I was facing the problem that I needed to connect a Mikrotik to the internet over two 3G/LTE from two different providers.
Splitting traffic based on protocol (SMTP, IMAP, HTTP, HTTPS) would be one solution but I wanted to go a different path on this one and use load balancing.
There are some posts about using load balancing with PCC but the best one I found was this PDF from ISPSupplies.com, you can check out the PDF for further details, I will just cut to the chase and just dump some Mikrotik commands.
Here is my setup, eth1 is a slow 8Mbit line used for VoIP, eth2 is an LTE Box from one mobile operator and eth3 is the second mobile operator and eth5 is the local LAN, this means we will ignore eth1 in this setup.
- eth2 = wan1 (192.168.0.0/24)
- eth3 = wan2 (192.168.8.0/24)
- eth5 = lan
Create some accept rules
The problem using mangles here is it will force traffic to follow alternate routing tables (not main)
Traffic to these connected networks would go out the WAN interfaces and not reach their intended destinations.
The “accept” action causes the packet to leave the mangle chain, thereby
not marking it and allowing that traffic to use the main routing table.
/ip firewall mangle add action=accept chain=prerouting dst-address=192.168.0.0/24 add action=accept chain=prerouting dst-address=192.168.8.0/24
Create the PCC mangles
Create Mangle rules that will sort the traffic into streams
We will use optimal mangle method of marking connections first and then packets because it is the most efficient way to mark traffic, uses least resources
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=ether5 \ new-connection-mark=WAN1 passthrough=yes per-connection-classifier=both-addresses:2/0 add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=ether5 \ new-connection-mark=WAN2 passthrough=yes per-connection-classifier=both-addresses:2/1
Create the mangles to add the routing marks to the packets
Create the mangles to add the routing marks to the packets based on the connection mark in the PREROUTING CHAIN
/ip firewall mangle add action=mark-routing chain=prerouting connection-mark=WAN1 in-interface=ether5 new-routing-mark=ether2-mark \ passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN2 in-interface=ether5 new-routing-mark=ether3-mark \ passthrough=yes add action=mark-routing chain=output connection-mark=WAN1 new-routing-mark=ether2-mark passthrough=yes add action=mark-routing chain=output connection-mark=WAN2 new-routing-mark=ether3-mark passthrough=yes
Identify which WAN interface the traffic came in
Identify which WAN interface the traffic came in and mark the connections appropriately.
/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether2 new-connection-mark=\ WAN1 passthrough=yes add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether3 new-connection-mark=\ WAN2 passthrough=yes
Create the unmarked default routes
/ip route add dst-address=0.0.0.0/0 gateway=192.168.0.1 distance=1 add dst-address=0.0.0.0/0 gateway=192.168.8.1 distance=2
Create the marked default routes
/ip route add dst-address=0.0.0.0/0 gateway=192.168.0.1 check-gateway=ping distance=1 routing-mark=ether2-mark add dst-address=0.0.0.0/0 gateway=192.168.8.1 check-gateway=ping distance=1 routing-mark=ether3-mark
so, that’s it for PCC load balancing. I really recommend reading the PDF to get further insights.