Page 1 of 1
PCC load balance not working [help]
Posted: Fri May 25, 2018 10:44 am
by stickery
Hello,
im new here at mikrotik and i need to work with pcc load balancing and i don't know what i'm doing wrong with my configuration,
can someon give me the reason why my PCC load balance not working
here's my mangle rules:
0 chain=prerouting action=accept dst-address=122.54.44.224/30 in-interface=bridge-Residential
1 chain=prerouting action=accept dst-address=103.236.166.32/30 in-interface=bridge-Residential
2 chain=prerouting action=mark-connection new-connection-mark=conn_WAN1 connection-mark=no-mark in-interface=bridge-WAN1
3 chain=prerouting action=mark-connection new-connection-mark=conn_WAN2 connection-mark=no-mark in-interface=bridge-WAN2
4 chain=prerouting action=mark-connection new-connection-mark=conn_WAN1 dst-address-type=!local connection-mark=no-mark in-interface=bridge-Residential
per-connection-classifier=both-addresses:2/0
5 chain=prerouting action=mark-connection new-connection-mark=conn_WAN2 dst-address-type=!local connection-mark=no-mark in-interface=bridge-Residential
per-connection-classifier=both-addresses:2/1
6 chain=prerouting action=mark-routing new-routing-mark=to_WAN1 connection-mark=conn_WAN1 in-interface=bridge-Residential
7 chain=prerouting action=mark-routing new-routing-mark=to_WAN2 connection-mark=conn_WAN2 in-interface=bridge-Residential
8 chain=output action=mark-routing new-routing-mark=to_WAN1 connection-mark=conn_WAN1
9 chain=output action=mark-routing new-routing-mark=to_WAN2 connection-mark=conn_WAN2
Here is the screenshot of the WAN connection
Re: PCC load balance not working [help]
Posted: Fri May 25, 2018 1:47 pm
by CZFan
Not enough info, i.e. no route / nat info.
On a side note, it is per connection based, so you will only see 2nd WAN used with 2nd connection
Re: PCC load balance not working [help]
Posted: Fri May 25, 2018 2:07 pm
by stickery
Not enough info, i.e. no route / nat info.
On a side note, it is per connection based, so you will only see 2nd WAN used with 2nd connection
sorry
Here's the route and nat
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 122.54.44.225 1
1 A S 0.0.0.0/0 103.236.166.33 1
2 A S 0.0.0.0/0 122.54.44.225 1
3 S 0.0.0.0/0 103.236.166.33 2
4 ADC 103.236.166.32/30 103.236.166.34 bridge-WAN2 0
5 ADC 122.54.44.224/30 122.54.44.226 bridge-WAN1 0
6 ADC 172.16.0.0/19 172.16.0.1 bridge-Residential 0
/ip firewall nat
1 chain=srcnat action=masquerade out-interface=bridge-WAN1 log=no log-prefix=""
2 chain=srcnat action=masquerade out-interface=bridge-WAN2 log=no log-prefix=""
Re: PCC load balance not working [help]
Posted: Fri May 25, 2018 8:44 pm
by CZFan
Apologies, full of flu medication and struggling to concentrate.
I can't see any issues though, from what I can see is that you basically have a exact config from the Wiki manual.
here is another source for the config, maybe read through this and see if it helps:
https://mum.mikrotik.com/presentations/US12/steve.pdf
Re: PCC load balance not working [help]
Posted: Sat May 26, 2018 12:07 pm
by sindy
I cannot see which routes use which routing marks, can you use /ip route export instead of /ip route print?
Other than that, in chain=prerouting everyting seems fine, but in chain=output you only translate connection marks to routing marks but you do not assign the connection marks.
Re: PCC load balance not working [help]
Posted: Sat May 26, 2018 3:47 pm
by Sob
Output uses connection marks set in prerouting (rules 2 and 3).
And I don't see the problem either. It could be typo in route mark's name (but we don't see them).
Re: PCC load balance not working [help]
Posted: Sat May 26, 2018 4:06 pm
by sindy
Output uses connection marks set in prerouting (rules 2 and 3).
Is
this picture wrong then?
If not, no packet can first pass through
chain=prerouting and later through
chain=output. Only
chain=input and
chain=forward come next to
chain=prerouting.
Re: PCC load balance not working [help]
Posted: Sat May 26, 2018 4:52 pm
by Sob
Picture it correct. Route marking in output is to reply back to connections from outside the right way. And connections initiated from router to outside first take default way unmarked, and first reply packet will get the connection marked.
Re: PCC load balance not working [help]
Posted: Sat May 26, 2018 5:02 pm
by sindy
Picture it correct. Route marking in output is to reply back to connections from outside the right way. And connections initiated from router to outside first take default way unmarked, and first reply packet will get the connection marked.
Correct, what I had in mind was that if the locally initiated connections should be load-balanced, the
per-connection-classifier rule assigning a
connection-mark would be necessary in
chain=output as well.
Re: PCC load balance not working [help]
Posted: Sat May 26, 2018 5:11 pm
by sindy
Other than that, I think we are all blind because passthrough=yes is missing in all action=mark-connection rules, and the default behaviour if the parameter is not provided is passthrough=no, so the initial packet of each outgoing connection from LAN is not routing-marked.
Re: PCC load balance not working [help]
Posted: Sun May 27, 2018 2:46 am
by Sob
Can I use that in WinBox, passthrough is checked by default, as excuse?
Re: PCC load balance not working [help]
Posted: Mon Aug 02, 2021 12:46 pm
by zainamjed90
Dear i am facing the same issue with PCC posting my configuration if someone can help
/interface ethernet
set [ find default-name=ether1 ] comment="WAN "
set [ find default-name=ether2 ] comment="LAN "
set [ find default-name=ether3 ] comment="Wireless LAN"
set [ find default-name=ether4 ] comment="Executive LAN" disabled=yes
/interface vlan
add interface=ether1 name=GERRY-202.69.x.x-VLAN-60 vlan-id=60
add interface=ether1 name=PERN-121.52..x.x-VLAN-50 vlan-id=50
add interface=ether1 name=PTCL-172.20.10.1-Vlan-40 vlan-id=40
add interface=ether1 name=PTCL-192.168.1.1-VLAN-20 vlan-id=20
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/queue simple
add burst-limit=55M/55M burst-time=3s/3s max-limit=50M/50M name=queue1 target=172.15.0.0/16
add burst-limit=50M/50M burst-time=3s/3s max-limit=50M/50M name=queue2 target=172.16.0.0/16
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=ether2 list=LAN
add interface=ether3 list=LAN
/ip address
add address=172.15.5.13/16 comment="Executive Gateway" disabled=yes interface=ether2 network=172.15.0.0
add address=172.15.6.250/16 comment="Campus Gateway" interface=ether2 network=172.15.0.0
add address=192.168.1.23/24 interface=PTCL-192.168.1.1-VLAN-20 network=192.168.1.0
add address=202.69.x.x interface=GERRY-202.69.x.x-VLAN-60 network=202.69.x.x
add address=121.52.x.x comment=WAN-PERN interface=PERN-121.52.x.x-VLAN-50 network=121.52.x.x
add address=172.16.11.5/16 comment="WIRELESS LAN" interface=ether3 network=172.16.0.0
add address=172.20.10.63/24 interface=PTCL-172.20.10.1-Vlan-40 network=172.20.10.0
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=172.15.5.1-172.16.5.254 list="Campus Internet"
add address=172.15.4.30 list=Zain
/ip firewall filter
add action=accept chain=input dst-port=80 in-interface=GERRY-202.69.x.x-VLAN-60 protocol=tcp
add action=accept chain=input dst-port=8291 in-interface=GERRY-202.69.x.x-VLAN-60 protocol=tcp
/ip firewall mangle
add action=accept chain=prerouting dst-address=172.15.0.0/16 in-interface-list=LAN
add action=accept chain=prerouting dst-address=172.16.0.0/16 in-interface-list=LAN
add action=accept chain=prerouting dst-address=121.52.152.x.x in-interface-list=LAN
add action=accept chain=prerouting dst-address=202.69.x.x in-interface-list=LAN
add action=accept chain=prerouting dst-address=192.168.1.0/24 in-interface-list=LAN
add action=accept chain=prerouting dst-address=172.20.10.0/24 in-interface-list=LAN
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=PTCL-192.168.1.1-VLAN-20 \
new-connection-mark=PTCL-192.168.1.1-VLAN-20 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=GERRY-202.69.x.x-VLAN-60 \
new-connection-mark=GERRY-202.69.x.x-VLAN-60 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=PERN-121.52.x.x-VLAN-50 \
new-connection-mark=PERN-121.52.x.x-VLAN-50 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=PTCL-172.20.10.1-Vlan-40 \
new-connection-mark=PTCL-172.20.10.1-Vlan-40 passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN \
new-connection-mark=GERRY-202.69.x.x-VLAN-60 passthrough=yes per-connection-classifier=both-addresses:4/3
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN \
new-connection-mark=PTCL-172.20.10.1-Vlan-40 passthrough=yes per-connection-classifier=src-address:4/2
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN \
new-connection-mark=PERN-121.52.x.x-VLAN-50 passthrough=yes per-connection-classifier=both-addresses:4/2
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface-list=LAN \
new-connection-mark=PTCL-192.168.1.1-VLAN-20 passthrough=yes per-connection-classifier=src-address:4/0
add action=mark-routing chain=prerouting connection-mark=PTCL-192.168.1.1-VLAN-20 in-interface-list=LAN \
new-routing-mark=to_PTCL-192.168.1.1-VLAN-20 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=PTCL-172.20.10.1-Vlan-40 in-interface-list=LAN \
new-routing-mark=to_PTCL-172.20.10.1-Vlan-40 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=GERRY-202.69.x.x-VLAN-60 in-interface-list=LAN \
new-routing-mark=to_GERRY-202.69.x.x-VLAN-60 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=PERN-121.52.x.x-VLAN-50 in-interface-list=LAN \
new-routing-mark=to_PERN-121.52.x.x-VLAN-50 passthrough=yes
add action=mark-routing chain=output connection-mark=PTCL-192.168.1.1-VLAN-20 new-routing-mark=\
to_PTCL-192.168.1.1-VLAN-20 passthrough=yes
add action=mark-routing chain=output connection-mark=GERRY-202.69.x.x-VLAN-60 new-routing-mark=\
to_GERRY-202.69.x.x-VLAN-60 passthrough=yes
add action=mark-routing chain=output connection-mark=PERN-121.52.x.x-VLAN-50 new-routing-mark=\
to_PERN-121.52.x.x-VLAN-50 passthrough=yes
add action=mark-routing chain=output connection-mark=PTCL-172.20.10.1-Vlan-40 new-routing-mark=\
to_PTCL-172.20.10.1-Vlan-40 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=PTCL-172.20.10.1-Vlan-40
add action=masquerade chain=srcnat out-interface=PTCL-192.168.1.1-VLAN-20
add action=masquerade chain=srcnat out-interface=GERRY-202.69.x.x-VLAN-60
add action=masquerade chain=srcnat out-interface=PERN-121.52.x.x-VLAN-50
/ip route
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=to_PTCL-192.168.1.1-VLAN-20
add check-gateway=ping distance=1 gateway=202.69.49.73 routing-mark=to_GERRY-202.69.x.x-VLAN-60
add check-gateway=ping distance=1 gateway=121.52.152.225 routing-mark=to_PERN-121.52.x.x-VLAN-50
add distance=1 gateway=172.20.10.1
add check-gateway=ping distance=2 gateway=192.168.1.1
add check-gateway=ping distance=2 gateway=202.69.x.x
add check-gateway=ping distance=2 gateway=121.52.x.x
/system clock
Re: PCC load balance not working [help]
Posted: Mon Aug 02, 2021 5:35 pm
by anav
Re: PCC load balance not working [help]
Posted: Mon Aug 02, 2021 7:34 pm
by Cablenut9
His method doesn't work well in v7 for some reason, so the fix for me is to condense everything into rules that directly mark routes based on the PCC.
Re: PCC load balance not working [help]
Posted: Tue Aug 03, 2021 6:14 pm
by anav
Thanks Cable, didnt realize it was for V7. Not sure if V7 is wrong and needs to be adjusted or MUM after V7 will produce an updated PCC presentation.
