Forum Thread: Mikrotik - Part Five [Line Balancing - ISP] by: Mohamed Ahmed.

Good this time, let's see a little about Load Balancing with different ISPs.

What is ISP load balancing?

It will help to balance the load of our LAN (connections) between 2 or more lines or internet links. What is balanced are non-bandwidth connections.

This means availability of bandwidth to guarantee the LAN.

To have a little more information I invite you to read the following papers.

https://mikrotik.com

https://wiki.mikrotik.com/wiki/

General considerations
The Core Mikrotik router should not perform DNS resolutions, nor must DNS cache and WEB-PROXY be enabled.

The Core router will only perform the work of balancing the connections between different ISPs (depending on the workload).

* Rolling is not a sum of lines.

First steps
The configuration is based on the use of different papers, scripts and debugging.

There will be 3 ISPs (Internet Service Providers).

1-) ADSL
2-) IP FIXED
3-) IP FIXED

To do this, when making the PppOe tag on ADSL, the options "Add Default Route and DNS" should not be ticked.

The network segments to use are:

1- Dynamic Ip -> 10.0.0.2/30
2-10.0.1.1/30
3- 10.0.2.1/30
4- 172.16.1.10/30 -> IP address to establish the link with the Router Adminitrador which will manage all the services.

This will allow us to connect to the Routers to access the configurations.

Assigning IP Addresses

The first thing to do is to assign the Ip addresses to the interfaces.

Code
/ip address
add address=10.0.0.2/30 interface=ether1 network=10.0.0.0
add address=10.0.1.1/30 interface=ether2 network=10.0.1.0
add address=10.0.2.1/30 interface=ether3 network=10.0.2.0
add address=172.16.1.10/30 interface=ether5 network=172.16.1.8

Masking the connections

Code
/ip firewall nat
add action=masquerade chain=srcnat out-interface=Telecom
add action=masquerade chain=srcnat out-interface=ether2
add action=masquerade chain=srcnat out-interface=ether3

Configure Routes and Link Status.

Static routes are added, as we "know" the gateways, Ip addresses and subnet masks.

Code
/ip route
add distance=1 gateway=Telecom
add distance=2 check-gateway=ping gateway=10.0.1.2
add distance=3 check-gateway=ping gateway=10.0.2.2

Where the distance will indicate which is the primary link, and the backup.

Checking "gateway" will constantly send an ICMP to see if the link is active or not.

Configuring Mangle and Connections

This is where the real work of balancing the connections begins, it will configure the incoming and outgoing packets.

Everything that enters by a WAN , must leave by the SAME WAN

Code
/ip firewall mangle

add action=mark-connection chain=prerouting comment="LO QUE INGRESA POR UNA WAN SALE POR LA MISMA WAN" connection-state=new in-interface=\

Telecom new-connection-mark=Telecom-out_conn passthrough=yes

add action=mark-connection chain=prerouting connection-state=new in-interface=ether2 new-connection-mark=ether2-out_conn passthrough=yes

add action=mark-connection chain=prerouting connection-state=new in-interface=ether3 new-connection-mark=ether3-out_conn passthrough=yes

add action=mark-routing chain=output connection-mark=Telecom-out_conn new-routing-mark=Telecom-out passthrough=yes
add action=mark-routing chain=output connection-mark=ether2-out_conn new-routing-mark=Ether2-out passthrough=yes
add action=mark-routing chain=output connection-mark=ether3-out_conn new-routing-mark=Ether3-out passthrough=yes

Target groups

Now you must proceed to make a grouping of connections, for this particular case that there are 3 ISPs, note that per-connection-classifier = both-addresses is used: 3/0

Where it indicates that it classifies connections in both directions (upload / download) .
If you have more ISP you must modify and place 4/0 ....

The work to be done is to mark the "New" connections where a connection mark is added.

Code
ip firewall mangle

add action = mark-connection chain = prerouting comment = "BALANCING CONNECTIONS" connection-state = new dst-address-type =! local \

in-interface = ether5 new-connection-mark = Telecom-out_conn passthrough = yes per-connection-classifier = both-addresses: 3/0

add action = mark-connection chain = prerouting connection-state = new dst-address-type =! local in-interface = ether5 new-connection-mark =

ether2-out_conn passthrough = yes per-connection-classifier = both-addresses: 3/1

add action = mark-connection chain = prerouting connection-state = new dst-address-type =! local in-interface = ether5 new-connection-mark =

ether3-out_conn passthrough = yes per-connection-classifier = both-addresses: 3/2
=========================================================================================

With the connection mark established in the previous script, it will make a routing mark to indicate the interface where the packages and connections enter as well; establishes a routing flag to use later in the Routes section.

Code
ip firewall mangle

add action = mark-routing chain = prerouting connection-mark = Telecom-out_conn in-interface = ether5 new-routing-mark =

And it is

add action = mark-routing chain = prerouting connection-mark = ether2-out_conn in-interface = ether5 new-routing-mark = output-ether2 passthrough =

And it is

add action = mark-routing chain = prerouting connection-mark = ether3-out_conn in-interface = ether5 new-routing-mark = output-ehter3 \

passthrough = yes

Set up marked routes

The final work, where you will use the path marks "output-ehter1 / output-ether2 / output-ether3" ....

Code
/ip route
add distance=1 gateway=Telecom routing-mark=salida-ether1
add check-gateway=ping distance=1 gateway=10.0.1.2 routing-mark=salida-ether2
add check-gateway=ping distance=1 gateway=10.0.2.1 routing-mark=salida-ether3
add disabled=yes distance=1 gateway=Telecom routing-mark=server scope=255
add distance=1 gateway=Telecom
add check-gateway=ping distance=2 gateway=10.0.1.2
add check-gateway=ping distance=3 gateway=10.0.2.2

Result

The work done, allows several ISP providers, here 3 were used with 10Mb down and the upload speed is 1Mb / 3Mb / 5Mb.

This allows the Router Administrator to use all the services provided by mikrotik, Dns Cache / Web Proxy / QoS PCC and different scenarios also implement a HotSpot, well that will be for future entries.

The following images show how the balancer works and how it is distributing the load automatically.

And last but not least, how the Balancer identifies the connections of each ISP.

thanks ...
greetings.......
mohamed ahmed

Never Miss a Hacking or Security Guide

New Null Byte in your inbox, every week.

Be the First to Respond

Share Your Thoughts

  • Hot
  • Active