Syed Jahanzaib Personal Blog to Share Knowledge !

August 29, 2011

Mikrotik 4 WAN Load Balancing using PCC with PPPoE Server / Complete Script !


3

Following is a complete script for Mikrotik to combine/load balance 4 DSL lines. This server is also acting as a PPPoE Server, therefore I have made some modifications in PCC Script.

For normal LB, read my article at https://aacable.wordpress.com/2011/06/04/mikrotik-4-wan-load-balance-pcc-complete-script-by-zaib/

In this example I used MikrotikT RB750 5 ports router. 4 ports were connected with four DSL Routers, and 5th port was connected with User LAN. Also don’t forget to rename the interface names accordingly. This script will also add pppoe server , one pppoe user, dhcp server, dns server and pcc.

In my personnel experience , If users request are directly hitting Mikrotik configured with PCC , then you will get good load balancing. Use src-address as classifier, this way you will get rid of problems like https/broken link, streaming issues etc. Load balancing using this PCC technique (src-address) will be effective and balanced approach when more and more connections (from clients) that occurred. I also recommend to use SQUID proxy server along with mikrotik , either parallel or in front or backend , for better response time and it will also increase good browsing experience to users.

If somehow you are not satisfied with the src-address approach,play with the PCC-Classifier, Try both addresses and ports as the classifier. While this will randomize things the most and in theory give you the most fair allocation of bandwidth, BUT there is also a good chance that it will break certain things like banking web sites and some forums. This is because often times a HTTP requests will generate several connections, so there is a chance that some requests may go out a different route than the initial one, and that will break secure web sites. For that reason I usually stick with src-address  for PCC load balancing.

Regard’s
Syed Jahanzaib
x-x-x-x-x-x-x-x-x-x–x-x-x-x-x-x-x-x-x-x–x-x-x-x-x-x-x-x-x-x–x-x-x-x-x-x-


/ip address
 add address=172.16.0.1/16 broadcast=172.16.255.255 comment="" disabled=no interface=Local network=172.16.0.0
 add address=192.168.1.2/24 broadcast=192.168.1.255 comment="" disabled=no interface=WAN1 network=192.168.1.0
 add address=192.168.2.2/24 broadcast=192.168.2.255 comment="" disabled=no interface=WAN2 network=192.168.2.0
 add address=192.168.3.2/24 broadcast=192.168.3.255 comment="" disabled=no interface=WAN3 network=192.168.3.0
 add address=192.168.4.2/24 broadcast=192.168.4.255 comment="" disabled=no interface=WAN4 network=192.168.4.0

/ip pool
 add name=dhcp_pool1 ranges=172.16.0.70-172.16.0.254
 add name=pppoe-users-pool ranges=10.0.0.1-10.0.0.255

/ip dhcp-server add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=static disabled=no interface=Local lease-time=12h name="My DHCP Server"

/ip dhcp-server config
 set store-leases-disk=5m

/ip dhcp-server network
 add address=172.16.0.0/16 comment="" dns-server=172.16.0.1,221.132.112.8

/interface pppoe-server server
 add authentication=pap default-profile=default disabled=no interface=Local keepalive-timeout=10 max-mru=1480 max-mtu=1480 max-sessions=1 mrru=disabled one-session-per-host=yes service-name=aacable

/ppp profile add change-tcp-mss=default dns-server=172.16.0.1 local-address=172.16.0.1 name=pppoe-profile only-one=default remote-address=pppoe-users-pool use-compression=default use-encryption=default use-vj-compression=default

/ppp secret add caller-id=”" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=zaib password=1234 profile=pppoe-profile routes=”" service=pppoe

/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=10000KiB max-udp-packet-size=512 servers=221.132.112.8,221.132.112.9

