~Mikrotik Router / 4 WAN Load Balancing using PCC method~
Updated 4th December, 2013
This post illustrates on how you can configure load balancing of multiple wan links using Mikrotik Routerboard hardware (or RouterOS x86 version). In this example I have used Mikrotik Routerboard CCR 1036 model. 4 ports are connected with Four DSL Routers, and 5th port was connected with User LAN. Don’t forget to rename the interface names accordingly if you are a copy paste fan.
In this example, we are using PCC (per connection classifier) method to achieve the load balancing. There are few options using this approach & each option may give you different results.
Example#1: src-address
Use src-address as classifier, this way you will get rid of problems like https/broken link, streaming issues etc (dueot ip changing on each request) . Load balancing using this PCC technique (src-address) requires that users must be hitting the PCC box directly (either dhcp/ppp server etc). In this method user will be tagged with specific WAN link once connected with the mikrotik. This way till his online session he will stick to that particular wan link. A single user will not be ale to use all WAN links. This approach works good if you have a bit higher amount of bandwidth on each link.
Example#2: both-addresses-and-ports
If somehow you are not satisfied with the src-address approach (OR your requirements is to achieve maximum download speed using all WAN links simultaneously) , Then play with the PCC Classifier, Try both addresses and ports as the classifier (as used in this guide as well). While this will randomize things the most and in theory give you the most fair allocation of bandwidth (as any request will be distributed among all WAN links), BUT there is also a good chance that it will break certain things like banking web sites and some forums. This is because often times a HTTP requests will generate several connections, so there is a chance that some requests may go out a different route than the initial one, and that will break secure web sites. For that reason I usually like to go with src-address PCC load balancing approach (but only if users are hitting the pcc box)
~Syed Jahanzaib
Scenario:
- Mikrotik LAN IP = 192.168.0.1
- DSL1 Router IP = 192.168.1.1 / INTERFACE NAME = WAN1
- DSL2 Router IP = 192.168.1.1 / INTERFACE NAME = WAN2
- DSL3 Router IP = 192.168.1.1 / INTERFACE NAME = WAN3
- DSL4 Router IP = 192.168.1.1 / INTERFACE NAME = WAN4
the Script !
# IP Addresses for reference purpose /ip address add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 interface=WAN1 add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN2 add address=192.168.3.2/24 network=192.168.3.0 broadcast=192.168.3.255 interface=WAN3 add address=192.168.4.2/24 network=192.168.4.0 broadcast=192.168.4.255 interface=WAN4 # Add NET ALLOWED users Address list, to make sure only allowed users get internet access. Make sure to modify this as per your requirements, we can use this list later for other management purposes /ip firewall address-list add address=192.168.0.1-192.168.0.255 list=allowed_users # Accept Connections /ip firewall mangle add action=accept chain=prerouting in-interface=WAN1 add action=accept chain=prerouting in-interface=WAN2 add action=accept chain=prerouting in-interface=WAN3 add action=accept chain=prerouting in-interface=WAN4 # Mangle Section # Marking connections for 4 dsl distribution add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes src-address-list=allowed_users add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes src-address-list=allowed_users add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes src-address-list=allowed_users add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/3 action=mark-connection new-connection-mark=WAN4_conn passthrough=yes src-address-list=allowed_users # Marking Routing Marks to be used by ROUTES Section add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1 add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2 add chain=prerouting connection-mark=WAN3_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN3 add chain=prerouting connection-mark=WAN4_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN4 # Adding ROUTE for marked routes (done by mangle earlier) /ip route add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 check-gateway=ping add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 check-gateway=ping add dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_WAN3 check-gateway=ping add dst-address=0.0.0.0/0 gateway=192.168.4.1 routing-mark=to_WAN4 check-gateway=ping # DEFAULT ROUTES, OR Fail over routes , just incase in any router goes offline, then these default routes as per distance, will be used as default add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping add dst-address=0.0.0.0/0 gateway=192.168.3.1 distance=3 check-gateway=ping add dst-address=0.0.0.0/0 gateway=192.168.4.1 distance=4 check-gateway=ping # NAT/MASQUERADE the requests going on each interface (used by ROUTES) /ip firewall nat add chain=srcnat out-interface=WAN1 action=masquerade src-address-list=allowed_users add chain=srcnat out-interface=WAN2 action=masquerade src-address-list=allowed_users add chain=srcnat out-interface=WAN3 action=masquerade src-address-list=allowed_users add chain=srcnat out-interface=WAN4 action=masquerade src-address-list=allowed_users
Now Configure DNS server so users can resolve host names using your mikrotik.
