Community discussions

MikroTik App
 
User avatar
entercom
just joined
Topic Author
Posts: 3
Joined: Sun Feb 01, 2015 2:15 am
Location: Greece
Contact:

MikroTik PCC and ECMP Load Balancing script Generator over Unequal multi WAN Links

Sun May 15, 2022 11:54 pm

I wrote a small application, as a tool for creating scripts. The application creates a script for load balancing with the PCC and ECMP method at the user's choice.
The user can also choose from 2 to 23 wans, with equal or unequal speed.
It can also create a more complete script with a few extra options.
You do not have the required permissions to view the files attached to this post.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: MikroTik PCC and ECMP Load Balancing script Generator over Unequal multi WAN Links

Mon May 16, 2022 8:28 am

You should never open Winbox directly from outside, your router will be hacked...
.
winbox.png
See this link:
viewtopic.php?p=870631#p870631
You do not have the required permissions to view the files attached to this post.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: MikroTik PCC and ECMP Load Balancing script Generator over Unequal multi WAN Links

Mon May 16, 2022 10:32 am

Before approving the post, I checked the file with the standard Windows "antivirus" and with webroot,
and I ran it inside a virtual machine.

I cannot guarantee anything, download the file at your own risk!


Warning: the file can be replaced later by the user with another file containing viruses,
tojans, cryptominers or anything else.


This does NOT mean it will, but it is just a warning ...
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: MikroTik PCC and ECMP Load Balancing script Generator over Unequal multi WAN Links

Mon May 16, 2022 1:17 pm

Replace the six PCC by lines by only three and the last is also a catch-all.:

2/1 catches three of six
3/1 catches two of six
-/- catches all (one of six). No PCC needed in that line
 
Kanta
just joined
Posts: 17
Joined: Tue May 15, 2018 7:54 pm

Re: MikroTik PCC and ECMP Load Balancing script Generator over Unequal multi WAN Links

Mon May 16, 2022 1:45 pm

Security issues aside from running a random program, you can't do this without understanding what the commands do. And you will have issues like with banking and stuff that expects the same src-ip to multiple dst-ips. I did the same thing 10+ years ago with 5 uplinks and it was such a pain. The setup will balance the number of connections, but not the bandwidth, might help, but would not count on it. To avoid the banking issues and such set the classifier to src-adress only, that way each src-ip gets the same public ip.

This would work great for IPV6 since there would be no NAT and IPV6 src-ip would stay the same.

And a simple config export in code tags would be more appropriate, one could copy and modify the config, not like you set up those link on a daily basis or so much that you need a script to generate the same thing over and over again.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: MikroTik PCC and ECMP Load Balancing script Generator over Unequal multi WAN Links  [SOLVED]

Mon May 16, 2022 1:54 pm

I wrote a small application, as a tool for creating scripts. The application creates a script for [...]
[...] It can also create a more complete script [...]
As I see it, at most it creates a configuration template.
For me, a script is something active that "executes", and makes decisions, etcetera.
It is certainly not just a list of static commands to configure something.

As for the idea, it is appreciable,
but only to configure the first time something,
because I see that it does not manage subsequent corrections to things already configured.
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: MikroTik PCC and ECMP Load Balancing script Generator over Unequal multi WAN Links

Mon May 16, 2022 3:51 pm

Good to see that problem has been resolved. Will sleep much better tonight. ;-)

Can you also resolve real life problems like the war in Ukrain?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: MikroTik PCC and ECMP Load Balancing script Generator over Unequal multi WAN Links

Mon May 16, 2022 3:56 pm

:shock:
@msatter, you have my word of honor that it wasn't me who scored it solved...

¯\_(ツ)_/¯
also because I do not understand what I have solved...

As for the war in Ukraine, I confess that I am a hypocrite, I care and despair for the Ukrainians, also because we are nearby,
but in other parts of the world I have never taken it to heart.
I wish I had the solution ...
 
User avatar
entercom
just joined
Topic Author
Posts: 3
Joined: Sun Feb 01, 2015 2:15 am
Location: Greece
Contact:

Re: MikroTik PCC and ECMP Load Balancing script Generator over Unequal multi WAN Links

Mon May 16, 2022 6:34 pm

You should never open Winbox directly from outside, your router will be hacked...
.
winbox.png

See this link:
viewtopic.php?p=870631#p870631
I totaly agree with you. For this reason, the checkbox is not checked. If someone wants, they activate it for testing.
 
User avatar
entercom
just joined
Topic Author
Posts: 3
Joined: Sun Feb 01, 2015 2:15 am
Location: Greece
Contact:

Re: MikroTik PCC and ECMP Load Balancing script Generator over Unequal multi WAN Links

Mon May 16, 2022 6:41 pm

Security issues aside from running a random program, you can't do this without understanding what the commands do. And you will have issues like with banking and stuff that expects the same src-ip to multiple dst-ips. I did the same thing 10+ years ago with 5 uplinks and it was such a pain. The setup will balance the number of connections, but not the bandwidth, might help, but would not count on it. To avoid the banking issues and such set the classifier to src-adress only, that way each src-ip gets the same public ip.

This would work great for IPV6 since there would be no NAT and IPV6 src-ip would stay the same.

And a simple config export in code tags would be more appropriate, one could copy and modify the config, not like you set up those link on a daily basis or so much that you need a script to generate the same thing over and over again.
In the upper right corner of the screen I note just that
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: MikroTik PCC and ECMP Load Balancing script Generator over Unequal multi WAN Links

Mon May 16, 2022 7:09 pm

HTTPS works fine with different source adresses. The cause is that where you also login, not all do allow different src-addresses. This forum is a good example of that happening.