/ip firewall mangle
 add action=mark-connection chain=input comment="" disabled=no in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes
 add action=mark-connection chain=input comment="" disabled=no in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
 add action=mark-connection chain=input comment="" disabled=no in-interface=WAN3 new-connection-mark=WAN3_conn passthrough=yes
 add action=mark-connection chain=input comment="" disabled=no in-interface=WAN4 new-connection-mark=WAN4_conn passthrough=yes

add action=mark-routing chain=output comment="" connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes
 add action=mark-routing chain=output comment="" connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes
 add action=mark-routing chain=output comment="" connection-mark=WAN3_conn disabled=no new-routing-mark=to_WAN3 passthrough=yes
 add action=mark-routing chain=output comment="" connection-mark=WAN4_conn disabled=no new-routing-mark=to_WAN4 passthrough=yes

add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.1.0/24
 add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.2.0/24
 add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.3.0/24
 add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.4.0/24

add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/0 src-address=10.0.0.1-10.0.0.255

add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/1 src-address=10.0.0.1-10.0.0.255

add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=WAN3_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/2 src-address=10.0.0.1-10.0.0.255

add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=WAN4_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/3 src-address=10.0.0.1-10.0.0.255

add action=mark-routing chain=prerouting comment="" connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes
 add action=mark-routing chain=prerouting comment="" connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes
 add action=mark-routing chain=prerouting comment="" connection-mark=WAN3_conn disabled=no new-routing-mark=to_WAN3 passthrough=yes
 add action=mark-routing chain=prerouting comment="" connection-mark=WAN4_conn disabled=no new-routing-mark=to_WAN4 passthrough=yes

/ip firewall nat
 add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN1 src-address=10.0.0.1-10.0.0.255
 add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN2 src-address=10.0.0.1-10.0.0.255
 add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN3 src-address=10.0.0.1-10.0.0.255
 add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN4 src-address=10.0.0.1-10.0.0.255

/ip route
 add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 scope=30 target-scope=10

add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 scope=30 target-scope=10

add check-gateway=ping disabled=no distance=3 dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_WAN3 scope=30 target-scope=10

add check-gateway=ping disabled=no distance=4 dst-address=0.0.0.0/0 gateway=192.168.4.1 routing-mark=to_WAN4 scope=30 target-scope=10

add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=30 target-scope=10

add check-gateway=ping comment="" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=30 target-scope=10

add check-gateway=ping comment="" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=192.168.3.1 scope=30 target-scope=10

add check-gateway=ping comment="" disabled=no distance=4 dst-address=0.0.0.0/0 gateway=192.168.4.1 scope=30 target-scope=10

All Done ! Now Test the link by putting user load, the more multiple users load you put on it, the better Load Balance result you will get 🙂

PCC WITH HOTSPOT

If you wanna run PCC with HOTSPOT on same Mikrotik Server, Put this rule in place to stop the hotspot from processing people after they have signed into the network.

/ip firewall nat add action=accept chain=pre-hotspot disabled=no dst-address-type=!local hotspot=auth

PCC WITH UN-EQUAL WAN LINKS

If you have Un-Equal WAN Links, for example WAN,1,2,3 are of 4MB and WAN,4 is of 8 Mb, and you want to force MT to use WAN4 link more then other because of its capacity, Then you have to Add more PCC rules assigning the same two marks to a specific link i.e WAN4 , something like

Code:

add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/3 action=mark-connection new-connection-mark=WAN4_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/4 action=mark-connection new-connection-mark=WAN4_conn passthrough=yes

٩(●̮̮̃•̃)۶   ZaiB   ٩(●̮̮̃•̃)۶


Another shortest script for 2 wan load balancing (modems are wan gateway)

Updated: 23-April-2018 on request of Hishami Ali, Syria,
~ by syed.jahanzaib

Scenario:

INTERFACES NAMES:
Local
WAN1
WAN2

IP POOLS:
LAN Pool: 192.168.88.0/24
PPPoE Pool: 172.16.50.0/24
WAN1 Pool: 192.16.1.0/24
WAN2 Pool: 192.168.2.0/24

/ip address
add address=192.168.88.1/24 broadcast=192.168.88.255 comment="" disabled=no interface=Local network=192.168.255.0
add address=192.168.1.2/24 broadcast=192.168.1.255 comment="" disabled=no interface=WAN1 network=192.168.1.0
add address=192.168.2.2/24 broadcast=192.168.2.255 comment="" disabled=no interface=WAN2 network=192.168.2.0

# adding firewall list for ease of use, so that we dont have to further modify all rules, we will just modify this part only- - by zaiB
# Change all as required
/ip firewall address-list
add address=172.16.50.1-172.16.50.255 list=allowed_users
add address=192.168.1.0/24 list=modems_gateway_ips_list
add address=192.168.2.0/24 list=modems_gateway_ips_list

