Using PCC to load balance across multiple non bonded links.

This is my ongoing work at using multiple ADSL services and the Mikrotik PCC rules along with some inbound mangling to allow a single router to load balance traffic across as many non bonded links as required.

Updated: 7th Jan 2010 – notes: added static routing marks for inbound traffic as inbound should never fall over to backup routes, while outbound should go over whatever is available. Also cleaned up routing order so it’s easier to read.

Note that none of this config requires the use of IP addresses at all, as it simply uses the pppoe-client interfaces and your lan interface to mark traffic. In my example wan1-pppoe,wan2-pppoe,wan3-pppoe are used and lan

3-PCC-Mikrotik

/ip route
add check-gateway=arp comment="WAN 3  - Distance 1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan3-pppoe routing-mark=wan3
add check-gateway=arp comment="WAN 2  - Distance 1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan2-pppoe routing-mark=wan2
add check-gateway=arp comment="WAN 1  - Distance 1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan1-pppoe routing-mark=wan1
add check-gateway=arp comment="WAN 1  - Distance 2" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan2-pppoe routing-mark=wan1
add check-gateway=arp comment="WAN 2  - Distance 2" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan3-pppoe routing-mark=wan2
add check-gateway=arp comment="WAN 3  - Distance 2" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan1-pppoe routing-mark=wan3
add check-gateway=arp comment="WAN 1  - Distance 3" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=wan3-pppoe routing-mark=wan1
add check-gateway=arp comment="WAN 2  - Distance 3" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=wan1-pppoe routing-mark=wan2
add check-gateway=arp comment="WAN 3  - Distance 3" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=wan2-pppoe routing-mark=wan3
add check-gateway=arp comment="Default Route - Distance 1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan1-pppoe
add check-gateway=arp comment="Default Route - Distance 2" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=wan3-pppoe
add check-gateway=arp comment="Default Route - Distance 3" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan2-pppoe
add check-gateway=arp comment="Static Route - WAN1" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan1-pppoe routing-mark=static-wan1
add check-gateway=arp comment="Static Route - WAN2" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan2-pppoe routing-mark=static-wan2
add check-gateway=arp comment="Static Route - WAN3" disabled=no distance=3 dst-address=0.0.0.0/0 gateway=wan3-pppoe routing-mark=static-wan3

/ip firewall mangle
add action=mark-connection chain=input comment="Mark new inbound connection wan1" connection-state=new disabled=no in-interface=wan1-pppoe new-connection-mark=wan1 \
passthrough=yes
add action=mark-connection chain=input comment="Mark new inbound connection wan2" connection-state=new disabled=no in-interface=wan2-pppoe new-connection-mark=wan2 \
passthrough=yes
add action=mark-connection chain=input comment="Mark new inbound connection wan3" connection-state=new disabled=no in-interface=wan3-pppoe new-connection-mark=wan3 \
passthrough=yes
add action=mark-connection chain=prerouting comment="Mark established inbound connection wan1" connection-state=established disabled=no in-interface=wan1-pppoe \
new-connection-mark=wan1 passthrough=yes
add action=mark-connection chain=prerouting comment="Mark established inbound connection wan2" connection-state=established disabled=no in-interface=wan2-pppoe \
new-connection-mark=wan2 passthrough=yes
add action=mark-connection chain=prerouting comment="Mark established inbound connection wan3" connection-state=established disabled=no in-interface=wan3-pppoe \
new-connection-mark=wan3 passthrough=yes
add action=mark-connection chain=prerouting comment="Mark related inbound connection wan1" connection-state=related disabled=no in-interface=wan1-pppoe \
new-connection-mark=wan1 passthrough=yes
add action=mark-connection chain=prerouting comment="Mark related inbound connection wan2" connection-state=related disabled=no in-interface=wan2-pppoe \
new-connection-mark=wan2 passthrough=yes
add action=mark-connection chain=prerouting comment="Mark related inbound connection wan3" connection-state=related disabled=no in-interface=wan3-pppoe \
new-connection-mark=wan3 passthrough=yes
add action=mark-routing chain=output comment="Mark new inbound route wan1" connection-mark=wan1 disabled=no new-routing-mark=static-wan1 passthrough=no
add action=mark-routing chain=output comment="Mark new inbound route wan2" connection-mark=wan2 disabled=no new-routing-mark=static-wan2 passthrough=no
add action=mark-routing chain=output comment="Mark new inbound route wan3" connection-mark=wan3 disabled=no new-routing-mark=static-wan3 passthrough=no
add action=mark-connection chain=prerouting comment="Mark traffic that isn't local with PCC mark rand (3 possibilities) - option 1" connection-state=new disabled=no \
dst-address-type=!local in-interface=lan new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=both-addresses:3/0
add action=mark-connection chain=prerouting comment="Mark traffic that isn't local with PCC mark rand (3 possibilities) - option 2" connection-state=new disabled=no \
dst-address-type=!local in-interface=lan new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=both-addresses:3/1
add action=mark-connection chain=prerouting comment="Mark traffic that isn't local with PCC mark rand (3 possibilities) - option 3" connection-state=new disabled=no \
dst-address-type=!local in-interface=lan new-connection-mark=wan3_pcc_conn passthrough=yes per-connection-classifier=both-addresses:3/2
add action=mark-connection chain=prerouting comment="Mark established traffic that isn't local with PCC mark rand (3 possibilities) - option 1" connection-state=\
established disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=\
both-addresses:3/0
add action=mark-connection chain=prerouting comment="Mark established traffic that isn't local with PCC mark rand (3 possibilities) - option 2" connection-state=\
established disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=\
both-addresses:3/1
add action=mark-connection chain=prerouting comment="Mark established traffic that isn't local with PCC mark rand (3 possibilities) - option 3" connection-state=\
established disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan3_pcc_conn passthrough=yes per-connection-classifier=\
both-addresses:3/2
add action=mark-connection chain=prerouting comment="Mark related traffic that isn't local with PCC mark rand (3 possibilities) - option 1" connection-state=related \
disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=both-addresses:3/0
add action=mark-connection chain=prerouting comment="Mark related traffic that isn't local with PCC mark rand (3 possibilities) - option 2" connection-state=related \
disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=both-addresses:3/1
add action=mark-connection chain=prerouting comment="Mark related traffic that isn't local with PCC mark rand (3 possibilities) - option 3" connection-state=related \
disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan3_pcc_conn passthrough=yes per-connection-classifier=both-addresses:3/2
add action=mark-routing chain=prerouting comment="Mark routing for  PCC mark - option 1" connection-mark=wan1_pcc_conn disabled=no new-routing-mark=wan1 passthrough=\
yes
add action=mark-routing chain=prerouting comment="Mark routing for  PCC mark - option 2" connection-mark=wan2_pcc_conn disabled=no new-routing-mark=wan2 passthrough=\
yes
add action=mark-routing chain=prerouting comment="Mark routing for  PCC mark - option 3" connection-mark=wan3_pcc_conn disabled=no new-routing-mark=wan3 passthrough=\
yes

