Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Triple pppoe connections pcc balancing with failover. Strange situation with the pppoe connections

Locked
 
ppolitop
just joined
Topic Author
Posts: 1
Joined: Mon Jul 13, 2015 8:49 pm

Triple pppoe connections pcc balancing with failover. Strange situation with the pppoe connections

Mon Jul 13, 2015 9:29 pm

Hello everyone! :D

I have been trying to setup a few Mikrotik RB2011UiAS-RM's as "load balancer" of multiple DSL connections, with the ability to retain full connectivity, even when one of the connections is down. This is my first project with Mikrotik products so please be gentle if I am missing something obvious (I did try reading a lot of posts here before posting at least).

The scenario is pretty straightforward: 3 DSL connections with the modems/routers provided by the ISPs setup in bridge mode. Mikrotik is connecting through 3 separate pppoe sessions.

Image

Since the speed of the links is unequal, I have tried to setup a pcc-based balancing with the ratio of 4:1:1. What happens is that traffic that is sent through any of the slow ADSL lines is not getting any responses. In the pppoe packet counters I can see that packets are sent -with the correct ratio- but RX counters remain at nearly constant and close-to-zero values.

When I reset the router to default settings and use the quick set wizard to setup ANY of the 3 available connections on its own, everything works fine. When I try the attached configuration, that includes all of them, I am getting lots of timeouts/failed connections (only one pppoe passes traffic both ways, the first one, the VDSL). The strange thing is that when this happens, the ADSL modem/routers of the ISPs stop working and no matter what I do (e.g. reset Mikrotik, use other router -a Draytek- for the pppoe client) they still don't reply unless I turn them of for a few minutes first. All these happen even though the pppoe connection connect normally (or so it seems).

Is there a possibility that the issue here may be that all DSL lines connect to the same BRAS? Maybe the ports I am using on my router have the same MAC address? Any ideas are welcome, I have been trying to troubleshoot this for weeks with no progress made :(
Code: Select all
# jul/12/2015 03:11:32 by RouterOS 6.23
# software id = 65S9-TUXX
#
/interface bridge
add admin-mac=4C:5E:0C:FB:FA:3C auto-mac=no name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] name=ether1-cyta-vdsl-pppoe
set [ find default-name=ether6 ] name=ether6-master-local
set [ find default-name=ether7 ] master-port=ether6-master-local name=ether7-slave-local
set [ find default-name=ether8 ] name=ether8-OTE-dsl
set [ find default-name=ether9 ] name=ether9-cyta-dsl-pppoe
set [ find default-name=ether10 ] master-port=ether6-master-local name=ether10-slave-local poe-out=off
/ip neighbor discovery
set ether1-cyta-vdsl-pppoe discover=no
/ip pool
add name=dhcp ranges=192.168.0.10-192.168.0.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local name=default
/port
set 0 name=serial0
/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 default-route-distance=1 dial-on-demand=no disabled=no interface=ether9-cyta-dsl-pppoe keepalive-timeout=60 max-mru=1480 max-mtu=1462 mrru=1600 name=pppoe-cyta-adsl password=PASS1 profile=default service-name="" use-peer-dns=no user=USERNAME1
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 default-route-distance=1 dial-on-demand=no disabled=no interface=ether1-cyta-vdsl-pppoe keepalive-timeout=60 max-mru=1480 max-mtu=1462 mrru=disabled name=pppoe-cyta-vdsl password=PASS2 profile=default service-name="" use-peer-dns=no user=USERNAME2
add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 default-route-distance=1 dial-on-demand=no disabled=no interface=ether8-OTE-dsl keepalive-timeout=60 max-mru=1480 max-mtu=1480 mrru=1600 name=pppoe-ote password=PASS3 profile=default service-name="" use-peer-dns=no user=USERNAME3
/interface bridge port
add bridge=bridge-local interface=ether2
add bridge=bridge-local interface=ether3
add bridge=bridge-local interface=ether4
add bridge=bridge-local interface=ether5
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local interface=sfp1
/ip address
add address=192.168.0.1/24 comment="default configuration" interface=ether2 network=192.168.0.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid interface=ether1-cyta-vdsl-pppoe
/ip dhcp-server lease
add address=192.168.0.22 client-id=1:94:de:80:7b:30:32 mac-address=94:DE:80:7B:30:32 server=default
/ip dhcp-server network
add address=192.168.0.0/24 comment="default configuration" dns-server=192.168.0.170 gateway=192.168.0.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=192.168.0.170
/ip dns static
add address=192.168.0.170 name=pizza
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established,related
add action=drop chain=input comment="default configuration" in-interface=ether1-cyta-vdsl-pppoe
add chain=forward comment="default configuration" connection-state=established,related
add action=drop chain=forward comment="default configuration" connection-state=invalid
add action=drop chain=forward comment="default configuration" connection-nat-state=!dstnat connection-state=new in-interface=ether1-cyta-vdsl-pppoe
/ip firewall mangle
add chain=prerouting dst-address=192.168.0.0/24 in-interface=bridge-local
add action=mark-connection chain=input connection-mark=no-mark in-interface=pppoe-cyta-vdsl new-connection-mark=WAN1 passthrough=no
add action=mark-connection chain=input connection-mark=no-mark in-interface=pppoe-ote new-connection-mark=WAN2 passthrough=no
add action=mark-connection chain=input connection-mark=no-mark in-interface=pppoe-cyta-adsl new-connection-mark=WAN3 passthrough=no
add action=mark-routing chain=output connection-mark=WAN1 new-routing-mark=WAN1 out-interface=pppoe-cyta-vdsl passthrough=no
add action=mark-routing chain=output connection-mark=WAN2 new-routing-mark=WAN2 out-interface=pppoe-ote passthrough=no
add action=mark-routing chain=output connection-mark=WAN3 new-routing-mark=WAN3 out-interface=pppoe-cyta-adsl passthrough=no
# We need to route DNS requests statically from the VDSL line
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address=78.87.0.0/24 in-interface=bridge-local new-connection-mark=WAN1
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge-local new-connection-mark=WAN1 per-connection-classifier=both-addresses:6/0
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge-local new-connection-mark=WAN1 per-connection-classifier=both-addresses:6/1
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge-local new-connection-mark=WAN1 per-connection-classifier=both-addresses:6/2
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge-local new-connection-mark=WAN1 per-connection-classifier=both-addresses:6/3
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge-local new-connection-mark=WAN2 per-connection-classifier=both-addresses:6/4
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge-local new-connection-mark=WAN3 per-connection-classifier=both-addresses:6/5
add action=mark-routing chain=prerouting connection-mark=WAN1 in-interface=bridge-local new-routing-mark=WAN1 passthrough=no
add action=mark-routing chain=prerouting connection-mark=WAN2 in-interface=bridge-local new-routing-mark=WAN2 passthrough=no
add action=mark-routing chain=prerouting connection-mark=WAN3 in-interface=bridge-local new-routing-mark=WAN3 passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-cyta-vdsl
add action=masquerade chain=src-nat out-interface=pppoe-ote
add action=masquerade chain=src-nat out-interface=pppoe-cyta-adsl
# OpenVPN Server incoming connections
add action=dst-nat chain=dstnat dst-port=443 in-interface=!bridge-local protocol=tcp to-addresses=192.168.0.250 to-ports=443
add action=dst-nat chain=dstnat dst-port=1194 in-interface=!bridge-local protocol=udp to-addresses=192.168.0.250 to-ports=1194
/ip route
add distance=1 gateway=pppoe-cyta-vdsl routing-mark=WAN1
add distance=1 gateway=pppoe-ote routing-mark=WAN2
add distance=1 gateway=pppoe-cyta-adsl routing-mark=WAN3
add distance=1 gateway=pppoe-cyta-vdsl
add distance=2 gateway=pppoe-ote
add distance=3 gateway=pppoe-cyta-adsl
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-OTE-dsl
add interface=ether9-cyta-dsl-pppoe
add interface=ether10-slave-local
add interface=sfp1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-OTE-dsl
add interface=ether9-cyta-dsl-pppoe
add interface=ether10-slave-local
add interface=sfp1
add interface=bridge-local
Top
 
mattstephenson
newbie
Posts: 48
Joined: Wed Feb 01, 2017 1:03 am
Location: UK

Re: Triple pppoe connections pcc balancing with failover. Strange situation with the pppoe connections

Wed Feb 01, 2017 1:27 am

Hello

Did you ever resolve this, I have the same problem with two PPPoE connections. Traffic only travels on the first interface, if this interface is disabled manually it uses the second, but never both simultaneously.

Thanks
Top
Locked
  4. RouterOS
  5. Beginner Basics