# You may use below pool in pppoe profile, or change it as required
/ip pool
add name=pppoe_pool ranges=172.16.50.1-172.16.50.255

/ip firewall mangle
add action=accept chain=prerouting comment="ACCEPT MODEM DST IPS LIST - BY SYED JAHANZAIB" dst-address-list=modems_gateway_ips_list

# Adding Routing marks for WAN-1
add action=mark-routing chain=prerouting dst-address-type="" new-routing-mark=to_WAN1 passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 src-address-list=\
allowed_users src-address-type=!local

# Adding Routing marks for WAN-1
add action=mark-routing chain=prerouting dst-address-type="" new-routing-mark=to_WAN2 passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 src-address-list=\
allowed_users src-address-type=!local

# Default Masquerade / NAT Rule
/ip firewall nat
add action=masquerade chain=srcnat comment="ALLOW ONLY PPPOE INTERNET USERS LIST 172.16.50.1-172.16.50.255 - BY SYED JAHANZAIB" src-address-list=allowed_users

# Adding routes for marked packets
/ip route

add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=to_WAN1
add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=to_WAN2

# Adding Default Gateway for failed routes
add check-gateway=ping distance=1 gateway=192.168.1.1
add check-gateway=ping distance=2 gateway=192.168.2.1

Regard’s

July 27, 2011

Mikrotik DUAL WAN Load Balancing using PCC method ! by zaiB

Filed under: Mikrotik Related — Tags: , , , , — Syed Jahanzaib / Pinochio~:) @ 10:16 AM


Mikrotik  DUAL WAN Load Balancing using PCC method. Complete Script ! by zaiB

pcc

This post illustrates on how you can configure load balancing of multiple wan links using Mikrotik Routerboard hardware (or RouterOS x86 version).  In this example I have used Mikrotik Routerboard CCR 1036 model.  Don’t forget to rename the interface names accordingly if you are a copy paste fan

  • 2 ports were connected with two difference DSL Routers
  • and 3rd port was connected with User LAN.
  • Both DSL are of same speed , i.e 10 Mb each.

DSL MODEM IP’S

  • DSL MODEM 1 = 192.168.1.1
  • DSL MODEM 2 = 192.168.2.1

In this example, we are using PCC (per connection classifier) method to achieve the load balancing. There are few options using this approach & each option may give you different results.

Example#1:  src-address

  • Use src-address as classifier, this way you will get rid of problems like https/broken link, streaming issues etc (dueot ip changing on each request) . Load balancing using this PCCtechnique (src-address) requires that users must be hitting the PCC box directly (either dhcp/ppp server etc). In this method user will be tagged with specific WAN link once connected with the mikrotik. This way till his online session he will stick to that particular wan link. A single user will not be ale to use all WAN links. This approach works good if you have a bit higher amount of bandwidth on each link.

Example#2: both-addresses-and-ports

  • If somehow you are not satisfied with the src-address approach (OR your requirements is to achieve maximum download speed using all WAN links simultaneously) , Then play with the PCC Classifier, Try both addresses and ports as the classifier (as used in this guide as well). While this will randomize things the most and in theory give you the most fair allocation of bandwidth (as any request will be distributed among all WAN links), BUT there is also a good chance that it will break certain things like banking web sites and some forums. This is because often times a HTTP requests will generate several connections, so there is a chance that some requests may go out a different route than the initial one, and that will break secure web sites. For that reason I usually like to go with src-address PCC load balancing approach (but only if users are hitting the pcc box)

~Syed Jahanzaib


PCC Script !

All Done ! Now Test the link by putting user load, the more multiple users load you put on it, the better Load Balance result you will get 🙂


PCC WITH UN-EQUAL WAN LINKS

If you have Un-Equal WAN Links, for example WAN,1 is of 4MB and WAN,2 is of 8 Mb, and you want to force MT to use WAN2 link more then other because of its capacity, Then you have to Add more PCC rules assigning the same two marks to a specific link i.e WAN2 , something like

Code:


/ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 interface=WAN1
add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN2
/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=8.8.8.8
/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping
/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade

 


PCC WITH HOTSPOT (Reference)

/ip firewall nat add action=accept chain=pre-hotspot disabled=no dst-address-type=!local hotspot=auth

 

٩(●̮̮̃•̃)۶   ZaiB   ٩(●̮̮̃•̃)۶

%d bloggers like this: