Syed Jahanzaib Personal Blog to Share Knowledge !

May 26, 2017

Howto bypass specific client from PCC & route to specific WAN link [Part-2]

Filed under: Mikrotik Related — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 11:57 AM

Distribution.jpg


Scenario:

Since many asked the same query, so rather to reply individually, here is one method I used at one OP & it works fine. You may opt for others solution which ever is easy for you. the thing is it should work thats it:)]

We have configured Mikrotik as 3 wan load balancer [DSL links]. PPPoE Server is configured as well. All working Good. Now we have introduced premium package for dedicated users & we want to route them via newly added 4th WAN link only so there service should work smoothly even in peak times as well. therefore we need to bypass this group from the PCC & route them to 4th WAN link which has dedicated CIR bandwidth.

Solution:

There are always different ways to achieve any task. It depends on the Operator expertise, & network scenario as well.

Copy Paste WILL Not work !

Every network is different ~ I am sharing this code so you should learn concepts. Minimize copy paste culture, invent your solutions by understanding logic’s & implement it by modifying or creating code. 

Drink Wiki & you shall succeed 😀

~ zaiB

In this example I am showing one example, [You may opt for others which ever is easy for you. the thing is it should work that’s it:) ]

  1. make pppoe pool-1 in address list. [This one for general clients = 172,16.0.1-172,16.0.255 ]
  2. make pppoe pool-2 in address list  [This one for dedicated clients = 172,16.1.1-172,16.1.255 ]
  3. when you will create normal users , assign them pppoe pool-1
  4. when you will create dedicated users , assign them pppoe pool-2
  5. In your Mangle rules, where you mark connections (classifier section] , make sure you specify pppoe pool-1 list in source address list. Also you need to duplicate this rule, and in source address list, select pool-2, basically we will mark connections for both pools, and assign them different marking connection name.
  6. now in mark routing section, repeat above, and mark routing for both marked connections.
  7. in Nat, create natting rules so traffic can be natted by all 4 wan links. you can trim this by single rule as well 🙂
  8. in Routes, create rules for all marked packets, for normal clients, user wan1-3, for dedicated clients marked packets, route them specific wan link [like wan4]

* Working Example


/ip pool
# General users pppoe profile pool, which will be routed in 3 wan links
add name=pool-1 ranges=172.16.0.1-172.16.0.254
# Dedicated users pppoe profile pool, which will be routed via wan-4 link only
add name=pool-2 ranges=172.16.1.1-172.16.1.254

/ip firewall address-list
# General users pool list, which will be routed in 3 wan links
add address=172.16.0.1-172.16.0.255 list=pool-1
# Dedicated users pool list , which will be routed via wan-4 link only
add address=172.16.1.1-172.16.1.255 list=pool-2

/ip firewall mangle

add action=accept chain=prerouting comment=PCC in-interface=pppoe-out-1
add action=accept chain=prerouting comment=PCC in-interface=pppoe-out-2
add action=accept chain=prerouting comment=PCC in-interface=pppoe-out-3
add action=accept chain=prerouting comment=PCC in-interface=pppoe-out-4

# Marking connections for dedicated clients from pool-2 address list, to be routed via WAN-3 link only
add action=mark-connection chain=prerouting comment="Mark pool-2 dedicated Users Connections" new-connection-mark=pool2-conn passthrough=yes src-address-list=15mb-pool-list
add action=mark-routing chain=prerouting comment="Mark pool-2 dedicated Users Routing Pkts" connection-mark=pool2-conn dst-address-type="" log-prefix=20mb_ new-routing-mark=pool2-route passthrough=yes

# Marking connections for general users clients from pool-1 address list, to be distributed among 3 wan link
add action=mark-connection chain=prerouting comment=PCC_MARK_CONNECTION dst-address-type=!local new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=src-address:3/0 src-address-list=pool-1
add action=mark-connection chain=prerouting comment=PCC_MARK_CONNECTION dst-address-type=!local new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=src-address:3/1 src-address-list=pool-1
add action=mark-connection chain=prerouting comment=PCC_MARK_CONNECTION dst-address-type=!local new-connection-mark=wan3_conn passthrough=yes per-connection-classifier=src-address:3/2 src-address-list=pool-1

# Marking routing form above marked conections, for general users
add action=mark-routing chain=prerouting comment=PCC_MARK_ROUTING connection-mark=wan1_conn new-routing-mark=to_wan1 passthrough=yes
add action=mark-routing chain=prerouting comment=PCC_MARK_ROUTING connection-mark=wan2_conn new-routing-mark=to_wan2 passthrough=yes
add action=mark-routing chain=prerouting comment=PCC_MARK_ROUTING connection-mark=wan3_conn new-routing-mark=to_wan3 passthrough=yes

/ip firewall nat
# Allow natting for dedicated clients, to be nat via wan-4
add action=masquerade chain=srcnat comment="ALLOW NATTING FOR POOL-2 Dedicated USERS " out-interface=pppoe-out-4 src-address-list=pool-2
# Allow natting for general clients, to be nat via wan link number 1-2-3
add action=masquerade chain=srcnat comment=NATTING_DSL_1 out-interface=pppoe-out-1 src-address-list="pool-1"
add action=masquerade chain=srcnat comment=NATTING_DSL_2 out-interface=pppoe-out-2 src-address-list="pool-1"
add action=masquerade chain=srcnat comment=NATTING_DSL_3 out-interface=pppoe-out-3 src-address-list="pool-1"

/ip route
# Route for general users marked traffic - to be passed via 3 wan links
add check-gateway=ping distance=1 gateway=pppoe-out-1 routing-mark=to_wan1
add check-gateway=ping distance=1 gateway=pppoe-out-2 routing-mark=to_wan2
add check-gateway=ping distance=1 gateway=pppoe-out-3 routing-mark=to_wan3

# Route for dedicated users marked traffic - to be passed via wan-4 link only
add comment="Route Rule for dedicated users to go via WAN-4 only " distance=1 gateway=pppoe-out-4 routing-mark=pool2-route


Regard’s
Syed Jahanzaib

Advertisements

2 Comments »

  1. If we are using radius manager DMASOFT, and the pppoe pools are configured on mikrotik. While creating users on DMASOFT is it possible to assign the general & dedicated users pools? Bcoz DMASOFT doesn’t have any pools assigned?

    Like

    Comment by damji — May 26, 2017 @ 11:37 PM


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: