Mikrotik 4 WAN Load Balancing using PCC with PPPoE Server / Complete Script !
9 Maret 2017
9 Maret 2017
Following is a complete script for Mikrotik to combine/load balance 4 DSL lines. This server is also acting as a PPPoE Server, therefore I have made some modifications in PCC Script.
For normal LB, read my article at https://aacable.wordpress.com/2011/06/04/mikrotik-4-wan-load-balance-pcc-complete-script-by-zaib/
In this example I used MikrotikT RB750 5 ports router. 4 ports were connected with four DSL Routers, and 5th port was connected with User LAN. Also don’t forget to rename the interface names accordingly. This script will also add pppoe server , one pppoe user, dhcp server, dns server and pcc.
In my personnel experience , If users request are directly hitting Mikrotik configured with PCC , then you will get good load balancing. Use src-address as classifier, this way you will get rid of problems like https/broken link, streaming issues etc. Load balancing using this PCC technique (src-address) will be effective and balanced approach when more and more connections (from clients) that occurred. I also recommend to use SQUID proxy server along with mikrotik , either parallel or in front or backend , for better response time and it will also increase good browsing experience to users.
If somehow you are not satisfied with the src-address approach,play with the PCC-Classifier, Try both addresses and ports as the classifier. While this will randomize things the most and in theory give you the most fair allocation of bandwidth, BUT there is also a good chance that it will break certain things like banking web sites and some forums. This is because often times a HTTP requests will generate several connections, so there is a chance that some requests may go out a different route than the initial one, and that will break secure web sites. For that reason I usually stick with src-address for PCC load balancing.
Regard’s
Syed Jahanzaib
x-x-x-x-x-x-x-x-x-x–x-x-x-x-x-x-x-x-x-x–x-x-x-x-x-x-x-x-x-x–x-x-x-x-x-x-
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
/ip address add address=172.16.0.1/16 broadcast=172.16.255.255 comment="" disabled=no interface=Local network=172.16.0.0 add address=192.168.1.2/24 broadcast=192.168.1.255 comment="" disabled=no interface=WAN1 network=192.168.1.0 add address=192.168.2.2/24 broadcast=192.168.2.255 comment="" disabled=no interface=WAN2 network=192.168.2.0 add address=192.168.3.2/24 broadcast=192.168.3.255 comment="" disabled=no interface=WAN3 network=192.168.3.0 add address=192.168.4.2/24 broadcast=192.168.4.255 comment="" disabled=no interface=WAN4 network=192.168.4.0/ip pool add name=dhcp_pool1 ranges=172.16.0.70-172.16.0.254 add name=pppoe-users-pool ranges=10.0.0.1-10.0.0.255/ip dhcp-server add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=static disabled=no interface=Local lease-time=12h name="My DHCP Server"/ip dhcp-server config set store-leases-disk=5m/ip dhcp-server network add address=172.16.0.0/16 comment="" dns-server=172.16.0.1,221.132.112.8/interface pppoe-server server add authentication=pap default-profile=default disabled=no interface=Local keepalive-timeout=10 max-mru=1480 max-mtu=1480 max-sessions=1 mrru=disabled one-session-per-host=yes service-name=aacable/ppp profile add change-tcp-mss=default dns-server=172.16.0.1 local-address=172.16.0.1 name=pppoe-profile only-one=default remote-address=pppoe-users-pool use-compression=default use-encryption=default use-vj-compression=default/ppp secret add caller-id=”" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=zaib password=1234 profile=pppoe-profile routes=”" service=pppoe/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=10000KiB max-udp-packet-size=512 servers=221.132.112.8,221.132.112.9/ip firewall mangle add action=mark-connection chain=input comment="" disabled=no in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes add action=mark-connection chain=input comment="" disabled=no in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes add action=mark-connection chain=input comment="" disabled=no in-interface=WAN3 new-connection-mark=WAN3_conn passthrough=yes add action=mark-connection chain=input comment="" disabled=no in-interface=WAN4 new-connection-mark=WAN4_conn passthrough=yesadd action=mark-routing chain=output comment="" connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes add action=mark-routing chain=output comment="" connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes add action=mark-routing chain=output comment="" connection-mark=WAN3_conn disabled=no new-routing-mark=to_WAN3 passthrough=yes add action=mark-routing chain=output comment="" connection-mark=WAN4_conn disabled=no new-routing-mark=to_WAN4 passthrough=yesadd action=accept chain=prerouting comment="" disabled=no dst-address=192.168.1.0/24 add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.2.0/24 add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.3.0/24 add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.4.0/24add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/0 src-address=10.0.0.1-10.0.0.255add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/1 src-address=10.0.0.1-10.0.0.255add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=WAN3_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/2 src-address=10.0.0.1-10.0.0.255add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=WAN4_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/3 src-address=10.0.0.1-10.0.0.255add action=mark-routing chain=prerouting comment="" connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes add action=mark-routing chain=prerouting comment="" connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes add action=mark-routing chain=prerouting comment="" connection-mark=WAN3_conn disabled=no new-routing-mark=to_WAN3 passthrough=yes add action=mark-routing chain=prerouting comment="" connection-mark=WAN4_conn disabled=no new-routing-mark=to_WAN4 passthrough=yes/ip firewall nat add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN1 src-address=10.0.0.1-10.0.0.255 add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN2 src-address=10.0.0.1-10.0.0.255 add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN3 src-address=10.0.0.1-10.0.0.255 add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN4 src-address=10.0.0.1-10.0.0.255/ip route add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 scope=30 target-scope=10add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 scope=30 target-scope=10add check-gateway=ping disabled=no distance=3 dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_WAN3 scope=30 target-scope=10add check-gateway=ping disabled=no distance=4 dst-address=0.0.0.0/0 gateway=192.168.4.1 routing-mark=to_WAN4 scope=30 target-scope=10add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=30 target-scope=10add check-gateway=ping comment="" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=30 target-scope=10add check-gateway=ping comment="" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=192.168.3.1 scope=30 target-scope=10add check-gateway=ping comment="" disabled=no distance=4 dst-address=0.0.0.0/0 gateway=192.168.4.1 scope=30 target-scope=10 |
All Done ! Now Test the link by putting user load, the more multiple users load you put on it, the better Load Balance result you will get 🙂
PCC WITH HOTSPOT
If you wanna run PCC with HOTSPOT on same Mikrotik Server, Put this rule in place to stop the hotspot from processing people after they have signed into the network.
|
1
|
/ip firewall nat add action=accept chain=pre-hotspot disabled=no dst-address-type=!local hotspot=auth |
PCC WITH UN-EQUAL WAN LINKS
If you have Un-Equal WAN Links, for example WAN,1,2,3 are of 4MB and WAN,4 is of 8 Mb, and you want to force MT to use WAN4 link more then other because of its capacity, Then you have to Add more PCC rules assigning the same two marks to a specific link i.e WAN4 , something like
Code:
|
1
2
3
4
5
|
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yesadd chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yesadd chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yesadd chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/3 action=mark-connection new-connection-mark=WAN4_conn passthrough=yesadd chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/4 action=mark-connection new-connection-mark=WAN4_conn passthrough=yes |
٩(●̮̮̃•̃)۶ ZaiB ٩(●̮̮̃•̃)۶