92 thoughts on “Using PCC to load balance across multiple non bonded links.

  1. hello admin
    is pcc work with pppoe server if ur answer is yes then plz make config for me for 2x wan.
    here is my ip address detail
    isp 1
    ip address=192.168.1.2/24
    gateway=192.168.1.1
    isp 2
    ip address=192.168.2.2/24
    gateway=192.168.2.1
    Local addres(mikrotik)
    10.10.0.1/24
    thanks in advace
    Note=i want to configure pppoe server in mikrotik for pppoe cients.
    i hope u understand

  2. Sorry if I’m wrong, but is this part of your script wrong?

    add check-gateway=arp comment=”Default Route – Distance 1″ disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan1-pppoe
    add check-gateway=arp comment=”Default Route – Distance 2″ disabled=no distance=3 dst-address=0.0.0.0/0 gateway=wan3-pppoe
    add check-gateway=arp comment=”Default Route – Distance 3″ disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan2-pppoe

    Should it not be:

    add check-gateway=arp comment=”Default Route – Distance 1″ disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan1-pppoe
    add check-gateway=arp comment=”Default Route – Distance 2″ disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan2-pppoe
    add check-gateway=arp comment=”Default Route – Distance 3″ disabled=no distance=3 dst-address=0.0.0.0/0 gateway=wan3-pppoe

    Regards,
    Matt.

  3. Hi Matt,

    Yeah should’ve been wan1,wan2,wan3 but in these rules the order doesn’t matter. It simply means that the default route will fall over to wan3 before it falls to wan2.
    This won’t stop it from continuing to work in the event wan1 goes offline.

    Thanks for pointing it out though, I’ll change it now :-)

  4. Hi Jerry,

    This setup will also work for DHCP and/or static options, you simply need to ensure for each routing table (wan1,wan2,wan3) that a polling method has been setup for each route and that the failover routes don’t rely on receiving the same DHCP details each time (hint: use the interface as the gateway rather than an IP on DHCP interfaces).

  5. How is SRCNAT configured for this scenario? Would there be a SRCNAT entry for each pppoe interface?

  6. If you have the “both-addresses” mode selected (as in my example) then connections from the same src to the same dst address will be kept on 1 link.
    This prevents causing issues for servers that expect multiple connections from the same source IP address (banks, game servers etc).

    If your multiple TCP connections are going to different dst addresses then they will be sent across different links (as decided by the PCC).

  7. thanks also, line 4 and line 14 seem to have the same logic, but different markings, could you please explain what your achieving by marking the same packet on two different lines?

  8. Line 4 ends up being used for marking outbound traffic tagged as wan1 by the PCC rules.
    Line 14 is used to ensure that traffic from an external source inbound (such as a winbox connection to the router) will always be passed out the same link it came in on (ensuring you have access to the router via any of the connected links and not just the default route).

  9. ok so mangle rules are to make sure packets go out same WAN they came in, mangle is not used to load balance. Routing rules are used to load balance per session. correct?

