MikroTik

Posted: **Sat Mar 31, 2012 4:53 pm**

Hi All,

I have configured MikroTik to Load Balance between two ISPs using PCC and everything works just fine.. Here is the configuration that I've used:

/ip address
add address=66.66.66.66/26 disabled=no interface=ether01_SatGate network=66.66.66.66
add address=77.77.77.77/27 disabled=no interface=ether04_ScopeSky network=77.77.77.77
add address=192.168.0.1/24 disabled=no interface=ether03_Private network=192.168.0.0

/ip firewall mangle
add action=accept chain=prerouting disabled=no dst-address=66.66.66.66/26 in-interface=Private_LAN_Bridge
add action=accept chain=prerouting disabled=no dst-address=77.77.77.77/27 in-interface=Private_LAN_Bridge
add action=mark-connection chain=prerouting disabled=no dst-address=66.66.66.66/26 in-interface=Private_LAN_Bridge new-connection-mark=ISP1_conn passthrough=yes
add action=mark-connection chain=prerouting disabled=no dst-address=77.77.77.77/27 in-interface=Private_LAN_Bridge new-connection-mark=ISP2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no in-interface=ether01_SatGate new-connection-mark=ISP1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no in-interface=ether04_ScopeSky new-connection-mark=ISP2_conn passthrough=yes

add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=Private_LAN_Bridge new-connection-mark=ISP1_conn passthrough=yes per-connection-classifier=both-addresses:9/0
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=Private_LAN_Bridge new-connection-mark=ISP1_conn passthrough=yes per-connection-classifier=both-addresses:9/1
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=Private_LAN_Bridge new-connection-mark=ISP1_conn passthrough=yes per-connection-classifier=both-addresses:9/2
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=Private_LAN_Bridge new-connection-mark=ISP1_conn passthrough=yes per-connection-classifier=both-addresses:9/3
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=Private_LAN_Bridge new-connection-mark=ISP1_conn passthrough=yes per-connection-classifier=both-addresses:9/4
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=Private_LAN_Bridge new-connection-mark=ISP2_conn passthrough=yes per-connection-classifier=both-addresses:9/5
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=Private_LAN_Bridge new-connection-mark=ISP2_conn passthrough=yes per-connection-classifier=both-addresses:9/6
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=Private_LAN_Bridge new-connection-mark=ISP2_conn passthrough=yes per-connection-classifier=both-addresses:9/7
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=Private_LAN_Bridge new-connection-mark=ISP2_conn passthrough=no per-connection-classifier=both-addresses:9/8

add action=mark-routing chain=prerouting connection-mark=ISP1_conn disabled=no in-interface=Private_LAN_Bridge new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=ISP2_conn disabled=no in-interface=Private_LAN_Bridge new-routing-mark=to_ISP2 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP1_conn disabled=no new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP2_conn disabled=no new-routing-mark=to_ISP2 passthrough=yes

/ip firewall nat
add action=dst-nat chain=dstnat comment="Forward HTTP Traffic to Squid" disabled=no dst-port=80 protocol=tcp src-address=!192.168.40.3 to-addresses=192.168.40.3 to-ports=80
add action=src-nat chain=srcnat disabled=no out-interface=ether01_SatGate to-addresses=66.66.66.66
add action=src-nat chain=srcnat disabled=no out-interface=ether04_ScopeSky to-addresses=77.77.77.77

/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=66.66.66.65 routing-mark=to_ISP1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=77.77.77.78 routing-mark=to_ISP2 scope=30 target-scope=10

add check-gateway=ping disabled=no [b]distance=10[/b] dst-address=0.0.0.0/0 gateway=66.66.66.65 scope=30 target-scope=10
add check-gateway=ping disabled=yes distance=20 dst-address=0.0.0.0/0 gateway=77.77.77.78 scope=30 target-scope=10

Now I got Squid installed on a PC server to be used as caching system. I've added the following:

/ip address
add address=192.168.40.1/24 disabled=no interface="ether05 - Squid" network=192.168.40.0

/ip firewall nat
add action=dst-nat chain=dstnat comment="Forward HTTP Traffic to Squid" disabled=no dst-port=80 protocol=tcp src-address=!192.168.40.3 to-addresses=192.168.40.3 to-ports=80

After adding Squid configuration above, PCC stopped working and the load has been directed to the third route (as it has the lowest administrative distance distance=10). As a check if I disable the following routes:

add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=66.66.66.65 scope=30 target-scope=10
add check-gateway=ping disabled=yes distance=2 dst-address=0.0.0.0/0 gateway=77.77.77.78 scope=30 target-scope=10

Browsing completely dies!!

Anything can be done to have both PCC and Squid functional at the same time and using the same router board? By the way I am using RB1100 and RouterOS 5.11.
Appreciate your support and thanks in advance for everything..

Ammar

MikroTik

Problems when using PCC Load Balancer and Squid Cache

Problems when using PCC Load Balancer and Squid Cache