Community discussions

MikroTik App
 
abbio90
Member Candidate
Member Candidate
Topic Author
Posts: 163
Joined: Fri Aug 27, 2021 9:16 pm
Contact:

2ISP BALANCE PCC

Thu Mar 23, 2023 7:07 am

hello everyone.
I have a routerboard with two ISPs.
The first ISP is a simple dot dot /30, the second is certified in pppoe..
The first ISP has 200mbps and the second ISP has 100mbps. I would like every 3 PCs connected, 2 use ISP1 and the other use ISP2.
I wanted to use balance pcc. can anyone tell me how to configure the mangles?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: 2ISP BALANCE PCC

Thu Mar 23, 2023 12:42 pm

 
abbio90
Member Candidate
Member Candidate
Topic Author
Posts: 163
Joined: Fri Aug 27, 2021 9:16 pm
Contact:

Re: 2ISP BALANCE PCC

Thu Mar 23, 2023 8:21 pm

Thanks for the reply. i entered these mangle rules and i would say it works.
/ip firewall mangle
add action=accept chain=prerouting comment=balance-pcc dst-address=10.246.159.0/24 src-address=10.246.159.0/24
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=pppoe-NETOIP new-connection-mark=ISP1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=vlan40_ether10-ISP2 new-connection-mark=ISP2_conn passthrough=yes
add action=jump chain=prerouting connection-mark=no-mark in-interface=BRIDGE10_LAN jump-target=policy-routing
add action=mark-routing chain=prerouting connection-mark=ISP1_conn new-routing-mark=ISP1-traffic passthrough=yes src-address=10.246.159.0/24
add action=mark-routing chain=prerouting connection-mark=ISP2_conn new-routing-mark=ISP2-traffic passthrough=yes src-address=10.246.159.0/24
add action=mark-routing chain=output connection-mark=ISP1_conn new-routing-mark=ISP1-traffic passthrough=yes
add action=mark-routing chain=output connection-mark=ISP2_conn new-routing-mark=ISP2-traffic passthrough=yes
add action=mark-connection chain=policy-routing dst-address-type=!local new-connection-mark=ISP1_conn passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=policy-routing dst-address-type=!local new-connection-mark=ISP2_conn passthrough=yes per-connection-classifier=both-addresses:2/1

/ip route
add comment="OUT VTO con VPN" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.165.43.1 pref-src="" routing-table=to-vpn scope=30 suppress-hw-offload=no target-scope=10
add disabled=no dst-address=0.0.0.0/0 gateway=8.8.4.4 routing-table=ISP1-traffic suppress-hw-offload=no target-scope=30
add disabled=no dst-address=0.0.0.0/0 gateway=8.8.8.8 routing-table=ISP2-traffic suppress-hw-offload=no target-scope=30
add check-gateway=ping comment="ISP1 default route MAIN" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=8.8.4.4 pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=31
add check-gateway=ping comment="ISP2 default route - BACKUP" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=8.8.8.8 pref-src="" routing-table=main scope=30 \
    suppress-hw-offload=no target-scope=31
add comment="ISP2 route dns" disabled=no distance=1 dst-address=8.8.8.8/32 gateway=10.10.10.1 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add comment="ISP1 route dns" disabled=no distance=1 dst-address=8.8.4.4/32 gateway=192.168.192.168 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10

now setting the balance 2/0 on ISP1 and 2/1 on ISP2 splits the load 1:1

if i want to divide it 2:1, how do i change the values??

Also on the wan, I have a web server that goes out with a public ip of a CHR via VPN and port 443 is opened via the tunnel itself.
This doesn't work with balance pcc.
At the top of the mangle rules there is a prerouting rule in which the "OUT-VPN" address list is marked routed to the VPN itself.
/ip firewall mangle
add action=mark-routing chain=prerouting comment="OUT ON CHR" dst-address-list=!no-mark new-routing-mark=to-vpn passthrough=yes src-address-list="OUT VPN"
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: 2ISP BALANCE PCC

Thu Mar 23, 2023 8:41 pm

Page 53-55 in the discher pdf
https://www.khanacademy.org/computing/c ... arithmetic

Putting Items In Random Groups
Suppose you have people who bought movie tickets, with a confirmation number. You want to divide them into 2 groups.

What do you do? “Odds over here, evens over there”. You don’t need to know how many tickets were issued (first half, second half), everyone can figure out their group instantly (without contacting a central authority), and the scheme works as more people buy tickets.

Need 3 groups? Divide by 3 and take the remainder (aka mod 3). You’ll have groups “0”, “1” and “2”.

In programming, taking the modulo is how you can fit items into a hash table: if your table has N entries, convert the item key to a number, do mod N, and put the item in that bucket (perhaps keeping a linked list there). As your hash table grows in size, you can recompute the modulo for the keys.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: 2ISP BALANCE PCC

Thu Mar 23, 2023 8:46 pm

A server does not open a tunnel as its the server for other users aka the destination address.
Im assuming you mean users come into the router via the tunnel to access the server and not via its public WAN IP.

Thus you must ensure the return information from the server goes back into the tunnel.
So its really about a routing solution to ensure VPN users dont go out WAN1, or WAN2 or WAN 3 but back out the tunnel.
 
abbio90
Member Candidate
Member Candidate
Topic Author
Posts: 163
Joined: Fri Aug 27, 2021 9:16 pm
Contact:

Re: 2ISP BALANCE PCC

Thu Mar 23, 2023 11:23 pm

no, it's a server that goes out to the internet using a chr (vpn server) as its gw.
all hosts in balance pcc go out to internet with wan1 and wan2..

In fact I could make one of the routing tables static as well like this:
/ip firewall address-list add
address=10.246.159.0/26 list=to-WAN1
address=10.246.159.64/26 list=to-WAN2
address=10.246.159.128/25 list=to-WAN2
/ip firewall mangle 
add chain=prerouting src-address-list=to-WAN1 action=mark-routing new-routing-mark=to_ISP1
add chain=prerouting src-address-list=to-WAN2 action=mark-routing new-routing-mark=to_ISP2
/ip route
add gateway=ip.gw1 table=to_ISP1
add gateway=ip.gw2 table=to_ISP2
 
abbio90
Member Candidate
Member Candidate
Topic Author
Posts: 163
Joined: Fri Aug 27, 2021 9:16 pm
Contact:

Re: 2ISP BALANCE PCC

Thu Mar 23, 2023 11:25 pm

no, it's a server that goes out to the internet using a chr (vpn server) as its gw.
it goes out with the public ip of the chr and port 443 is opened by the chr through the tunnel
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: 2ISP BALANCE PCC

Thu Mar 23, 2023 11:30 pm

Well you will need to provide a diagram because servers dont initiate/originate traffic, they respond to incoming requests?
I have no clue of what VPN you are using and how it actually works as your words are more confusing then enlightening.

Who is online

Users browsing this forum: Bing [Bot], GoogleOther [Bot], ItchyAnkle, menyarito and 83 guests