  10. Rules 14-16 and 19-39 are used for ensuring traffic goes out the same WAN interfaces it comes in.
    Rules 2-10 and 40-66 are used to achieve the load balancing + failover for load balancing if one of the links goes offline.
    Rules 11-13 are the default routes with failover for connections originating from the router (eg: proxy out or DNS lookups)

    Hope this clears things up :-)

  11. Hi There,

    thanks for that, the thing is as soon as i disable these rules 10,11,12, no outbound packets work , so packets being marked, arent actually trying to take the marked path, its like the packets are unmarked by the time they reach the routing table.

    add check-gateway=arp comment=”Default Route – Distance 1″ disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan1-pppoe
    add check-gateway=arp comment=”Default Route – Distance 2″ disabled=no distance=3 dst-address=0.0.0.0/0 gateway=wan3-pppoe
    add check-gateway=arp comment=”Default Route – Distance 3″ disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan2-pppoe

  12. Are you able to confirm that the “Distance 1″ copies of all other routes (specifically the wan1 dist1, wan2 dist1, wan3 dist1) are showing as active?

  13. all good, looks like the default route is used to initiate the outbound connection so it’s required, the rest of the routes are used once the packets is marked there onwards

  14. I found your load balance using PCC the best example. The comments has made it much easier to understand – thank you.

    I hope you can point me in the correct direction – I have been trying to find a way for the Mikrotik to send me an email if one of the links goes down. Basically if wan3-pppoe goes down and email is generated letting me know that specific interface is down.

  15. Easiest way to do something like that would be to write a script (to be run periodically via the scheduler) that checks each of your interfaces (or specific routes) to see if they’re up or down and then emails you.
    Alternatively monitor/poll each of the external IP addresses with the dude; or via a free service like http://uptimerobot.com/

  16. I have playing around with a few scripts but have not been successful – but uptimerobot.com looks like the perfect solution.

    Thank you very much.

  17. I have found one small problem which I have not been able to figure out..I created a port forwarding (port 80) rule in NAT to connect to a webserver for each of the In. Interfaces – the strange thing is when I try to connect to the webserver only wan3-pppoe works. If I try to connect via wan1-pppoe and wan2-pppoe no connection. Would I need some special mangle rules to fix this?

  18. can’t lines 19-35 just be sumarised because essentially your interested in just inbound traffic from the pppoe interfaces so no need to worry about the state

  19. Hi,

    This worked great with my 2 PPPoE connections setup. Even though it doesn’t merge connections but it really eases the load on one link by adding another.

    I set it up for a small organization of 15 Users and was trying to implement a squid with the setup that it redirects traffic to squid on the same LAN switch Users connected to, but no luck.

    Do you have any advice how I can make mikrotik redirects to squid then squid back to mikrotik with the load balancing not effected. I would like to to make squid in transparent mode.

    I would like also to hint that squid setup works when no load balancing is used and only with one PPPoE Con.

    Here is my network topology:

    PPPoE 2 Internet User1
    | 192.168.0.0/24 |
    Internet Wlan1- MT Router Load Balancing-Ether1 Switch ———- User 2
    | |
    PPPoE 1 Internet 192.168.0.5
    Squid in
    Transparent Mode *

    * I do load balancing on two connections with the same ISP over two 12 Mbits PPPoE connected by wlan1 and I only have 1 ethernet port on my SXT router so I have to put squid on ether1 too.

    ** With out transparent mode where I put proxy information in User’s browser works just fine but my goal is transparent mode because I am thinking on implementing the same setup with a larger organization where I don’t have to put proxy information.

    I tried these rules on router:

    /ip firewall nat
    add action=accept chain=srcnat disabled=no dst-port=80 protocol=tcp * even disabling or enabling this or the order of it had no luck

    /ip firewall mangle
    add action=mark-routing chain=prerouting disabled=no dst-port=80 new-routing-mark=http passthrough=yes protocol=tcp

    /ip route
    add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.0.5 routing-mark=http scope=30 target-scope=10

    Rules on the proxy server are:
    # DNAT port 80 request comming from LAN systems to squid 8080 transparent proxy.

    iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp –dport 80 -j DNAT –to 192.168.0.5:8080
    iptables -A INPUT -i eth0 -j ACCEPT
    iptables -A OUTPUT -o eth0 -j ACCEPT
    iptables -A INPUT -j LOG
    iptables -A INPUT -j DROP

    Squid.conf:
    #==============================
    #Transparent Mode
    #==============================
    http_port 8080 transparent
    acl mylocalnet src 0.0.0.0/0.0.0.0
    http_access allow mylocalnet

    Thank you so much,
    Tom

  20. I was trying to make your setup work with Squid in transparent mode with original source ip address on one NIC where squid is in the same subnet Users at. anyways, I eventually managed to make it work on my own.

    The solution was,
    Two NAT rules setup in this order
    /ip firewall nat
    add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out1
    add action=accept chain=srcnat connection-mark=adsl1_pcc_conn disabled=no \
    dst-port=80 protocol=tcp src-address=!192.168.0.5 to-addresses=\
    192.168.0.5 to-ports=8080
    add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out2
    add action=accept chain=srcnat connection-mark=adsl2_pcc_conn disabled=no \
    dst-port=80 protocol=tcp src-address=!192.168.0.5 to-addresses=\
    192.168.0.5 to-ports=8080

    and two mangle rules put next after all the load balancing rules

    add action=mark-routing chain=prerouting disabled=no dst-port=80 \
    new-routing-mark=http passthrough=yes protocol=tcp src-address=\
    !192.168.0.5
    add action=mark-routing chain=prerouting disabled=no dst-port=80 \
    new-routing-mark=http2 passthrough=yes protocol=tcp src-address=\
    !192.168.0.5

    and two routes like this:
    add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    192.168.0.5 routing-mark=http scope=30 target-scope=10
    add check-gateway=arp disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
    192.168.0.5 routing-mark=http2 scope=30 target-scope=10

