Page 1 of 1

4 Wan LoadBalaning / Failover with Mikrotik

Posted: Sat Sep 07, 2013 10:26 pm
by biomecanoid
Hi,

I am trying to do LoadBalancing / Failover with Mikrotik with limited success
as a guide i have used :

http://fatalsite.net/?p=100

And i tried to tweak it for 4wans and to my network IPs

I would like to be able to detect if a Wan is down not by pinging the ip of the modem but by some external host like 8.8.8.8. It would also be nice if i could consider a wan down if it had a slow ping or Packet loss.

What i have accomplished so far is to have internet by its unstable and websites don't always load, the gateways dont seem to be used evenly and detection of failure in one of the wans is slow.

Obviously i will have mistakes in my code since i have not done this before using Mikrotik were are my details

Details:

Mini-ITX

VIA C7 1ghz 512 ram


ether1:192.168.1.1/24
ether2:192.168.2.150/24 GW: 192.168.2.100/24
ether3:192.168.3.150/24 GW: 192.168.3.100/24
ether4:192.168.4.150/24 GW: 192.168.4.100/24
ether5:192.168.5.150/24 GW: 192.168.5.100/24

DNS Μikrotik i have used the modems.

192.168.2.100
192.168.3.100
192.168.4.100
192.168.5.100




/ip firewall mangle
add chain=input in-interface=ether2 action=mark-connection new-connection-mark=wan1_mark
add chain=input in-interface=ether3 action=mark-connection new-connection-mark=wan2_mark
add chain=input in-interface=ether4 action=mark-connection new-connection-mark=wan3_mark
add chain=input in-interface=ether5 action=mark-connection new-connection-mark=wan4_mark

add chain=output connection-mark=wan1_mark action=mark-routing new-routing-mark=to_wan1
add chain=output connection-mark=wan2_mark action=mark-routing new-routing-mark=to_wan2
add chain=output connection-mark=wan3_mark action=mark-routing new-routing-mark=to_wan3
add chain=output connection-mark=wan4_mark action=mark-routing new-routing-mark=to_wan4

add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=ether1
add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=ether1
add chain=prerouting dst-address=192.168.4.0/24 action=accept in-interface=ether1
add chain=prerouting dst-address=192.168.5.0/24 action=accept in-interface=ether1

add chain=prerouting dst-address-type=!local in-interface=ether1 per-connection-classifier=both-addresses-and-ports:4/0 action=mark-connection new-connection-mark=wan1_mark passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether1 per-connection-classifier=both-addresses-and-ports:4/1 action=mark-connection new-connection-mark=wan2_mark passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether1 per-connection-classifier=both-addresses-and-ports:4/2 action=mark-connection new-connection-mark=wan3_mark passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=ether1 per-connection-classifier=both-addresses-and-ports:4/3 action=mark-connection new-connection-mark=wan4_mark passthrough=yes


add chain=prerouting connection-mark=wan1_mark in-interface=ether1 action=mark-routing new-routing-mark=to_wan1
add chain=prerouting connection-mark=wan2_mark in-interface=ether1 action=mark-routing new-routing-mark=to_wan2
add chain=prerouting connection-mark=wan3_mark in-interface=ether1 action=mark-routing new-routing-mark=to_wan3
add chain=prerouting connection-mark=wan4_mark in-interface=ether1 action=mark-routing new-routing-mark=to_wan4



/ip route
add dst-address=8.8.8.8 gateway=192.168.2.100 scope=10
add dst-address=208.67.222.222 gateway=192.168.3.100 scope=10
add dst-address=8.8.4.4 gateway=192.168.4.100 scope=10
add dst-address=208.67.220.220 gateway=192.168.5.100 scope=10


/ip route
add dst-address=10.1.1.1 gateway=8.8.4.4 scope=10 target-scope=10 check-gateway=ping
add dst-address=10.2.2.2 gateway=208.67.222.222 scope=10 target-scope=10 check-gateway=ping
add dst-address=10.3.3.3 gateway=8.8.8.8 scope=10 target-scope=10 check-gateway=ping
add dst-address=10.4.4.4 gateway=208.67.220.220 scope=10 target-scope=10 check-gateway=ping



/ip route
add distance=1 gateway=10.1.1.1 routing-mark=to_wan4
add distance=2 gateway=10.2.2.2 routing-mark=to_wan3
add distance=3 gateway=10.3.3.3 routing-mark=to_wan1
add distance=4 gateway=10.4.4.4 routing-mark=to_wan2


/ip firewall nat


add chain=srcnat out-interface=ether2 action=masquerade
add chain=srcnat out-interface=ether3 action=masquerade
add chain=srcnat out-interface=ether4 action=masquerade
add chain=srcnat out-interface=ether5 action=masquerade



http://img19.imageshack.us/img19/5190/lc04.png


Thanks

Re: 4 Wan LoadBalaning / Failover with Mikrotik

Posted: Sat Sep 07, 2013 11:53 pm
by biomecanoid
Update

I found out that my Mikrotik box while it routes internet to the clients behind it the box itself doesn't have internet

http://img690.imageshack.us/img690/7402/rf1b.png

so i added the following code:


/ip route

add dst-address=0.0.0.0/0 gateway=192.168.2.100 scope=255 target-scope=10 distance=5

add dst-address=0.0.0.0/0 gateway=192.168.3.100 scope=255 target-scope=10 distance=6

add dst-address=0.0.0.0/0 gateway=192.168.4.100 scope=255 target-scope=10 distance=7

add dst-address=0.0.0.0/0 gateway=192.168.5.100 scope=255 target-scope=10 distance=8


http://img580.imageshack.us/img580/8339/riic.png

It seems to be working a bit better now but its far from perfect

Re: 4 Wan LoadBalaning / Failover with Mikrotik

Posted: Sun Sep 08, 2013 12:08 am
by pcunite
I was just studying doing this today. I based mine on this excellent article. The video is located here.

