Syed Jahanzaib Personal Blog to Share Knowledge !

August 29, 2011

Mikrotik 4 WAN Load Balancing using PCC with PPPoE Server / Complete Script !


3

Following is a complete script for Mikrotik to combine/load balance 4 DSL lines. This server is also acting as a PPPoE Server, therefore I have made some modifications in PCC Script.

For normal LB, read my article at https://aacable.wordpress.com/2011/06/04/mikrotik-4-wan-load-balance-pcc-complete-script-by-zaib/

In this example I used MikrotikT RB750 5 ports router. 4 ports were connected with four DSL Routers, and 5th port was connected with User LAN. Also don’t forget to rename the interface names accordingly. This script will also add pppoe server , one pppoe user, dhcp server, dns server and pcc.

In my personnel experience , If users request are directly hitting Mikrotik configured with PCC , then you will get good load balancing. Use src-address as classifier, this way you will get rid of problems like https/broken link, streaming issues etc. Load balancing using this PCC technique (src-address) will be effective and balanced approach when more and more connections (from clients) that occurred. I also recommend to use SQUID proxy server along with mikrotik , either parallel or in front or backend , for better response time and it will also increase good browsing experience to users.

If somehow you are not satisfied with the src-address approach,play with the PCC-Classifier, Try both addresses and ports as the classifier. While this will randomize things the most and in theory give you the most fair allocation of bandwidth, BUT there is also a good chance that it will break certain things like banking web sites and some forums. This is because often times a HTTP requests will generate several connections, so there is a chance that some requests may go out a different route than the initial one, and that will break secure web sites. For that reason I usually stick with src-address  for PCC load balancing.

Regard’s
Syed Jahanzaib
x-x-x-x-x-x-x-x-x-x–x-x-x-x-x-x-x-x-x-x–x-x-x-x-x-x-x-x-x-x–x-x-x-x-x-x-


/ip address
 add address=172.16.0.1/16 broadcast=172.16.255.255 comment="" disabled=no interface=Local network=172.16.0.0
 add address=192.168.1.2/24 broadcast=192.168.1.255 comment="" disabled=no interface=WAN1 network=192.168.1.0
 add address=192.168.2.2/24 broadcast=192.168.2.255 comment="" disabled=no interface=WAN2 network=192.168.2.0
 add address=192.168.3.2/24 broadcast=192.168.3.255 comment="" disabled=no interface=WAN3 network=192.168.3.0
 add address=192.168.4.2/24 broadcast=192.168.4.255 comment="" disabled=no interface=WAN4 network=192.168.4.0

/ip pool
 add name=dhcp_pool1 ranges=172.16.0.70-172.16.0.254
 add name=pppoe-users-pool ranges=10.0.0.1-10.0.0.255

/ip dhcp-server add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=static disabled=no interface=Local lease-time=12h name="My DHCP Server"

/ip dhcp-server config
 set store-leases-disk=5m

/ip dhcp-server network
 add address=172.16.0.0/16 comment="" dns-server=172.16.0.1,221.132.112.8

/interface pppoe-server server
 add authentication=pap default-profile=default disabled=no interface=Local keepalive-timeout=10 max-mru=1480 max-mtu=1480 max-sessions=1 mrru=disabled one-session-per-host=yes service-name=aacable

/ppp profile add change-tcp-mss=default dns-server=172.16.0.1 local-address=172.16.0.1 name=pppoe-profile only-one=default remote-address=pppoe-users-pool use-compression=default use-encryption=default use-vj-compression=default

/ppp secret add caller-id=”" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=zaib password=1234 profile=pppoe-profile routes=”" service=pppoe

/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=10000KiB max-udp-packet-size=512 servers=221.132.112.8,221.132.112.9

/ip firewall mangle
 add action=mark-connection chain=input comment="" disabled=no in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes
 add action=mark-connection chain=input comment="" disabled=no in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
 add action=mark-connection chain=input comment="" disabled=no in-interface=WAN3 new-connection-mark=WAN3_conn passthrough=yes
 add action=mark-connection chain=input comment="" disabled=no in-interface=WAN4 new-connection-mark=WAN4_conn passthrough=yes

add action=mark-routing chain=output comment="" connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes
 add action=mark-routing chain=output comment="" connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes
 add action=mark-routing chain=output comment="" connection-mark=WAN3_conn disabled=no new-routing-mark=to_WAN3 passthrough=yes
 add action=mark-routing chain=output comment="" connection-mark=WAN4_conn disabled=no new-routing-mark=to_WAN4 passthrough=yes

add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.1.0/24
 add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.2.0/24
 add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.3.0/24
 add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.4.0/24

add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/0 src-address=10.0.0.1-10.0.0.255

add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/1 src-address=10.0.0.1-10.0.0.255

add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=WAN3_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/2 src-address=10.0.0.1-10.0.0.255

add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=WAN4_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/3 src-address=10.0.0.1-10.0.0.255

add action=mark-routing chain=prerouting comment="" connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes
 add action=mark-routing chain=prerouting comment="" connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes
 add action=mark-routing chain=prerouting comment="" connection-mark=WAN3_conn disabled=no new-routing-mark=to_WAN3 passthrough=yes
 add action=mark-routing chain=prerouting comment="" connection-mark=WAN4_conn disabled=no new-routing-mark=to_WAN4 passthrough=yes

/ip firewall nat
 add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN1 src-address=10.0.0.1-10.0.0.255
 add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN2 src-address=10.0.0.1-10.0.0.255
 add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN3 src-address=10.0.0.1-10.0.0.255
 add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN4 src-address=10.0.0.1-10.0.0.255

/ip route
 add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 scope=30 target-scope=10

add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 scope=30 target-scope=10

add check-gateway=ping disabled=no distance=3 dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_WAN3 scope=30 target-scope=10

add check-gateway=ping disabled=no distance=4 dst-address=0.0.0.0/0 gateway=192.168.4.1 routing-mark=to_WAN4 scope=30 target-scope=10

add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=30 target-scope=10

add check-gateway=ping comment="" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=30 target-scope=10

add check-gateway=ping comment="" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=192.168.3.1 scope=30 target-scope=10

add check-gateway=ping comment="" disabled=no distance=4 dst-address=0.0.0.0/0 gateway=192.168.4.1 scope=30 target-scope=10

All Done ! Now Test the link by putting user load, the more multiple users load you put on it, the better Load Balance result you will get 🙂

PCC WITH HOTSPOT

If you wanna run PCC with HOTSPOT on same Mikrotik Server, Put this rule in place to stop the hotspot from processing people after they have signed into the network.

