Mikrotik RouterOS Multi-WAN PPC howto

B

bds1904

Gawd
Joined
Aug 10, 2011
Messages
1,007
This guide assumes the following:

"ISP1" is your 1st wan connection name
"ISP2" is your 2nd wan connection name
"LAN" is your local network name

"ISP1" recieves the IP 111.111.111.1/24 on the network 111.111.111.0/24
"ISP2" recieves the IP 222.222.222.1/24 on the network 222.222.222.0/24

1. If your ISP assigned IP's via DHCP be sure to do the following (if they are assigned static move to step 2):

Log into the routeros webfig or winbox:
  • IP
  • DHCP Client
  • Click on your first WAN DHCP client
  • Change "add default gateway" to no
  • Repeat the same for your second WAN connection

2. Remove current routing rules
  • IP
  • Firewall
  • Nat
  • Remove the entry for "masquerade" to your current single ISP.

3. SSH into your router and run the following script:
Code: 
/ ip firewall mangle
add chain=prerouting dst-address=111.111.111.0/24  action=accept in-interface=LAN
add chain=prerouting dst-address=222.222.222.0/24  action=accept in-interface=LAN
add chain=prerouting in-interface=ISP1 connection-mark=no-mark action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting in-interface=ISP2 connection-mark=no-mark action=mark-connection new-connection-mark=ISP2_conn
add chain=prerouting  in-interface=LAN connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting  in-interface=LAN connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=ISP2_conn
add chain=prerouting connection-mark=ISP1_conn in-interface=LAN action=mark-routing new-routing-mark=to_ISP1
add chain=prerouting connection-mark=ISP2_conn in-interface=LAN action=mark-routing new-routing-mark=to_ISP2
add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=to_ISP1     
add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=to_ISP2

/ ip route
add dst-address=0.0.0.0/0 gateway=111.111.111.1 routing-mark=to_ISP1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=222.222.222.1 routing-mark=to_ISP2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=111.111.111.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=222.222.222.1 distance=2 check-gateway=ping

/ ip firewall nat 
add chain=srcnat out-interface=ISP1 action=masquerade
add chain=srcnat out-interface=ISP2 action=masquerade

This script assumes that you have 2 equal WAN connections(ex. two 7/1 DSL lines). If you have unbalanced connections you can modify the section of the script that defines how the traffic is balanced. That starts on line 6.

For example I have a 45/6 connection and a 30/6 connection and I have the following lines( Note that there are 5 lines and the first one starts at 5/0 and moves on from there):

Code: 
add chain=prerouting  in-interface=LAN connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:5/0 action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting  in-interface=LAN connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:5/1 action=mark-connection new-connection-mark=ISP2_conn
add chain=prerouting  in-interface=LAN connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:5/2 action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting  in-interface=LAN connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:5/3 action=mark-connection new-connection-mark=ISP2_conn
add chain=prerouting  in-interface=LAN connection-mark=no-mark dst-address-type=!local per-connection-classifier=both-addresses:5/4 action=mark-connection new-connection-mark=ISP1_conn

The PCC method automatically does failover. All around good way to load balance 2 connections. You can also balance more connections by configuring the script correctly.
 
Last edited:
I am using RB750 to merge 4 DSL lines, but seem its not divining load to all 4 DSL lines.

I am using the following script. Where is the mistake ? could you please correct or add if need ...

Thanks
skype richa.khanan



/interface set "ether1" name="ISP1"
/interface set "ether2" name="ISP2"
/interface set "ether3" name="ISP3"
/interface set "ether4" name="ISP4"
/interface set "ether5" name="LAN"

/ ip address
add address=192.168.20.1/24 network=192.168.20.0 broadcast=192.168.20.255 interface=LAN
add address=192.168.21.2/24 network=192.168.21.0 broadcast=192.168.21.255 interface=ISP1
add address=192.168.22.2/24 network=191.168.22.0 broadcast=192.168.22.255 interface=ISP2
add address=192.168.23.2/24 network=192.168.23.0 broadcast=192.168.23.255 interface=ISP3
add address=192.168.24.2/24 network=191.168.24.0 broadcast=192.168.24.255 interface=ISP4