/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=8.8.8.8
All Done !
Now Test the link by putting user load, the more multiple users load you put on it, the better Load Balance result you will get 🙂
PCC WITH UN-EQUAL WAN LINKS
If you have Un-Equal WAN Links, for example WAN,1,2,3 are of 4MB and WAN,4 is of 8 Mb, and you want to force MT to use WAN4 link more then other because of its capacity, Then you have to Add more PCC rules assigning the same two marks to a specific link i.e WAN4 , something like
Code:
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/3 action=mark-connection new-connection-mark=WAN4_conn passthrough=yes add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/4 action=mark-connection new-connection-mark=WAN4_conn passthrough=yes
PCC WITH SAME GATEWAY
Try defining the outbound interface.
For example replace this.
/ip route add dst-address=0.0.0.0/0 gateway=1.2.3.4 routing-mark=to_wan-ISP1 check-gateway=ping add dst-address=0.0.0.0/0 gateway=1.2.3.4 routing-mark=to_wan-ISP2 check-gateway=ping With following /ip route add dst-address=0.0.0.0/0 gateway=1.2.3.4%eth1-ISP routing-mark=to_wan-ISP1 check-gateway=ping add dst-address=0.0.0.0/0 gateway=1.2.3.4%eth2-ISP routing-mark=to_wan-ISP2 check-gateway=ping
Replace the eth1-ISP with your own wan interface name , use the notation % for sure.
If it works , let me know
TIP:
Using modems in BRIDGE mode will probably give you some better performance and control 🙂 Try it 😉
22 WAN PCC script , using TPLINK routers as wan gateways
Just for reference purposes,
# IP addresses for WAN Modems (TPLINK Routers) #192.168.1.1 #192.168.2.1 #and so on /ip address add address=172.16.0.1/16 interface=Local network=172.16.0.0 add address=192.168.1.50/24 interface=vlan1 network=192.168.1.0 add address=192.168.2.50/24 interface=vlan2 network=192.168.2.0 add address=192.168.3.50/24 interface=vlan3 network=192.168.3.0 add address=192.168.4.50/24 interface=vlan4 network=192.168.4.0 add address=192.168.5.50/24 interface=vlan5 network=192.168.5.0 add address=192.168.6.50/24 interface=vlan6 network=192.168.6.0 add address=192.168.7.50/24 interface=vlan7 network=192.168.7.0 add address=192.168.8.50/24 interface=vlan8 network=192.168.8.0 add address=192.168.9.25/24 interface=vlan9 network=192.168.9.0 add address=192.168.10.50/24 interface=vlan10 network=192.168.10.0 add address=192.168.11.50/24 interface=vlan11 network=192.168.11.0 add address=192.168.12.50/24 interface=vlan12 network=192.168.12.0 add address=192.168.13.50/24 interface=vlan13 network=192.168.13.0 add address=192.168.14.50/24 interface=vlan14 network=192.168.14.0 add address=192.168.15.50/24 interface=vlan15 network=192.168.15.0 add address=192.168.16.50/24 interface=vlan16 network=192.168.16.0 add address=192.168.17.50/24 interface=vlan17 network=192.168.17.0 add address=192.168.18.50/24 interface=vlan18 network=192.168.18.0 add address=192.168.19.50/24 interface=vlan19 network=192.168.19.0 add address=192.168.20.50/24 interface=vlan20 network=192.168.20.0 add address=192.168.21.50/24 interface=vlan21 network=192.168.21.0 add address=192.168.22.50/24 interface=vlan22 network=192.168.22.0 /interface vlan add comment=WAN-1 interface=WAN_TRUNK name=vlan1 vlan-id=2 add comment=WAN-2 interface=WAN_TRUNK name=vlan2 vlan-id=3 add comment=WAN-3 interface=WAN_TRUNK name=vlan3 vlan-id=4 add comment=WAN-4 interface=WAN_TRUNK name=vlan4 vlan-id=5 add comment=WAN-5 interface=WAN_TRUNK name=vlan5 vlan-id=6 add comment=WAN-6 interface=WAN_TRUNK name=vlan6 vlan-id=7 add comment=WAN-7 interface=WAN_TRUNK name=vlan7 vlan-id=8 add comment=WAN-8 interface=WAN_TRUNK name=vlan8 vlan-id=9 add comment=WAN-9 interface=WAN_TRUNK name=vlan9 vlan-id=10 add comment=WAN-10 interface=WAN_TRUNK name=vlan10 vlan-id=11 add comment=WAN-11 interface=WAN_TRUNK name=vlan11 vlan-id=12 add comment=WAN-12 interface=WAN_TRUNK name=vlan12 vlan-id=13 add comment=WAN-13 interface=WAN_TRUNK name=vlan13 vlan-id=14 add comment=WAN-14 interface=WAN_TRUNK name=vlan14 vlan-id=15 add comment=WAN-15 interface=WAN_TRUNK name=vlan15 vlan-id=16 add comment=WAN-16 interface=WAN_TRUNK name=vlan16 vlan-id=17 add comment=WAN-17 interface=WAN_TRUNK name=vlan17 vlan-id=18 add comment=WAN-18 interface=WAN_TRUNK name=vlan18 vlan-id=19 add comment=WAN-19 interface=WAN_TRUNK name=vlan19 vlan-id=20 add comment=WAN-20 interface=WAN_TRUNK name=vlan20 vlan-id=21 