/ip firewall nat add action=accept chain=pre-hotspot disabled=no dst-address-type=!local hotspot=auth

PCC WITH UN-EQUAL WAN LINKS

If you have Un-Equal WAN Links, for example WAN,1,2,3 are of 4MB and WAN,4 is of 8 Mb, and you want to force MT to use WAN4 link more then other because of its capacity, Then you have to Add more PCC rules assigning the same two marks to a specific link i.e WAN4 , something like

Code:

add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/3 action=mark-connection new-connection-mark=WAN4_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/4 action=mark-connection new-connection-mark=WAN4_conn passthrough=yes

٩(●̮̮̃•̃)۶   ZaiB   ٩(●̮̮̃•̃)۶

122 Comments »

  1. can i use this script on pc mikrotik

    Comment by Mohammad Usman — September 18, 2011 @ 10:24 PM

    • Yes you can. There is no difference in usage of RB and PC version of Mikrotik except for the hardware.

      Comment by Pinochio / zaib — September 19, 2011 @ 3:10 PM

      • sir main nay pppoe server bnaya hoa hai par load balancing nahi ho rahi . jb kah backeup main one by one tamam lines kam ker rahi hain. mera 4 wan ki load balancing kerni hai . meri wan ip (192.168.1.1)(192.168.2.1)(192.168.3.1)(192.168.4.1) hain aub local ki ip (192.168.20.1) hai. plz help me in balancing. thanks

        Comment by naveed rahman — May 25, 2014 @ 2:53 AM

    • sir plz send me 2 wan load balancing with pppoe server script

      Comment by nafees4ptc — May 30, 2012 @ 12:43 AM

      • /ip address
        add address=192.168.50.2/24 network=192.168.50.0 broadcast=192.168.50.255 interface=Local
        add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 interface=WAN1
        add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN2

        /ip firewall mangle
        add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
        add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn

        add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
        add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2

        add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local
        add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local

        add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:3/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
        add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:3/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes

        add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
        add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2

        /ip route
        add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 check-gateway=ping
        add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 check-gateway=ping

        add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
        add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping

        /ip firewall nat
        add chain=srcnat out-interface=WAN1 action=masquerade
        add chain=srcnat out-interface=WAN2 action=masquerade

        Comment by smn4all — May 30, 2012 @ 1:12 PM

  2. Please is it possible to make failover on mikrotik by checking internet access on one link (by sending for example an ping to 8.8.8.8 using that link) and if that link cannot access internet, then the second link goes up.

    Comment by Germain — September 24, 2011 @ 3:42 PM

    • Yes this is possible to use netwatch style script to monitor wan like 8.8.8.8 and take action upon its result, but I haven’t tried it before, I read somewhere on the mikrotik forum about the such script, If you able to make it work with this pcc script, please do let me know.

      Comment by Pinochio~:) — October 17, 2011 @ 10:58 AM

  3. same mbps on the all wan links is necessary…?
    Im having one wan link in 3 Mbps and anpther 2 Mbps i want o load balance it how should it do it
    kindly help..

    Comment by tamilmaran — November 17, 2011 @ 7:40 AM

    • Yes you can use UNEQUAL wan links, however not recommended because you wont be able to get equal load balancing on all WAN Links.

      However if you want to force MT to use one link more then other, for example WAN4, you can add more PCC lines assigning the same two marks to a specific link , something like

      Code:

      add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
      add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
      add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes
      add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/3 action=mark-connection new-connection-mark=WAN4_conn passthrough=yes
      add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/4 action=mark-connection new-connection-mark=WAN4_conn passthrough=yes

      Comment by Pinochio~:) — November 17, 2011 @ 11:36 AM

  4. sir i tried above script for 2 wan connections ..but it dont work!!

    Comment by fareed — November 19, 2011 @ 1:59 AM

    • Do not COPY PASTE the script man,
      The script must be well adjusted with Your local network ip scenario before applying.

      Comment by Pinochio~:) — November 19, 2011 @ 11:09 AM

  5. thankyou sir its working 🙂

    Comment by fareedhanify — November 21, 2011 @ 9:44 PM

  6. sir do u have script of adding squid server in mikrotik?

    i have squid server on fedora 8 installed with 1 interface.

    Comment by fareedhanify — November 21, 2011 @ 10:25 PM

  7. sir my mikrotik is configured with 2 wan and one lan and i have applied loadbalancing fcc method.

    i have squid server on fedora 8core and i want to use as cache, do you have its script to add in mikrotik and my cache is configured with single interface.

    many thanks.

    Comment by fareedhanify — November 21, 2011 @ 10:30 PM

  8. many thanks for your infos 🙂

    and did u get my email from smartstep2000@yahoo.com

    Comment by fareedhanify — November 22, 2011 @ 12:17 AM

  9. sir while applying dst-nat 1st rule on mikrotik to redirect to cache its giving below msg while requesting page…..

    ERROR

    The requested URL could not be retrieved

    While trying to retrieve the URL: http://www.youtube.com/

    The following error was encountered:

    Access Denied.
    Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

    Your cache administrator is root.
    Generated Mon, 21 Nov 2011 11:48:53 GMT by localhost.localdomain (squid/2.6.STABLE22)

    what can be the problem?

    many thanks

    Comment by fareedhanify — November 22, 2011 @ 5:03 AM

    • add Mikrotik + Client ip subnet in SQUID.CONF ACL section and move it on top.

      Something like
      acl my_users src 172.16.0.1/16
      http_access allow my_users

      OR you can also try this, allow every subnet, Something like
      acl my_users src 0.0.0.0/0.0.0.0
      http_access allow my_users

      Comment by Pinochio~:) — November 22, 2011 @ 10:47 AM

  10. Dear Sir,

    Assalam O Alikum.

    I highly appreciate your services. I am getting too much knowledge from your this forum. I am very new in Mikrotik family. I just started a cable internet business based on Mikrotik. One of my friend helped me in setting up all this but he has left the country. I am facing a problem I hope you will help me.

    I bought 750 routerboard for load balancing only. I just copied your above mentioned script but I am unable to get the result. Even on port 5 which is local I am not getting out put i.e internet. When I ping Google.com via terminal inside routerboard through winbox it works. I will be grateful if you kindly guide me about my mistake. Also can I get your contact number to discuss this issue please.

    Thank you.

    Muhammad Fawad
    0315- 3029402

    Comment by Muhammad Fawad — November 22, 2011 @ 3:05 PM

    • Usually Things never works this way, (COPY PASTING never works without proper modification)

      You need to modify few things before applying scripts.

      Either Change your whole network settings as per script,

      OR

      Change the script variables according to your network devices.

      Comment by Pinochio~:) — November 22, 2011 @ 6:35 PM

  11. Dear Sir i use this script for two wans. wan1=4mb wan2=4mb
    when i download video from youtube i get full speed but when i download other video sites i only get speed 4mb
    what’s the reason?

    Comment by Shani — December 3, 2011 @ 8:48 AM

    • If you are able to get combined bandwidth , it indicates PCC is working fine.
      Some sites doesn’t allow multiple connections, or they also restrict some speed limit.