    Note my squid IP is 192.168.0.5 and clients are also connected to DHCP 192.168.0.0/24 and I am using one NIC on squid box. Firewall mangles HTTP traffic and routes it to squid. squid setup in transparent mode with only one iptables rule:

    iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp –dport 80 -j DNAT –to 192.168.0.5:8080

    I am still facing one problem though, extreme delays in http request response. when I put client browser to point to squid IP 192.168.0.5 and port 8080, it works perfectly with no delays but when clients browser is not setup to point to squid. squid still works but there is delays in response. I don’t know what causing that delay. Could it be DNS or what. I am sure it is not related to overload, cache performance or too low mem since it is working perfectly when the client is pointed to it. So what do you think is the problem? It is been intriguing me for a while.

  21. The first 3 lines of this script on the IP Route are giving me an “invalid value for augment addr” Any ideas?

  22. Hi Tom, please make sure the prompt shows [admin@UMikroTik] /ip route> before where you’re pasting these.
    If not, it means you’ve left out the first line, namly “/ip route” which sets the command context.

  23. Its Lovely, Just awesome … I replaced PCC with Both-Addresses-and-Ports and now its combining the bandwidth as well.. What a charm… Just wasnt able to find anywhere on internet..

    Thumbs UP.

  24. I would like to make Loadbalance for 2 WAN (PPPoE).
    WAN1 – 10 Mbps
    WAN2 – 13 Mbps
    I found that some website suggest about adding some line for maintain unbalance ration

    Could you please verify the script below?
    /ip route

    add check-gateway=arp comment=”WAN 2 – Distance 1″ disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan2-pppoe routing-mark=wan2
    add check-gateway=arp comment=”WAN 1 – Distance 1″ disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan1-pppoe routing-mark=wan1
    add check-gateway=arp comment=”WAN 1 – Distance 2″ disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan2-pppoe routing-mark=wan1
    add check-gateway=arp comment=”WAN 2 – Distance 2″ disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan3-pppoe routing-mark=wan2
    add check-gateway=arp comment=”Default Route – Distance 1″ disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan1-pppoe
    add check-gateway=arp comment=”Default Route – Distance 2″ disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan2-pppoe
    add check-gateway=arp comment=”Static Route – WAN1″ disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan1-pppoe routing-mark=static-wan1
    add check-gateway=arp comment=”Static Route – WAN2″ disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan2-pppoe routing-mark=static-wan2

    /ip firewall mangle
    add action=mark-connection chain=input comment=”Mark new inbound connection wan1″ connection-state=new disabled=no in-interface=wan1-pppoe new-connection-mark=wan1 passthrough=yes
    add action=mark-connection chain=input comment=”Mark new inbound connection wan2″ connection-state=new disabled=no in-interface=wan2-pppoe new-connection-mark=wan2 passthrough=yes
    add action=mark-connection chain=prerouting comment=”Mark established inbound connection wan1″ connection-state=established disabled=no in-interface=wan1-pppoe new-connection-mark=wan1 passthrough=yes
    add action=mark-connection chain=prerouting comment=”Mark established inbound connection wan2″ connection-state=established disabled=no in-interface=wan2-pppoe new-connection-mark=wan2 passthrough=yes
    add action=mark-connection chain=prerouting comment=”Mark related inbound connection wan1″ connection-state=related disabled=no in-interface=wan1-pppoe new-connection-mark=wan1 passthrough=yes
    add action=mark-connection chain=prerouting comment=”Mark related inbound connection wan2″ connection-state=related disabled=no in-interface=wan2-pppoe new-connection-mark=wan2 passthrough=yes
    add action=mark-routing chain=output comment=”Mark new inbound route wan1″ connection-mark=wan1 disabled=no new-routing-mark=static-wan1 passthrough=no
    add action=mark-routing chain=output comment=”Mark new inbound route wan2″ connection-mark=wan2 disabled=no new-routing-mark=static-wan2 passthrough=no
    add action=mark-connection chain=prerouting comment=”Mark traffic that isn’t local with PCC mark rand (3 possibilities) – option 1″ connection-state=new disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/0
    add action=mark-connection chain=prerouting comment=”Mark traffic that isn’t local with PCC mark rand (3 possibilities) – option 2″ connection-state=new disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/1
    add action=mark-connection chain=prerouting comment=”Mark established traffic that isn’t local with PCC mark rand (3 possibilities) – option 1″ connection-state=established disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/0
    add action=mark-connection chain=prerouting comment=”Mark established traffic that isn’t local with PCC mark rand (3 possibilities) – option 2″ connection-state=established disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/1
    add action=mark-connection chain=prerouting comment=”Mark related traffic that isn’t local with PCC mark rand (3 possibilities) – option 1″ connection-state=related disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/0
    add action=mark-connection chain=prerouting comment=”Mark related traffic that isn’t local with PCC mark rand (3 possibilities) – option 2″ connection-state=related disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/1
    add action=mark-routing chain=prerouting comment=”Mark routing for PCC mark – option 1″ connection-mark=wan1_pcc_conn disabled=no new-routing-mark=wan1 passthrough=yes
    add action=mark-routing chain=prerouting comment=”Mark routing for PCC mark – option 2″ connection-mark=wan2_pcc_conn disabled=no new-routing-mark=wan2 passthrough=yes

