Mikrotik - Part Five [Line Balancing - ISP] by: Mohamed Ahmed.

Sep 13, 2017 11:45 AM
Sep 13, 2017 11:47 AM
636408747005970838.jpg

Good this time, let's see a little about Load Balancing with different ISPs.

What is ISP load balancing?

It will help to balance the load of our LAN (connections) between 2 or more lines or internet links. What is balanced are non-bandwidth connections.

This means availability of bandwidth to guarantee the LAN.

To have a little more information I invite you to read the following papers.

https://mikrotik.com

https://wiki.mikrotik.com/wiki/

General considerations

The Core Mikrotik router should not perform DNS resolutions, nor must DNS cache and WEB-PROXY be enabled.

The Core router will only perform the work of balancing the connections between different ISPs (depending on the workload).

* Rolling is not a sum of lines.

First steps

The configuration is based on the use of different papers, scripts and debugging.

There will be 3 ISPs (Internet Service Providers).

1-) ADSL

2-) IP FIXED

3-) IP FIXED

To do this, when making the PppOe tag on ADSL, the options "Add Default Route and DNS" should not be ticked.

636408739674825747.jpg

The network segments to use are:

1- Dynamic Ip -> 10.0.0.2/30

2-10.0.1.1/30

3- 10.0.2.1/30

4- 172.16.1.10/30 -> IP address to establish the link with the Router Adminitrador which will manage all the services.

This will allow us to connect to the Routers to access the configurations.

Assigning IP Addresses

The first thing to do is to assign the Ip addresses to the interfaces.

Code

/ip address

add address=10.0.0.2/30 interface=ether1 network=10.0.0.0

add address=10.0.1.1/30 interface=ether2 network=10.0.1.0

add address=10.0.2.1/30 interface=ether3 network=10.0.2.0

add address=172.16.1.10/30 interface=ether5 network=172.16.1.8

636408740608672424.jpg

Masking the connections

Code

/ip firewall nat

add action=masquerade chain=srcnat out-interface=Telecom

add action=masquerade chain=srcnat out-interface=ether2

add action=masquerade chain=srcnat out-interface=ether3

636408741482016841.jpg

Configure Routes and Link Status.

Static routes are added, as we "know" the gateways, Ip addresses and subnet masks.

Code

/ip route

add distance=1 gateway=Telecom

add distance=2 check-gateway=ping gateway=10.0.1.2

add distance=3 check-gateway=ping gateway=10.0.2.2

Where the distance will indicate which is the primary link, and the backup.

Checking "gateway" will constantly send an ICMP to see if the link is active or not.

636408742521473716.jpg

Configuring Mangle and Connections

This is where the real work of balancing the connections begins, it will configure the incoming and outgoing packets.

Everything that enters by a WAN , must leave by the SAME WAN

Code

/ip firewall mangle

add action=mark-connection chain=prerouting comment="LO QUE INGRESA POR UNA WAN SALE POR LA MISMA WAN" connection-state=new in-interface=\

Telecom new-connection-mark=Telecom-out_conn passthrough=yes

add action=mark-connection chain=prerouting connection-state=new in-interface=ether2 new-connection-mark=ether2-out_conn passthrough=yes

add action=mark-connection chain=prerouting connection-state=new in-interface=ether3 new-connection-mark=ether3-out_conn passthrough=yes

add action=mark-routing chain=output connection-mark=Telecom-out_conn new-routing-mark=Telecom-out passthrough=yes

add action=mark-routing chain=output connection-mark=ether2-out_conn new-routing-mark=Ether2-out passthrough=yes

add action=mark-routing chain=output connection-mark=ether3-out_conn new-routing-mark=Ether3-out passthrough=yes

636408743168974455.jpg

Target groups

Now you must proceed to make a grouping of connections, for this particular case that there are 3 ISPs, note that per-connection-classifier = both-addresses is used: 3/0

Where it indicates that it classifies connections in both directions (upload / download) .

If you have more ISP you must modify and place 4/0 ....

The work to be done is to mark the "New" connections where a connection mark is added.

Code

ip firewall mangle

add action = mark-connection chain = prerouting comment = "BALANCING CONNECTIONS" connection-state = new dst-address-type =! local \

in-interface = ether5 new-connection-mark = Telecom-out_conn passthrough = yes per-connection-classifier = both-addresses: 3/0

add action = mark-connection chain = prerouting connection-state = new dst-address-type =! local in-interface = ether5 new-connection-mark =

ether2-out_conn passthrough = yes per-connection-classifier = both-addresses: 3/1

add action = mark-connection chain = prerouting connection-state = new dst-address-type =! local in-interface = ether5 new-connection-mark =

ether3-out_conn passthrough = yes per-connection-classifier = both-addresses: 3/2

=========================================================================================

With the connection mark established in the previous script, it will make a routing mark to indicate the interface where the packages and connections enter as well; establishes a routing flag to use later in the Routes section.

Code

ip firewall mangle

add action = mark-routing chain = prerouting connection-mark = Telecom-out_conn in-interface = ether5 new-routing-mark =

And it is

add action = mark-routing chain = prerouting connection-mark = ether2-out_conn in-interface = ether5 new-routing-mark = output-ether2 passthrough =

And it is

add action = mark-routing chain = prerouting connection-mark = ether3-out_conn in-interface = ether5 new-routing-mark = output-ehter3 \

passthrough = yes

636408744772119730.jpg

Set up marked routes

The final work, where you will use the path marks "output-ehter1 / output-ether2 / output-ether3" ....

Code

/ip route

add distance=1 gateway=Telecom routing-mark=salida-ether1

add check-gateway=ping distance=1 gateway=10.0.1.2 routing-mark=salida-ether2

add check-gateway=ping distance=1 gateway=10.0.2.1 routing-mark=salida-ether3

add disabled=yes distance=1 gateway=Telecom routing-mark=server scope=255

add distance=1 gateway=Telecom

add check-gateway=ping distance=2 gateway=10.0.1.2

add check-gateway=ping distance=3 gateway=10.0.2.2

Result

The work done, allows several ISP providers, here 3 were used with 10Mb down and the upload speed is 1Mb / 3Mb / 5Mb.

This allows the Router Administrator to use all the services provided by mikrotik, Dns Cache / Web Proxy / QoS PCC and different scenarios also implement a HotSpot, well that will be for future entries.

The following images show how the balancer works and how it is distributing the load automatically.

636408745632255114.jpg

And last but not least, how the Balancer identifies the connections of each ISP.

636408745976906678.jpg

thanks ...

greetings.......

mohamed ahmed

Comments

No Comments Exist

Be the first, drop a comment!