ros code

# Based on Tomas Kirnak's "Bandwidth-based load-balancing with failover" pdf

# Name the interfaces, beginning from the far left port (0)
/interface ethernet
set 0 comment=WAN name=ether-WAN1
set 1 comment=WAN name=ether-WAN2
set 2 comment=LAN name=ether-LAN

# Assign IP addresses to the interfaces. If using DHCP for WAN, go to IP / DHCP Client
/ip address
add address=1.1.1.1/30     interface=ether-WAN1
add address=2.2.2.2/30     interface=ether-WAN2
add address=192.168.0.1/24 interface=ether-LAN

# Set the default routes AND Marks
/ip route
add gateway=1.1.1.1 distance=1
add gateway=2.2.2.1 distance=2
add gateway=1.1.1.1 distance=1 routing-mark="WAN1_ROUTE" check-gateway=ping
add gateway=2.2.2.2 distance=1 routing-mark="WAN2_ROUTE"

# setup masquerade
/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether-WAN1
add chain=srcnat action=masquerade out-interface=ether-WAN2



###############################################################################
# Address list of IP networks
#
#
#
/ip firewall address-list
###############################################################################

add address=1.1.1.1/30     list=Connected
add address=2.2.2.2/30     list=Connected
add address=192.168.0.0/24 list=Connected
add address=192.168.0.0/24 list=LAN



###############################################################################
# Mangle routing marks
#
#
#
/ip firewall mangle
###############################################################################

# Make traffic to these networks stay in the main routing table
add chain=prerouting action=accept src-address-list=Connected dst-address-list=Connected

# Mark connections initiated from the internet and make sure the router replies using the same WAN.
add chain=input      action=mark-connection connection-mark=no-mark     in-interface=ether-WAN1     new-connection-mark=WAN1_ROS
add chain=input      action=mark-connection connection-mark=no-mark     in-interface=ether-WAN2     new-connection-mark=WAN2_ROS
add chain=output     action=mark-routing    connection-mark=WAN1_ROS    new-routing-mark=WAN1_ROUTE
add chain=output     action=mark-routing    connection-mark=WAN2_ROS    new-routing-mark=WAN2_ROUTE

# Mark connections initiated from the internet and make sure the LAN replies using the same WAN.
add chain=forward    action=mark-connection connection-mark=no-mark     in-interface=ether-WAN1     new-connection-mark=WAN1_LAN
add chain=forward    action=mark-connection connection-mark=no-mark     in-interface=ether-WAN2     new-connection-mark=WAN2_LAN
add chain=prerouting action=mark-routing    connection-mark=WAN1_LAN    src-address-list=LAN        new-routing-mark=WAN1_ROUTE
add chain=prerouting action=mark-routing    connection-mark=WAN2_LAN    src-address-list=LAN        new-routing-mark=WAN2_ROUTE



###############################################################################
# Customize marking here
# These are new LAN connections. Here you can apply rules for what IP, 
# protocol, or port goes out which WAN connection. Set WAN1_ROUTE or
# WAN2_ROUTE as desired.
#
#
###############################################################################
add chain=prerouting action=mark-connection connection-mark=no-mark     src-address-list=LAN        dst-address-list=!Connected dst-address-type=!local new-connection-mark=LAN_WAN
add chain=prerouting action=mark-routing    connection-mark=LAN_WAN     src-address-list=LAN        new-routing-mark=WAN1_ROUTE                         comment="Load-Balancing here"



# Finish
# Once a LAN connection is routed through one ISP, it will stay there no matter what.
add chain=prerouting action=mark-connection connection-mark=LAN_WAN     routing-mark=WAN1_ROUTE     new-connection-mark=WAN1_STICKY
add chain=prerouting action=mark-connection connection-mark=LAN_WAN     routing-mark=WAN2_ROUTE     new-connection-mark=WAN2_STICKY
add chain=prerouting action=mark-routing    connection-mark=WAN1_STICKY src-address-list=LAN        new-routing-mark=WAN1_ROUTE 
add chain=prerouting action=mark-routing    connection-mark=WAN2_STICKY src-address-list=LAN        new-routing-mark=WAN2_ROUTE

Re: 4 Wan LoadBalaning / Failover with Mikrotik

Posted: Sun Sep 08, 2013 12:43 am
by biomecanoid
Thanks for the reply can you plz modify your code to fit my IPs and 4 wans ?

My Details are :

LAN: ether1:192.168.1.1/24
Wan1: ether2:192.168.2.150/24 GW: 192.168.2.100/24
Wan2: ether3:192.168.3.150/24 GW: 192.168.3.100/24
Wan3: ether4:192.168.4.150/24 GW: 192.168.4.100/24
Wan4: ether5:192.168.5.150/24 GW: 192.168.5.100/24

I would really appreciate your help, if you send me the modified code i will test it right away

Thanks again

Re: 4 Wan LoadBalaning / Failover with Mikrotik

Posted: Sun Sep 08, 2013 12:57 am
by biomecanoid
i tried editing your code to fit my config :



# Name the interfaces, beginning from the far left port (0)

/interface ethernet
set 0 comment=WAN1 name=ether-WAN1
set 1 comment=WAN2 name=ether-WAN2
set 2 comment=WAN3 name=ether-WAN3
set 3 comment=WAN4 name=ether-WAN4
set 4 comment=LAN  name=ether-LAN
 