As soon you login, you have to use the same src-address or the forum will lose your login.

I addressed that by having an address-list, this contains IP addresse/domains that should stick to one src-address.
 
User avatar
woland
Member Candidate
Member Candidate
Posts: 258
Joined: Mon Aug 16, 2021 4:49 pm

Re: MikroTik PCC and ECMP Load Balancing script Generator over Unequal multi WAN Links

Mon May 16, 2022 7:22 pm

As soon you login, you have to use the same src-address or the forum will lose your login.
I addressed that by having an address-list, this contains IP addresse/domains that should stick to one src-address.
A better solution would be to use a hash of source IPs to do a hide NAT behind th one WAN IP or behind the other WAN IP.
I don´t know how to do that on MT (or if it even can be implemented on MT), but this is the way I have seen on some other devices and would be great to have this on MT as well.
You don´t need to track any IP addresses, but the same source IP is always going over the same WAN.

BR
W
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2990
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: MikroTik PCC and ECMP Load Balancing script Generator over Unequal multi WAN Links

Mon May 16, 2022 7:31 pm

entercom

good job, thank you for sharing
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: MikroTik PCC and ECMP Load Balancing script Generator over Unequal multi WAN Links

Mon May 16, 2022 7:37 pm

That hash is already there and it PCC dst-address only. You mark the connection once and connection tracking does the job for you. When mix ports then there a new connection but the hash will be the same...the dst-address.

You will get a uneven distribution. If you want an even distribution then use both addesses+ports or NTH. Then you have keep track of sites that do not support multiple src-addresses.
 
User avatar
woland
Member Candidate
Member Candidate
Posts: 258
Joined: Mon Aug 16, 2021 4:49 pm

Re: MikroTik PCC and ECMP Load Balancing script Generator over Unequal multi WAN Links

Mon May 16, 2022 7:58 pm

That hash is already there and it PCC dst-address only. You mark the connection once and connection tracking does the job for you. When mix ports then there a new connection but the hash will be the same...the dst-address.

You will get a uneven distribution. If you want an even distribution then use both addesses+ports or NTH. Then you have keep track of sites that do not support multiple src-addresses.
Using a source address+source port hash avoids the issues with uneven load balancing. You don´t need to hash on dst ip and port. For connection tracking, a hash is not enough anyways, as you only want to allow the answer back to the right source and not to any source with the same hash. But connection tracking and hide NAT selection based on a src hash is something different.
Anyway I don´t think it is possible on an MT.
Thumbs up for Entercom for publishing this tool!

W
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: MikroTik PCC and ECMP Load Balancing script Generator over Unequal multi WAN Links

Mon May 16, 2022 8:42 pm

hmmm, connection tracking is only interested in marked connections and it's own administration.

When traffic returns it arrives on the correct WAN and correct port so that is easy work for connection tracking. No magic there. No connection re-marking needed.

When you browse different source ports are used and you have an problem when you are logged in. Flip it over, and use dst-address and port and you won't have any problems. Distribution will be as worse.

That is why both does not work, because of the src-port. If Mikrotik would implement both addresses and dst-port hashing, then life would be a lot easier.

A work around with both adresses and then a other line with dst-port could do this.

Example three wan with 3/2/1 distribution:
both addresses - mark 3 (PCC 2/0)
both addresses - mark 2 (PCC 3/0)
both addresses - mark 2 (PCC 3/1)
if mark 3 - dst-port - wan 1 - PCC 3/0
if mark 3 - dst-port - wan 2 - PCC 3/1
if mark 3 - dst-port - wan 1 - PCC 3/2
if mark 2 - dst-port - wan 2 - PCC 2/0
if mark 2 - dst-port - wan 1 - PCC 2/1
wan 3 (PCC -/-) catching the rest

No address-list needed anymore.
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1041
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: MikroTik PCC and ECMP Load Balancing script Generator over Unequal multi WAN Links

Mon May 16, 2022 9:35 pm

If Mikrotik would implement both addresses and dst-port hashing, then life would be a lot easier.

@msatter: Hear, hear! Also port lists and similar (aka nftables/netfilter) and maybe bpfilter using the new portable filters. Well, let's hope the ongoing v7 get's stable soon enough and then we'll see...
--

@entercom, love to see new solutions - thanks! Hopefully you get a lot of good constructive suggestions for changes/improvements like from @msatter. Don't let yourself be discouraged by any negative comments. Keep up the good work!
--
 
User avatar
woland
Member Candidate
Member Candidate
Posts: 258
Joined: Mon Aug 16, 2021 4:49 pm

Re: MikroTik PCC and ECMP Load Balancing script Generator over Unequal multi WAN Links

Tue May 17, 2022 4:13 pm

When you browse different source ports are used and you have an problem when you are logged in. Flip it over, and use dst-address and port and you won't have any problems. Distribution will be as worse.

That is why both does not work, because of the src-port. If Mikrotik would implement both addresses and dst-port hashing, then life would be a lot easier.
Hi,
yes, my mistake, didn´t think it through: HTTP is stateless, so every new HTTP request to the same server will potentially get a new src port assigned.
Still hashing for the src IP only is enough for most use cases (many users at the local network). For a single user you could get more bandwidth with dst port+src IP as the server mostly persists on cookies or TLS ID (sometimes on src ip however, so you always have to go then over the same wan link).

Anyway, I have hijacked this topic for long enough.

W

Who is online

Users browsing this forum: UkRainUa and 27 guests