Bundle 2 internet link when fully loaded ?!

banyezdemah · Sat Aug 07, 2010 5:26 pm

Hi all,

I have a question:

I have a router-board 433AH and I have 2 internet link that separated physically and with 2 various gateways. The first link has 2 mbps bandwidth and the second one has 1 mbps.
Is there anyway to do this ===> The primary internet usage is link(1) and at the peak time, when the link(1) is fully loaded, the link(2) will be there and add to the total bandwidth usage and total internet bandwidth will be 3 mbps. After that, when the internet usage is decreased, the link(2) will be in its previous situation and out of service and the total bandwidth will be 2 mbps.

Is there any way to do this ?!

Regards

banyezdemah · Sat Aug 07, 2010 8:29 pm

Anyone ?!

usmc58xx · Sat Aug 07, 2010 11:28 pm

I'm not sure about having it work for a bit and then 'turn itself off' but you can load balance 2/1 with PCC.

Here's my setup for balancing 6 gateways.

/ip firewall mangle
add action=mark-connection chain=prerouting comment=\
    "HTTPS needs dedicated IP for security purposes." disabled=no dst-port=\
    443 new-connection-mark=1st-conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
    "FTP connections go through 10.10.1.2" disabled=no layer7-protocol=ftp \
    new-connection-mark=2nd-conn passthrough=yes
add action=mark-connection chain=prerouting comment="" disabled=no \
    new-connection-mark=1st-conn passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:6/0
add action=mark-connection chain=prerouting comment="" disabled=no \
    new-connection-mark=2nd-conn passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:6/1
add action=mark-connection chain=prerouting comment="" disabled=no \
    new-connection-mark=3rd-conn passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:6/2
add action=mark-connection chain=prerouting comment="" disabled=no \
    new-connection-mark=4th-conn passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:6/3
add action=mark-connection chain=prerouting comment="" disabled=no \
    new-connection-mark=5th-conn passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:6/4
add action=mark-connection chain=prerouting comment="" disabled=no \
    new-connection-mark=6th-conn passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:6/5
add action=mark-packet chain=prerouting comment="Mark Platinum Customers" \
    disabled=no new-packet-mark=platinum-traffic passthrough=yes \
    src-address-list=Platinum-Customer
add action=mark-packet chain=prerouting comment="Mark Gold Customers" \
    disabled=no new-packet-mark=gold-traffic passthrough=yes \
    src-address-list=Gold-Customer
add action=mark-packet chain=prerouting comment="Mark Silver Customers" \
    disabled=no new-packet-mark=silver-traffic passthrough=yes \
    src-address-list=Silver-Customer
add action=mark-packet chain=prerouting comment="Mark Bronze Customers" \
    disabled=no new-packet-mark=bronze-traffic passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=1st-conn \
    disabled=no new-routing-mark=1st_route passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=2nd-conn \
    disabled=no new-routing-mark=2nd_route passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=3rd-conn \
    disabled=no new-routing-mark=3rd_route passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=4th-conn \
    disabled=no new-routing-mark=4th_route passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=5th-conn \
    disabled=no new-routing-mark=5th_route passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=6th-conn \
    disabled=no new-routing-mark=6th_route passthrough=yes

So yours would be something like this

/ip firewall mangle
add action=mark-connection chain=prerouting comment=\
    "HTTPS needs dedicated IP for security purposes." disabled=no dst-port=\
    443 new-connection-mark=1st-conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment=\
    "FTP connections go through 10.10.1.2" disabled=no layer7-protocol=ftp \
    new-connection-mark=2nd-conn passthrough=yes
add action=mark-connection chain=prerouting comment="" disabled=no \
    new-connection-mark=1st-conn passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:3/0
add action=mark-connection chain=prerouting comment="" disabled=no \
    new-connection-mark=1nd-conn passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:3/1
add action=mark-connection chain=prerouting comment="" disabled=no \
    new-connection-mark=2nd-conn passthrough=yes per-connection-classifier=\
    both-addresses-and-ports:3/2
add action=mark-routing chain=prerouting comment="" connection-mark=1st-conn \
    disabled=no new-routing-mark=1st_route passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=2nd-conn \
    disabled=no new-routing-mark=2nd_route passthrough=yes

And then your routes

/ip route
add check-gateway=ping comment="" disabled=no distance=1 dst-address=\
    0.0.0.0/0 gateway=10.10.1.1 routing-mark=1st_route scope=30 target-scope=\
    10
add check-gateway=ping comment="" disabled=no distance=1 dst-address=\
    0.0.0.0/0 gateway=10.10.1.2 routing-mark=2nd_route scope=30 target-scope=\
    10

Feel free to use/modify to fit your needs.

banyezdemah · Sat Aug 07, 2010 11:46 pm

add action=mark-connection chain=prerouting comment="" disabled=no \
new-connection-mark=1st-conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:3/0
add action=mark-connection chain=prerouting comment="" disabled=no \
new-connection-mark=1nd-conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:3/1
add action=mark-connection chain=prerouting comment="" disabled=no \
new-connection-mark=2nd-conn passthrough=yes per-connection-classifier=\
both-addresses-and-ports:3/2

Thanks for your help, but I do not know what are the above exactly for ?!

usmc58xx · Sat Aug 07, 2010 11:49 pm

Those rules mark connections as they arrive, it can be a port connection or an IP connection.