      Try to download anything from other websites like microsoft , download.com or others to confirm this.

      Comment by Pinochio~:) — December 3, 2011 @ 10:22 AM

  12. Aslam-O-Alikum
    i add this script on mikrotik os 3.30
    i have got a problam
    problam is only 1 user connect but i want to connect many users

    Comment by Mohammad Usman — December 14, 2011 @ 1:15 PM

    • Please describe in detail about your network scenario, How users are connecting to your mikrotik server? Other details etc.

      Comment by Pinochio~:) — December 15, 2011 @ 10:56 AM

      • my users connect through lan and pppoe connection

        Comment by Mohammad Usman — December 16, 2011 @ 9:57 AM

  13. Your problem does not relate with the PCC.
    Check with your local configuration. Focu on PPPoE Profile.

    Comment by Pinochio~:) — December 16, 2011 @ 10:45 AM

  14. Asalaam o Alekom

    sir …..!
    mere pass 6 dsl hain and mikrotik 3.30 hai……….kya aap mujhey pcc balance rule ki full script dey saktey
    hain with web proxy….main app ka bohot sukur guzar rahoon ga….
    please help me……..sir . ( ALLAH AAP KO JAZA-E-KHAIR DE……!)

    Waqar Hussain
    from
    Karachi

    Comment by waqar — January 3, 2012 @ 4:14 AM

  15. jahanzaib

    yar you are to good yar i love your blog i am voip person if any quistion i am ready

    Comment by Hamayoun — January 13, 2012 @ 4:45 AM

  16. Salam
    Sir I am Using 4 Wan and 4pool 386,512,786,1mb how to create pool this script
    Thanx
    Ali

    Comment by Ali — January 13, 2012 @ 11:08 PM

  17. salam sir

    can i use userman at hotspot server

    my hotspot sevver ip is 10.5.50.1
    when i write 10.5.50.1/userman at browser replied me Error 404: Not Found
    but when i write 192.168.1.100/userman (wan ip) open the user manager page
    plz tell me how can i manage it i means user manager and user acounts

    thank you

    Comment by noshad — February 15, 2012 @ 4:23 PM

  18. i have routerboar 750gl and i want to make it pppoe server with 100 users please tell me the script

    Comment by Mohammad Usman — February 24, 2012 @ 6:44 PM

  19. i have 4 dsl ines all 4mb
    and routerboard 750gl
    wich load balancing best

    Comment by Mohammad Usman — February 24, 2012 @ 6:45 PM

  20. plz sir give me hotspot with usermanager script

    thank u

    Comment by noshad — February 26, 2012 @ 7:38 PM

  21. Slam bhai!
    main ne 2wan ke sath pcc loadbalancing ke hai jo perfect kam kerti hai hai lakin ek masla ya hai k failover nai ho raha , wan1 ka link down hota hai wan2 work nai kerti modem see ping ati hai lakin net nai ata … please help me

    Comment by smn4all — March 16, 2012 @ 2:51 PM

  22. Asalam o Alikum Jahanzaib bhai,

    JazaakAllah for your great work,

    bro is there any possibility that rather than checking gateway ping for failover it should ping any internet ip/host so failover works fine bcz sometime one of my connection goes down but as my modem remains on and Mik can get reply from pinging modem, balancing loop wont remove that modem from the looping server and all request to that server is going down in result

    thanks in advance..

    TC n waiting for your response..

    Comment by Zee — March 22, 2012 @ 1:47 PM

  23. Thank you Jahanzaib Sir, I tried my modem with bridge mode and made settings accordingly.. and now itz working perfect with fail-over effect… thank you sir..
    you are great..

    May Allah bless you more and more and more.. 🙂

    Take Care

    Comment by Zee — March 22, 2012 @ 4:15 PM

    • please muje b batao k apne kwesay setting ke hain .,,,,, mikrotik mein ptcl ka pppoe username dail he nai hota…..

      Comment by smn4all — March 22, 2012 @ 5:36 PM

      • Apni modem ki setting main WAN option mian jao, aur jahan username and password dala hua hai usmain Connection Type ko PPPOE se hata k Bridge mode pe set kardo… uske baad dial karo mikrotik se to connection to phir connect hojaega..

        Comment by Zee — March 23, 2012 @ 11:22 PM

      • brigde mode b kia hai phr b nai dail hota …. ager windows mein dail kerta ho tu ho jata hai… mikrotik mein nai hota

        Comment by smn4all — April 19, 2012 @ 9:24 AM

    • I am glad it helped you.

      Comment by Syed Jahanzaib / Pinochio~:) — March 24, 2012 @ 4:17 PM

    • could you be so kind and export the full config for us, in bridge mode, please?

      Comment by john — July 3, 2015 @ 2:29 PM

  24. Thank you for your great blog and your tutorials, they’re all so interesting!

    I would like to ask how can I modify the script if I have 3 WANs which have all the same IP 10.0.0.2 and I can’t change them because I have asked ISPs to configure each modem like this. I needed this because I physically disconnect one cable and plug the other modem in the main switch, in the case that internet disconnects from one ISP (so no fail over or load balancing available, just a manual but trouble-free job 🙂

    If possible to modify script in such way that won’t require me to change the 3 WANs IP and keep each of them at 10.0.0.2 would be really great!

    thanks for your help

    Comment by gereqi — March 27, 2012 @ 6:51 PM

  25. salaam sir

    hw are main ne 3 dll ki load balasing ki hai load balasing to fit hai dhcp par 3 dsl ki speed dual ati hai par pppoe par aik dsl chalta hai dual speed nahi arahi hai batao main kia karo

    Comment by noman — March 28, 2012 @ 9:49 AM

  26. can i make load balancing with dhcp-client (My isp is dhcp)

    Comment by Eset — May 2, 2012 @ 5:16 AM

  27. Hi,
    I have configured PCC load balancing using this script, but I have changed classifier to both addresses. It works great for few time, but then disconnects the internet and reconnects it. Then it works great for few time.

    Do you have any predicition about this problem?

    If you need more information please let me know.

    Thanks

    Comment by nominet — May 9, 2012 @ 3:40 PM

  28. Hi,
    I used the script and it worked fine. Just i want to know if i want to load balance through up to 8WANs is it possible? Or just i can repeat this way for 8 times and change the PCC 8/0, 8/1, 8/2 etc…???

    Comment by maxnetisp — June 17, 2012 @ 8:27 PM

    • Just change the PCC & Other rules like mangle and route as per WAN quantity,

      Comment by Syed Jahanzaib / Pinochio~:) — June 17, 2012 @ 8:31 PM

      • The internet connections should be with equal bandwidth or it’s not problem? My forth connection is 2Mbps and the first,second,and third are 4Mbps.

