Community discussions

MikroTik App
 
garethwebber
just joined
Topic Author
Posts: 5
Joined: Tue Oct 15, 2019 3:13 pm

Load Balancing problems since 7.2

Fri Oct 14, 2022 1:59 pm

Hi

I load balance across two WAN connections on my rb4001. I have Virgin media (port 8) and plus.net over PPPoE (port 1). I use the connection tagging as described in the online examples (with address lists setting different primaries for different devices) and it has worked through v6 and up to V7.1.3. https://help.mikrotik.com/docs/pages/vi ... d=26476608

Any version since then (and I just check v7.5) hasn't worked. While the virgin connection is quick, the plus net is like using a 300 baud modem. Both connections are natted. Could the fact that one is direct and one is PPPoE be the cause of the problem?

Has anyone else had this problem?

Gareth
 
garethwebber
just joined
Topic Author
Posts: 5
Joined: Tue Oct 15, 2019 3:13 pm

Config

Fri Oct 14, 2022 3:31 pm

# oct/14/2022 13:28:29 by RouterOS 7.1.3
# software id = 6XXI-TFM8
#
# model = RB4011iGS+
# serial number = 
/interface bridge
add admin-mac=48:8F:5A:C5:70:CD auto-mac=no ingress-filtering=no name=bridge \
    vlan-filtering=yes
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard-vlan
/interface vlan
add interface=bridge name=dmz-vlan vlan-id=20
add interface=bridge name=guest-vlan vlan-id=30
/interface pppoe-client
add disabled=no interface=ether1 keepalive-timeout=disabled name=pppoe-out1 \
    user=[plusnet login]
/interface list
add name=WAN
add name=LAN
add name=DMZ
add include=DMZ,LAN name=LOCAL
/interface lte apn
set [ find default=yes ] ip-type=ipv4
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec profile
set [ find default=yes ] dh-group=modp2048 enc-algorithm=aes-256,aes-128 \
    hash-algorithm=sha256
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256 disabled=yes enc-algorithms=\
    aes-256-cbc,aes-128-cbc pfs-group=modp4096
/ip pool
add name=private_pool ranges=192.168.0.2-192.168.0.100
add name=vpn_pool ranges=192.168.5.2-192.168.5.100
add name=guest_pool ranges=192.168.3.2-192.168.3.100
add name=dmz_pool ranges=192.168.2.2-192.168.2.100
/ip dhcp-server
add address-pool=private_pool authoritative=after-2sec-delay interface=bridge \
    lease-time=23h59m59s name=private-dhcp
add address-pool=guest_pool interface=guest-vlan lease-time=23h59m59s name=\
    guest-dhcp
add address-pool=dmz_pool interface=dmz-vlan lease-time=23h59m59s name=\
    dmz-dhcp
/port
set 0 name=serial0
set 1 name=serial1
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/routing table
add fib name=to_VIRGIN
add fib name=to_PLUSNET
/snmp community
set [ find default=yes ] addresses=192.168.2.0/24,192.168.0.0/24
add addresses=::/0 authentication-protocol=SHA1 name=v3user security=private
/system logging action
set 1 disk-file-name=disk1/log
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp,rest-api"
/certificate settings
set crl-download=yes crl-store=system crl-use=yes
/interface bridge port
add bridge=bridge comment=Bridge ingress-filtering=no interface=ether2
add bridge=bridge ingress-filtering=no interface=ether5 pvid=20
add bridge=bridge ingress-filtering=no interface=ether6
add bridge=bridge ingress-filtering=no interface=ether7
add bridge=bridge ingress-filtering=no interface=ether9
add bridge=bridge ingress-filtering=no interface=ether10