Example:

Connection 1 will go to gateway 1.
Connection 2 will go to gateway 1
Connection 3 will go to gateway 2

Thus balancing your load 2/1

Here's our connections list so you can see what I'm talking about.

banyezdemah · Sat Aug 07, 2010 11:59 pm

You marked only HTTPS and FTP.
Is it needed to mark other requests like web pages on TCP 80 or etc?
I think we should mark all of the traffic and by this way that you suggested, we are balancing the traffic that we manually marked.
Am I right?

usmc58xx · Sun Aug 08, 2010 12:10 am

The reason HTTPS and FTP are marked before everything is because most banking websites (or secure websites for that matter) require a user to keep a connection using the same ip address.

If this rule is not there, the HTTPS traffic will bounce between both gateways (which have 2 different external ips) and the bank website would refuse access to the user based on that.

I'm unsure if it applies to ftp but I went ahead and put that in there for our server.

Everything else (port 80) web surfing should be fine bouncing across each gateway.

If you find that a certain website requires that you have a dedicated IP for that connection, you can simply add in it's ip address into dst-address and have it route to a specific gateway each time.

As you can see by our stats, it does a pretty good job balancing everything equally.

banyezdemah · Sun Aug 08, 2010 12:23 am

Thanks a lot for your complete help, but here I am a different scenario I believe.

I want to use the link(1) that it has 2mbps traffic limit and in normal situation, the link(2) is free and no request or traffic will route via this link(2).
The link(2) only routes the traffic to his own gateway that the link(1) is full. It means I am searching for an automatic mechanism that detects this case and automatically bring the link(2) to the internet usage and also automatically detects that the internet usage is less than 3mbps and automatically remove the link(2) routes.

Is there any way to do this case ?!
I think we should work on some scripts that detect this case.

MCT · Sun Aug 08, 2010 1:37 am

What you're asking for isn't a load balancing solution but rather a routing solution. It's common in multi-router/multi-gateway scenarios. We have a couple of primary links and a backup satellite link which is only used if the primaries are saturated. OSPF adjusts metrics based on bandwidth so it should work for you though I've never done it in a single unit before. You'd need a script or service to look at link usage vs. bandwidth and adjust the costs of the routes based on the load.

What I would do is have two static routes, one for your primary link with a routing cost of 2, and one with your primary and secondary link with a routing cost of 1 that's disabled.. Then you have a script look at the usage of link 1 and if it goes over a certain amount. (75% of the actual speed you can pull over an average of say 5 minutes) have it enable the route with the two gateways then when the usage gets to say 25% you can disable that route to switch traffic to your primary link.

You would still need mangle and marking rules to handle https, ftp, and IM along with anything else that has a low tolerance for source ip switches.

adrianatkins · Sun Aug 08, 2010 3:16 am

3 mbps

You can't get the 3Mb/s delivered to any 1 customer, but if you use the PCC setup, the users will not congest the Total link capacity so much.

You also need to rate-limit the users to something less that the MAX speed you can get - 2mb/s in your case.

rmichael · Sun Aug 08, 2010 1:30 pm

Thanks a lot for your complete help, but here I am a different scenario I believe.

I want to use the link(1) that it has 2mbps traffic limit and in normal situation, the link(2) is free and no request or traffic will route via this link(2).
The link(2) only routes the traffic to his own gateway that the link(1) is full. It means I am searching for an automatic mechanism that detects this case and automatically bring the link(2) to the internet usage and also automatically detects that the internet usage is less than 3mbps and automatically remove the link(2) routes.

Is there any way to do this case ?!
I think we should work on some scripts that detect this case.

Simple answer, there's no way to make it seamless to your users. Whole reason for using PCC is to keep connections on the same WAN link, once established, so they have the same src IP. At anytime script decides to stop routing to the second WAN link, connections will have to be removed from connection tracking (unless you're willing to keep established connections until closed/expired)

In your case I'd configure PCC for two WAN links then have a script assign 2nd connection traffic route mark 1 or 2:

When 1st WAN<80% capacity:
action=mark-routing chain=prerouting comment="" connection-mark=2nd-conn \
disabled=no new-routing-mark=1st_route passthrough=yes

When 1st WAN>80% capacity:
action=mark-routing chain=prerouting comment="" connection-mark=2nd-conn \
disabled=no new-routing-mark=2nd_route passthrough=yes

When 1st WAN<80% for 15 minutes:
action=mark-routing chain=prerouting comment="" connection-mark=2nd-conn \
disabled=no new-routing-mark=1st_route passthrough=yes

and remove all of the connections made on the 2nd WAN:

:foreach i in=/ip firewall connection find connection-mark=2nd-conn] do={[/ip firewall connection remove $i]}

Bundle 2 internet link when fully loaded ?!

Bundle 2 internet link when fully loaded ?!

Re: Bundle 2 internet link when fully loaded ?!

Re: Bundle 2 internet link when fully loaded ?!

Re: Bundle 2 internet link when fully loaded ?!

Re: Bundle 2 internet link when fully loaded ?!

Re: Bundle 2 internet link when fully loaded ?!

Re: Bundle 2 internet link when fully loaded ?!

Re: Bundle 2 internet link when fully loaded ?!

Re: Bundle 2 internet link when fully loaded ?!

Re: Bundle 2 internet link when fully loaded ?!

Re: Bundle 2 internet link when fully loaded ?!

Who is online