I followed the below to configure it:
YouTube video: https://www.youtube.com/watch?v=nlb7XAv57tw
PCC Load Balancing on Mikrotik website: https://help.mikrotik.com/docs/display/ ... mple3(PCC)
Mikrotik hEX on ROS 7.13.3
One subnet on the Lan Bridge
Each WAN dhcp-client has a script that updates the gateway to ISP routes if it changes. Each client creates default routes with distances 1,2,3 respectively.
3 more routes were created to route to tables
Goal of the config is to distribute all traffic across all 3 ISP's
Code: Select all
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/routing table
add fib name=to_ISP1
add fib name=to_ISP2
add fib name=to_ISP3
/interface bridge port
add bridge="Lan Bridge" interface=ether4
add bridge="Lan Bridge" interface=ether5
/ip firewall connection tracking
set tcp-established-timeout=12h loose-tcp-tracking=no
/ip settings
set max-neighbor-entries=4096 rp-filter=loose
/interface list member
add interface=ether1 list=WAN
add interface=ether2 list=WAN
add interface=ether3 list=WAN
add interface="Lan Bridge" list=LAN
/ip dhcp-client
add comment="ISP1 - DHCP Client" interface=ether1 script=":if (\$bound=1) do={/ip route set [find routing-table=to_ISP1] gateway=\$\"gateway-address\" }" add-default-route=yes use-peer-dns=no use-peer-ntp=no
add comment="ISP2 - DHCP Client" interface=ether2 script=":if (\$bound=1) do={/ip route set [find routing-table=to_ISP2] gateway=\$\"gateway-address\" }" add-default-route=yes default-route-distance=2 use-peer-dns=no use-peer-ntp=no
add comment="ISP3 - DHCP Client" interface=ether3 script=":if (\$bound=1) do={/ip route set [find routing-table=to_ISP3] gateway=\$\"gateway-address\" }" add-default-route=yes default-route-distance=3 use-peer-dns=no use-peer-ntp=no
/ip firewall mangle
add action=accept chain=prerouting comment="Lan Bridge access" dst-address-list=expected-address-from-LAN in-interface-list=LAN
add action=mark-connection chain=prerouting comment="mark all new incoming connections" connection-mark=no-mark connection-state=new in-interface=ether1 new-connection-mark=ISP1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark connection-state=new in-interface=ether2 new-connection-mark=ISP2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark connection-state=new in-interface=ether3 new-connection-mark=ISP3_conn passthrough=yes
add action=mark-connection chain=prerouting comment="divide traffic into three groups" connection-mark=no-mark connection-state=new dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP1_conn passthrough=yes per-connection-classifier=src-address-and-port:3/0
add action=mark-connection chain=prerouting connection-mark=no-mark connection-state=new dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP2_conn passthrough=yes per-connection-classifier=src-address-and-port:3/1
add action=mark-connection chain=prerouting connection-mark=no-mark connection-state=new dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP3_conn passthrough=yes per-connection-classifier=src-address-and-port:3/2
add action=mark-routing chain=prerouting comment="distribute traffic across ISP's" connection-mark=ISP1_conn in-interface-list=LAN new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=ISP2_conn in-interface-list=LAN new-routing-mark=to_ISP2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=ISP3_conn in-interface-list=LAN new-routing-mark=to_ISP3 passthrough=yes
add action=mark-routing chain=output comment="force connection to table" connection-mark=ISP1_conn new-routing-mark=to_ISP1 passthrough=no
add action=mark-routing chain=output connection-mark=ISP2_conn new-routing-mark=to_ISP2 passthrough=no
add action=mark-routing chain=output connection-mark=ISP3_conn new-routing-mark=to_ISP3 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="ISP1 - Masquerade" out-interface=ether1
add action=masquerade chain=srcnat comment="ISP2 - Masquerade" out-interface=ether2
add action=masquerade chain=srcnat comment="ISP3 - Masquerade" out-interface=ether3
/ip route
add check-gateway=ping gateway=ISP1-IP routing-table=to_ISP1 distance=1 comment="ISP1 - Routing Table to_ISP1"
add check-gateway=ping gateway=ISP2-IP routing-table=to_ISP2 distance=1 comment="ISP2 - Routing Table to_ISP2"
add check-gateway=ping gateway=ISP3-IP routing-table=to_ISP3 distance=1 comment="ISP3 - Routing Table to_ISP3"