# Assign IP addresses to the interfaces. If using DHCP for WAN, go to IP / DHCP Client
/ip address
add address=192.168.2.150/24     interface=ether-WAN1
add address=192.168.3.150/24     interface=ether-WAN2
add address=192.168.4.150/24     interface=ether-WAN3
add address=192.168.5.150/24     interface=ether-WAN4
add address=192.168.1.1/24       interface=ether-LAN
 
# Set the default routes AND Marks
/ip route
add gateway=192.168.2.100 distance=1
add gateway=192.168.3.100 distance=2
add gateway=192.168.4.100 distance=3
add gateway=192.168.5.100 distance=4


# NOT SURE ABOUT THIS ...

add gateway=192.168.2.100 distance=1 routing-mark="WAN1_ROUTE" check-gateway=ping
add gateway=192.168.3.100 distance=1 routing-mark="WAN2_ROUTE"
add gateway=192.168.4.100 distance=1 routing-mark="WAN1_ROUTE" 
add gateway=192.168.5.100 distance=1 routing-mark="WAN2_ROUTE"
 
# setup masquerade

/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether-WAN1
add chain=srcnat action=masquerade out-interface=ether-WAN2
add chain=srcnat action=masquerade out-interface=ether-WAN3
add chain=srcnat action=masquerade out-interface=ether-WAN2
 
 
 
###############################################################################
# Address list of IP networks
#
#
#
/ip firewall address-list
###############################################################################
 
add address=192.168.2.100/24      list=Connected
add address=192.168.3.100/24      list=Connected
add address=192.168.4.100/24      list=Connected
add address=192.168.5.100/24      list=Connected
add address=192.168.1.0/24        list=Connected
add address=192.168.1.0/24        list=LAN
 
 
 
###############################################################################
# Mangle routing marks
#
#
#
/ip firewall mangle
###############################################################################
 
# Make traffic to these networks stay in the main routing table
add chain=prerouting action=accept src-address-list=Connected dst-address-list=Connected
 
# Mark connections initiated from the internet and make sure the router replies using the same WAN.

add chain=input      action=mark-connection connection-mark=no-mark     in-interface=ether-WAN1     new-connection-mark=WAN1_ROS
add chain=input      action=mark-connection connection-mark=no-mark     in-interface=ether-WAN2     new-connection-mark=WAN2_ROS

add chain=input      action=mark-connection connection-mark=no-mark     in-interface=ether-WAN3     new-connection-mark=WAN3_ROS
add chain=input      action=mark-connection connection-mark=no-mark     in-interface=ether-WAN4     new-connection-mark=WAN4_ROS


add chain=output     action=mark-routing    connection-mark=WAN1_ROS    new-routing-mark=WAN1_ROUTE
add chain=output     action=mark-routing    connection-mark=WAN2_ROS    new-routing-mark=WAN2_ROUTE

add chain=output     action=mark-routing    connection-mark=WAN3_ROS    new-routing-mark=WAN3_ROUTE
add chain=output     action=mark-routing    connection-mark=WAN4_ROS    new-routing-mark=WAN4_ROUTE


 
# Mark connections initiated from the internet and make sure the LAN replies using the same WAN.
add chain=forward    action=mark-connection connection-mark=no-mark     in-interface=ether-WAN1     new-connection-mark=WAN1_LAN
add chain=forward    action=mark-connection connection-mark=no-mark     in-interface=ether-WAN2     new-connection-mark=WAN2_LAN

add chain=forward    action=mark-connection connection-mark=no-mark     in-interface=ether-WAN3     new-connection-mark=WAN3_LAN
add chain=forward    action=mark-connection connection-mark=no-mark     in-interface=ether-WAN4     new-connection-mark=WAN4_LAN


add chain=prerouting action=mark-routing    connection-mark=WAN1_LAN    src-address-list=LAN        new-routing-mark=WAN1_ROUTE
add chain=prerouting action=mark-routing    connection-mark=WAN2_LAN    src-address-list=LAN        new-routing-mark=WAN2_ROUTE
 
add chain=prerouting action=mark-routing    connection-mark=WAN3_LAN    src-address-list=LAN        new-routing-mark=WAN3_ROUTE
add chain=prerouting action=mark-routing    connection-mark=WAN4_LAN    src-address-list=LAN        new-routing-mark=WAN4_ROUTE
 
 
###############################################################################
# Customize marking here
# These are new LAN connections. Here you can apply rules for what IP,
# protocol, or port goes out which WAN connection. Set WAN1_ROUTE or
# WAN2_ROUTE as desired.
#
#
###############################################################################

# What changes do i need here for 4 wans ?

add chain=prerouting action=mark-connection connection-mark=no-mark     src-address-list=LAN        dst-address-list=!Connected dst-address-type=!local new-connection-mark=LAN_WAN
add chain=prerouting action=mark-routing    connection-mark=LAN_WAN     src-address-list=LAN        new-routing-mark=WAN1_ROUTE                         comment="Load-Balancing here"
 


 
 