  25. hi there i have a different configuration

    WAN1 = DHCP Client
    WAN2 = DHCP Client
    WAN3 = DHCP Client
    LAN = 10.10.10.1

    can you please tell me the configuration according to this for PCC load balancing

  26. Can the setup work for me. I have to ISP, one is USM(ppp-client USB dongle) and the other one is with a router to mikrotik thru ether1. My Lan is on port 3 (hotspot-193.168.30.1/24), ether2 (10.11.6.1/24) and wlan1(192.168.2.1/24). I want a situation where the ppp-client USB will be my primary ISP (WAN1) and My secondary ISP will be from (ether1). How will my settings or configuration be so that if primary isp is down, the secodnary will come up and if primary comes up, it switches over to it.

  27. Can the setup work for me. I have two ISPs. primary ISP IP 10.10.10.1 and secondary ip is 192.168.19 my lan is 172.16.0.1 How will my settings or configuration be so that if primary isp is down, the secodnary will come up and if primary comes up, it switches over to it.

  28. Nice work, bravo
    I’ m new in RouterOS and I realized that it is magical.

    I usedyour codewith an RB1100AHx2 and I used an RB750 as a PPPoE Server for testing. I used the ether1,2,3 as gateways to the RB750 and ports 4,5 as local LAN.
    The system works great.

    Omega-00 is it possible to write a few words, like a small documentation for us the newbies? A few words for each set of rules, would be greatly appreciated.

    And a last question:
    I would like to use the Hotspot manager on the Lan side. Do you think it is possible?

    Thanks again

  29. Hi Omega-00,
    Please confirm the script for 2 WANs

    It seems to be working but …. better be sure. thanks

    01 /ip route
    02 add check-gateway=arp comment=”WAN 1 – Distance 1″ disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan1-pppoe routing-mark=wan1
    03 add check-gateway=arp comment=”WAN 2 – Distance 1″ disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan2-pppoe routing-mark=wan2
    04
    05
    06 add check-gateway=arp comment=”WAN 1 – Distance 2″ disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan2-pppoe routing-mark=wan1
    07 add check-gateway=arp comment=”WAN 2 – Distance 2″ disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan1-pppoe routing-mark=wan2
    08
    09
    10 add check-gateway=arp comment=”Default Route – Distance 1″ disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan1-pppoe
    11 add check-gateway=arp comment=”Default Route – Distance 2″ disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan2-pppoe
    12
    13 add check-gateway=arp comment=”Static Route – WAN1″ disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wan1-pppoe routing-mark=static-wan1
    14 add check-gateway=arp comment=”Static Route – WAN2″ disabled=no distance=2 dst-address=0.0.0.0/0 gateway=wan2-pppoe routing-mark=static-wan2
    15
    16
    17 /ip firewall mangle
    18 add action=mark-connection chain=input comment=”Mark new inbound connection wan1″ connection-state=new disabled=no in-interface=wan1-pppoe new-connection-mark=wan1 \
    19 passthrough=yes
    20 add action=mark-connection chain=input comment=”Mark new inbound connection wan2″ connection-state=new disabled=no in-interface=wan2-pppoe new-connection-mark=wan2 \
    21 passthrough=yes
    22
    23 add action=mark-connection chain=prerouting comment=”Mark established inbound connection wan1″ connection-state=established disabled=no in-interface=wan1-pppoe \
    24 new-connection-mark=wan1 passthrough=yes
    25 add action=mark-connection chain=prerouting comment=”Mark established inbound connection wan2″ connection-state=established disabled=no in-interface=wan2-pppoe \
    26 new-connection-mark=wan2 passthrough=yes
    27
    28
    29 add action=mark-connection chain=prerouting comment=”Mark related inbound connection wan1″ connection-state=related disabled=no in-interface=wan1-pppoe \
    30 new-connection-mark=wan1 passthrough=yes
    31 add action=mark-connection chain=prerouting comment=”Mark related inbound connection wan2″ connection-state=related disabled=no in-interface=wan2-pppoe \
    32 new-connection-mark=wan2 passthrough=yes
    33
    34 add action=mark-routing chain=output comment=”Mark new inbound route wan1″ connection-mark=wan1 disabled=no new-routing-mark=static-wan1 passthrough=no
    35 add action=mark-routing chain=output comment=”Mark new inbound route wan2″ connection-mark=wan2 disabled=no new-routing-mark=static-wan2 passthrough=no
    36
    37
    38
    39 add action=mark-connection chain=prerouting comment=”Mark traffic that isn’t local with PCC mark rand (2 possibilities) – option 1″ connection-state=new disabled=no \
    40 dst-address-type=!local in-interface=lan new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/0
    41
    42 add action=mark-connection chain=prerouting comment=”Mark traffic that isn’t local with PCC mark rand (2 possibilities) – option 2″ connection-state=new disabled=no \
    43 dst-address-type=!local in-interface=lan new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/1
    44
    45 add action=mark-connection chain=prerouting comment=”Mark established traffic that isn’t local with PCC mark rand (2 possibilities) – option 1″ connection-state=\
    46 established disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=\
    47 both-addresses:2/0
    48 add action=mark-connection chain=prerouting comment=”Mark established traffic that isn’t local with PCC mark rand (2 possibilities) – option 2″ connection-state=\
    49 established disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=\
    50 both-addresses:2/1
    51
    52 add action=mark-connection chain=prerouting comment=”Mark related traffic that isn’t local with PCC mark rand (2 possibilities) – option 1″ connection-state=related \
    53 disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/0
    54 add action=mark-connection chain=prerouting comment=”Mark related traffic that isn’t local with PCC mark rand (2 possibilities) – option 2″ connection-state=related \
    55 disabled=no dst-address-type=!local in-interface=lan new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/1
    56
    57 add action=mark-routing chain=prerouting comment=”Mark routing for PCC mark – option 1″ connection-mark=wan1_pcc_conn disabled=no new-routing-mark=wan1 passthrough=\
    58 yes
    59 add action=mark-routing chain=prerouting comment=”Mark routing for PCC mark – option 2″ connection-mark=wan2_pcc_conn disabled=no new-routing-mark=wan2 passthrough=\
    60 yes

