2 wan pcc problem

moazdabsheh · Wed Apr 23, 2014 1:54 am

i applied this scenario on mikrotik v 5.26 on x86 machine

/ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=local
add address=10.10.10.0/24 network=192.168.0.0 broadcast=10.10.10.255 interface=local
add address=10.0.0.100/24 network=192.168.1.0 broadcast=10.0.0.255 interface=WAN1
add address=5.5.5.200/24 network=192.168.2.0 broadcast=5.5.5.255 interface=WAN2

/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=221.132.112.8,8.8.8.8

/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn

add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2

add chain=prerouting dst-address=10.0.0.0/24 action=accept in-interface=local
add chain=prerouting dst-address=5.5.5.0/24 action=accept in-interface=local

add chain=prerouting dst-address-type=!local in-interface=local per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=local per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes

add chain=prerouting connection-mark=WAN1_conn in-interface=local action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=local action=mark-routing new-routing-mark=to_WAN2

/ip route
add dst-address=0.0.0.0/0 gateway=10.0.0.138 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=5.5.5.1 routing-mark=to_WAN2 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=10.0.0.138 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=5.5.5.1 distance=2 check-gateway=ping

/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade

both wan lines are 8 Mbps
but when i test on speedtest.net or check the load balance by downloading a file i notice than only wan1 have activity while wan2 is not active for users connected on mikrotik.

what did i do wrong ??

Wed Apr 23, 2014 2:19 am

Are you sure that network and broadcast addresses correspond to address of wan2?

Wed Apr 23, 2014 2:20 am

Switch wan1 off and check if wan2 works.

Wed Apr 23, 2014 2:21 am

Also check packet/connection marking in ip-firewall-connections.

Wed Apr 23, 2014 2:22 am

And remember that one connection goes only thru one wan, not thru both simultaneously.

moazdabsheh · Wed Apr 23, 2014 5:40 pm

Are you sure that network and broadcast addresses correspond to address of wan2?

Yes, this is the ip addresses

/ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE 0
;;; static ip clients
192.168.0.1/24 192.168.0.0 local
1 10.0.0.100/24 10.0.0.0 WAN1
2 5.5.5.200/24 5.5.5.0 WAN2
3 D 192.168.0.1/32 10.10.10.199 <pppoe-ah5>
4 D 192.168.0.1/32 10.10.10.198 <pppoe-ah2>
5 D 192.168.0.1/32 10.10.10.196 <pppoe-ah1>
6 D 192.168.0.1/32 10.10.10.195 <pppoe-ah4>

moazdabsheh · Wed Apr 23, 2014 6:08 pm

these are my settings:

/ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; static ip clients 192.168.0.1/24 192.168.0.0 local
1 10.0.0.100/24 10.0.0.0 WAN1
2 5.5.5.200/24 5.5.5.0 WAN2
3 D 192.168.0.1/32 10.10.10.199 <pppoe-ah5>
4 D 192.168.0.1/32 10.10.10.198 <pppoe-ah2>
5 D 192.168.0.1/32 10.10.10.196 <pppoe-ah1>
6 D 192.168.0.1/32 10.10.10.195 <pppoe-ah4>

/ip firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=input action=mark-connection new-connection-mark=WAN1_conn passthrough=yes in-interface=WAN1
1 chain=input action=mark-connection new-connection-mark=WAN2_conn passthrough=yes in-interface=WAN2
2 chain=output action=mark-routing new-routing-mark=to_WAN1 passthrough=yes connection-mark=WAN1_conn
3 chain=output action=mark-routing new-routing-mark=to_WAN2 passthrough=yes connection-mark=WAN2_conn
4 chain=prerouting action=accept dst-address=10.0.0.0/24 in-interface=local
5 chain=prerouting action=accept dst-address=5.5.5.0/24 in-interface=local
6 chain=prerouting action=mark-connection new-connection-mark=WAN1_conn passthrough=yes dst-address-type=!local in-interface=local per-connection-classifier=both-addresses-and-ports:2/0
7 chain=prerouting action=mark-connection new-connection-mark=WAN2_conn passthrough=yes dst-address-type=!local in-interface=local
8 chain=prerouting action=mark-routing new-routing-mark=to_WAN1 passthrough=yes in-interface=local connection-mark=WAN1_conn
9 chain=prerouting action=mark-routing new-routing-mark=to_WAN2 passthrough=yes in-interface=local connection-mark=WAN2_conn