add comment=WAN-20 interface=WAN_TRUNK name=vlan21 vlan-id=22 add comment=WAN-21 interface=WAN_TRUNK name=vlan22 vlan-id=23 /ip firewall address-list add address=10.0.0.1-10.0.0.255 list=net_allowed_list /ip firewall mangle add action=accept chain=prerouting dst-address=192.168.1.0/24 add action=accept chain=prerouting dst-address=192.168.2.0/24 add action=accept chain=prerouting dst-address=192.168.3.0/24 add action=accept chain=prerouting dst-address=192.168.4.0/24 add action=accept chain=prerouting dst-address=192.168.5.0/24 add action=accept chain=prerouting dst-address=192.168.6.0/24 add action=accept chain=prerouting dst-address=192.168.7.0/24 add action=accept chain=prerouting dst-address=192.168.8.0/24 add action=accept chain=prerouting dst-address=192.168.9.0/24 add action=accept chain=prerouting dst-address=192.168.10.0/24 add action=accept chain=prerouting dst-address=192.168.11.0/24 add action=accept chain=prerouting dst-address=192.168.12.0/24 add action=accept chain=prerouting dst-address=192.168.13.0/24 add action=accept chain=prerouting dst-address=192.168.14.0/24 add action=accept chain=prerouting dst-address=192.168.15.0/24 add action=accept chain=prerouting dst-address=192.168.16.0/24 add action=accept chain=prerouting dst-address=192.168.17.0/24 add action=accept chain=prerouting dst-address=192.168.18.0/24 add action=accept chain=prerouting dst-address=192.168.19.0/24 add action=accept chain=prerouting dst-address=192.168.20.0/24 add action=accept chain=prerouting dst-address=192.168.21.0/24 add action=accept chain=prerouting dst-address=192.168.22.0/24 add action=mark-connection chain=prerouting comment=2 dst-address-type=!local new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/0 src-address-list=net_allowed_list add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/1 src-address-list=net_allowed_list add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN3_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/2 src-address-list=net_allowed_list add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN4_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/3 src-address-list=net_allowed_list add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN5_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/4 src-address-list=net_allowed_list add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN6_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/5 src-address-list=net_allowed_list add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN7_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/6 src-address-list=net_allowed_list add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN8_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/7 src-address-list=net_allowed_list add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN9_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/8 src-address-list=net_allowed_list add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN10_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/9 src-address-list=net_allowed_list add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN11_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/10 src-address-list=net_allowed_list add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN12_Conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/11 src-address-list=net_allowed_list add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN13_Conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/12 src-address-list=net_allowed_list add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN14_Conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/13 src-address-list=net_allowed_list add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN15_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/14 src-address-list=net_allowed_list add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN16_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/15 src-address-list=net_allowed_list add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN17_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/16 src-address-list=net_allowed_list add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN18_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/17 src-address-list=net_allowed_list add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN19_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/18 