Community discussions

MikroTik App
  4. RouterOS
  5. General

No traffic over 2nd WAN when Load Balancing With NTH

Post Reply
 
Marktime87
newbie
Topic Author
Posts: 38
Joined: Sat Feb 25, 2017 11:49 am

No traffic over 2nd WAN when Load Balancing With NTH

Fri Mar 25, 2022 6:02 pm

I'm trying to load balance with 2 WANs using this guide here: https://help.mikrotik.com/docs/display/ ... ple4:(NTH)

I've got internet traffic on everything connected but I can't get traffic to go over ether 2, everything still goes over ether1. I've been running 2 speed tests on a laptop, youtube on a phone and youtube on a pc at the same time but still nothing on ether2.

For experimentation setup I've got a DHCP client on ether1 plugged into my home network and another client on ether2 plugged into a 4G router (known working). I then have all remaining ports and wlan on a bridge.

Here's my config
Code: Select all
/interface bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] disabled=no mode=ap-bridge ssid=MikroTik \
    station-roaming=enabled
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.88.2-192.168.88.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridge1 name=dhcp1
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip address
add address=192.168.88.1/24 interface=bridge1 network=192.168.88.0
/ip dhcp-client
add add-default-route=no disabled=no interface=ether2
add add-default-route=no disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=8.8.8.8 gateway=192.168.88.1
/ip firewall mangle
add action=mark-connection chain=prerouting in-interface=bridge1 \
    new-connection-mark=odd passthrough=yes src-address-list=odd
add action=mark-routing chain=prerouting in-interface=bridge1 \
    new-routing-mark=odd passthrough=yes src-address-list=odd
add action=mark-connection chain=prerouting in-interface=bridge1 \
    new-connection-mark=even passthrough=yes src-address-list=even
add action=mark-routing chain=prerouting in-interface=bridge1 \
    new-routing-mark=even passthrough=yes src-address-list=even
add action=mark-connection chain=prerouting connection-state=new \
    in-interface=bridge1 new-connection-mark=odd nth=2,1 passthrough=yes
add action=add-src-to-address-list address-list=odd address-list-timeout=1d \
    chain=prerouting connection-mark=odd in-interface=bridge1
add action=mark-routing chain=prerouting connection-mark=odd in-interface=\
    bridge1 new-routing-mark=odd passthrough=no
add action=mark-connection chain=prerouting connection-state=new \
    in-interface=bridge1 new-connection-mark=even nth=2,2 passthrough=yes
add action=add-src-to-address-list address-list=even address-list-timeout=1d \
    chain=prerouting connection-mark=even in-interface=bridge1
add action=mark-routing chain=prerouting connection-mark=even in-interface=\
    bridge1 new-routing-mark=even passthrough=no
add action=mark-connection chain=prerouting connection-state=new \
    in-interface=bridge1 new-connection-mark=even nth=2,2 passthrough=yes \
    src-address-list=!odd
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether2
/ip route
add distance=1 gateway=192.168.0.1 routing-mark=odd scope=255
add distance=1 gateway=192.168.187.1 routing-mark=even scope=255
add distance=1 gateway=ether2 scope=255
I've checked my config but it looks the same as the guide. Can anyone see where I'm going wrong? Thanks
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: No traffic over 2nd WAN when Load Balancing With NTH

Sat Mar 26, 2022 8:04 pm

The example seems a bit clumsy at first sight. But main problem is that you're not following it correctly, four of your rules have wrong "passthrough" parameter.
Top
 
Marktime87
newbie
Topic Author
Posts: 38
Joined: Sat Feb 25, 2017 11:49 am

Re: No traffic over 2nd WAN when Load Balancing With NTH

Mon Mar 28, 2022 12:12 pm

I think I misread the guide and added in bits that didn't need to be there. I've changed the mangle list to this and it seems to be distributing traffic evenly:
Code: Select all
/ip firewall mangle
add action=mark-connection chain=prerouting connection-state=new in-interface=bridge1 new-connection-mark=odd nth=2,1 passthrough=yes
add action=add-src-to-address-list address-list=odd address-list-timeout=1d chain=prerouting connection-mark=odd in-interface=bridge1
add action=mark-routing chain=prerouting connection-mark=odd in-interface=bridge1 new-routing-mark=odd passthrough=yes
add action=mark-connection chain=prerouting connection-state=new in-interface=bridge1 new-connection-mark=even nth=2,2 passthrough=yes
add action=add-src-to-address-list address-list=even address-list-timeout=1d chain=prerouting connection-mark=even in-interface=bridge1
add action=mark-routing chain=prerouting connection-mark=even in-interface=bridge1 new-routing-mark=even passthrough=yes
add action=mark-connection chain=prerouting connection-state=new in-interface=bridge1 new-connection-mark=even nth=2,2 passthrough=yes src-address-list=!odd
add action=mark-connection chain=prerouting disabled=yes in-interface=bridge1 new-connection-mark=odd passthrough=yes src-address-list=odd
add action=mark-routing chain=prerouting disabled=yes in-interface=bridge1 new-routing-mark=odd passthrough=yes src-address-list=odd
add action=mark-connection chain=prerouting disabled=yes in-interface=bridge1 new-connection-mark=even passthrough=yes src-address-list=even
add action=mark-routing chain=prerouting disabled=yes in-interface=bridge1 new-routing-mark=even passthrough=yes src-address-list=even
I'm a bit confused about the final mangle rule from the guide though:

"The above works fine. There are however some situations where you might find that the same IP address is listed under both the ODD and EVEN scr-address-lists. This behavior causes issues with apps that require persistent connections. A simple remedy for this situation is to add the following statement to your mangle rules and this will ensure that the new connection will not already be part of the ODD src-address-list. You will have to do the same for the ODD mangle rule thus excluding IPs already part of the EVEN scr-address-list:

add chain=prerouting in-interface=Local connection-state=new nth=2,2 src-address-list=!odd action=mark-connection new-connection-mark=even passthrough=yes "

I'm not quite sure where to put this rule, is it supposed to be first, last or after the "odd" routing mark? Either way it doesn't seem to count any packets. Am I missing something or am I just not hitting it with the kind of traffic it's looking for? I'm also unsure if the other rule for "ODD" that it mentions should be "nth=2,2" or changed to "nth=2,1".

Do you have any advice on that? Sorry, mangle really mangles my mind.

Thanks for your help.
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: No traffic over 2nd WAN when Load Balancing With NTH

Tue Mar 29, 2022 5:24 am

That rule is one reason why I find the example a bit weird. So far I don't see how same address can end up in both lists.

Another is why rules with src-address-list=odd/even first mark connection, but it's not actually not used for anything, because following rules for marking routing check address list too, instead of using connection mark from previous rules.
Top
Post Reply
  4. RouterOS
  5. General