/ip route print Flags:
X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 10.0.0.138 1
1 A S 0.0.0.0/0 5.5.5.1 1
2 A S 0.0.0.0/0 10.0.0.138 1
3 S 0.0.0.0/0 5.5.5.1 2
4 ADC 5.5.5.0/24 5.5.5.200 WAN2 0
5 ADC 10.0.0.0/24 10.0.0.100 WAN1 0
6 ADC 10.10.10.195/32 192.168.0.1 <pppoe-ah4> 0
7 ADC 10.10.10.196/32 192.168.0.1 <pppoe-ah1> 0
8 ADC 10.10.10.198/32 192.168.0.1 <pppoe-ah2> 0
9 ADC 10.10.10.199/32 192.168.0.1 <pppoe-ah5> 0
10 ADC 192.168.0.0/24 192.168.0.1 local 0

/ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; default internet rule
chain=srcnat action=masquerade out-interface=WAN1
1 ;;; Redirect Expired Pool Users to local Web Proxy for redirecting them to N on Payment Page.
chain=dstnat action=redirect to-ports=8080 protocol=tcp src-address=172.16.1.1-172.16.1.255 dst-port=80
2 chain=srcnat action=masquerade out-interface=WAN1
3 chain=srcnat action=masquerade to-addresses=0.0.0.0 out-interface=WAN2

what could be possible wrong in my config ?

moazdabsheh · Wed Apr 23, 2014 6:15 pm

Switch wan1 off and check if wan2 works.

yes it works.
i'm using user manager to authenticate users.

aacable · Thu Apr 24, 2014 1:37 pm

you are using web proxy too on the pcc box ?
also there is a mistake in your IP Address config for WAN2.

add address=5.5.5.200/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN2

moazdabsheh · Thu Apr 24, 2014 5:56 pm

no i'm not proxy on mikrotik, but i will later after i accomplish the PCC method to achieve 2 wan lines bonding, though all traffic goes through wan1 and wan2 is always on low traffic.

the ip address config was a typing mistake at the forum, check my print in the following post to see my settings., i'm using mikrotik usermanager as well.

nemswisp · Thu Apr 24, 2014 8:39 pm

Try adding Nth 2/1 and Nth 2/2 to these two mangle rules you have.

add chain=prerouting dst-address-type=!local in-interface=local per-connection-classifier=both-addresses-and-ports:2/0 Nth 2/1 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=local per-connection-classifier=both-addresses-and-ports:2/1 Nth 2/2 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes

If I remember right this was the only way I could get PCC or ECMP to work right. I do know that put the Nth into the mangle rules was the only way I could get though put on both the Upload and Download to work I just don't remember just which rule I put it in. It will not work if you have 2 wan's with only 1 gateway IP. I've tried it and it didn't work. I did get it to work but the router I had it on get hit by lighting that night and I did save a backup. Very stupid of me I know.

moazdabsheh · Fri Apr 25, 2014 9:46 pm

Try adding Nth 2/1 and Nth 2/2 to these two mangle rules you have.

add chain=prerouting dst-address-type=!local in-interface=local per-connection-classifier=both-addresses-and-ports:2/0 Nth 2/1 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=local per-connection-classifier=both-addresses-and-ports:2/1 Nth 2/2 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes

If I remember right this was the only way I could get PCC or ECMP to work right. I do know that put the Nth into the mangle rules was the only way I could get though put on both the Upload and Download to work I just don't remember just which rule I put it in. It will not work if you have 2 wan's with only 1 gateway IP. I've tried it and it didn't work. I did get it to work but the router I had it on get hit by lighting that night and I did save a backup. Very stupid of me I know.

it gives me (bad command name add (line 1 column 1) on terminal !!
anyway i changed it using winbox gui, it did nothing, WAN2 still have no activity after modifications, all bandwidth goes thruogh WAN1 only

bingo220 · Fri Apr 25, 2014 11:51 pm

Read my answer (config) here http://forum.mikrotik.com/viewtopic.php ... 99#p409010
Maybe it will be useful.

nemswisp · Sat Apr 26, 2014 7:18 pm

Try adding Nth 2/1 and Nth 2/2 to these two mangle rules you have.