# Finish
# Once a LAN connection is routed through one ISP, it will stay there no matter what.

add chain=prerouting action=mark-connection connection-mark=LAN_WAN     routing-mark=WAN1_ROUTE     new-connection-mark=WAN1_STICKY
add chain=prerouting action=mark-connection connection-mark=LAN_WAN     routing-mark=WAN2_ROUTE     new-connection-mark=WAN2_STICKY

add chain=prerouting action=mark-connection connection-mark=LAN_WAN     routing-mark=WAN3_ROUTE     new-connection-mark=WAN3_STICKY
add chain=prerouting action=mark-connection connection-mark=LAN_WAN     routing-mark=WAN4_ROUTE     new-connection-mark=WAN4_STICKY


add chain=prerouting action=mark-routing    connection-mark=WAN1_STICKY src-address-list=LAN        new-routing-mark=WAN1_ROUTE
add chain=prerouting action=mark-routing    connection-mark=WAN2_STICKY src-address-list=LAN        new-routing-mark=WAN2_ROUTE

add chain=prerouting action=mark-routing    connection-mark=WAN1_STICKY src-address-list=LAN        new-routing-mark=WAN3_ROUTE
add chain=prerouting action=mark-routing    connection-mark=WAN2_STICKY src-address-list=LAN        new-routing-mark=WAN4_ROUTE



So if its not much trouble kindly review it

Thanks

Re: 4 Wan LoadBalaning / Failover with Mikrotik

Posted: Sun Sep 08, 2013 1:23 am
by biomecanoid
I had made some mistakes editing your code so now i am trying this :

# Name the interfaces, beginning from the far left port (0)

/interface ethernet

set 0 comment=LAN  name=ether1-LAN
set 1 comment=WAN1 name=ether2-WAN1
set 2 comment=WAN2 name=ether3-WAN2
set 3 comment=WAN3 name=ether4-WAN3
set 4 comment=WAN4 name=ether5-WAN4

 
# Assign IP addresses to the interfaces. If using DHCP for WAN, go to IP / DHCP Client
/ip address
add address=192.168.1.1/24       interface=ether1-LAN
add address=192.168.2.150/24     interface=ether2-WAN1
add address=192.168.3.150/24     interface=ether3-WAN2
add address=192.168.4.150/24     interface=ether4-WAN3
add address=192.168.5.150/24     interface=ether5-WAN4

 
# Set the default routes AND Marks
/ip route
add gateway=192.168.2.100 distance=1
add gateway=192.168.3.100 distance=2
add gateway=192.168.4.100 distance=3
add gateway=192.168.5.100 distance=4


# NOT SURE ABOUT THIS ...

add gateway=192.168.2.100 distance=1 routing-mark="WAN1_ROUTE" check-gateway=ping
add gateway=192.168.3.100 distance=1 routing-mark="WAN2_ROUTE"
add gateway=192.168.4.100 distance=1 routing-mark="WAN3_ROUTE" 
add gateway=192.168.5.100 distance=1 routing-mark="WAN4_ROUTE"
 
# setup masquerade

/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether2-WAN1
add chain=srcnat action=masquerade out-interface=ether3-WAN2
add chain=srcnat action=masquerade out-interface=ether4-WAN3
add chain=srcnat action=masquerade out-interface=ether5-WAN4
 
 
 
###############################################################################
# Address list of IP networks
#
#
#

###############################################################################
/ip firewall address-list
add address=192.168.1.0/24        list=Connected
add address=192.168.1.0/24        list=LAN 
add address=192.168.2.100/24      list=Connected
add address=192.168.3.100/24      list=Connected
add address=192.168.4.100/24      list=Connected
add address=192.168.5.100/24      list=Connected

 
 
 
###############################################################################
# Mangle routing marks
#
#
#
###############################################################################
 
# Make traffic to these networks stay in the main routing table
add chain=prerouting action=accept src-address-list=Connected dst-address-list=Connected
 
# Mark connectio
ns initiated from the internet and make sure the router replies using the same WAN.

/ip firewall mangle
add chain=input      action=mark-connection connection-mark=no-mark     in-interface=ether2-WAN1     new-connection-mark=WAN1_ROS
add chain=input      action=mark-connection connection-mark=no-mark     in-interface=ether3-WAN2     new-connection-mark=WAN2_ROS

add chain=input      action=mark-connection connection-mark=no-mark     in-interface=ether4-WAN3     new-connection-mark=WAN3_ROS
add chain=input      action=mark-connection connection-mark=no-mark     in-interface=ether5-WAN4     new-connection-mark=WAN4_ROS


add chain=output     action=mark-routing    connection-mark=WAN1_ROS    new-routing-mark=WAN1_ROUTE
add chain=output     action=mark-routing    connection-mark=WAN2_ROS    new-routing-mark=WAN2_ROUTE

add chain=output     action=mark-routing    connection-mark=WAN3_ROS    new-routing-mark=WAN3_ROUTE
add chain=output     action=mark-routing    connection-mark=WAN4_ROS    new-routing-mark=WAN4_ROUTE


 
# Mark connections initiated from the internet and make sure the LAN replies using the same WAN.
add chain=forward    action=mark-connection connection-mark=no-mark     in-interface=ether2-WAN1     new-connection-mark=WAN1_LAN
add chain=forward    action=mark-connection connection-mark=no-mark     in-interface=ether3-WAN2     new-connection-mark=WAN2_LAN

add chain=forward    action=mark-connection connection-mark=no-mark     in-interface=ether4-WAN3     new-connection-mark=WAN3_LAN
add chain=forward    action=mark-connection connection-mark=no-mark     in-interface=ether5-WAN4     new-connection-mark=WAN4_LAN


add chain=prerouting action=mark-routing    connection-mark=WAN1_LAN    src-address-list=LAN        new-routing-mark=WAN1_ROUTE
add chain=prerouting action=mark-routing    connection-mark=WAN2_LAN    src-address-list=LAN        new-routing-mark=WAN2_ROUTE
 
add chain=prerouting action=mark-routing    connection-mark=WAN3_LAN    src-address-list=LAN        new-routing-mark=WAN3_ROUTE
add chain=prerouting action=mark-routing    connection-mark=WAN4_LAN    src-address-list=LAN        new-routing-mark=WAN4_ROUTE
 