        Comment by Klevis Alushi — June 18, 2012 @ 8:21 PM

  29. i want to merge 2 dsl 4mb connection into 8mb
    ip list
    lan 172.16.1.1/24
    wan1 192.168.1.1
    wan2 192.168.0.1

    please guide me how to do it

    Comment by zeeshan — June 21, 2012 @ 11:29 AM

  30. thank u sir

    Comment by zeeshan — June 21, 2012 @ 5:55 PM

  31. Nice tuts but i have a question how to use bandwith management using your scripts?
    Thanks

    Comment by ekenk — June 24, 2012 @ 7:49 PM

  32. Hi, thanks for the information that is useful, I have a problem, my ISP gives me Internet addresses from the same range of subnets creating conflicts of balancing, I read that you can use percentages to give the gateway to avoid this problem but with adequate information. if you can help I’d appreciate it.

    Comment by Carlos Wehrn — June 26, 2012 @ 8:10 PM

  33. Dear Sir,

    I am using load balancer and getting one very serious problem.

    My users are unable to sign in some secure website. i.e domain cpanel accounts. or skype login issue.

    Please guide me how can I solve this issue.

    Thank you.

    Muhammad Fawad

    Comment by Muhammad Fawad — June 27, 2012 @ 10:53 AM

  34. sorry sir, am correcting some mistakes

    sir
    how bout this :

    assume that, we have 2router, rb750-1 and rb750-2
    we use rb750-1 to combine / Load Balancing the 4 WAN
    otherwise, rb750-2, we use it to dial from rb750-1
    then direct the internet to Client

    the issue is, we probably got some delay if using 2router
    but, what if we have 8 WAN, 3 rb750 ? (no money to buy something like this “MikroBits Aneto (RoS Level 6) (MBANETO-L6)”)

    RB750-1 (Mr.Zaib’s Script) (LB 4WAN) –> RB750-2 (Dial (zaib,1234)) –> Client / Local

    btw sir
    what to change in ur script
    if we want to dial from router
    not from modem??? (in rb750-1)

    Comment by Xon — July 3, 2012 @ 10:31 AM

  35. Hello Syed.
    i have implemented your setup on an RB750 using two dsl routers and so far the load balancing scenario is working well.
    i have gone a step further and attempted to connect my mail server directly to the RB750 using one of its 5 ethernet ports in an attempt to have the users conecting through it to access the mail server directly instead of having to go via the internet to collect mail from it.
    this server has an ip address of 196.25.185.130 and is also connected directly to the internet via a second, dedicated cisco router.
    my problem is that i cannot get the routing working on the RB750 and instead of the clients going directly to the mail server they are still taken out to the internet via the dsl modems and back to the mail server through the cisco.
    i have allocated an ip address of 196.25.185.131 to the RB750 ethernet port but nothing i do seems to help from the routing side.

    could you assist in telling me what i am doing wrong.

    thank you

    Paul

    Comment by Paul Taylor — July 5, 2012 @ 9:05 PM

    • Hello Again Syed,
      i have been trying a few things on my own in the mean time till you get a chance to respond. what i have done in to add the mail server ip address as if this were a third dsl router in the load balancing scenario. The routing i require then works if i disconnect the first two routers, which is what i expected to happen. if these two routers (or either one of the two) is still connected then obviously they take precedence and the mail trafic stil goes via the internet. i see two posibilities – do the routing correctly which i seem to be incapable of achieving or have the first two routers in the load balancing setup exclude the mail server ip address so that the traffic is forced to go via the third path.

      i await your expert advise and thank you for any input

      Comment by Paul Taylor — July 11, 2012 @ 7:17 PM

  36. Hello Syed, your effort regarding Mikrotik configuration is very well appreciated. i follow your instructions and successfully configured loadbalancing & failover, how ever i am facing problem using PPTP VPN, i successfully configured PPTP VPN and it connected also, but i can not access shared resources behind Mikrotik VPN, please help me to access shared resources as well as remote desktop.

    i have 2 WAN and 1 LAN, my one WAN has static IP address while other has dynamic, my requirement is that some users want to access file server as well rdp from their homes.

    Thank you in advance.

    Comment by friendspuopheliapu — July 8, 2012 @ 7:30 PM

    • Mark connections both on the input chain and forward chain for the physical interface, and then mark for routing based off of the connection mark. Be sure to have the appropriate routes with the routing mark in your routing table.

      Comment by Syed Jahanzaib / Pinochio~:) — July 9, 2012 @ 11:20 AM

      • Thank you for quick reply and valuable help, can you please write rules ( examples etc) i will change with my own requirement for remote desktop as well as for access data and sharing behind mikrotik router. your kind help will be highly appreciated in this regard.

        Comment by opheliapu — July 9, 2012 @ 5:41 PM

      • I left working on mikrotik, therefore I don’t remember it now, therefore please consult the mikrotik forum, as there are lot of example there. I will try to install it on my lab pc for testing.

        Comment by Syed Jahanzaib / Pinochio~:) — July 10, 2012 @ 2:46 PM

  37. Salam

    I have configured pcc hotspot and pppoe , hotspot and pcc working together work fine and speed is also aggregated between the two links but when pppoe is checked or i download any thing via pppoe connection only one link is used or 1 modem is used . kindly help me on this.

    Sheeraz

    shiraz_khalid@yahoo.com
    naveed.innocent@yahoo.com

    Comment by sheraz — August 26, 2012 @ 3:31 PM

    • I recommend you not to mix all services in single box, Try Always use separate RB or mikrotik box for LB. if you have hotspot/pppoe/userman type mix services.

      Comment by Syed Jahanzaib / Pinochio~:) — August 27, 2012 @ 9:13 AM

  38. / ip address
    add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=LAN
    add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=ISP1
    add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=ISP2

    / ip firewall mangle
    add chain=prerouting dst-address=10.111.0.0/24 action=accept in-interface=LAN
    add chain=prerouting dst-address=10.112.0.0/24 action=accept in-interface=LAN
    add chain=prerouting in-interface=ISP1 connection-mark=no-mark action=mark-connection \
    new-connection-mark=ISP1_conn
    add chain=prerouting in-interface=ISP2 connection-mark=no-mark action=mark-connection \
    new-connection-mark=ISP2_conn
    add chain=prerouting in-interface=LAN connection-mark=no-mark dst-address-type=!local \
    per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=ISP1_conn
    add chain=prerouting in-interface=LAN connection-mark=no-mark dst-address-type=!local \
    per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=ISP2_conn
    add chain=prerouting connection-mark=ISP1_conn in-interface=LAN action=mark-routing \
    new-routing-mark=to_ISP1
    add chain=prerouting connection-mark=ISP2_conn in-interface=LAN action=mark-routing \
    new-routing-mark=to_ISP2
    add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=to_ISP1
    add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=to_ISP2