  30. Hi Andreas,

    I tried to leave most of my comments in for rules so the explanation tells what they are doing but to fully understand how PCC works it is best to start off by reading the MikroTik wiki article then coming here and implementing the example code. This will mean you should also have a basic idea of why traffic will go out each of the links and how to increase it to cover more links or to preference more traffic out one specific link over others.

    http://wiki.mikrotik.com/wiki/Manual:PCC is the main article but there is another good one here too: http://gregsowell.com/?p=2395

  31. hi i have rb2011 mikrotik and using pptp client 9WAN but my all pptp traffic go from one Ethernet i want fix my 1st pptp traffic goo from Ethernet1 2nd pptp go from eth2 with this i want load balance

  32. Hi can someone help in my script. I will post it below. Thanks. I am using RB1100AH

    DSL MODEM IP’s

    DSL MODEM 1 = 192.168.3.1
    DSL MODEM 2 = 192.168.4.1
    DSL MODEM 3 = 192.168.52.1
    DSL MODEM 4 = 192.168.60.1
    DSL MODEM 5 = 10.10.1.1
    DSL MODEM 6 = 10.10.2.1
    DSL MODEM 7 = 10.10.3.1
    DSL MODEM 8 = 10.10.4.1
    DSL MODEM 9 = 10.10.5.1
    DSL MODEM 10 = 10.10.6.1
    DSL MODEM 11 = 10.10.7.1

    /ip address
    add address=10.10.100.1/24 network=10.10.100.0 broadcast=10.10.100.255 interface=ether13
    add address=172.16.100.1/24 network=172.16.100.0 broadcast=172.16.100.255 interface=ether12
    add address=192.168.3.2/24 network=192.168.3.0 broadcast=192.168.3.255 interface=ether1
    add address=192.168.4.2/24 network=192.168.4.0 broadcast=192.168.4.255 interface=ether2
    add address=192.168.52.2/24 network=192.168.52.0 broadcast=192.168.52.255 interface=ether3
    add address=192.168.60.2/24 network=192.168.60.0 broadcast=192.168.60.255 interface=ether4
    add address=10.10.1.2/24 network=10.10.1.0 broadcast=10.10.1.255 interface=ether5
    add address=10.10.2.2/24 network=10.10.2.0 broadcast=10.10.2.255 interface=ether6
    add address=10.10.3.2/24 network=10.10.3.0 broadcast=10.10.3.255 interface=ether7
    add address=10.10.4.2/24 network=10.10.4.0 broadcast=10.10.4.255 interface=ether8
    add address=10.10.5.2/24 network=10.10.5.0 broadcast=10.10.5.255 interface=ether9
    add address=10.10.6.2/24 network=10.10.6.0 broadcast=10.10.6.255 interface=ether10
    add address=10.10.7.2/24 network=10.10.7.0 broadcast=10.10.7.255 interface=ether11

    /ip dns
    set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=221.132.112.8,8.8.8.8,8.8.4.4

    /ip firewall mangle
    add chain=input in-interface=ether1 action=mark-connection new-connection-mark=ether1_conn
    add chain=input in-interface=ether2 action=mark-connection new-connection-mark=ether2_conn
    add chain=input in-interface=ether3 action=mark-connection new-connection-mark=ether3_conn
    add chain=input in-interface=ether4 action=mark-connection new-connection-mark=ether4_conn
    add chain=input in-interface=ether5 action=mark-connection new-connection-mark=ether5_conn
    add chain=input in-interface=ether6 action=mark-connection new-connection-mark=ether6_conn
    add chain=input in-interface=ether7 action=mark-connection new-connection-mark=ether7_conn
    add chain=input in-interface=ether8 action=mark-connection new-connection-mark=ether8_conn
    add chain=input in-interface=ether9 action=mark-connection new-connection-mark=ether9_conn
    add chain=input in-interface=ether10 action=mark-connection new-connection-mark=ether10_conn
    add chain=input in-interface=ether11 action=mark-connection new-connection-mark=ether11_conn

