Community discussions

MikroTik App
 
filippos
just joined
Topic Author
Posts: 5
Joined: Mon May 30, 2022 10:10 am

Load balancing with RB2011UiAS-2HnD-IN and RouterOS 6.49.6

Mon May 30, 2022 12:09 pm

Hi,

I have a RB2011UiAS-2HnD-IN and I followed all instructions in order to have load balancing from my 2 WAN lines (192.168.1.0/24 & 192.168.2.0/24) to 192.168.0.0/24.
Load balancing is not working from 192.168.2.1 and I probably make a mistake that I cannot see the last 4 days searching... :(
Firefox_Screenshot_2022-05-30T09-03-32.885Z.png
Thanks in advanced for your help.
BR,
Filippos

PS: I removed from this quote all interfaces from 7 to 10 in order to make it simpler.
# may/30/2022 11:26:49 by RouterOS 6.49.6
# software id =
#
# model = 2011UiAS-2HnD
# serial number =

/interface bridge
add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no comment=defconf name=bridge

/interface ethernet
set [ find default-name=ether1 ] name=ether1_wan
set [ find default-name=ether2 ] name=ether2_wan
set [ find default-name=ether3 ] name=ether3_lan
set [ find default-name=ether4 ] name=ether4_lan
set [ find default-name=ether5 ] name=ether5_lan
set [ find default-name=ether6 ] name=ether6_wlan

/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
    disabled=no distance=indoors frequency=auto installation=indoor mode=\
    ap-bridge ssid=MikroTik-SSID wireless-protocol=802.11

/interface list
add comment=defconf name=WAN
add comment=defconf exclude=WAN name=LAN

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik

/ip pool
add name=default-dhcp ranges=192.168.0.10-192.168.0.254

/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf

/interface bridge port
add bridge=bridge comment=defconf interface=ether3_lan
add bridge=bridge comment=defconf interface=ether4_lan
add bridge=bridge comment=defconf interface=ether5_lan
add bridge=bridge comment=defconf interface=ether6_wlan
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=*2000011

/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1_wan list=WAN
add comment=defconf interface=ether2_wan list=WAN

/ip address
add address=192.168.0.1/24 comment=defconf interface=bridge network=192.168.0.0
add address=192.168.0.244/24 interface=ether5_lan network=192.168.0.0

/ip dhcp-client
add add-default-route=no comment=defconf disabled=no interface=ether1_wan
add add-default-route=no comment=defconf disabled=no interface=ether2_wan

/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf dns-server=192.168.0.1 \
    gateway=192.168.0.1

/ip dns
set allow-remote-requests=yes servers=8.8.8.8

/ip dns static
add address=192.168.0.1 comment=defconf name=router.lan

/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related disabled=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN

/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.1.0/24 in-interface=\
    bridge
add action=accept chain=prerouting dst-address=192.168.2.0/24 in-interface=\
    bridge
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=ether1_wan new-connection-mark=ether1_wan_conn passthrough=\
    yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=ether2_wan new-connection-mark=ether2_wan_conn
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=bridge new-connection-mark=\
    ether1_wan_conn passthrough=yes per-connection-classifier=\
    both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=bridge new-connection-mark=\
    ether2_wan_conn per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=ether1_wan_conn \
    in-interface=bridge new-routing-mark=to_ether1_wan passthrough=yes
add action=mark-routing chain=prerouting connection-mark=ether2_wan_conn \
    in-interface=bridge new-routing-mark=to_ether2_wan passthrough=yes
add action=mark-routing chain=output connection-mark=ether1_wan_conn \
    new-routing-mark=to_ether1_wan passthrough=yes
add action=mark-routing chain=output connection-mark=ether2_wan_conn \
    new-routing-mark=to_ether2_wan passthrough=yes

/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface=ether1_wan
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface=\
    ether2_wan

/ip route
add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=to_ether1_wan
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=to_ether2_wan
add check-gateway=ping distance=1 gateway=192.168.2.1
add check-gateway=ping distance=1 gateway=192.168.1.1


You do not have the required permissions to view the files attached to this post.
 
rbuserdl
Member Candidate
Member Candidate
Posts: 236
Joined: Thu Mar 22, 2018 1:53 pm

Re: Load balancing with RB2011UiAS-2HnD-IN and RouterOS 6.49.6

Mon May 30, 2022 3:55 pm

Hello,

I think I had an issue previosly with
dst-address-type=!local
Try using dst-address or dst-address-list instead of dst-address-type, something like
dst-address=!192.168.0.0/24
After a while, check in "ip->firewall->connections", in gui, if most traffic is with connection-mark

Regards,
Damián
 
filippos
just joined
Topic Author
Posts: 5
Joined: Mon May 30, 2022 10:10 am

Re: Load balancing with RB2011UiAS-2HnD-IN and RouterOS 6.49.6

Mon May 30, 2022 5:21 pm

Hi Damián,
no luck with that.
It seems that the wan1 isn't recognized, but in IP -> Routes -> Nexthops notes that Gateway State both addresses are "reachable", but when I view Routes one (192.168.2.1) is "unreachable" !!!
Thanks for your help.

BR,
Filippos
 
rbuserdl
Member Candidate
Member Candidate
Posts: 236
Joined: Thu Mar 22, 2018 1:53 pm

Re: Load balancing with RB2011UiAS-2HnD-IN and RouterOS 6.49.6

Mon May 30, 2022 5:30 pm

Hello,

It seems that wan1 is not working, it does not seem an issue with the load balancing
Did you test wan1 connection with a PC?

