LcX.wien IT Solutions

LcX.wien IT Solutions


Überleben in der Digitalen Revolution - IT Sicherheit, Digitalisierung und alles andere rund um das digitale Leben.

Share


Tags


LcX.wien IT Solutions

Load balancing using PCC & RouterOS

Load balancing over multiple ISP using Mikrotik and PCC. The safe way of doing load balancing.

Cristian LivadaruCristian Livadaru

I was facing the problem that I needed to connect a Mikrotik to the internet over two 3G/LTE from two different providers.
Splitting traffic based on protocol (SMTP, IMAP, HTTP, HTTPS) would be one solution but I wanted to go a different path on this one and use load balancing.
There are some posts about using load balancing with PCC but the best one I found was this PDF from ISPSupplies.com, you can check out the PDF for further details, I will just cut to the chase and just dump some Mikrotik commands.

The setup

Here is my setup, eth1 is a slow 8Mbit line used for VoIP, eth2 is an LTE Box from one mobile operator and eth3 is the second mobile operator and eth5 is the local LAN, this means we will ignore eth1 in this setup.

This means:

Create some accept rules

The problem using mangles here is it will force traffic to follow alternate routing tables (not main)
Traffic to these connected networks would go out the WAN interfaces and not reach their intended destinations.
The “accept” action causes the packet to leave the mangle chain, thereby
not marking it and allowing that traffic to use the main routing table.

/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.0.0/24
add action=accept chain=prerouting dst-address=192.168.8.0/24

Create the PCC mangles

Create Mangle rules that will sort the traffic into streams

We will use optimal mangle method of marking connections first and then packets because it is the most efficient way to mark traffic, uses least resources

/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=ether5 \
    new-connection-mark=WAN1 passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=ether5 \
    new-connection-mark=WAN2 passthrough=yes per-connection-classifier=both-addresses:2/1

Create the mangles to add the routing marks to the packets

Create the mangles to add the routing marks to the packets based on the connection mark in the PREROUTING CHAIN

/ip firewall mangle
add action=mark-routing chain=prerouting connection-mark=WAN1 in-interface=ether5 new-routing-mark=ether2-mark \
    passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2 in-interface=ether5 new-routing-mark=ether3-mark \
    passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1 new-routing-mark=ether2-mark passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2 new-routing-mark=ether3-mark passthrough=yes

Identify which WAN interface the traffic came in

Identify which WAN interface the traffic came in and mark the connections appropriately.

/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether2 new-connection-mark=\
    WAN1 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether3 new-connection-mark=\
    WAN2 passthrough=yes

Create routes

Create the unmarked default routes

/ip route
add dst-address=0.0.0.0/0 gateway=192.168.0.1 distance=1
add dst-address=0.0.0.0/0 gateway=192.168.8.1 distance=2

Create the marked default routes

/ip route
add dst-address=0.0.0.0/0 gateway=192.168.0.1 check-gateway=ping distance=1 routing-mark=ether2-mark
add dst-address=0.0.0.0/0 gateway=192.168.8.1 check-gateway=ping distance=1 routing-mark=ether3-mark

so, that’s it for PCC load balancing. I really recommend reading the PDF to get further insights.

View Comments