    add chain=output connection-mark=ether1_conn action=mark-routing new-routing-mark=to_ether1
    add chain=output connection-mark=ether2_conn action=mark-routing new-routing-mark=to_ether2
    add chain=output connection-mark=ether3_conn action=mark-routing new-routing-mark=to_ether3
    add chain=output connection-mark=ether4_conn action=mark-routing new-routing-mark=to_ether4
    add chain=output connection-mark=ether5_conn action=mark-routing new-routing-mark=to_ether5
    add chain=output connection-mark=ether6_conn action=mark-routing new-routing-mark=to_ether6
    add chain=output connection-mark=ether7_conn action=mark-routing new-routing-mark=to_ether7
    add chain=output connection-mark=ether8_conn action=mark-routing new-routing-mark=to_ether8
    add chain=output connection-mark=ether9_conn action=mark-routing new-routing-mark=to_ether9
    add chain=output connection-mark=ether10_conn action=mark-routing new-routing-mark=to_ether10
    add chain=output connection-mark=ether11_conn action=mark-routing new-routing-mark=to_ether11

    add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=ether13
    add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=ether12
    add chain=prerouting dst-address=192.168.4.0/24 action=accept in-interface=ether13
    add chain=prerouting dst-address=192.168.4.0/24 action=accept in-interface=ether12
    add chain=prerouting dst-address=192.168.52.0/24 action=accept in-interface=ether13
    add chain=prerouting dst-address=192.168.52.0/24 action=accept in-interface=ether12
    add chain=prerouting dst-address=192.168.60.0/24 action=accept in-interface=ether13
    add chain=prerouting dst-address=192.168.60.0/24 action=accept in-interface=ether12
    add chain=prerouting dst-address=10.10.1.0/24 action=accept in-interface=ether13
    add chain=prerouting dst-address=10.10.1.0/24 action=accept in-interface=ether12
    add chain=prerouting dst-address=10.10.2.0/24 action=accept in-interface=ether13
    add chain=prerouting dst-address=10.10.2.0/24 action=accept in-interface=ether12
    add chain=prerouting dst-address=10.10.3.0/24 action=accept in-interface=ether13
    add chain=prerouting dst-address=10.10.3.0/24 action=accept in-interface=ether12
    add chain=prerouting dst-address=10.10.4.0/24 action=accept in-interface=ether13
    add chain=prerouting dst-address=10.10.4.0/24 action=accept in-interface=ether12
    add chain=prerouting dst-address=10.10.5.0/24 action=accept in-interface=ether13
    add chain=prerouting dst-address=10.10.5.0/24 action=accept in-interface=ether12
    add chain=prerouting dst-address=10.10.6.0/24 action=accept in-interface=ether13
    add chain=prerouting dst-address=10.10.6.0/24 action=accept in-interface=ether12
    add chain=prerouting dst-address=10.10.7.0/24 action=accept in-interface=ether13
    add chain=prerouting dst-address=10.10.7.0/24 action=accept in-interface=ether12

    add chain=prerouting dst-address-type=!local in-interface=ether13 per-connection-classifier=both-addresses-and-ports:11/0 action=mark-connection new-connection-mark=ether1_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=ether12 per-connection-classifier=both-addresses-and-ports:11/0 action=mark-connection new-connection-mark=ether1_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=ether13 per-connection-classifier=both-addresses-and-ports:11/1 action=mark-connection new-connection-mark=ether2_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=ether12 per-connection-classifier=both-addresses-and-ports:11/1 action=mark-connection new-connection-mark=ether2_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=ether13 per-connection-classifier=both-addresses-and-ports:11/2 action=mark-connection new-connection-mark=ether3_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=ether12 per-connection-classifier=both-addresses-and-ports:11/2 action=mark-connection new-connection-mark=ether3_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=ether13 per-connection-classifier=both-addresses-and-ports:11/3 action=mark-connection new-connection-mark=ether4_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=ether12 per-connection-classifier=both-addresses-and-ports:11/3 action=mark-connection new-connection-mark=ether4_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=ether13 per-connection-classifier=both-addresses-and-ports:11/4 action=mark-connection new-connection-mark=ether5_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=ether12 per-connection-classifier=both-addresses-and-ports:11/4 action=mark-connection new-connection-mark=ether5_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=ether13 per-connection-classifier=both-addresses-and-ports:11/5 action=mark-connection new-connection-mark=ether6_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=ether12 per-connection-classifier=both-addresses-and-ports:11/5 action=mark-connection new-connection-mark=ether6_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=ether13 per-connection-classifier=both-addresses-and-ports:11/6 action=mark-connection new-connection-mark=ether7_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=ether12 per-connection-classifier=both-addresses-and-ports:11/6 action=mark-connection new-connection-mark=ether7_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=ether13 per-connection-classifier=both-addresses-and-ports:11/7 action=mark-connection new-connection-mark=ether8_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=ether12 per-connection-classifier=both-addresses-and-ports:11/7 action=mark-connection new-connection-mark=ether8_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=ether13 per-connection-classifier=both-addresses-and-ports:11/8 action=mark-connection new-connection-mark=ether9_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=ether12 per-connection-classifier=both-addresses-and-ports:11/8 action=mark-connection new-connection-mark=ether9_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=ether13 per-connection-classifier=both-addresses-and-ports:11/9 action=mark-connection new-connection-mark=ether10_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=ether12 per-connection-classifier=both-addresses-and-ports:11/9 action=mark-connection new-connection-mark=ether10_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=ether13 per-connection-classifier=both-addresses-and-ports:11/10 action=mark-connection new-connection-mark=ether11_conn passthrough=yes
    add chain=prerouting dst-address-type=!local in-interface=ether12 per-connection-classifier=both-addresses-and-ports:11/10 action=mark-connection new-connection-mark=ether11_conn passthrough=yes

    add chain=prerouting connection-mark=ether1_conn in-interface=ether13 action=mark-routing new-routing-mark=to_ether1
    add chain=prerouting connection-mark=ether1_conn in-interface=ether12 action=mark-routing new-routing-mark=to_ether1
    add chain=prerouting connection-mark=ether2_conn in-interface=ether13 action=mark-routing new-routing-mark=to_ether2
    add chain=prerouting connection-mark=ether2_conn in-interface=ether12 action=mark-routing new-routing-mark=to_ether2
    add chain=prerouting connection-mark=ether3_conn in-interface=ether13 action=mark-routing new-routing-mark=to_ether3
    add chain=prerouting connection-mark=ether3_conn in-interface=ether12 action=mark-routing new-routing-mark=to_ether3
    add chain=prerouting connection-mark=ether4_conn in-interface=ether13 action=mark-routing new-routing-mark=to_ether4
    add chain=prerouting connection-mark=ether4_conn in-interface=ether12 action=mark-routing new-routing-mark=to_ether4
    add chain=prerouting connection-mark=ether5_conn in-interface=ether13 action=mark-routing new-routing-mark=to_ether5
    add chain=prerouting connection-mark=ether5_conn in-interface=ether12 action=mark-routing new-routing-mark=to_ether5
    add chain=prerouting connection-mark=ether6_conn in-interface=ether13 action=mark-routing new-routing-mark=to_ether6
    add chain=prerouting connection-mark=ether6_conn in-interface=ether12 action=mark-routing new-routing-mark=to_ether6
    add chain=prerouting connection-mark=ether7_conn in-interface=ether13 action=mark-routing new-routing-mark=to_ether7
    add chain=prerouting connection-mark=ether7_conn in-interface=ether12 action=mark-routing new-routing-mark=to_ether7
    add chain=prerouting connection-mark=ether8_conn in-interface=ether13 action=mark-routing new-routing-mark=to_ether8
    add chain=prerouting connection-mark=ether8_conn in-interface=ether12 action=mark-routing new-routing-mark=to_ether8
    add chain=prerouting connection-mark=ether9_conn in-interface=ether13 action=mark-routing new-routing-mark=to_ether9
    add chain=prerouting connection-mark=ether9_conn in-interface=ether12 action=mark-routing new-routing-mark=to_ether9
    add chain=prerouting connection-mark=ether10_conn in-interface=ether13 action=mark-routing new-routing-mark=to_ether10
    add chain=prerouting connection-mark=ether10_conn in-interface=ether12 action=mark-routing new-routing-mark=to_ether10
    add chain=prerouting connection-mark=ether11_conn in-interface=ether13 action=mark-routing new-routing-mark=to_ether11
    add chain=prerouting connection-mark=ether11_conn in-interface=ether12 action=mark-routing new-routing-mark=to_ether11

    /ip route
    add dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_ether1 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=192.168.4.1 routing-mark=to_ether2 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=192.168.52.1 routing-mark=to_ether3 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=192.168.60.1 routing-mark=to_ether4 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.10.1.1 routing-mark=to_ether5 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.10.2.1 routing-mark=to_ether6 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.10.3.1 routing-mark=to_ether7 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.10.4.1 routing-mark=to_ether8 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.10.5.1 routing-mark=to_ether9 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.10.6.1 routing-mark=to_ether10 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.10.7.1 routing-mark=to_ether11 check-gateway=ping

    add dst-address=0.0.0.0/0 gateway=192.168.3.1 distance=1 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=192.168.4.1 distance=2 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=192.168.52.1 distance=3 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=192.168.60.1 distance=4 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.10.1.1 distance=5 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.10.2.1 distance=6 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.10.3.1 distance=7 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.10.4.1 distance=8 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.10.5.1 distance=9 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.10.6.1 distance=10 check-gateway=ping
    add dst-address=0.0.0.0/0 gateway=10.10.7.1 distance=11 check-gateway=ping

    /ip firewall nat
    add chain=srcnat out-interface=ether1 action=masquerade
    add chain=srcnat out-interface=ether2 action=masquerade
    add chain=srcnat out-interface=ether3 action=masquerade
    add chain=srcnat out-interface=ether4 action=masquerade
    add chain=srcnat out-interface=ether5 action=masquerade
    add chain=srcnat out-interface=ether6 action=masquerade
    add chain=srcnat out-interface=ether7 action=masquerade
    add chain=srcnat out-interface=ether8 action=masquerade
    add chain=srcnat out-interface=ether9 action=masquerade
    add chain=srcnat out-interface=ether10 action=masquerade
    add chain=srcnat out-interface=ether11 action=masquerade

Leave a Reply