

add action=accept chain=prerouting dst-address=100.64.0.0/10 in-interface=\
bridge1

Remove in-interface=bridge (wrong)
For the dst-address that should be the network of the IP address of the WANIP.
(you will find it under IP address in winbox....... probably a dynamic entry when connected).
For example
WANIP is 172.168.0.3 is the wanip under IP address, thus use 172.168.0.0/24 for dst-address in mangle rule.


(3 should be 2) (good)
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=bridge1 new-connection-mark=\
WAN1_conn passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local in-interface=bridge1 new-connection-mark=\
WAN2_conn passthrough=yes per-connection-classifier=both-addresses:2/1

(4 should be 3) (good)
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
in-interface=bridge1 new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
in-interface=bridge1 new-routing-mark=to_WAN2 passthrough=yes

(5 should be 4) (good)
add action=mark-routing chain=output connection-mark=WAN1_conn \
new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn \
new-routing-mark=to_WAN2 passthrough=yes

(2 should be 5) GOOD but move these rules down to the end.......... (not sure if makes a difference but here is where I have seen them on other configs.
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
 
thejerry
just joined
Topic Author
Posts: 2
Joined: Fri Nov 19, 2021 12:54 pm

Re: Load balancing - slow loading of websites and more

Sun Nov 28, 2021 4:14 pm

Thank you very much Anav!!! It helped! Works like charm. Next time I will start configurating with clean sheet. This time I was modifying config with quick setup configuration. So there were some Mangle rules from the beginning and it didn't strike me, that order of rules will matter like that (face palm).

About WANIP, when I take WANIP from WAN2 Starlink under IP address, add it to dst-address in mangle rule, click on ok and it will automatically be changed to 100.64.0.0/10.

Few not important things.
It doesn't load balance upload.
When I am downloading one big file, it will for example choose WAN1, after stopping and again activate download it will choose WAN2. If i want to use specific WAN only for few cases, like for downloading one big files or browsing a should add another mangle rules like this:
add dst-address=0.0.0.0/0 gateway=10.0.2.1 scope=255 target-scope=10 routing-mark="HTTP traffic" comment="" disabled=no 

Please, is that correct?

Another weird thing happened, when I mess around with mangle rules and distance in Route rules, it didn't work properly, so I return setting back and from now on, speedtest. net measuring speed only from single WAN. I tried downloading something from Steam and load balancing works as before. I was just bit scared that I broke something :D

Who is online

Users browsing this forum: abdullanetworking, cmmike, Osstropolys and 32 guests