 
###############################################################################
# Customize marking here
# These are new LAN connections. Here you can apply rules for what IP,
# protocol, or port goes out which WAN connection. Set WAN1_ROUTE or
# WAN2_ROUTE as desired.
#
#
###############################################################################

# What changes do i need here for 4 wans ?

add chain=prerouting action=mark-connection connection-mark=no-mark     src-address-list=LAN        dst-address-list=!Connected dst-address-type=!local new-connection-mark=LAN_WAN
add chain=prerouting action=mark-routing    connection-mark=LAN_WAN     src-address-list=LAN        new-routing-mark=WAN1_ROUTE                         comment="Load-Balancing here"
 


 
 
# Finish
# Once a LAN connection is routed through one ISP, it will stay there no matter what.

add chain=prerouting action=mark-connection connection-mark=LAN_WAN     routing-mark=WAN1_ROUTE     new-connection-mark=WAN1_STICKY
add chain=prerouting action=mark-connection connection-mark=LAN_WAN     routing-mark=WAN2_ROUTE     new-connection-mark=WAN2_STICKY

add chain=prerouting action=mark-connection connection-mark=LAN_WAN     routing-mark=WAN3_ROUTE     new-connection-mark=WAN3_STICKY
add chain=prerouting action=mark-connection connection-mark=LAN_WAN     routing-mark=WAN4_ROUTE     new-connection-mark=WAN4_STICKY


add chain=prerouting action=mark-routing    connection-mark=WAN1_STICKY src-address-list=LAN        new-routing-mark=WAN1_ROUTE
add chain=prerouting action=mark-routing    connection-mark=WAN2_STICKY src-address-list=LAN        new-routing-mark=WAN2_ROUTE

add chain=prerouting action=mark-routing    connection-mark=WAN1_STICKY src-address-list=LAN        new-routing-mark=WAN3_ROUTE
add chain=prerouting action=mark-routing    connection-mark=WAN2_STICKY src-address-list=LAN        new-routing-mark=WAN4_ROUTE


Kindly review it :)


Thanks

Re: 4 Wan LoadBalaning / Failover with Mikrotik

Posted: Sun Sep 08, 2013 1:27 am
by biomecanoid
I have some questions how does the code detect when a wan is down ?

i don't want to consider that a wan is down by pinging the modem's ip the modems don't go down often i want to be able to evaluate ping and packet loss like i was doing when i had PFsense. How do i modify the code to support determining the status of the wan by pinging external hosts like 8.8.8.8 ?

I also would like to be able to use Web Proxy

Re: 4 Wan LoadBalaning / Failover with Mikrotik

Posted: Sun Sep 08, 2013 1:31 am
by biomecanoid
it seems that with the new config i am only using ether2-WAN1 as the other interfaces show 0 bps

Re: 4 Wan LoadBalaning / Failover with Mikrotik

Posted: Sun Sep 08, 2013 2:22 am
by biomecanoid
New Code to support pinging external host ( i hope :P ) :

/interface ethernet

set 0 comment=LAN name=ether1-LAN
set 1 comment=WAN1 name=ether2-WAN1
set 2 comment=WAN2 name=ether3-WAN2
set 3 comment=WAN3 name=ether4-WAN3
set 4 comment=WAN4 name=ether5-WAN4


# Assign IP addresses to the interfaces. If using DHCP for WAN, go to IP / DHCP Client
/ip address
add address=192.168.1.1/24 interface=ether1-LAN
add address=192.168.2.150/24 interface=ether2-WAN1
add address=192.168.3.150/24 interface=ether3-WAN2
add address=192.168.4.150/24 interface=ether4-WAN3
add address=192.168.5.150/24 interface=ether5-WAN4


# Set the default routes AND Marks



/ip route
add dst-address=8.8.8.8 gateway=192.168.2.100 scope=10
add dst-address=208.67.222.222 gateway=192.168.3.100 scope=10
add dst-address=8.8.4.4 gateway=192.168.4.100 scope=10
add dst-address=208.67.220.220 gateway=192.168.5.100 scope=10


/ip route
add dst-address=10.1.1.1 gateway=8.8.4.4 scope=10 target-scope=10 check-gateway=ping
add dst-address=10.2.2.2 gateway=208.67.222.222 scope=10 target-scope=10 check-gateway=ping
add dst-address=10.3.3.3 gateway=8.8.8.8 scope=10 target-scope=10 check-gateway=ping
add dst-address=10.4.4.4 gateway=208.67.220.220 scope=10 target-scope=10 check-gateway=ping


/ip route
add distance=1 gateway=10.1.1.1 routing-mark=WAN4_ROUTE
add distance=2 gateway=10.2.2.2 routing-mark=WAN3_ROUTE
add distance=3 gateway=10.3.3.3 routing-mark=WAN1_ROUTE check-gateway=ping
add distance=4 gateway=10.4.4.4 routing-mark=WAN2_ROUTE



# NOT SURE ABOUT THIS ...

add gateway=192.168.2.100 distance=1 routing-mark="WAN1_ROUTE" check-gateway=ping
add gateway=192.168.3.100 distance=1 routing-mark="WAN2_ROUTE"
add gateway=192.168.4.100 distance=1 routing-mark="WAN3_ROUTE"
add gateway=192.168.5.100 distance=1 routing-mark="WAN4_ROUTE"

# setup masquerade

/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether2-WAN1
add chain=srcnat action=masquerade out-interface=ether3-WAN2
add chain=srcnat action=masquerade out-interface=ether4-WAN3
add chain=srcnat action=masquerade out-interface=ether5-WAN4



###############################################################################
# Address list of IP networks
#
#
#

###############################################################################
/ip firewall address-list
add address=192.168.1.0/24 list=Connected
add address=192.168.1.0/24 list=LAN
add address=192.168.2.100/24 list=Connected
add address=192.168.3.100/24 list=Connected
add address=192.168.4.100/24 list=Connected
add address=192.168.5.100/24 list=Connected




###############################################################################
# Mangle routing marks
#
#
#
###############################################################################

# Make traffic to these networks stay in the main routing table
add chain=prerouting action=accept src-address-list=Connected dst-address-list=Connected

# Mark connectio
ns initiated from the internet and make sure the router replies using the same WAN.

/ip firewall mangle
add chain=input action=mark-connection connection-mark=no-mark

in-interface=ether2-WAN1 new-connection-mark=WAN1_ROS
add chain=input action=mark-connection connection-mark=no-mark

in-interface=ether3-WAN2 new-connection-mark=WAN2_ROS

add chain=input action=mark-connection connection-mark=no-mark

in-interface=ether4-WAN3 new-connection-mark=WAN3_ROS
add chain=input action=mark-connection connection-mark=no-mark

in-interface=ether5-WAN4 new-connection-mark=WAN4_ROS


add chain=output action=mark-routing connection-mark=WAN1_ROS

new-routing-mark=WAN1_ROUTE
add chain=output action=mark-routing connection-mark=WAN2_ROS

new-routing-mark=WAN2_ROUTE

add chain=output action=mark-routing connection-mark=WAN3_ROS

new-routing-mark=WAN3_ROUTE
add chain=output action=mark-routing connection-mark=WAN4_ROS

new-routing-mark=WAN4_ROUTE



# Mark connections initiated from the internet and make sure the LAN replies using the same

WAN.
add chain=forward action=mark-connection connection-mark=no-mark

in-interface=ether2-WAN1 new-connection-mark=WAN1_LAN
add chain=forward action=mark-connection connection-mark=no-mark

in-interface=ether3-WAN2 new-connection-mark=WAN2_LAN

add chain=forward action=mark-connection connection-mark=no-mark

in-interface=ether4-WAN3 new-connection-mark=WAN3_LAN
add chain=forward action=mark-connection connection-mark=no-mark

in-interface=ether5-WAN4 new-connection-mark=WAN4_LAN


add chain=prerouting action=mark-routing connection-mark=WAN1_LAN src-address-list=LAN

new-routing-mark=WAN1_ROUTE
add chain=prerouting action=mark-routing connection-mark=WAN2_LAN src-address-list=LAN

new-routing-mark=WAN2_ROUTE

add chain=prerouting action=mark-routing connection-mark=WAN3_LAN src-address-list=LAN

new-routing-mark=WAN3_ROUTE
add chain=prerouting action=mark-routing connection-mark=WAN4_LAN src-address-list=LAN

new-routing-mark=WAN4_ROUTE


###############################################################################
# Customize marking here
# These are new LAN connections. Here you can apply rules for what IP,
# protocol, or port goes out which WAN connection. Set WAN1_ROUTE or
# WAN2_ROUTE as desired.
#
#
###############################################################################

# What changes do i need here for 4 wans ?

add chain=prerouting action=mark-connection connection-mark=no-mark src-address-list=LAN

dst-address-list=!Connected dst-address-type=!local new-connection-mark=LAN_WAN
add chain=prerouting action=mark-routing connection-mark=LAN_WAN src-address-list=LAN

new-routing-mark=WAN1_ROUTE comment="Load-Balancing here"





# Finish
# Once a LAN connection is routed through one ISP, it will stay there no matter what.

add chain=prerouting action=mark-connection connection-mark=LAN_WAN routing-mark=WAN1_ROUTE

new-connection-mark=WAN1_STICKY
add chain=prerouting action=mark-connection connection-mark=LAN_WAN routing-mark=WAN2_ROUTE

new-connection-mark=WAN2_STICKY

add chain=prerouting action=mark-connection connection-mark=LAN_WAN routing-mark=WAN3_ROUTE

new-connection-mark=WAN3_STICKY
add chain=prerouting action=mark-connection connection-mark=LAN_WAN routing-mark=WAN4_ROUTE

new-connection-mark=WAN4_STICKY


add chain=prerouting action=mark-routing connection-mark=WAN1_STICKY src-address-list=LAN

new-routing-mark=WAN1_ROUTE
add chain=prerouting action=mark-routing connection-mark=WAN2_STICKY src-address-list=LAN

new-routing-mark=WAN2_ROUTE

add chain=prerouting action=mark-routing connection-mark=WAN1_STICKY src-address-list=LAN

new-routing-mark=WAN3_ROUTE
add chain=prerouting action=mark-routing connection-mark=WAN2_STICKY src-address-list=LAN

new-routing-mark=WAN4_ROUTE


Re: 4 Wan LoadBalaning / Failover with Mikrotik

Posted: Sun Sep 08, 2013 2:59 am
by biomecanoid
New code new problem when pinging :

[admin@MikroTik] /tool> /ping 192.168.2.100
HOST                                     SIZE TTL TIME  STATUS
192.168.2.100                              56  64 0ms
192.168.2.100                              56  64 0ms
192.168.2.100                              56  64 0ms
    sent=3 received=3 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms

[admin@MikroTik] /tool> /ping 192.168.3.100
HOST                                     SIZE TTL TIME  STATUS
192.168.3.100                              56  64 0ms
192.168.3.100                              56  64 0ms
192.168.3.100                              56  64 0ms
    sent=3 received=3 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms

[admin@MikroTik] /tool> /ping 192.168.4.100
HOST                                     SIZE TTL TIME  STATUS
192.168.4.100                              56  64 0ms
192.168.4.100                                           timeout
192.168.4.100                                           timeout
192.168.4.100                                           timeout
192.168.4.100                                           timeout
    sent=5 received=1 packet-loss=80% min-rtt=0ms avg-rtt=0ms max-rtt=0ms

[admin@MikroTik] /tool> /ping 192.168.5.100
HOST                                     SIZE TTL TIME  STATUS
192.168.5.100                              56  64 0ms
192.168.5.100                                           timeout
192.168.5.100                                           timeout
192.168.5.100                                           timeout
192.168.5.100                                           timeout
    sent=5 received=1 packet-loss=80% min-rtt=0ms avg-rtt=0ms max-rtt=0ms




Re: 4 Wan LoadBalaning / Failover with Mikrotik

Posted: Sun Sep 08, 2013 3:14 am
by biomecanoid
I found an error in my previous code so i am posting again :

# Name the interfaces, beginning from the far left port (0)

/interface ethernet

set 0 comment=LAN  name=ether1-LAN
set 1 comment=WAN1 name=ether2-WAN1
set 2 comment=WAN2 name=ether3-WAN2
set 3 comment=WAN3 name=ether4-WAN3
set 4 comment=WAN4 name=ether5-WAN4

 
# Assign IP addresses to the interfaces. If using DHCP for WAN, go to IP / DHCP Client
/ip address
add address=192.168.1.1/24       interface=ether1-LAN
add address=192.168.2.150/24     interface=ether2-WAN1
add address=192.168.3.150/24     interface=ether3-WAN2
add address=192.168.4.150/24     interface=ether4-WAN3
add address=192.168.5.150/24     interface=ether5-WAN4

 
# Set the default routes AND Marks

/ip route
add dst-address=8.8.8.8        gateway=192.168.2.100 scope=10
add dst-address=208.67.222.222 gateway=192.168.3.100 scope=10
add dst-address=8.8.4.4        gateway=192.168.4.100 scope=10
add dst-address=208.67.220.220 gateway=192.168.5.100 scope=10    


/ip route
add dst-address=10.1.1.1 gateway=8.8.4.4        scope=10 target-scope=10 check-gateway=ping
add dst-address=10.2.2.2 gateway=208.67.222.222 scope=10 target-scope=10 check-gateway=ping
add dst-address=10.3.3.3 gateway=8.8.8.8        scope=10 target-scope=10 check-gateway=ping
add dst-address=10.4.4.4 gateway=208.67.220.220 scope=10 target-scope=10 check-gateway=ping


/ip route
add distance=1 gateway=10.1.1.1 routing-mark=WAN3_ROUTE
add distance=2 gateway=10.2.2.2 routing-mark=WAN2_ROUTE
add distance=3 gateway=10.3.3.3 routing-mark=WAN1_ROUTE check-gateway=ping
add distance=4 gateway=10.4.4.4 routing-mark=WAN4_ROUTE





# NOT SURE ABOUT THIS ...

add gateway=192.168.2.100 distance=1 routing-mark="WAN1_ROUTE" check-gateway=ping
add gateway=192.168.3.100 distance=1 routing-mark="WAN2_ROUTE"
add gateway=192.168.4.100 distance=1 routing-mark="WAN3_ROUTE" 
add gateway=192.168.5.100 distance=1 routing-mark="WAN4_ROUTE"
 
# setup masquerade

/ip firewall nat
add chain=srcnat action=masquerade out-interface=ether2-WAN1
add chain=srcnat action=masquerade out-interface=ether3-WAN2
add chain=srcnat action=masquerade out-interface=ether4-WAN3
add chain=srcnat action=masquerade out-interface=ether5-WAN4
 
 
 
###############################################################################
# Address list of IP networks
#
#
#

###############################################################################
/ip firewall address-list
add address=192.168.1.0/24        list=Connected
add address=192.168.1.0/24        list=LAN 
add address=192.168.2.100/24      list=Connected
add address=192.168.3.100/24      list=Connected
add address=192.168.4.100/24      list=Connected
add address=192.168.5.100/24      list=Connected

 
 
 
###############################################################################
# Mangle routing marks
#
#
#
###############################################################################
 
# Make traffic to these networks stay in the main routing table
add chain=prerouting action=accept src-address-list=Connected dst-address-list=Connected
 
# Mark connectio
ns initiated from the internet and make sure the router replies using the same WAN.

/ip firewall mangle
add chain=input      action=mark-connection connection-mark=no-mark     

in-interface=ether2-WAN1     new-connection-mark=WAN1_ROS
add chain=input      action=mark-connection connection-mark=no-mark     

in-interface=ether3-WAN2     new-connection-mark=WAN2_ROS

add chain=input      action=mark-connection connection-mark=no-mark     

in-interface=ether4-WAN3     new-connection-mark=WAN3_ROS
add chain=input      action=mark-connection connection-mark=no-mark     

in-interface=ether5-WAN4     new-connection-mark=WAN4_ROS


add chain=output     action=mark-routing    connection-mark=WAN1_ROS    

new-routing-mark=WAN1_ROUTE
add chain=output     action=mark-routing    connection-mark=WAN2_ROS    

new-routing-mark=WAN2_ROUTE

add chain=output     action=mark-routing    connection-mark=WAN3_ROS    

new-routing-mark=WAN3_ROUTE
add chain=output     action=mark-routing    connection-mark=WAN4_ROS    