add bridge=bridge ingress-filtering=no interface=sfp-sfpplus1
add bridge=bridge comment=DMZ ingress-filtering=no interface=ether4 pvid=20
add bridge=bridge ingress-filtering=no interface=ether3 pvid=20
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface bridge vlan
add bridge=bridge tagged=ether2,bridge untagged=ether3,ether4 vlan-ids=20
add bridge=bridge tagged=ether2,bridge vlan-ids=30
/interface detect-internet
set internet-interface-list=WAN
/interface list member
add interface=bridge list=LAN
add interface=ether1 list=WAN
add interface=guest-vlan list=LAN
add interface=ether3 list=DMZ
add interface=ether4 list=DMZ
add interface=ether8 list=WAN
add interface=wireguard-vlan list=LAN
add interface=dmz-vlan list=DMZ
/interface wireguard peers
add allowed-address=192.168.5.2/32 comment="Dads Iphone" interface=\
    wireguard-vlan public-key="key1"
add allowed-address=192.168.5.3/32 comment="Work Computer" interface=\
    wireguard-vlan public-key="key2"
add allowed-address=192.168.5.4/32 comment="Dads iPad" interface=\
    wireguard-vlan public-key="key3"
/ip address
add address=192.168.0.1/24 interface=bridge network=192.168.0.0
add address=192.168.3.1/24 interface=guest-vlan network=192.168.3.0
add address=192.168.2.1/24 interface=dmz-vlan network=192.168.2.0
add address=192.168.5.1/24 interface=wireguard-vlan network=192.168.5.0
/ip dhcp-client
add comment=defconf interface=ether1
add default-route-distance=2 interface=ether8
/ip dhcp-server lease
add address=192.168.0.105 always-broadcast=yes mac-address=00:15:99:61:67:53 \
    server=private-dhcp use-src-mac=yes
add address=192.168.0.150 client-id=1:5c:aa:fd:f1:ef:c6 comment=Media \
    mac-address=5C:AA:FD:F1:EF:C6 server=private-dhcp
add address=192.168.0.130 comment="Nest Smoke Alarms" mac-address=\
    18:B4:30:A7:71:BB server=private-dhcp
add address=192.168.0.131 mac-address=18:B4:30:A7:80:C2 server=private-dhcp
add address=192.168.0.132 mac-address=18:B4:30:A7:48:AB server=private-dhcp
add address=192.168.0.250 client-id=1:fc:ec:da:4d:1:7e comment=\
    "Network Infrastructure" mac-address=FC:EC:DA:4D:01:7E server=\
    private-dhcp
add address=192.168.3.1 allow-dual-stack-queue=no client-id=fake-router-guest \
    comment="Guest Network" server=guest-dhcp
add address=192.168.2.1 allow-dual-stack-queue=no client-id=fake-router-dmz \
    comment=DMZ server=dmz-dhcp
add address=192.168.2.102 mac-address=7C:2F:80:5D:38:B1 server=dmz-dhcp
add address=192.168.2.101 client-id=\
    ff:fb:6b:b1:e4:0:2:0:0:ab:11:ca:4f:63:3e:ed:27:42:23 mac-address=\
    00:1C:2B:0D:D1:5C server=dmz-dhcp
add address=192.168.0.106 client-id=1:28:3a:4d:89:bc:a6 mac-address=\
    28:3A:4D:89:BC:A6 server=private-dhcp
add address=192.168.0.251 client-id=\
    ff:4f:4d:d7:c:0:2:0:0:ab:11:97:81:e5:59:db:bf:68:8d mac-address=\
    18:E8:29:B4:5F:57 server=private-dhcp
add address=192.168.0.140 client-id=1:b4:fb:e4:fe:29:3e comment=Cameras \
    mac-address=B4:FB:E4:FE:29:3E server=private-dhcp
add address=192.168.0.104 client-id=1:b8:27:eb:c0:fd:cc mac-address=\
    B8:27:EB:C0:FD:CC server=private-dhcp
add address=192.168.2.110 mac-address=00:1E:06:36:3C:E6 server=dmz-dhcp
add address=192.168.2.105 client-id=1:dc:a6:32:32:9c:27 mac-address=\
    DC:A6:32:32:9C:27 server=dmz-dhcp
add address=192.168.0.253 client-id=1:f4:92:bf:a0:b9:fb mac-address=\
    F4:92:BF:A0:B9:FB server=private-dhcp