src-address-list=net_allowed_list add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN20_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/19 src-address-list=net_allowed_list add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN21_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/20 src-address-list=net_allowed_list add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN22_con passthrough=yes per-connection-classifier=both-addresses-and-ports:22/21 src-address-list=net_allowed_list add action=mark-routing chain=prerouting connection-mark=WAN1_conn new-routing-mark=to_WAN1 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN2_conn new-routing-mark=to_WAN2 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN3_conn new-routing-mark=to_WAN3 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN4_conn new-routing-mark=to_WAN4 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN5_conn new-routing-mark=to_WAN5 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN6_conn new-routing-mark=to_WAN6 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN7_conn new-routing-mark=to_WAN7 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN8_conn new-routing-mark=to_WAN8 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN9_conn new-routing-mark=to_WAN9 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN10_conn new-routing-mark=to_WAN10 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN11_conn new-routing-mark=to_WAN11 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN12_Conn new-routing-mark=to_WAN12 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN13_Conn new-routing-mark=to_WAN13 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN14_Conn new-routing-mark=to_WAN14 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN15_conn new-routing-mark=to_WAN15 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN16_conn new-routing-mark=to_WAN16 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN17_conn new-routing-mark=to_WAN17 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN18_conn new-routing-mark=to_WAN18 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN19_conn new-routing-mark=to_WAN19 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN20_conn new-routing-mark=to_WAN20 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN21_conn new-routing-mark=to_WAN21 passthrough=yes add action=mark-routing chain=prerouting connection-mark=WAN22_con new-routing-mark=to_WAN22 passthrough=yes /ip firewall nat add action=masquerade chain=srcnat src-address-list=net_allowed_list /ip route add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=to_WAN1 add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=to_WAN2 add check-gateway=ping distance=1 gateway=192.168.3.1 routing-mark=to_WAN3 add check-gateway=ping distance=1 gateway=192.168.4.1 routing-mark=to_WAN4 add check-gateway=ping distance=1 gateway=192.168.5.1 routing-mark=to_WAN5 add check-gateway=ping distance=1 gateway=192.168.6.1 routing-mark=to_WAN6 add check-gateway=ping distance=1 gateway=192.168.7.1 routing-mark=to_WAN7 add check-gateway=ping distance=1 gateway=192.168.8.1 routing-mark=to_WAN8 add check-gateway=ping distance=1 gateway=192.168.9.1 routing-mark=to_WAN9 add check-gateway=ping distance=1 gateway=192.168.10.1 routing-mark=to_WAN10 add check-gateway=ping distance=1 gateway=192.168.11.1 routing-mark=to_WAN11 add check-gateway=ping distance=1 gateway=192.168.12.1 routing-mark=to_WAN12 add check-gateway=ping distance=1 gateway=192.168.13.1 routing-mark=to_WAN13 add check-gateway=ping distance=1 gateway=192.168.14.1 routing-mark=to_WAN14 add check-gateway=ping distance=1 gateway=192.168.15.1 routing-mark=to_WAN15 add check-gateway=ping distance=1 gateway=192.168.16.1 routing-mark=to_WAN16 add check-gateway=ping distance=1 gateway=192.168.17.1 routing-mark=to_WAN17 add check-gateway=ping distance=1 gateway=192.168.18.1 routing-mark=to_WAN18 add check-gateway=ping distance=1 gateway=192.168.19.1 routing-mark=to_WAN19 add check-gateway=ping distance=1 gateway=192.168.20.1 routing-mark=to_WAN20 add check-gateway=ping distance=1 gateway=192.168.21.1 routing-mark=to_WAN21 add check-gateway=ping distance=1 gateway=192.168.22.1 routing-mark=to_WAN22 add check-gateway=ping comment="WAN-1 / DEFAULT ROUTE" distance=1 gateway=192.168.1.1
٩(●̮̮̃•̃)۶ ZaiB ٩(●̮̮̃•̃)۶
Syed Jahanzaib - Personal Blog to Share Knowledge ! 