Syed Jahanzaib – Personal Blog to Share Knowledge !

February 1, 2014

Mikrotik: Routing Target Web Site to Secondary WAN Link

Filed under: Mikrotik Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 3:44 PM

If you have two WAN links, and you want to dedicate one link for the specific web site or FACEBOOK traffic only, you can do it with Mikrotik in few simple steps.

First understand the logic, Main idea is to first create the script which will catch the target web site name via dns cache, and then it will add it to a address list with target web site ip addresses. (it will be done automatically via using the script) ,  Now in mangle, create a rule to mark packets with the above created address list, , then in route section, create new route to forward marked packets to go via WAN 2 link.

First add the script

SCRIPT SECTION:

Add the script which will catch the required web site name using dns-cache

###############################################
# script name: target_web_site
# Script to add TARGET_WEB_SITE DNS IP addresses
# Syed Jahanzaib / aacable@hotmail.com
# Script Source: N/A / GOOGLE : )

:log warning "Script Started ... Adding TARGET_WEB_SITE DNS ip's to address list name TARGET_WEB_SITE_dns_ips"
:foreach i in=[/ip dns cache find] do={
:local bNew "true";
:local cacheName [/ip dns cache all get $i name] ;
:if ([:find $cacheName "aacable.wordpress.com"] != 0) do={
:local tmpAddress [/ip dns cache get $i address] ;
:put $tmpAddress;
:if ( [/ip firewall address-list find ] = "") do={
:log info ("added entry: $[/ip dns cache get $i name] IP $tmpAddress");
/ip firewall address-list add address=$tmpAddress list=TARGET_WEB_SITE_dns_ips comment=$cacheName;
} else={
:foreach j in=[/ip firewall address-list find ] do={
:if ( [/ip firewall address-list get $j address] = $tmpAddress ) do={
:set bNew "false";
}
}
:if ( $bNew = "true" ) do={
:log info ("added entry: $[/ip dns cache get $i name] IP $tmpAddress");
/ip firewall address-list add address=$tmpAddress list=TARGET_WEB_SITE_dns_ips comment=$cacheName;
}
}
}
}
# TARGET_WEB_SITE DNS IP ADD Script Ended ...

SCHEDULER SECTION:

Schedule the script to run after every 5 minutes  (or hourly basis)

/system scheduler
add disabled=no interval=5m name=target_web_site_schedule on-event=target_web_site_schedule policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api start-date=feb/11/2014 start-time=00:00:00

MARK PACKETS SECTION:

Now mark traffic for the required web site in PREROUTING chain.

/ip firewall mangle
add action=mark-routing chain=prerouting disabled=no dst-address-list=TARGET_WEB_SITE_dns_ips new-routing-mark=target_website_packets passthrough=yes

ROUTE MARKED PACKETS SECTION:

Finally, create a route for the marked packets to go via second wan.

/ip route
add comment="Route for marked packets for target web marked packets" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=target_website_packets scope=30 target-scope=10

###############################################

All Done !!!
Now simply open your required web site , adn elt the script run ( or run it manually), now you will see few ip addresses in the ip > firewall > address-list

Its amazing, you can route any Website/traffic to specific WAN link, for example dedicated DSL link for streaming media sites or FB. its kewl 😉

For more info and ideas, please visit following link.
http://wiki.mikrotik.com/wiki/Per-Traffic_Load_Balancing

zaiB !

40 Comments »

  1. thats good i think its better than load balancing

    Like

    Comment by usman — August 7, 2011 @ 7:21 PM

    Reply

    • Hmmm in some scenario its good.
      For example, at my friends setup, I used it to route only Youtube base traffic to DSl line (10mb x 4 dsl). Main internet backbone was 30mb via fiber optics. but I didn’t wanted it to put youtube load on main feed, therefore I marked Youtube content and route it to RB750 Load balancer. That’s how I saved considerably bandwidth :)~

      Liked by 1 person

      Comment by Pinochio / zaib — August 8, 2011 @ 7:23 AM

      Reply

      • hello. sir can you plz guide me how to get dns cache in separate load balancer. coz i have two mikrotik 1 for load balance and 2nd is for pppoe server. the problem is i do not get dns cache in load balcer .as i get in pppoe server tell me how to get in load balancer

        Like

        Comment by Arslan — October 29, 2016 @ 4:49 PM

  2. i apply the rule but still the same situation kindly tell me how to put the browsing on one wan and download on one wan.Thanks

    Like

    Comment by salman — October 14, 2011 @ 1:22 PM

    Reply

    • plz pura rule likh da samj nai lag rahe is ki

      Like

      Comment by waqar — July 31, 2013 @ 11:14 PM

      Reply

  3. use packet marking.
    Mark the packet with the extentions you want to route to 2nd wan for example .mp3 .exe .flv etc etc.
    Then create new route for marked packet and set its gateway to 2nd wan.

