MikroTik

Posted: **Tue Dec 05, 2023 7:28 am**

Hello,

I'm trying to configure PCC load balancing on my v7 Mikrotik but no luck so far. there's barely any traffic that goes through WAN2 if no traffic at all! when I disable WAN1 the traffic starts to go through WAN2 normally.

WAN1 has a private static IP address with many public IP addresses to use, and WAN2 has a dynamic gateway, so I'm using DHCP-Client with a script to add PCC routes.

I used the configuration from this YouTube video from Mikrotik's official channel https://www.youtube.com/watch?v=nlb7XAv57tw&t=640s

/routing table add name="to_WAN1" fib
/routing table add name="to_WAN2" fib

/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark \
    connection-state=new in-interface=WAN1 new-connection-mark=\
    WAN1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
    connection-state=new in-interface=WAN2 new-connection-mark=\
    WAN2_conn passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_conn \
    new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn \
    new-routing-mark=to_WAN2 passthrough=yes	
add action=mark-connection chain=prerouting connection-mark=no-mark \
    connection-state=new dst-address-type=!local \
    in-interface-list=LAN new-connection-mark=WAN1_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/0 hotspot=auth
add action=mark-connection chain=prerouting connection-mark=no-mark \
    connection-state=new dst-address-type=!local \
    in-interface-list=LAN new-connection-mark=WAN2_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/1 hotspot=auth
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface-list=LAN new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface-list=LAN new-routing-mark=to_WAN2 passthrough=yes
	
/ip firewall nat
add action=src-nat chain=srcnat comment="Srcnat home to public ip" \
    out-interface="WAN1" src-address-list=Home to-addresses=\
    x.x.x.x
add action=src-nat chain=srcnat comment="Srcnat clients to WAN1 public ip" \
    out-interface="WAN1" src-address-list=Clients to-addresses=\
    x.x.x.x
add action=masquerade chain=srcnat out-interface=WAN2 comment="WAN2 masquerade"

/ip route
add check-gateway=ping routing-table="to_WAN1" gateway=x.x.x.x comment=WAN1
add check-gateway=ping distance=1 gateway=x.x.x.x comment=WAN1

/ip dhcp-client
add add-default-route=no interface=WAN2 script="{
    :local rmark "WAN2"
    :local count [/ip route print count-only where comment="WAN2"]
    :if ($bound=1) do={
        :if ($count = 0) do={
            /ip route add check-gateway=ping routing-table="to_WAN2" gateway=$"gateway-address" comment=WAN2
			/ip route add check-gateway=ping distance=2 gateway=$"gateway-address" comment=WAN2
        } else={
            :if ($count = 1) do={
                :local test [/ip route find where comment="WAN2"]
                :if ([/ip route get $test gateway] != $"gateway-address") do={
                    /ip route set $test gateway=$"gateway-address"
                }
            } else={
                :error "Multiple routes found"
            }
        }
    } else={
        /ip route remove [find comment="WAN2"]
    }
}" use-peer-dns=no use-peer-ntp=no

I downgraded the router to v6 and the problem persists. I'm thinking to netinstall the router now. smh
Any ideas what's wrong?

Posted: **Tue Dec 05, 2023 1:55 pm**

A quick read would say that you haven't added a route for you fib 'to-wan2' in your routes .. why is that
intentional or mistake ?

Posted: **Tue Dec 05, 2023 9:58 pm**

A quick read would say that you haven't added a route for you fib 'to-wan2' in your routes .. why is that
intentional or mistake ?

It's added automatically via DHCP-Client script. You missed it.

Posted: **Wed Dec 06, 2023 11:46 am**

post your full config, hiding/redacting whatever you need to

Posted: **Thu Dec 07, 2023 11:15 am**

post your full config, hiding/redacting whatever you need to

/interface bridge
add add-dhcp-option82=yes admin-mac=9A:CC:88:CD:45:10 auto-mac=no \
    dhcp-snooping=yes fast-forward=no igmp-snooping=yes name=bridge1

/interface list
add comment=WAN name=Internet
add name=LAN
	
/interface bridge port
add bridge=bridge1 comment="Local Server" interface=\
    ether11
add bridge=bridge1 comment="netPower 16P" horizon=1 \
    interface=ether4
	
/ip pool
add name=PPP-Clients ranges=10.60.0.2-10.60.0.254
	
/ppp profile
set *0 dns-server=10.60.0.1 interface-list=LAN \
    local-address=10.60.0.1 remote-address=PPP-Clients
add dns-server=172.31.0.253 interface-list=LAN local-address=172.31.0.253 \
    name=home remote-address=172.31.0.254