new-routing-mark=WAN4_ROUTE


 
# Mark connections initiated from the internet and make sure the LAN replies using the same 

WAN.
add chain=forward    action=mark-connection connection-mark=no-mark     

in-interface=ether2-WAN1     new-connection-mark=WAN1_LAN
add chain=forward    action=mark-connection connection-mark=no-mark     

in-interface=ether3-WAN2     new-connection-mark=WAN2_LAN

add chain=forward    action=mark-connection connection-mark=no-mark     

in-interface=ether4-WAN3     new-connection-mark=WAN3_LAN
add chain=forward    action=mark-connection connection-mark=no-mark     

in-interface=ether5-WAN4     new-connection-mark=WAN4_LAN


add chain=prerouting action=mark-routing    connection-mark=WAN1_LAN    src-address-list=LAN    

    new-routing-mark=WAN1_ROUTE
add chain=prerouting action=mark-routing    connection-mark=WAN2_LAN    src-address-list=LAN    

    new-routing-mark=WAN2_ROUTE
 
add chain=prerouting action=mark-routing    connection-mark=WAN3_LAN    src-address-list=LAN    

    new-routing-mark=WAN3_ROUTE
add chain=prerouting action=mark-routing    connection-mark=WAN4_LAN    src-address-list=LAN    

    new-routing-mark=WAN4_ROUTE
 
 
###############################################################################
# Customize marking here
# These are new LAN connections. Here you can apply rules for what IP,
# protocol, or port goes out which WAN connection. Set WAN1_ROUTE or
# WAN2_ROUTE as desired.
#
#
###############################################################################

# What changes do i need here for 4 wans ?

add chain=prerouting action=mark-connection connection-mark=no-mark     src-address-list=LAN    

    dst-address-list=!Connected dst-address-type=!local new-connection-mark=LAN_WAN
add chain=prerouting action=mark-routing    connection-mark=LAN_WAN     src-address-list=LAN    

    new-routing-mark=WAN1_ROUTE                         comment="Load-Balancing here"
 


 
 
# Finish
# Once a LAN connection is routed through one ISP, it will stay there no matter what.

add chain=prerouting action=mark-connection connection-mark=LAN_WAN     routing-mark=WAN1_ROUTE 

    new-connection-mark=WAN1_STICKY
add chain=prerouting action=mark-connection connection-mark=LAN_WAN     routing-mark=WAN2_ROUTE 

    new-connection-mark=WAN2_STICKY

add chain=prerouting action=mark-connection connection-mark=LAN_WAN     routing-mark=WAN3_ROUTE 

    new-connection-mark=WAN3_STICKY
add chain=prerouting action=mark-connection connection-mark=LAN_WAN     routing-mark=WAN4_ROUTE 

    new-connection-mark=WAN4_STICKY


add chain=prerouting action=mark-routing    connection-mark=WAN1_STICKY src-address-list=LAN    

    new-routing-mark=WAN1_ROUTE
add chain=prerouting action=mark-routing    connection-mark=WAN2_STICKY src-address-list=LAN    

    new-routing-mark=WAN2_ROUTE

add chain=prerouting action=mark-routing    connection-mark=WAN1_STICKY src-address-list=LAN    

    new-routing-mark=WAN3_ROUTE
add chain=prerouting action=mark-routing    connection-mark=WAN2_STICKY src-address-list=LAN    

    new-routing-mark=WAN4_ROUTE


Re: 4 Wan LoadBalaning / Failover with Mikrotik

Posted: Sun Sep 08, 2013 3:23 am
by biomecanoid
if i ping my virtual hops 10.4.4.4 seems to be always down

Re: 4 Wan LoadBalaning / Failover with Mikrotik

Posted: Sun Sep 08, 2013 3:44 am
by biomecanoid
When i try to use Web Proxy i get Network unreachable

Re: 4 Wan LoadBalaning / Failover with Mikrotik

Posted: Sun Sep 08, 2013 3:32 pm
by pcunite
Slow down, learn more about MikroTik, read this and start small.

Re: 4 Wan LoadBalaning / Failover with Mikrotik

Posted: Sun Sep 08, 2013 5:01 pm
by biomecanoid
I did read the link you send me and i have already tired to incorporate ( possibly not correctly ) what you send me in my code

It would really help me if you could kindly review my code and point out mistakes and possibly discuss on them .

And i am also known not to start small:

https://www.youtube.com/watch?v=X6-1MlTOx4k

"small" is not that interesting

Re: 4 Wan LoadBalaning / Failover with Mikrotik

Posted: Sun Sep 08, 2013 5:05 pm
by pcunite
It would really help me if you could kindly review my code and point out mistakes and possibly discuss on them. And i am also known not to start small:
:-)

Okay, I'll try to look it over later. I have to go somewhere at the moment. Could you give me an output of "export compact" too? Remove any personal information.

Re: 4 Wan LoadBalaning / Failover with Mikrotik

Posted: Sun Sep 08, 2013 5:21 pm
by biomecanoid
Well i have my box setup with linux for loadbalancing right now ( so i can have internet ) until i have a Mikrotik solution ready so its a bit hard to get an export right now.

But really i just pasted the code via SSH and that's it. Maybe i can tell you all you need to know.

Thanks for your help :)

Re: 4 Wan LoadBalaning / Failover with Mikrotik

Posted: Sun Sep 08, 2013 11:25 pm
by pcunite
I've looked over your last output. As is, it will not work namely because /ip firewall mangle is in the wrong place. I apologize, I don't know enough to teach you. The reason I asked for the export is so I could see what the router is really doing, not what you're posting here. I'm too new with MikroTik to help you further. Hopefully others will chime in. Take care.