add address=192.168.0.107 client-id=1:f8:a2:6d:a:47:31 mac-address=\
    F8:A2:6D:0A:47:31 server=private-dhcp
add address=192.168.0.117 client-id=macbook-air-wifi2 mac-address=\
    84:38:35:57:2C:4A server=private-dhcp
add address=192.168.0.151 client-id=1:40:2f:86:32:24:8 mac-address=\
    40:2F:86:32:24:08 server=private-dhcp
add address=192.168.0.152 client-id=1:74:40:be:24:99:b0 mac-address=\
    74:40:BE:24:99:B0 server=private-dhcp
add address=192.168.0.156 client-id=1:a0:85:fc:1e:81:1e mac-address=\
    A0:85:FC:1E:81:1E server=private-dhcp
add address=192.168.0.252 client-id=1:24:5a:4c:6e:8e:29 mac-address=\
    24:5A:4C:6E:8E:29 server=private-dhcp
add address=192.168.0.116 client-id=1:70:9c:d1:62:25:69 mac-address=\
    70:9C:D1:62:25:69 server=private-dhcp
add address=192.168.0.155 client-id=1:4c:3b:df:4b:24:bf mac-address=\
    4C:3B:DF:4B:24:BF server=private-dhcp
add address=192.168.0.153 client-id=1:24:e8:53:90:b2:a6 mac-address=\
    24:E8:53:90:B2:A6 server=private-dhcp
add address=192.168.0.113 client-id=gareth-iphone mac-address=\
    0E:DA:C1:EB:5B:A9 server=private-dhcp
add address=192.168.0.141 client-id=1:68:d7:9a:e5:27:3f mac-address=\
    68:D7:9A:E5:27:3F server=private-dhcp
add address=192.168.0.118 client-id=1:ec:26:51:75:50:5b mac-address=\
    EC:26:51:75:50:5B server=private-dhcp
add address=192.168.0.154 client-id=1:b0:37:95:5f:71:d7 mac-address=\
    B0:37:95:5F:71:D7 server=private-dhcp
add address=192.168.0.112 client-id="Dad iPad" mac-address=C4:12:34:09:45:6F \
    server=private-dhcp
add address=192.168.0.111 client-id=work-laptop mac-address=88:66:5A:42:9A:A6 \
    server=private-dhcp
add address=192.168.0.110 client-id=mac-studio comment=Workstations \
    mac-address=9C:76:0E:4E:60:D4 server=private-dhcp
add address=192.168.0.119 client-id=justin-phone mac-address=\
    AA:CB:35:DE:BA:FA server=private-dhcp
add address=192.168.0.114 client-id=Gareth-iPad-mini mac-address=\
    9C:04:EB:B5:6D:52 server=private-dhcp
add address=192.168.0.102 client-id=1:e4:5f:1:bd:74:5b comment=\
    "Printers and Servers" mac-address=E4:5F:01:BD:74:5B server=private-dhcp
add address=192.168.0.103 mac-address=B8:27:EB:7A:37:6E server=private-dhcp
/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf gateway=192.168.0.1 netmask=24
add address=192.168.2.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.2.1 \
    netmask=24
add address=192.168.3.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.3.1 \
    netmask=24
/ip dns
set allow-remote-requests=yes max-udp-packet-size=512 servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.0.1 name=router.lan
add address=192.168.0.102 name=kodi.lan ttl=1h
add address=192.168.2.105 name=plex.lan
add address=192.168.0.251 name=unifi.lan
add address=192.168.2.105 name=pubsvr.lan
/ip firewall address-list
add address=192.168.2.0/24 comment="DMZ VLAN" list=public-vlan
add address=192.168.3.0/24 comment="Guest VLAN" list=public-vlan
add address=192.168.0.0/24 comment="Private VLAN" list=private-vlan
add address=192.168.0.113 disabled=yes list="Gareth Work"
add address=192.168.0.117 list=Justin
add address=192.168.0.118 list=Justin
add address=192.168.0.111 list="Gareth Work"
add address=192.168.0.119 list=Justin
add address=192.168.0.110 list="Gareth Work"
add address=192.168.5.0/24 comment="Wireguard VLAN" list=private-vlan
add address=192.168.0.112 list="Gareth Work"