/ ip firewall mangle
add chain=prerouting dst-address=192.168.21.2/24 action=accept in-interface=LAN
add chain=prerouting dst-address=192.168.22.2/24 action=accept in-interface=LAN
add chain=prerouting dst-address=192.168.23.2/24 action=accept in-interface=LAN
add chain=prerouting dst-address=192.168.24.2/24 action=accept in-interface=LAN

add chain=prerouting in-interface=ISP1 connection-mark=no-mark action=mark-connection \ new-connection-mark=ISP1_conn
add chain=prerouting in-interface=ISP2 connection-mark=no-mark action=mark-connection \ new-connection-mark=ISP2_conn
add chain=prerouting in-interface=ISP3 connection-mark=no-mark action=mark-connection \ new-connection-mark=ISP3_conn
add chain=prerouting in-interface=ISP4 connection-mark=no-mark action=mark-connection \ new-connection-mark=ISP4_conn

add chain=prerouting in-interface=LAN connection-mark=no-mark dst-address-type=!local \ per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting in-interface=LAN connection-mark=no-mark dst-address-type=!local \ per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=ISP2_conn
add chain=prerouting in-interface=LAN connection-mark=no-mark dst-address-type=!local \ per-connection-classifier=both-addresses:2/2 action=mark-connection new-connection-mark=ISP3_conn
add chain=prerouting in-interface=LAN connection-mark=no-mark dst-address-type=!local \ per-connection-classifier=both-addresses:2/3 action=mark-connection new-connection-mark=ISP4_conn

add chain=prerouting connection-mark=ISP1_conn in-interface=LAN action=mark-routing \ new-routing-mark=to_ISP1
add chain=prerouting connection-mark=ISP2_conn in-interface=LAN action=mark-routing \ new-routing-mark=to_ISP2
add chain=prerouting connection-mark=ISP3_conn in-interface=LAN action=mark-routing \ new-routing-mark=to_ISP3
add chain=prerouting connection-mark=ISP4_conn in-interface=LAN action=mark-routing \ new-routing-mark=to_ISP4

add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=to_ISP1
add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=to_ISP2
add chain=output connection-mark=ISP3_conn action=mark-routing new-routing-mark=to_ISP3
add chain=output connection-mark=ISP4_conn action=mark-routing new-routing-mark=to_ISP4

/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.21.1 routing-mark=to_ISP1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.22.1 routing-mark=to_ISP2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.23.1 routing-mark=to_ISP3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.24.1 routing-mark=to_ISP3 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=192.168.21.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.22.1 distance=2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.23.1 distance=3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.24.1 distance=4 check-gateway=ping

/ ip firewall nat
add chain=srcnat out-interface=ISP1 action=masquerade
add chain=srcnat out-interface=ISP2 action=masquerade
add chain=srcnat out-interface=ISP3 action=masquerade
add chain=srcnat out-interface=ISP3 action=masquerade
 
5th section should be 4/0 4/1 4/2 4/3.

You have 2/0 , etc

You will also run into trouble if a dsl link goes down. The routeros box wont know the link is down. Are you actually using a router behind a router? You want the routeros box to have public ips. Right now your script shows it to be checking a local address to see if a link fails.
 
bds1904 said:
5th section should be 4/0 4/1 4/2 4/3.

You have 2/0 , etc

You will also run into trouble if a dsl link goes down. The routeros box wont know the link is down. Are you actually using a router behind a router? You want the routeros box to have public ips. Right now your script shows it to be checking a local address to see if a link fails.
Click to expand...

hi, thanks for yout time helping people to solve problems, i follow your steps for dynamic ISP with no luck, i need balance 2 wan with dynamic isp adsl no PPPoE, i cant find a way i put the interface but no route to 0.0.0.0 but when i check default route on dhcp 0.0.0.0 get the gateway on address list, please can you help me? i want to smash the mikrotik driving me crazy, thanks in advance
 
You must log in or register to reply here.
Back
Top