Mikrotik DUAL WAN Load Balancing using PCC method ! by zaiB

Mikrotik  DUAL WAN Load Balancing using PCC method. Complete Script ! by zaiB

This post illustrates on how you can configure load balancing of multiple wan links using Mikrotik Routerboard hardware (or RouterOS x86 version).  In this example I have used Mikrotik Routerboard CCR 1036 model.  Don’t forget to rename the interface names accordingly if you are a copy paste fan

2 ports were connected with two difference DSL Routers,
and 3rd port was connected with User LAN.
Both DSL are of same speed , i.e 10Mb each.

DSL MODEM IP’S
DSL MODEM 1 = 192.168.1.1
DSL MODEM 2 = 192.168.2.1

In this example, we are using PCC (per connection classifier) method to achieve the load balancing. There are few options using this approach & each option may give you different results.

Example#1:  src-address
Use src-address as classifier, this way you will get rid of problems like https/broken link, streaming issues etc (dueot ip changing on each request) . Load balancing using this PCCtechnique (src-address) requires that users must be hitting the PCC box directly (either dhcp/ppp server etc). In this method user will be tagged with specific WAN link once connected with the mikrotik. This way till his online session he will stick to that particular wan link. A single user will not be ale to use all WAN links. This approach works good if you have a bit higher amount of bandwidth on each link.

Example#2: both-addresses-and-portsIf somehow you are not satisfied with the src-address approach (OR your requirements is to achieve maximum download speed using all WAN links simultaneously) , Then play with the PCC Classifier, Try both addresses and ports as the classifier (as used in this guide as well). While this will randomize things the most and in theory give you the most fair allocation of bandwidth (as any request will be distributed among all WAN links), BUT there is also a good chance that it will break certain things like banking web sites and some forums. This is because often times a HTTP requests will generate several connections, so there is a chance that some requests may go out a different route than the initial one, and that will break secure web sites. For that reason I usually like to go with src-address PCC load balancing approach (but only if users are hitting the pcc box)

~Syed Jahanzaib

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33

/ip address add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 interface=WAN1 add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN2 /ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=8.8.8.8 /ip firewall mangle add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1 add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2 add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1 add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2 /ip route add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 check-gateway=ping add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 check-gateway=ping add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping /ip firewall nat add chain=srcnat out-interface=WAN1 action=masquerade add chain=srcnat out-interface=WAN2 action=masquerade All Done ! Now Test the link by putting user load, the more multiple users load you put on it, the better Load Balance result you will get  If you have Un-Equal WAN Links, for example WAN,1 is of 4MB and WAN,2 is of 8 Mb, and you want to force MT to use WAN42link more then other because of its capacity, Then you have to Add more PCC rules assigning the same two marks to a specific link i.e WAN2 , something like Code: 1 2 3 add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/2 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes PCC WITH HOTSPOT (Reference) 1 /ip firewall nat add action=accept chain=pre-hotspot disabled=no dst-address-type=!local hotspot=auth Credits: https://aacable.wordpress.com/2011/07/27/mikrotik-dual-wan-load-balancing-using-pcc-method-complete-script-by-zaib/