add address=192.168.0.116 list=Justin
/ip firewall filter
add action=accept chain=input comment="Accept established,related,untracked" \
    connection-state=established,related,untracked
add action=drop chain=input comment="Drop invalid" connection-state=invalid \
    log-prefix=Input
add action=accept chain=input comment="Accept Ping" protocol=icmp
add action=accept chain=input dst-address=192.168.0.1 src-address=192.168.0.1
add action=accept chain=input dst-port=53,67,68 in-interface-list=LOCAL \
    protocol=udp
add action=accept chain=input comment="SNMP Monitoring" dst-port=161 \
    in-interface-list=LOCAL protocol=udp
add action=accept chain=forward dst-port=161 in-interface-list=LOCAL \
    protocol=udp
add action=accept chain=forward dst-address-list=private-vlan protocol=icmp \
    src-address-list=public-vlan
add action=accept chain=input comment="Allow Wireguard" dst-port=13231 \
    log-prefix=fireguard protocol=udp
add action=accept chain=forward in-interface=wireguard-vlan
add action=drop chain=input comment="Drop all not coming from LAN" \
    in-interface-list=!LOCAL log-prefix=INPUT
add action=fasttrack-connection chain=forward comment=Fasttrack \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "Accept established,related, untracked" connection-state=\
    established,related,untracked
add action=accept chain=forward comment=\
    "Allow guest network access to login page on cloud-key" dst-address=\
    192.168.0.251 in-interface=guest-vlan
add action=accept chain=forward comment=Plex dst-port=32400 out-interface=\
    dmz-vlan protocol=tcp
add action=drop chain=forward comment=\
    "Stop access to private VLANs from public VLANs" dst-address-list=\
    private-vlan log-prefix=VLAN src-address-list=public-vlan
add action=drop chain=forward comment="Drop invalid" connection-state=invalid \
    log-prefix=INVALID
add action=drop chain=forward comment=\
    "Drop all from WAN (ether1) not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=accept chain=prerouting dst-address=[virgin-ip] in-interface-list=\
    LOCAL
add action=accept chain=prerouting dst-address=[plusnet-ip] \
    in-interface-list=LOCAL
add action=mark-connection chain=prerouting comment=\
    "Mark incoming connections by ISP" connection-mark=no-mark in-interface=\
    ether8 new-connection-mark=VIRGIN_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=pppoe-out1 new-connection-mark=PLUSNET_conn passthrough=yes
add action=mark-connection chain=prerouting comment=\
    "Lock Gareth & Justin to plusher" connection-mark=no-mark dst-address=\
    !192.168.0.0/16 dst-address-type=!local new-connection-mark=PLUSNET_conn \
    passthrough=yes src-address-list=Justin
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address=!192.168.0.0/16 dst-address-type=!local new-connection-mark=\
    PLUSNET_conn passthrough=yes src-address-list="Gareth Work"
add action=mark-connection chain=prerouting comment=\
    "DMZ goes out via plus.net" connection-mark=no-mark dst-address=\
    !192.168.0.0/16 dst-address-type=!local new-connection-mark=PLUSNET_conn \
    passthrough=yes src-address=192.168.2.0/24
add action=mark-connection chain=prerouting comment=\
    "Everything else go Virgin" connection-mark=no-mark dst-address=\
    !192.168.0.0/16 dst-address-type=!local new-connection-mark=VIRGIN_conn \
    passthrough=yes