    Like

    Comment by Pinochio~:) — October 14, 2011 @ 1:58 PM

    Reply

  4. kindly u can tell me the script Thanks

    Like

    Comment by Salman — October 17, 2011 @ 12:56 AM

    Reply

  5. In this paket marking youtube streaming will also be balance?

    Like

    Comment by salman — October 17, 2011 @ 7:19 PM

    Reply

    • Actually the method described in this post will mark packets for specific destination ips, then request for these destination will be routed to second gateway. These ips can be any web site ip whether its you-tube or any other.

      Like

      Comment by Pinochio~:) — October 18, 2011 @ 10:52 AM

      Reply

  6. Sir u can give me example of packet marking.That how to do

    Thanks

    Like

    Comment by salman — October 27, 2011 @ 1:51 PM

    Reply

  7. Q:1- Can we route youtube (same addresses) on 2 to 3 wan links at a time? and give us Rules.
    Q:2- Can we use PCC with this routing.

    thanks,
    Azam

    Like

    Comment by crownwirelessm — December 18, 2011 @ 2:09 PM

    Reply

    • 1# You can define only one Route for specific marked packets.
      2# Yes you can use PCC with some minor editing.

      Like

      Comment by Pinochio~:) — December 19, 2011 @ 10:40 AM

      Reply

      • when i use you tube routing, then all other traffic automatically route to second WAN link?

        regards,

        Like

        Comment by crownwirelessazam — December 24, 2011 @ 1:17 PM

      • Well, the target was to route youtube or FLV related traffic to one WAN link and all other traffic to Second WAN link.
        Describe in detail if you have any query regarding it.

        Like

        Comment by Pinochio~:) — December 24, 2011 @ 2:32 PM

      • can you please tell us what are the minor editing needed for this to work with PCC?

        Like

        Comment by Mayssam Ismail — December 11, 2016 @ 7:11 PM

  8. Youtube routing
    /ip route add comment=”” disabled=no distance=1 dst-address=0.0.0.0/0 gateway= routing-mark=youtube scope=255 target-scope=10

    all other traffic routing
    /ip route add comment=”” disabled=no distance=1 dst-address=0.0.0.0/0 gateway= scope=255 target-scope=10 check-gateway=ping

    for failover DSL-2
    /ip route add comment=”” disabled=no distance=2 dst-address=0.0.0.0/0 gateway= scope=255 target-scope=10 check-gateway=ping

    is this ok?

    regards

    Like

    Comment by muhammad azam — December 27, 2011 @ 3:00 PM

    Reply

  9. Youtube routing
    /ip route add comment=”” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=”DSL-1 IP address” routing-mark=youtube scope=255 target-scope=10
    all other traffic routing
    /ip route add comment=”” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=”DSL-2 IP address” scope=255 target-scope=10 check-gateway=ping
    for failover DSL-2
    /ip route add comment=”” disabled=no distance=2 dst-address=0.0.0.0/0 gateway=”DSL-1 IP address” scope=255 target-scope=10 check-gateway=ping

    is this ok?

    regards

    Like

    Comment by muhammad azam — December 27, 2011 @ 3:02 PM

    Reply

  10. Good job. Sir i want better youtube service on one wan. i.e, prioritize youtube over downloading

    Like

    Comment by waqar — May 10, 2012 @ 11:20 PM

    Reply

  11. Dear Jhanzaib Bhai…. AOA

    I cant able to traceout the IP’s of youtube, as they hide he IP’s on the backend of Google.com….. Kindlt tell me how to deal with this issue…. 173.194.35.97 IP is showing at nslookup but its not to be UTUBE IP

    Like

    Comment by kashif khan — September 1, 2012 @ 9:08 PM

    Reply

    • Create a address list name Youtube

      Try this

      /ip firewall mangle chain=prerouting action=add-dst-to-address-list protocol=tcp address-list=Youtube address-list-timeout=60m in-interface=!ether2(WAN Interface) dst-port=80 content=youtube.com

      Addresses will be added to Youtube address list and will be there for 1 hour.

      Like

      Comment by Syed Jahanzaib / Pinochio~:) — September 1, 2012 @ 10:49 PM

      Reply

  12. Asalam O Alikum sir

    sir thanks for this article.. sir if you can please tell how to use this thing with pcc, i hve tried it but not working 😦

    Like

    Comment by ZJ — September 22, 2012 @ 2:07 PM

    Reply

  13. Hi, can some one help me to make one WAN for browsing (HTTP&HTTPS), and the other one for Download and youtube?

    DSL1=192.168.0.1
    DSL2=192.168.100.250

    Mikrotik:-
    LAN 10.0.0.1/23
    WAN1 192.168.0.2/24
    WAN2 192.168.100.1/24

    please help!

    Like

    Comment by zoomoos — December 12, 2012 @ 6:07 PM

    Reply

  14. Thank you! Thats what I was looking for 🙂
    I am using YT dst-address mark by content youtube.com and add to address-list
    right now around 1300 IPs
    but I noticed some streams of downloading are going through YT WAN also…
    but in general it free 40% utilization from WAN_1 to WAN_YT 🙂

    Like

    Comment by Arni — February 6, 2013 @ 4:41 AM

    Reply

  15. Hi every body
    I have 2 inter face as following:
    !-lan-1 192.168.10.0/22
    2-Wan-1 xxx.xxx.xxx.xxx/27 and in the wan interface i have 4 valid ip and i has set all of the 4 IP in the IP Address List.

    As example I want to send all traffic for youtube.com through the one of the valid ip on WAN-1, and all more traffic to the next valid ip on the same wan interface. Can some one help me?????????

    Like

    Comment by Pooyan — March 1, 2013 @ 3:19 AM

    Reply

  16. You can also use the CONTENT option in advanced tab to mark-routing the packets. Use youtube.com and mark-routing to whatever wan you need

    Like

    Comment by John — December 3, 2013 @ 7:05 AM

    Reply

  17. WAN-1 for youtube
    WAN-2 for remaining

    this script is working perfectly for specific routing with browsing and online vedios contant..
    but when i need to download it starts downloading from WAN-2 ,,please help me

    Like

    Comment by irfan — February 19, 2014 @ 1:29 AM

    Reply

  18. Thanks for finally writing about >Mikrotik: Routing Target Web Site to Secondary WAN Link | Syed
    Jahanzaib Personnel Blog to Share Knowledge ! <Loved it!

    Like

    Comment by juice beauty — March 19, 2014 @ 11:28 PM

    Reply

  19. plz review the above script it is not work correctly

    Like

    Comment by Eng Ahmedm — April 22, 2014 @ 3:11 PM

    Reply

  20. Syed,

    Thanks for your work.
    Please let me know why in storeurl.pl is this url repeatly shown “print $x . “http://fathayu/” …?

    Regards

    Like

    Comment by patito — May 10, 2014 @ 11:21 AM

    Reply

  21. Hi
    can somebody help me to redirect some trafic for a list of a network address to one WAN, and another address to de second WAN.
    Thanks.

    Like

    Comment by Alex Monkam — May 23, 2014 @ 1:31 AM

    Reply

  22. give me youtube address list and facebook address list

    Like

    Comment by 3l1t3p0is0n — February 28, 2015 @ 1:23 PM

    Reply

  23. Hello,
    I have a lease line of 155Mbps from an ISP. This ISP has given me /30 on wan side and /21 LAN pools on Static Route. No BGP is established because I do not have my IP’s & AS thus cannot do peering. Now I want to have only Google/Youtube bandwidth from a new provider and route all Google/YT request to this new ISP. The idea is to save app. 45% bandwidth on my main ISP. How can I achieve this without BGP
    Thanks

    Like

    Comment by Aamir — August 16, 2015 @ 5:11 PM

    Reply

  24. Hello Every One, i am running 3 WAN Load-balancing using PCC method.
    Working great.

    So now i need to use one website to be used selected Wan

    For Example
    i want to open www(dot).WebsiteName(dot).com
    it should only use WAN 2 for this website..

    But it not effect over all load balancing.

    Like

    Comment by hammad hassan — October 25, 2015 @ 3:55 PM

    Reply

  25. in my mikrotik I have configured 2 wans 1 is main and 1 for backup simply 2 wan configured. I am adding 3rd wan for youtube but this script is not working in my router box what should I do ?

    Like

    Comment by raheel — February 13, 2016 @ 4:59 PM

    Reply

  26. asslam Alikum i am Using microtik 951Ui-2Hnd with to diffirent ISP but LAN network some time creating DNS problem How to arrange DNS of Both ISP primary and secondry. i am facing this issue many time try to resolove but it is not resolving Plz help me to to arrange DNS of Two diffirent ISP

    Like

    Comment by Muhammad Tariq — April 25, 2016 @ 7:01 PM

    Reply

  27. Hello, first at all, ¡thanks for sharing!!
    I think there are something wrong with the script, I want to send the traffic for “seguridadvial.gov.ar” to second gateway but when the script fill the address list with so many other sites that does not have relation with “seguridadvial.gov.ar” sites like news portals or on line radio stations. I want to know if I am doing something wrong or that is normal. THANKS!

    Like

    Comment by Nicolas Emmanuel — December 16, 2016 @ 7:57 PM

    Reply

  28. but what about secondry WAN didt that line stop providing traffinc on my board and just provide for facebook ?? or he provide facebook and the other websites ?

    Like

    Comment by qassam — January 21, 2017 @ 2:22 PM

    Reply

RSS feed for comments on this post. TrackBack URI

Leave a comment