/interface pppoe-server server
add authentication=pap disabled=no interface=bridge1 service-name=service1
add authentication=pap default-profile=home disabled=no interface=ether10 \
    service-name=home
	
/interface list member
add interface=bridge1 list=LAN
add interface=WAN1 list=Internet
add interface=WAN2 list=Internet
	
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d cache-size=20480KiB \
    max-concurrent-queries=300 servers=8.8.8.8,8.8.4.4

/ip firewall filter
add action=drop chain=input comment="Drop dns requests from wan" dst-port=53 \
    in-interface-list=Internet protocol=udp
add action=drop chain=input comment="Drop dns requests from wan" dst-port=53 \
    in-interface-list=Internet protocol=tcp
add action=accept chain=input comment="Established, Related" \
    connection-state=established,related
add action=drop chain=input comment="Drop invalid" connection-state=invalid
add action=accept chain=input comment="Allow ICMP" protocol=icmp
add action=accept chain=input comment="Allowed to Router" src-address-list=\
    LAN
add action=accept chain=input comment="Winbox access from Internet" disabled=\
    yes dst-port=8291 in-interface-list=Internet protocol=tcp
add action=drop chain=input comment="Drop everything else"
add action=accept chain=forward comment="Established, Related" \
    connection-state=established,related
add action=drop chain=forward comment="Drop invalid" connection-state=invalid
add action=drop chain=forward comment="Drop incoming not NATted" \
    connection-nat-state=!dstnat connection-state=new in-interface-list=\
    Internet
add action=drop chain=forward comment=\
    "Drop packets from LAN that do not have LAN IP" in-interface-list=LAN \
    src-address-list=!LAN
	
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark \
    connection-state=new in-interface=WAN1 new-connection-mark=\
    WAN1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
    connection-state=new in-interface=WAN2 new-connection-mark=\
    WAN2_conn passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_conn \
    new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn \
    new-routing-mark=to_WAN2 passthrough=yes	
add action=mark-connection chain=prerouting connection-mark=no-mark \
    connection-state=new dst-address-type=!local \
    in-interface-list=LAN new-connection-mark=WAN1_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/0 hotspot=auth
add action=mark-connection chain=prerouting connection-mark=no-mark \
    connection-state=new dst-address-type=!local \
    in-interface-list=LAN new-connection-mark=WAN2_conn passthrough=yes \
    per-connection-classifier=both-addresses-and-ports:2/1 hotspot=auth
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface-list=LAN new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface-list=LAN new-routing-mark=to_WAN2 passthrough=yes
	
/ip firewall nat
add action=src-nat chain=srcnat comment="Srcnat home to public ip" \
    out-interface="WAN1" src-address-list=Home to-addresses=\
    x.x.x.x
add action=src-nat chain=srcnat comment="Srcnat clients to WAN1 public ip" \
    out-interface="WAN1" src-address-list=Clients to-addresses=\
    x.x.x.x
add action=masquerade chain=srcnat out-interface=WAN2 comment="WAN2 masquerade"
	
/ip route
add check-gateway=ping routing-table="to_WAN1" gateway=x.x.x.x comment=WAN1
add check-gateway=ping distance=1 gateway=x.x.x.x comment=WAN1
	
/ip dhcp-client
add add-default-route=no interface=WAN2 script="{
    :local rmark "WAN2"
    :local count [/ip route print count-only where comment="WAN2"]
    :if ($bound=1) do={
        :if ($count = 0) do={
            /ip route add distance=1 gateway=$"gateway-address" check-gateway=ping routing-table="to_WAN2" comment=WAN2
			/ip route add distance=2 gateway=$"gateway-address" check-gateway=ping comment=WAN2
        } else={
            :if ($count = 1) do={
                :local test [/ip route find where comment="WAN2"]
                :if ([/ip route get $test gateway] != $"gateway-address") do={
                    /ip route set $test gateway=$"gateway-address"
                }
            } else={
                :error "Multiple routes found"
            }
        }
    } else={
        /ip route remove [find comment="WAN2"]
    }
}" use-peer-dns=no use-peer-ntp=no

Posted: **Thu Dec 07, 2023 11:25 am**

For resolving PCC load balancing issues, verify network configurations, ensure proper load balancer settings, and check server health. Collaborate with support or consult documentation for specific troubleshooting steps tailored to your environment.

MikroTik

Can't get PCC load balancing to work

Can't get PCC load balancing to work

Re: Can't get PCC load balancing to work

Re: Can't get PCC load balancing to work

Re: Can't get PCC load balancing to work

Re: Can't get PCC load balancing to work

Re: Can't get PCC load balancing to work