add action=mark-routing chain=prerouting comment="Now do Routing Marks" \
    connection-mark=VIRGIN_conn dst-address-type=!local new-routing-mark=\
    to_VIRGIN passthrough=yes
add action=mark-routing chain=prerouting connection-mark=PLUSNET_conn \
    dst-address-type=!local new-routing-mark=to_PLUSNET passthrough=yes
add action=mark-routing chain=output connection-mark=VIRGIN_conn \
    dst-address-type=!local new-routing-mark=to_VIRGIN passthrough=yes
add action=mark-routing chain=output connection-mark=PLUSNET_conn \
    dst-address-type=!local new-routing-mark=to_PLUSNET passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface=\
    pppoe-out1
add action=masquerade chain=srcnat out-interface=ether8 to-addresses=\
    77.99.168.239
add action=dst-nat chain=dstnat comment=Plex dst-port=32400 protocol=tcp \
    to-addresses=192.168.2.105 to-ports=32400
add action=dst-nat chain=dstnat comment=tms-api dst-port=3001 protocol=tcp \
    to-addresses=192.168.2.105 to-ports=3001
add action=dst-nat chain=dstnat comment=tms dst-port=3000 protocol=tcp \
    to-addresses=192.168.2.105 to-ports=3000
/ip ipsec policy
set 0 disabled=yes
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 \
    routing-table=to_PLUSNET
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www-ssl disabled=no
set api disabled=yes
/snmp
set contact="Gareth Webber" enabled=yes location="Kids Room Router" \
    trap-generators="" trap-version=2
/system clock
set time-zone-autodetect=no time-zone-name=Europe/London
/system identity
set name=RB4011
/system logging
set 0 topics=info,!dhcp
set 1 action=disk
set 3 action=disk
add action=remote disabled=yes topics=firewall
add action=remote disabled=yes topics=critical
/system ntp client
set enabled=yes
/system ntp client servers
add address=216.239.35.12
add address=216.239.35.8
add address=216.239.35.4
add address=216.239.35.0
/system resource irq rps
set sfp-sfpplus1 disabled=no
/tool bandwidth-server
set enabled=no
/tool graphing interface
add allow-address=192.168.0.0/16 interface=ether8
add allow-address=192.168.0.0/16 interface=pppoe-out1
/tool graphing resource
add allow-address=192.168.0.0/16 store-on-disk=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool mac-server ping
set enabled=no
/tool traffic-monitor
add disabled=yes interface=bridge name=Test traffic=received
Last edited by garethwebber on Fri Oct 14, 2022 3:31 pm, edited 1 time in total.
 
garethwebber
just joined
Topic Author
Posts: 5
Joined: Tue Oct 15, 2019 3:13 pm

Re: Load Balancing problems since 7.2

Sun Oct 23, 2022 2:43 am

Bump.

Anyone?
 
IntLDaniel
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Thu Apr 04, 2019 7:21 pm

Re: Load Balancing problems since 7.2

Mon Oct 24, 2022 10:43 am

I bet you are facing to the routing priority issue (silently changed after ROS v7.2.1) viewtopic.php?p=941057#p938490 . If yes, v 7.2.1 still should work for you and not any higher. Mikrotik still has it reported as an "issue" but with no ETA for fix :-(
 
garethwebber
just joined
Topic Author
Posts: 5
Joined: Tue Oct 15, 2019 3:13 pm

Re: Load Balancing problems since 7.2

Sun Feb 12, 2023 3:42 pm

Do you know if this has since been resolved? Want to check before I upgrade if I need to spend a day rebuilding my routing ruleset

Thanks.

Gareth.

Who is online

Users browsing this forum: No registered users and 25 guests