add chain=prerouting dst-address-type=!local in-interface=local per-connection-classifier=both-addresses-and-ports:2/0 Nth 2/1 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=local per-connection-classifier=both-addresses-and-ports:2/1 Nth 2/2 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes

If I remember right this was the only way I could get PCC or ECMP to work right. I do know that put the Nth into the mangle rules was the only way I could get though put on both the Upload and Download to work I just don't remember just which rule I put it in. It will not work if you have 2 wan's with only 1 gateway IP. I've tried it and it didn't work. I did get it to work but the router I had it on get hit by lighting that night and I did save a backup. Very stupid of me I know.
it gives me (bad command name add (line 1 column 1) on terminal !!
anyway i changed it using winbox gui, it did nothing, WAN2 still have no activity after modifications, all bandwidth goes thruogh WAN1 only

Ok I had the format wrong on it. It should have been nth 2,1 and nth 2,2 I understand you changed it using anther method and it still didn't work. As I said I lost the copy I had that worked but I do know that when I did get it to work I had to have the nth in there but there was more. I read over my notes and seen that I also had to have 2 nat rules to make it work as well. I just don't have the details as I have lost them. The only part I have was that one rule forced marked route for wan1 out wan1 and the other out wan2 using the routing marks from the mangle rules. With these rule it would balance the income or download but all the upload would only go though one connection. Both IP's are on the same subnet with the same subnet. I have requested an IP for the second connection on a different subnet to see if that fixes the issue.

I am working on the same problem now my self. When I find an answer I will post here If you find one that works for you I would thankful if you could do the same.

moazdabsheh · Mon Apr 28, 2014 3:54 pm

Syed said he would help when he get some free time.
anyway, have you try bonding interfaces ?
does it merge both interfaces speed into one and make it look like one line with both speeds ?

falestiny · Mon Apr 28, 2014 4:10 pm

as far as i know it should do load balancing and not speed merge.

check the below link, it may help you.

http://mum.mikrotik.com/presentations/US12/steve.pdf

moazdabsheh · Mon Apr 28, 2014 4:38 pm

i did checked the link weeks ago.
while some Egyptians showed that speed merge can be achieved but they are using hotspot for authentication.
i noticed when i go to (IP - Firewall - Connections) that only pppoe users don't have connection mark (either wan1_mark or wan2_mark) while manually static ip clients have both marks and looks like it applies only on clients with manual ip on their pc's !!

where from palestine are you ?

falestiny · Mon Apr 28, 2014 5:50 pm

Well i have PCC configuration and 2 WAN interfaces load balance with one of my clients and it works fine at their local network but i never try PPP connection with this configuration.

I'm originally from Gaza but the whole my life living abroad

moazdabsheh · Tue Apr 29, 2014 2:58 pm

aboard where ?

falestiny · Tue Apr 29, 2014 3:00 pm

now in Turkey

nemswisp · Fri May 16, 2014 6:26 am

I'm sorry moazdabsheh I didn't have the right code earlier post. Here is code I just used on my RB1100AHx2 and it works perfectly. I have two 30M connections and I get the full 60M on speedtest.net with this code.

PCC Rewritten for per packet load balance with the use of nth.

/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=LAN
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=ISP1
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=ISP2

/ ip firewall mangle
add chain=prerouting dst-address=10.111.0.0/24 action=accept in-interface=LAN
add chain=prerouting dst-address=10.112.0.0/24 action=accept in-interface=LAN
add chain=prerouting in-interface=ISP1 connection-mark=no-mark action=mark-connection nth=2,1 \
new-connection-mark=ISP1_conn
add chain=prerouting in-interface=ISP1 connection-mark=no-mark action=mark-connection nth=2,2 \
new-connection-mark=ISP2_conn
add chain=prerouting in-interface=ISP2 connection-mark=no-mark action=mark-connection nth=2,1 \
new-connection-mark=ISP1_conn
add chain=prerouting in-interface=ISP2 connection-mark=no-mark action=mark-connection nth=2,2 \
new-connection-mark=ISP2_conn
add chain=prerouting in-interface=LAN connection-mark=no-mark dst-address-type=!local \
per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-

mark=ISP1_conn
add chain=prerouting in-interface=LAN connection-mark=no-mark dst-address-type=!local \
per-connection-classifier=both--addresses-and-ports:2/1 action=mark-connection new-

connection-mark=ISP2_conn
add chain=prerouting connection-mark=ISP1_conn in-interface=LAN action=mark-routing \
new-routing-mark=to_ISP1
add chain=prerouting connection-mark=ISP2_conn in-interface=LAN action=mark-routing \
new-routing-mark=to_ISP2
add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=to_ISP1
add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=to_ISP2

/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 routing-mark=to_ISP1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 routing-mark=to_ISP2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.111.0.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 distance=2 check-gateway=ping

/ ip firewall nat
add chain=srcnat out-interface=ISP1 action=masquerade
add chain=srcnat out-interface=ISP2 action=masquerade

I hope it helps.

viktorx · Fri May 16, 2014 10:20 pm

Does this config works? Anyone tried? I tried many configs but no luck so I configured it that some my devices use one wan and other the other wan. Maybe my provider blocked loadbalancing

because I had 2 tp-link loadbalancing routers and they didnt work either

moazdabsheh · Sat May 17, 2014 2:40 pm

I'm sorry moazdabsheh I didn't have the right code earlier post. Here is code I just used on my RB1100AHx2 and it works perfectly. I have two 30M connections and I get the full 60M on speedtest.net with this code.

PCC Rewritten for per packet load balance with the use of nth.

/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=LAN
add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=ISP1
add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=ISP2

/ ip firewall mangle
add chain=prerouting dst-address=10.111.0.0/24 action=accept in-interface=LAN
add chain=prerouting dst-address=10.112.0.0/24 action=accept in-interface=LAN
add chain=prerouting in-interface=ISP1 connection-mark=no-mark action=mark-connection nth=2,1 \
new-connection-mark=ISP1_conn
add chain=prerouting in-interface=ISP1 connection-mark=no-mark action=mark-connection nth=2,2 \
new-connection-mark=ISP2_conn
add chain=prerouting in-interface=ISP2 connection-mark=no-mark action=mark-connection nth=2,1 \
new-connection-mark=ISP1_conn
add chain=prerouting in-interface=ISP2 connection-mark=no-mark action=mark-connection nth=2,2 \
new-connection-mark=ISP2_conn
add chain=prerouting in-interface=LAN connection-mark=no-mark dst-address-type=!local \
per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-

mark=ISP1_conn
add chain=prerouting in-interface=LAN connection-mark=no-mark dst-address-type=!local \
per-connection-classifier=both--addresses-and-ports:2/1 action=mark-connection new-

connection-mark=ISP2_conn
add chain=prerouting connection-mark=ISP1_conn in-interface=LAN action=mark-routing \
new-routing-mark=to_ISP1
add chain=prerouting connection-mark=ISP2_conn in-interface=LAN action=mark-routing \
new-routing-mark=to_ISP2
add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=to_ISP1
add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=to_ISP2

/ ip route
add dst-address=0.0.0.0/0 gateway=10.111.0.1 routing-mark=to_ISP1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 routing-mark=to_ISP2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.111.0.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=10.112.0.1 distance=2 check-gateway=ping

/ ip firewall nat
add chain=srcnat out-interface=ISP1 action=masquerade
add chain=srcnat out-interface=ISP2 action=masquerade

I hope it helps.

does this works with PPPOE server authenticated by MK UserManager ??

viktorx · Mon May 19, 2014 10:41 pm

This config doesnt eaven working for me. On lan clients theres no internet access...

2 wan pcc problem

2 wan pcc problem

Re: 2 wan pcc problem

Re: 2 wan pcc problem

Re: 2 wan pcc problem

Re: 2 wan pcc problem

Re: 2 wan pcc problem

Re: 2 wan pcc problem

Re: 2 wan pcc problem

Re: 2 wan pcc problem

Re: 2 wan pcc problem

Re: 2 wan pcc problem

Re: 2 wan pcc problem

Re: 2 wan pcc problem

Re: 2 wan pcc problem

Re: 2 wan pcc problem

Re: 2 wan pcc problem

Re: 2 wan pcc problem

Re: 2 wan pcc problem

Re: 2 wan pcc problem

Re: 2 wan pcc problem

Re: 2 wan pcc problem

Re: 2 wan pcc problem

Re: 2 wan pcc problem

Re: 2 wan pcc problem

Who is online