Regards,
Damián
 
filippos
just joined
Topic Author
Posts: 5
Joined: Mon May 30, 2022 10:10 am

Re: Load balancing with RB2011UiAS-2HnD-IN and RouterOS 6.49.6

Mon May 30, 2022 8:58 pm

Hi Damián,
Of course I did tested it already.

I do backed it up and rebooted it, interchanged the ports, but the problem remains the same.

BR,
Filippos
 
rbuserdl
Member Candidate
Member Candidate
Posts: 236
Joined: Thu Mar 22, 2018 1:53 pm

Re: Load balancing with RB2011UiAS-2HnD-IN and RouterOS 6.49.6

Mon May 30, 2022 10:16 pm

Sorry my questions, just to be on the same page
When you tested the ISP modem in a PC, did you set the IP address statically like in the settings?
What happen if you ping the default gateway from the Mikrotik?

Regards
Damián
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14362
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Load balancing with RB2011UiAS-2HnD-IN and RouterOS 6.49.6

Tue May 31, 2022 4:41 am

(1) FROM THIS:
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.1.0/24 in-interface=\
bridge

add action=accept chain=prerouting dst-address=192.168.2.0/24 in-interface=\
bridge

TO:
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.1.0/24
add action=accept chain=prerouting dst-address=192.168.2.0/24

(2) FROM THIS:
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=ether1_wan new-connection-mark=ether1_wan_conn passthrough=\
yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=ether2_wan new-connection-mark=ether2_wan_conn


TO:
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=ether1_wan new-connection-mark=ether1_wan_conn passthrough=\
yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=ether2_wan new-connection-mark=ether2_wan_conn passthrough=\
yes
 
filippos
just joined
Topic Author
Posts: 5
Joined: Mon May 30, 2022 10:10 am

Re: Load balancing with RB2011UiAS-2HnD-IN and RouterOS 6.49.6

Tue May 31, 2022 9:52 am

Hi to all!

@anav
Yes I saw that passthrough and had already changed it. Thanks for noting that.
The other mangle firewall rule doesn't helped at all and I think that it is a security issue to leave all interfaces to talk to each other.
@all
Nevertheless, I managed to make it work connecting my pc to router and ping to it. It didn't work!!! Regardless Nexthops noted that was pinging to router ip, it doesn't!!!
So, I changed "ping" to "arp" and now it somehow works.
When I disconnect one router it falls back to the other not on the specific downloading process, but on another.
When I plug it in again it seems to ignore it and uses only one router at a time.

BR,
Filippos

:EDIT
Now it's okay, speedtest downloads with the sum of download from 2 routers. Only upload remains the same. Thank you both for your help.
 
rbuserdl
Member Candidate
Member Candidate
Posts: 236
Joined: Thu Mar 22, 2018 1:53 pm

Re: Load balancing with RB2011UiAS-2HnD-IN and RouterOS 6.49.6

Tue May 31, 2022 4:04 pm

Hello may be will be better to Anav to respond because he know much more than me.
But IMHO, when you started a session through WAN2, it remains using the same interface until the session finnish or the interface is not available, for example. I think this describes the behavior you mentioned.

Regards,
Damián
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14362
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Load balancing with RB2011UiAS-2HnD-IN and RouterOS 6.49.6

Tue May 31, 2022 8:01 pm

when it comes to pcc load balancing I have no experience but am to compare working scripts to other scripts.
Called notepad++ compare plugin :-)
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: Load balancing with RB2011UiAS-2HnD-IN and RouterOS 6.49.6

Tue May 31, 2022 9:10 pm

Change add check-gateway=ping distance=1 gateway=192.168.1.1 to

add check-gateway=ping distance=2 gateway=192.168.1.1
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14362
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Load balancing with RB2011UiAS-2HnD-IN and RouterOS 6.49.6

Tue May 31, 2022 9:18 pm

What are you smoking? This is load balancing not failover ????
Im presuming the DISCHER way (PCC) and not the Thomas way which is more akin to manual load balance via bandwidth and includes failover.
 
filippos
just joined
Topic Author
Posts: 5
Joined: Mon May 30, 2022 10:10 am

Re: Load balancing with RB2011UiAS-2HnD-IN and RouterOS 6.49.6

Wed Jun 01, 2022 10:02 am

Hi
everything is fine now
 
enetplus1
just joined
Posts: 1
Joined: Tue Oct 04, 2022 6:54 pm

Re: Load balancing with RB2011UiAS-2HnD-IN and RouterOS 6.49.6

Tue Oct 04, 2022 6:58 pm

Hi
everything is fine now
Please filippos, I want to know how you did. Me too since many days i'm struggling. I'm new in Mikrotik, I need a good script or tutorial to have load balancing in my RB2011UiAS-2HnD-IN
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 14362
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Load balancing with RB2011UiAS-2HnD-IN and RouterOS 6.49.6

Wed Oct 05, 2022 2:29 am

https://mum.mikrotik.com/presentations/US12/steve.pdf

Once you have followed this guide and if not working then
come back and post your full config /export (minus serial number and any public WANIP info).

Who is online

Users browsing this forum: Ahrefs [Bot], scoobyn8 and 66 guests