    / ip route
    add dst-address=0.0.0.0/0 gateway=10.111.0.1 routing-mark=to_ISP1 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.112.0.1 routing-mark=to_ISP2 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.111.0.1 distance=1 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.112.0.1 distance=2 check-gateway=ping

    / ip firewall nat
    add chain=srcnat out-interface=ISP1 action=masquerade
    add chain=srcnat out-interface=ISP2 action=masquerade

    sir main ne yeh load balsing karha hoo new waliye sir yeh chaly nahi rahi sirf aik modem kaam karta hai aur dosra nahi is ki kia wajh ho sati hai

    Comment by mani — September 6, 2012 @ 9:23 PM

  39. brother i m using nth setting but its not work with pppoe settings can u send me the 2 wan load balance with pppoe server settings waiting 4 ur kind reply

    Comment by Irfan Bashir — September 8, 2012 @ 4:20 PM

  40. Hi, I have 4 WAN and 1 Local
    4 WAN are all work with pppoe client , that mean WAN must work as pppoe client to get internet
    how to make LB in this situation ?

    Comment by Salih S. — November 22, 2012 @ 3:52 PM

  41. Is there any script for unequal 4 WAN load balancing. I want to use EVO Nitro with 4 MB DSL. I got this idea as some one posted on facebook.

    Comment by Muhammad Fawad — November 22, 2012 @ 9:35 PM

  42. hi ..i have attached 4 lan card to pc and installed mikrotik..purchased license..but my mikrotik shows only one lan card..however all lancards seems to work ok but are not detected together…help plz..saqlain397@gmail.com…thanks

    Comment by saqlain — November 28, 2012 @ 6:56 PM

  43. Hi,
    I tried it to Mikrotik RB750 with 2 wan. But it’s always use WAN1, some time goes to WAN2, Another problem when login in my hosting website alfter login it’s show Your IP has been change, plz re login. Plz help me.

    My WAN1 is 1mbps
    WAN2 is 1mbps

    Comment by Saiful IslamSaiful Islam — January 19, 2013 @ 4:19 PM

    • For ip change problem, use src-address to resolve the issue. Also you can exempt few users/web sites from being process by PCC. I wrote small guide eon it too. search the blog.

      Comment by Syed Jahanzaib / Pinochio~:) — January 21, 2013 @ 10:56 AM

      • Salam, Sir,
        Can you give me script for my system which will work both wan in same time and ip problem will solve.
        My Local = 192.168.88.1 WAN1 = 192.168.1.1 (ADSL) WAN2 = 192.168.2.1 (Wimax Router)
        Local interface with PPPoE/IP and Hotspot for Mobile user.

        I’m using this script for load balancing.
        /ip address
        add address=192.168.88.1/24 network=192.168.88.0 broadcast=192.168.88.255 interface=Local
        add address=192.168.1.15/24 network=192.168.1.0 broadcast=192.168.1.255 interface=WAN1
        add address=192.168.2.15/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN2

        /ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=221.132.112.8,8.8.8.8

        /ip firewall mangle
        add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
        add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn

        add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
        add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2

        add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local
        add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local

        add chain=prerouting dst-address-type=!local hotspot=auth in-interface=Local per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
        add chain=prerouting dst-address-type=!local hotspot=auth in-interface=Local per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes

        add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
        add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2

        /ip route
        add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 check-gateway=ping
        add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 check-gateway=ping

        add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
        add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping

        /ip firewall nat
        add chain=srcnat out-interface=WAN1 action=masquerade
        add chain=srcnat out-interface=WAN2 action=masquerade

        Plz check the script is write or wrong and what i use for ip change problem
        And plz give me script for Hotspot, IP, and pppoe user script on Local Interface.

        Allah-hafez
        Thanks

        Comment by Saiful IslamSaiful Islam — January 21, 2013 @ 12:46 PM

  44. i’m using nth mikrotik method to mix 10 pppoe line from one( lan bridge) its work ok with few no of user and when the users increase i get problem in browsing how can i solve it is pcc is ok for it

    Comment by dh — February 3, 2013 @ 4:52 PM

  45. How to use SQUID proxy server along with mikrotik?I use in Mikrotik 2 WAN Load Balancing using PCC with PPPoE Server. But i can’t understand how to use squid proxy in multipole WAN connection.
    Ruhul Amin
    Bangladesh.

    Comment by Ruhulamin — February 13, 2013 @ 12:23 PM

  46. Everyone loves what you guys tend to be up too. This
    kind of clever work and reporting! Keep up the superb works guys I’ve incorporated you guys to my blogroll.

    Comment by Pedro — February 16, 2013 @ 1:38 PM

  47. I am trying to balancing 2 wan using PTCL-192.168.1.1, and qubiee 192.168.5.1, using a pc with hotspot rules and a MIKROTIK router 750 for balancing. Can you provide me the scrpit!

    Comment by Shahid Fida — February 24, 2013 @ 1:40 PM

    • Use the DUAL wan pcc script, alson search for mikrotik hotspot with pcc in this blog. everything is here, you only have to search for it.

      Comment by Syed Jahanzaib / Pinochio~:) — February 26, 2013 @ 11:52 AM

  48. bhai kya hum pcc pe loadbalacing ke saath kaunsa server use kar sakte hain jiss se loadbalancing sahi kaam kare

    Comment by Abid Ali Mallah — March 6, 2013 @ 12:35 PM

  49. newbie with simple question, how to exclude website so it is not load balancing, just go directly to specific WAN? thanks

    Comment by dandy — March 24, 2013 @ 12:02 PM

  50. Sir , is script main main nay 2 wan use ki hai pppoe perfect chal rahahai but hotspot ka masla hai main ne hotspot ka setup kiya tu hotspot chal raha bina ye scrip dalay (/ip firewall nat add action=accept chain=pre-hotspot disabled=no dst-address-type=!local hotspot=auth) net on hai mager jab ppoe conncet karta hon tu hotspot per internet band ho jata hai . aur pher yahi script be dal di (/ip firewall nat add action=accept chain=pre-hotspot disabled=no dst-address-type=!local hotspot=auth) pher be same .. i know aap wirless ka nahi batatay mager plz help kardey .. Shokriya

    Comment by Ali Khan — April 20, 2013 @ 10:23 PM

  51. Syed.

    Any advice using 4 WAN – 1 LAN – 1 PROXY interfaces using PCC.?
    Right now ive unsucessfully tried.

    Regards.

    Comment by Mauricio — May 18, 2013 @ 11:31 PM

  52. hi. nice tutorial. in my situation the modems work in bridge mode, which means that i do have the username/passwd. there is no MLPPP. I am afraid i am lost on how to modify the above tutorial to my scenario.

    Comment by vortex — May 25, 2013 @ 2:42 PM

  53. Dear Mr. Jahanzaib

    many thanks for yore Training.
    Please advise how can I config my MikroTik router for Load Balancing (PPPoe Users) , According to:

    Internet Gateway:
    1. Wlan: Public IP: 64.148.40.201, Private IP: 172.22.40.206/29 on ether 2 (Router CCR1016)
    2. Wlan: Public IP: 64.143.230.218, Private IP: 172.22.6.92/29 on ether 3 (Router CCR1016)
    3. ADSL: Public IP: Dynamic, Private IP: 172.20.10.10 on ether 4 (Router CCR1016)

    LAN Gateway: Local IP: 192.168.0.1/24 , Private IP (by pool) : 172.16.210.1/24 on ether 1 (Router CCR1016) assign to VLAN 22

    Clients connection: by PPPoE Server

    Please considering that in my local network, the AD, DNS & DHCP server is running by windows server 2008 R2

    Please help me.
    best, hamid

    Comment by Hamid Zarean — July 1, 2013 @ 11:55 AM

  54. Dear Jahanzaib Assalam-0-allaikum,
    I have a small query. Why you are using two different sets of pool ,i.e one for DHCP Server and the other for PPPOE-Server. Cant we use the single IP Pool for both purposes. I dont understand the logic behind two different pools. Any light on my query please?

    Comment by Khizer Khan — July 1, 2013 @ 11:38 PM

    • One more Query!!
      I have to perform unequal cost load balancing, but in your description you recommended src-address with PCC rules and add a similar rule for the bigger WAN link. So can I use the following three PCC rules. I have removed in-interface=local and using the following three as under: WAN1 is 4MB WAN 2 is 1 MB…10.0.0.10 is my DHCP and pppoe-pool

      add chain=prerouting dst-address-type=!local per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes src-address=10.0.0.10-10.0.0.50
      add chain=prerouting dst-address-type=!local per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes src-address=10.0.0.10-10.0.0.50
      add chain=prerouting dst-address-type=!local per-connection-classifier=both-addresses-and-ports:2/2 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes src-address=10.0.0.10-10.0.0.50

      Comment by Khizer Khan — July 1, 2013 @ 11:49 PM

    • We use different pool for various purposes, one of them is isolation, so that we can allow internet access for the pppoe pool users only.

      Comment by Syed Jahanzaib / Pinochio~:) — July 2, 2013 @ 9:14 AM

      • Thank you Jahanzaib, Also for the second query I tested unequal cost load balancing and used in-interface=local and it worked. src-address for unequal cost wouldnt work. Can you give me your email address ? I want to setup a proxy server and i need a few suggestion on squid server as I only have one mikrotik router. I have drawn a diagram which I wanted to show you.

        Comment by Khizer Khan — July 3, 2013 @ 12:34 AM

  55. Aslaam-o-alikum! sir i want to merg 10 evo usbs in 2 ports of a cpu(alredy installed mikrotik) using usb hub, and want to out through LAN, plz guid me that how can i do it?

    Comment by Mohammad Ikram — December 12, 2013 @ 1:53 PM

  56. A.O.A KASY HAIN SIR APP UMEd KRTA HON KHRYAT SY HON GY SIR MARY PASS 2PTCL MOdAM HAIN OR IN KI SPEEd UN EQULE HAI MANY IN THE NTH LOdBALNCING KI HAI MGR KOI BE WEB OPEN NAHI HOTI HAI LOGIN HONY KY Bd ERROR AE JATA HAI MAIN RB750GL WITH ROCKET M2 KY STH USE KR RAHA HON MAHRBANI MUJY KOI AISA LOdBALNCING KA SCRIPT SENd KRYN KY MARI PROBLM HAL HO JAY THANKS. YA MARA MAIL AddRESS HAI: asif12662@gmial.com

    Comment by Asif hussain — January 10, 2014 @ 8:24 AM

  57. AOA,
    Jahanzaib bhai i used pcc load balancing with 2 pppoe client, when i connect nitro with RB750 ppp- is disconect again & again kindly tell me your opinion,

    Comment by Noni — January 22, 2014 @ 10:12 PM

    • Brother use 3G router for this TL-MR3420 RS:3500 PKR

      Comment by Sulaman — March 19, 2014 @ 4:02 PM

  58. Reblogged this on Web Technology.

    Comment by ChaosWeb — January 24, 2014 @ 12:35 AM

  59. Hi,
    After this script balancing work very good, but only one problem I face is cannot access any IP from pppoe pool, I cannot access my customers CPE anymore.
    I can ping , no access to ubnt GUI.
    Any help will be appreciated,
    Thank you

    Comment by Mojitos_82 — January 27, 2014 @ 7:12 PM

  60. Syed Bhai, can LOAD BALANCING will work on crack versions

    Comment by Sulaman — March 19, 2014 @ 3:59 PM

  61. plzzzzzzzzzzzzzzzzzzzz i have 750gl and i need load balancing for 2 line 8 m.b + 4 m.b + hotspot plzzzzzzzzzzzzzzzzzzz

    Comment by Karim Nasser — August 13, 2014 @ 1:49 AM

  62. Shyed Bhai, can we use load balancing using dynamic IP from ISP.

    Comment by Alex Adamos — October 22, 2014 @ 5:36 AM

  63. salam bhai ik problum hai mene rb750gl me 4ppoe dial karwe hain or unki mergin bhi karwihai or hotspot ke throw me chalaraha hon .. ab me ppoe server configure kar raha hon to data 1wan se he jaraha hai net chal raha hai ppoe pe magar slow or 1wan se yani ik he wan se jaraha hai kindly solve my issue

    Comment by saad — October 23, 2014 @ 4:48 PM

  64. mujhe ppoe pe he 4 wan se data access karna hai kindly solve plz sir ..

    Comment by saad — October 23, 2014 @ 4:50 PM

  65. salam bhai. Bhai ma 1 chota sa network chala rha hu. 1 pc py cracked version Mikrotik 5.18 chala rha hu. pppoe+hotspot. aur load balancing k ly rb 750 lagaya hua ha. mery pass 4 wan’s han. 8mb+8mb+4mb+4mb=24mb but mera router board sirf out ziada sy ziada 12 sy 13 mb he nikalta ha. koi complete script dy den.. taky ma just new terminal main paste kru aur load balancing b thik ho jy.ya koi aur router board purchased kr lein rb 2011 ya rb 1100???? aur dosra ye puchna tha k router board py load balancing achi hti ha ya kisi pc main mikrotik install kr k us main 4 lan card laga k us main load balancing kr lein?????? aur Cir bandiwth kis isp ki achi ha? aur 150 users k ly cir banwidth kitni leni pary ge??? aur ye punjab main kis jaga Mikrotik ki complete certification krwai jati ha???? aur is ka network chalany k illawa koi faida??

    Comment by Muhammad Farooq — November 26, 2014 @ 11:59 PM

  66. How to integrate pppoe server with radius manager , i have 4 dsl , wan1 to use for connecting radiusmanager can you help

    Comment by puddu — December 3, 2014 @ 3:06 PM

  67. Dear sir. I still having a problem with this configuration. I’m using MT RB750, but i still can’t figure how to integrate with LUSCA..
    ISP 1 –> eth1 192.168.1.0/24 GW 192.168.1.2 speed 1.2M
    ISP 2 –> eth2 192.168.2.0/24 GW 192.168.2.2 speed 2 M
    none –> eth3
    Proxy —> eth4 192.168.4.0/24 GW 192.168.4.1 (SQUID LUSCA + Ubuntu 10.4 ip 192.168.4.2:8080)
    Local —> eth 5 192.168.5.0/24 GW 192.168.5.254 (i set up 50 guest client DHCP + 15 Office PC..that’s why i need proxy)

    here’s my configuration right now…i revert back to this config coz your configuration doesn’t seem works for me…
    /interface pppoe-client
    add ac-name=”” add-default-route=no allow=pap,chap,mschap1,mschap2 \
    dial-on-demand=no disabled=no interface=ether1-modem1 max-mru=1400 \
    max-mtu=1400 mrru=disabled name=spidi-1 password=***** profile=default \
    service-name=”” use-peer-dns=no user=********
    add ac-name=”” add-default-route=no allow=pap,chap,mschap1,mschap2 \
    dial-on-demand=no disabled=no interface=ether2-modem2 max-mru=1400 \
    max-mtu=1400 mrru=disabled name=spidi-2 password=****** profile=default \
    service-name=”” use-peer-dns=no user=********

    /ip firewall nat
    add action=masquerade chain=srcnat comment=”Default Masquerade” disabled=yes
    add action=masquerade chain=srcnat comment=”Masquerade default Squid” \
    disabled=no out-interface=spidi-2
    add action=masquerade chain=srcnat comment=”default configuration” disabled=\
    no out-interface=spidi-1
    add action=masquerade chain=srcnat disabled=no src-address=192.168.4.0/24
    add action=masquerade chain=srcnat disabled=yes src-address=192.168.5.0/24
    add action=dst-nat chain=dstnat comment=”Redirect to Squid” disabled=no \
    dst-port=80 protocol=tcp src-address=192.168.5.0/24 src-address-list=\
    !ubuntu to-addresses=192.168.4.2 to-ports=8080

    /ip firewall mangle
    add action=mark-packet chain=prerouting comment=\
    “Mark Cache Hit Packets / aacable@hotmail.com” disabled=no dscp=12 \
    new-packet-mark=proxy-hit passthrough=yes protocol=tcp src-address=\
    192.168.4.2 src-port=8080
    add action=change-mss chain=forward disabled=no in-interface=spidi-2 new-mss=\
    1360 passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=1361-65535
    add action=change-mss chain=forward disabled=no new-mss=1360 out-interface=\
    spidi-2 passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=1361-65535
    add action=change-mss chain=forward disabled=no in-interface=spidi-1 new-mss=\
    1360 passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=1361-65535
    add action=change-mss chain=forward disabled=no new-mss=1360 out-interface=\
    spidi-1 passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=1361-65535
    add action=mark-packet chain=prerouting comment=icmp disabled=no \
    new-packet-mark=icmp-pm passthrough=no protocol=icmp
    add action=mark-packet chain=input disabled=no new-packet-mark=icmp-pm \
    passthrough=no protocol=icmp
    add action=mark-packet chain=output disabled=no new-packet-mark=icmp-pm \
    passthrough=no protocol=icmp
    add action=mark-routing chain=prerouting comment=ecmp disabled=no \
    in-interface=ether5-LAN new-routing-mark=ecmp-pm passthrough=no protocol=\
    tcp src-address=192.168.5.0/24
    add action=mark-connection chain=prerouting comment=CONN-DOWNLOAD \
    connection-bytes=1000000-0 disabled=no dst-port=80 new-connection-mark=\
    conn-download passthrough=yes protocol=tcp
    add action=mark-packet chain=prerouting connection-mark=conn-download \
    disabled=no new-packet-mark=download-packet passthrough=yes
    add action=mark-connection chain=prerouting comment=CONN-BROWSING \
    connection-bytes=0-1000000 disabled=no dst-port=80 new-connection-mark=\
    conn-browsing passthrough=yes protocol=tcp
    add action=mark-packet chain=prerouting connection-mark=conn-browsing \
    disabled=no new-packet-mark=browsing-packet passthrough=yes

    /ip route
    add check-gateway=arp disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
    192.168.4.2 routing-mark=http scope=30 target-scope=10
    add check-gateway=ping disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
    spidi-1 routing-mark=to_speedy01 scope=30 target-scope=10
    add check-gateway=ping comment=utama disabled=no distance=1 dst-address=\
    0.0.0.0/0 gateway=spidi-2 scope=30 target-scope=10
    add check-gateway=ping disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
    spidi-2,spidi-1 scope=30 target-scope=10
    add check-gateway=ping comment=utama disabled=yes distance=1 dst-address=\
    0.0.0.0/0 gateway=spidi-2,spidi-1 scope=30 target-scope=10
    add check-gateway=ping comment=utama disabled=yes distance=2 dst-address=\
    0.0.0.0/0 gateway=spidi-1 scope=30 target-scope=10

    so here’s the problem..
    1. PCC Dual WAN configuration makes me can’t use proxy Squid Lusca
    If i’m using your dual wan config. i can’t use any of your config to set the traffic to SQUID LUSCA….sometimes the codes works, but when i look at /var/log/squid/access.log ther’s no communication at all.
    So i have to stop using proxy.
    2. PCC Dual WAN configuration makes my connection a lot slower than using One Connection
    The different on internet speed forced me to use
    add chain=prerouting dst-address-type=!ether5-LAN per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes src-address=192.168.5.0/24
    add chain=prerouting dst-address-type=!ether5-LAN per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes src-address=192.168.5.0/24

    If i’m using this configuration…my internet speed become slow and still there’s only one connection. But if i’m using your DUAL WAN configuration…my connection is faster than using 3 PCC..
    add chain=prerouting dst-address-type=!ether5-LAN per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes src-address=192.168.5.0/24
    add chain=prerouting dst-address-type=!ether5-LAN per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes src-address=192.168.5.0/24
    so…what do i have to do now…
    Please help me?

    Comment by Bayu — January 29, 2015 @ 2:18 PM

  68. Hi please i want to tell me if this script will work or not 😀 i have 3 WAN and i wan to have 2 LAN with different IP addresses:

    ######################################################################
    ## ##
    ## Script Load Balance 3 Wan 2 Lan ##
    ## ##
    ## —- Maidine Khalid —- ##
    ## ##
    ######################################################################

    #Addressage
    /ip address
    add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 interface=LAN1
    add address=192.168.2.1/24 network=192.168.2.0 broadcast=192.168.2.255 interface=LAN2
    add address=192.168.3.2/24 network=192.168.3.0 broadcast=192.168.3.255 interface=WAN1
    add address=192.168.4.2/24 network=192.168.4.0 broadcast=192.168.4.255 interface=WAN2
    add address=192.168.5.2/24 network=192.168.5.0 broadcast=192.168.5.255 interface=WAN3

    #DNS
    /ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=8.8.4.4,8.8.8.8

    #Marker Connection Entrant (La réponse doit être sur le meme interface)
    /ip firewall mangle
    add chain=input action=mark-connection new-connection-mark=WAN1_conn in-interface=WAN1
    add chain=input action=mark-connection new-connection-mark=WAN2_conn in-interface=WAN2
    add chain=input action=mark-connection new-connection-mark=WAN3_conn in-interface=WAN3

    #Marker Les Routes Pour les Packet Sortant
    /ip firewall mangle
    add chain=output action=mark-routing connection-mark=WAN1_conn new-routing-mark=to_WAN1
    add chain=output action=mark-routing connection-mark=WAN2_conn new-routing-mark=to_WAN2
    add chain=output action=mark-routing connection-mark=WAN2_conn new-routing-mark=to_WAN3

    #Communication avec le réseau local
    /ip firewall mangle
    add chain=prerouting action=accept dst-address=192.168.3.0/24 in-interface=LAN1
    add chain=prerouting action=accept dst-address=192.168.4.0/24 in-interface=LAN1
    add chain=prerouting action=accept dst-address=192.168.5.0/24 in-interface=LAN1
    add chain=prerouting action=accept dst-address=192.168.3.0/24 in-interface=LAN2
    add chain=prerouting action=accept dst-address=192.168.4.0/24 in-interface=LAN2
    add chain=prerouting action=accept dst-address=192.168.5.0/24 in-interface=LAN2

    #Division du traffic en stream
    /ip firewall mangle
    add chain=prerouting dst-address-type=!local in-interface=LAN1 per-connection-classifier=both-addresses:3/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=LAN1 per-connection-classifier=both-addresses:3/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=LAN1 per-connection-classifier=both-addresses:3/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=LAN2 per-connection-classifier=both-addresses:3/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=LAN2 per-connection-classifier=both-addresses:3/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=LAN2 per-connection-classifier=both-addresses:3/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes

    #Routing mark
    /ip firewall mangle
    add chain=prerouting connection-mark=WAN1_conn in-interface=LAN1 action=mark-routing new-routing-mark=to_WAN1
    add chain=prerouting connection-mark=WAN2_conn in-interface=LAN1 action=mark-routing new-routing-mark=to_WAN2
    add chain=prerouting connection-mark=WAN3_conn in-interface=LAN1 action=mark-routing new-routing-mark=to_WAN3
    add chain=prerouting connection-mark=WAN1_conn in-interface=LAN2 action=mark-routing new-routing-mark=to_WAN1
    add chain=prerouting connection-mark=WAN2_conn in-interface=LAN2 action=mark-routing new-routing-mark=to_WAN2
    add chain=prerouting connection-mark=WAN3_conn in-interface=LAN2 action=mark-routing new-routing-mark=to_WAN3

    #Les Routes Par default
    /ip route
    add dst-address=0.0.0.0/0 gateway=192.168.3.2 routing-mark=to_WAN1 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=192.168.4.2 routing-mark=to_WAN2 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=192.168.5.2 routing-mark=to_WAN3 check-gateway=ping

    add dst-address=0.0.0.0/0 gateway=192.168.3.2 distance=1 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=192.168.4.2 distance=2 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=192.168.5.2 distance=3 check-gateway=ping

    #Le Nat Masquerade
    /ip firewall nat
    add chain=src-nat out-interface=WAN1 action=masquerade
    add chain=src-nat out-interface=WAN2 action=masquerade
    add chain=src-nat out-interface=WAN3 action=masquerade

    Comment by Maidine — April 1, 2015 @ 8:58 PM

  69. salam janzaib
    i added 4 port 2 lan cards in my MT PC OS to get pcc loadbalancing without https broken means pcc with SRC-address but i have 1 issue with it,
    all balancing running fine but i cant able to dst-nat to my squid proxy server 4 lans connected to MT 2 single port 2 4 ports

    local 192.168.10.0
    pppoe 172.16.0.0
    squid lan port of MT =192.168.9.2
    squid = 192.168.9.1
    squid wan =10.0.10.5
    wan port for squid in MT PC =10.0.10.1
    others are loadbalancing port & ips no need to mention here
    i follow ur comment where u prefer to mark http traffic and route it in route list i follow it but cant get helped
    i can login in squid box with ssh from my MT terminal but i cant login from client pc but client pc can ping squid box when pppoe client conected
    hope these will help u to resolve my issue
    i just want to dst-nat to my squid box so my browsing and cache will run fast as it was.
    thanks inadvance,

    Comment by rehmat ali — August 5, 2015 @ 6:10 AM

  70. hello man . and thanks for your info.
    but need pcc for 9 line in rb 2011 il
    i extend your code but not working
    plz can you put your code for 9 line pcc load balancing
    with pppoe server only i dont need hotspot

    Comment by ib — August 21, 2015 @ 4:53 PM

  71. ho 4 wan 1lan load balancing bakup

    Comment by Zafar Hussain — December 1, 2015 @ 10:28 PM

  72. assalam-o-alaikum, Jainzaib bhai help me, mene rb 750r2 purchase kiya hai, mjhy kuch samaj nae arha h, plz help me

    Comment by Ahsan — December 5, 2015 @ 2:00 AM

  73. Dear Friends,

    Pls Tell me pcc load balancing working perfect or not ??? Any one facing any issue in pcc load balancing with src-address as classifier so plz tell us.

    Comment by SKY NETWORK — December 12, 2015 @ 5:18 PM

  74. Sir I have 4 wan and I need nth script

    Comment by Syed Fahad shah — March 22, 2016 @ 11:51 PM

  75. what is the diffrance between pcc bridge and pcc
    and which of them better and why ??

    Comment by qassam — May 27, 2016 @ 12:18 AM

  76. dear can u infome me please RB750G hex total bandwidth load capacity ??

    Comment by Syed Ashfaq Zaman — October 19, 2016 @ 10:06 PM

  77. 2 pppoe dhcp Wan
    1 wlan dhcp wan
    1 lan ip 192.168.88.1
    i wnat loadblancing pcc confrontation plz

    Comment by Abdul — November 19, 2016 @ 5:44 PM


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: