vaheeD khoshnouD

linux, mikrotik, macosx

Mikrotik DUAL WAN Load Balancing using PCC

Written by vaheeD on January 24, 2013
3.00 avg. rating (69% score) - 2 votes

2 ports were connected with two difference DSL Routers,
and 3rd port was connected with User LAN.
Both DSL are of same speed , i.e 10Mb each.

DSL MODEM IP’S
DSL MODEM 1 = 192.168.1.1
DSL MODEM 2 = 192.168.2.1

If somehow you are not satisfied with the src-address approach,play with the PCC-Classifier, then Try both addresses and ports as the classifier. While this will randomize things the most and in theory give you the most fair allocation of bandwidth, BUT there is also a good chance that it will break certain things like banking web sites and some forums. This is because often times a HTTP requests will generate several connections, so there is a chance that some requests may go out a different route than the initial one, and that will break secure web sites. For that reason I usually stick with src-address for PCC load balancing.

 

 

/ip address
add address=192.168.0.1/24 network=192.168.0.0 \
broadcast=192.168.0.255 interface=Local
add address=192.168.1.2/24 network=192.168.1.0 \
broadcast=192.168.1.255 interface=WAN1
add address=192.168.2.2/24 network=192.168.2.0 \
broadcast=192.168.2.255 interface=WAN2

/ip dns set allow-remote-requests=yes cache-max-ttl=1w \
cache-size=5000KiB max-udp-packet-size=512 servers=4.2.2.4,8.8.8.8

/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection \
new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection \
new-connection-mark=WAN2_conn

add chain=output connection-mark=WAN1_conn action=mark-routing \
new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing \
new-routing-mark=to_WAN2

add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local

add chain=prerouting dst-address-type=!local in-interface=Local \
per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection \
new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local \
per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection \
new-connection-mark=WAN2_conn passthrough=yes

add chain=prerouting connection-mark=WAN1_conn in-interface=Local \
action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=Local \
action=mark-routing new-routing-mark=to_WAN2

/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 \
check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 \
check-gateway=ping

add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping

/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade
 

 

PCC WITH UN-EQUAL WAN LINKS

If you have Un-Equal WAN Links, for example WAN,1 is of 4MB and WAN,2 is of 8 Mb, and you want to force MT to use WAN42link more then other because of its capacity, Then you have to Add more PCC rules assigning the same two marks to a specific link i.e WAN2 , something like

Code:

 

add chain=prerouting dst-address-type=!local in-interface=Local \
per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection \
new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local \
per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection \
new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local \
per-connection-classifier=both-addresses-and-ports:2/2 action=mark-connection \
new-connection-mark=WAN2_conn passthrough=yes

 

PCC WITH HOTSPOT (Reference)

 

/ip firewall nat add action=accept chain=pre-hotspot \
disabled=no dst-address-type=!local hotspot=auth
 
3.00 avg. rating (69% score) - 2 votes

Posted Under: MikroTik

About vaheeD

Leave a Reply

Your email address will not be published. Required fields are marked *

Protected by WP Anti Spam