Load Balance using PCC method in mikrotik
load balancing is to share Internet access via two or more internet connections are balanced (balance), do not have to wait a full connection and then just move to the next connection.
During this time many of us who think wrong, that by using loadbalance two connection lines, the large bandwidth that we'll get double the bandwidth before using loadbalance (accumulation of both the bandwidth). This needs to be clear first, that loadbalance will not add much bandwidth we get, but only served to divide the traffic from both the bandwidth so they can be used in a balanced manner.
With this article, we will prove that the use of mathematical formulas loadbalancing does not like 512 + 256 = 768, but 512 + 256 = 512 + 256, or 512 + 256 = 256 + 256 + 256.
In this article we use RB433UAH with conditions as follows:
- Ether1 and ether2 connected to different ISPs with large bandwdith different. ISP1 and ISP2 at 512kbps at 256kbps.
- We will use an internal web-proxy and use OpenDNS.
- RouterOS you are using version 4.5 because the PCC has become a popular feature at the 3:24 version.
If the above condition is different from the network conditions at your house, then the configuration that we describe here will have to match you with the configuration for the network at your house.
If we have configure like this:
with command in the mikrotik:
/ip address
add address=192.168.101.2/30 interface=ether1
add address=192.168.102.2/30 interface=ether2
add address=10.10.10.1/24 interface=wlan2
/ip dns
set allow-remote-requests=yes primary-dns=208.67.222.222 secondary-dns=208.67.220.220
For client connections, we use a wireless connection at wlan2 by client IP range 10.10.10.2 s / d 10.10.10.254 netmask 255.255.255.0, which matched the IP 10.10.10.1 on wlan2 serves as a gateway and dns server from the client. If you use DNS from one of your isp, then there will be additional mangle shall we give sign of thickness
After pengkonfigurasian IP and DNS are correct, we must pair the default route to each of our ISP gateway IP for the router to forward all traffic that does not connect him to the gateway. Here we use feature check-gateway and gateway is useful if one of us dropped out, then the connection will be diverted to other gateways.
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.101.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.102.1 distance=2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.101.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.102.1 distance=2 check-gateway=ping
For Access Point settings so the PC can connect to the wireless client, we use the command
/interface wireless
set wlan2 mode=ap-bridge band=2.4ghz-b/g ssid=Mikrotik disabled=no
set wlan2 mode=ap-bridge band=2.4ghz-b/g ssid=Mikrotik disabled=no
In order for the client pc can connect to the internet, we also have to change the private IP to public IP client that is in our public interface that is ether1 and ether2.
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether2
router and pc clients are able to do an internet connection. Ping the router or pc both from the client to the Internet. If not successful, check your configuration again.
Internal Webproxy
In particular RouterBoard, like RB450G, RB433AH, RB433UAH, RB800 and RB1100 has an expansion slot (USB, MicroSD, CompactFlash) for additional storage. In the next example, we will use the usb flash is attached to a USB slot. For the first time installation, this additional storage will be read status invalid in the / system store. To be used as storage media cache, then the storage must be formatted in advance and activated Later we live webproxy activate and set the cache-on-disk = yes to use our storage media. Do not forget to redirect HTTP traffic (tcp port 80) into our webproxy.
/store disk format-drive usb1
/store
add disk=usb1 name=cache-usb type=web-proxy
activate cache-usb
/ip proxy
set cache-on-disk=yes enabled=yes max-cache-size=200000KiB port=8080
/ip firewall nat
add chain=dstnat protocol=tcp dst-port=80 in-interface=wlan2 action=redirect to-ports=8080
Setting Mangle
In loadbalancing this time we will use a feature called PCC (Per Connection Classifier). With the PCC we can categorize traffic or outgoing connection through a router entry into several groups. These groupings can be distinguished on the basis of src-address, dst-address, src or dst-port and-port. The router will remember the beginning of the path through which the traffic gateway connections, so that the subsequent packets that are still associated with the connection initially will be passed on the same gateway route. The advantages of this PCC is to answer many complaints often break the connection on the other loadbalancing techniques prior to the PCC because of the displacement gateway. Before making mangle loadbalance, to prevent routing loops in the traffic, then all client traffic to the networks that connect directly to the router, should we bypass the loadbalancing. We can make a list of IP that are still in a network router and install the first time following mangle
/ip firewall address-list
add address=192.168.101.0/30 list=lokal
add address=192.168.102.0/30 list=lokal
add address=10.10.10.0/24 list=lokal
/ip firewall mangle
add action=accept chain=prerouting dst-address-list=lokal in-interface=wlan2 comment=”trafik lokal”
add action=accept chain=output dst-address-list=lokal
In certain cases, the first traffic can come from the Internet, such as the use of remote Winbox or telnet from the internet and so, therefore we also need to mark the mark-connection traffic so that traffic can pass through it also the interface where the incoming traffic.
In certain cases, the first traffic can come from the Internet, such as the use of remote Winbox or telnet from the internet and so, therefore we also need to mark the mark-connection traffic so that traffic can pass through it also the interface where the incoming traffic.
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether1 new-connection-mark=con-from-isp1 passthrough=yes comment=”traffic from isp1”
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether2 new-connection-mark=con-from-isp2 passthrough=yes comment=”traffic from isp2”
Generally, an ISP (Internet Service Provider) will restrict access to DNS server of the IP which is only known for, so if you use the DNS from one ISP, you must add mangle for traffic control through the respective ISP gateway rather than through any other ISP gateway. Here we provide mangle DNS ISP1 through ISP1 gateway. If you are using a public DNS independent, such as OpenDNS, you do not need a mangle below.
Generally, an ISP (Internet Service Provider) will restrict access to DNS server of the IP which is only known for, so if you use the DNS from one ISP, you must add mangle for traffic control through the respective ISP gateway rather than through any other ISP gateway. Here we provide mangle DNS ISP1 through ISP1 gateway. If you are using a public DNS independent, such as OpenDNS, you do not need a mangle below.
/ip firewall mangle
add action=mark-connection chain=output comment=dns dst-address=202.65.112.21 dst-port=53 new-connection-mark=dns passthrough=yes protocol=tcp comment=”taffic DNS”
add action=mark-connection chain=output dst-address=202.65.112.21 dst-port=53 new-connection-mark=dns passthrough=yes protocol=udp
add action=mark-routing chain=output connection-mark=dns new-routing-mark=route-to-isp1 passthrough=no
