ECMP Load Balancing Simple and Easy Method tested by HaK 

First you need to rename your Mikrotik Interface name according to below script otherwise it won't work..  
 
/ ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local 
add address=10.10.10.2/24 network=10.10.0.0 broadcast=10.10.10.255 interface=wan2
add address=10.20.20.2/24 network=10.20.0.0 broadcast=10.20.20.255 interface=wan1

/ ip route
add dst-address=0.0.0.0/0 gateway=10.10.10.1,10.20.20.1 check-gateway=ping 

/ ip firewall nat 
add chain=srcnat out-interface=wan1 action=masquerade
add chain=srcnat out-interface=wan2 action=masquerade

/ ip firewall mangle
add chain=input in-interface=wan1 action=mark-connection new-connection-mark=wan1_conn
add chain=input in-interface=wan2 action=mark-connection new-connection-mark=wan2_conn
add chain=output connection-mark=wan1_conn action=mark-routing new-routing-mark=to_wa1     
add chain=output connection-mark=wan1_conn action=mark-routing new-routing-mark=to_wa2     

/ ip route
add dst-address=0.0.0.0/0 gateway=10.10.10.1 routing-mark=to_wa1 
add dst-address=0.0.0.0/0 gateway=10.20.20.1 routing-mark=to_wa2
 
 
You can use asymmetric bandwidth links also  - for example one link is 
2Mbps other 10Mbps. Just use this command to make load balancing 1:5
 
/ ip route 
add dst-address=0.0.0.0/0 gateway=10.10.10.1,10.20.20.1,10.20.20.1,10.20.20.1,10.20.20.1,10.20.20.1 check-gateway=ping
 


Rule to redirect port 80 to mikrotik local proxy.


 


/ip firewall nat 


add action=redirect chain=dstnat comment=”Redirect port 80 request to Web 
Proxy” disabled=no dst-port=80 protocol=tcp to-ports=8080  


 


Enable Mikrotik local webproxy.



/ip proxy

set always-from-cache=no 
cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=yes 
enabled=yes max-cache-size=unlimited max-client-connections=600 
max-fresh-time=3d \ max-server-connections=600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=no src-address=0.0.0.0



or 




Check this out: http://wiki.mikrotik.com/wiki/Manual:IP/Proxy




 


Rule to redirect request to squid proxy.


 





/ip firewall nat



add action=redirect chain=dstnat disabled=no dst-address=192.168.1.2 \



dst-port=80 protocol=tcp to-ports=8080 or 3128




 


  



 DNS issues

ISP specific DNS servers might have custom configuration that treats 
specific requests from ISP's network differently than requests from 
other network. So in case connection is made via other gateway those 
sites will not be accessible.


To avoid that we suggest to use 3rd-party (public) DNS servers, 
and in case you need ISP specific recourse, create static DNS entry and 
policy route that traffic to specific gateway.



Thanks to http://Wiki.mikrotik.com 


  


































Comments











Post a Comment



















Popular posts from this blog









Mikrotik Webproxy with PCC




















Image







  Usually when you enable web proxy on pcc, it wont work. To make it work you have to mark web proxy connection in output chain, and exclude port 80 traffic from pre-routing PCC rules. Example is as below. (I assume you have dual wan pcc already configured and in running state       Add following rules (Output chain)   /ip firewall mangle  add action=mark-connection chain=output comment=”Marking Web Proxy Connection for WAN-1″ disabled=no dst-port=80 new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=\    both-addresses-and-ports:2/0 protocol=tcp     both-addresses-and-ports:2/1 protocol=tcp     per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp add action=mark-connection chain=prerouting comment=”Excluding Port 80 from PCC – WAN2″ disabled=no dst-address-type=!local  dst-port=!80  in-interface=LAN new-connection-mark=WAN2_conn passthrough=yes \     per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp     max-server-connections=600 p








Read more










Dual Wan Load balacing with failover mikrotik





















  Introduction   Let us suppose that we have two WAN links, and we want  load balance the two WAN links  and do a fail-over if one of the WAN links fails ( eg: traffic redirected to the link which is up ) . the problem is to monitor, whether the Internet is accessible through each of them. The problem can be everywhere.   If your VPN cannot connect – then there’s no problem, your default route with gateway=that-vpn-connection will be inactive.   If your ADSL modem is down – then check-gateway=ping is on stage, and no problem again.   But what if your modem is up, and telephone line is down? Or one of your ISP has a problem inside it, so traceroute shows only a few hops – and then stops…   Some people use NetWatch tool to monitor remote locations. Others use scripts to periodically ping remote hosts. And then disable routes or in some other way change the behaviour of routing.   But RouterOS facilities allow us to use only /ip routes to do such checking – no scripting and netwatch at al








Read more










Configure Static IP Address (CLI) on Ubuntu 18.04.5 LTS





















 goto: sudo nano /etc/netplan/01-netcfg.yaml Sample Config: # This file describes the network interfaces available on your system # For more information, see netplan(5). network:   version: 2   renderer: networkd   ethernets:         ens160:             dhcp4: no             addresses: ['192.168.1.26/24']             gateway4: 192.168.1.1             nameservers:                 addresses: [8.8.8.8, 8.8.4.4]                 search: [hak786.blogspot.com] sudo netplan apply








Read more