SlideShare a Scribd company logo

mikrotik router two wan load-balancing.pdf

D
deukaion0611

The document discusses bandwidth-based load balancing with failover, outlining various load balancing types such as bonding, policy routing, and PCC. It provides detailed implementation considerations for setting up these systems, including configuration steps and the importance of marking connections for effective routing. The presentation emphasizes the need for automated and scalable solutions while ensuring reliable failover mechanisms remain in place.

Technology
1 of 48
Download to read offline
1
2
3
4
5
6
7
8
9
Most read
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
Bandwidth-based load-balancing with failover. The easy way. We need more bandwidth.
Presenter information Tomas Kirnak Network design Security, wireless Servers, Virtualization Mikrotik Certified Trainer Atris, Slovakia Established 1991 Complete IT solutions Networking, servers Virtualization IP security systems
Load-balancing, why? • Distributing workload to multiple network links to maximize throughput and minimize latency. • Using multiple network links, when properly configured, will also provide redundancy.
Load balancing types • Bonding • Policy routing • PCC • Bandwidth based
Load balancing types Bonding - 802.3ad LACP
Bonding + Easy to implement Automatic redundancy with fail-over - You need to control of both ends of the link
Load balancing types Policy routing
Policy routing + Easy to implement You have exact control of traffic - Not dynamic Scalability problems
Load balancing types PCC per connection classifier
PCC + Easy to configure Good scalability - Not aware of link state (bandwidth wise) Not so great with very un-similiar links (4:1)
Load balancing types For presentations on these load-balancing methods, please see www.tiktube.com – PL 2010 and PL 2012
Load balancing types Bandwidth based If interface ISP1 is over 10 mbit/s; use ISP2
Why use bandwidth-based LB + Easily scalable + Takes link status into consideration + You have control over the connections + You decide when the switch to second link happends (on 10mbit link, switch after 50% util.) - Comes with its own problems
Implementation considerations • There are multiple ways to do bandwidth based load balancing, neither is so easy. • MPLS TE • Mangle + bit of scripting <-- this presentation www.tiktube.com – PL 2010 and PL 2012
Underlying technologies
Connections and tracking them
What is a connection • We can define a connection as a packet flow with the same pair of source and destination IP addresses and ports. • In case of UDP, this is would be an UDP stream. • 192.168.2.10:49481 <-> 8.8.8.8:53
Mangle • Mangle is a facility in ROS which allows us to “mark” packets or connections, and later use that mark for our purposes. • Mangle marks do NOT leave the router.
Mangle – where to /ip firewall mangle
Routing tables • A routing table tells the router which next hop to forward packets to, depending on the packets destination IP. • 0.0.0.0/0 -> 77.21.34.12
Routing tables – part 2 • By default all packets are put into the “main” routing table • We can create our own routing tables, and force packets to use them.
Topology
Required steps • Create routing tables • Setup address-lists • Setup mangle • Configure Traffic Monitor
Basic configuration /interface ethernet set 0 name=LAN set 3 name=ISP_1 set 4 name=ISP_2 /ip address add address=192.168.22.1/24 interface=LAN add address=1.1.1.32/24 interface=ISP_1 add address=2.2.2.65/24 interface=ISP_2 /ip firewall nat add action=masquerade chain=srcnat out-interface=ISP_1 add action=masquerade chain=srcnat out-interface=ISP_2
Routing tables /ip route add gateway=1.1.1.1 distance=1 add gateway=2.2.2.1 distance=2 add gateway=1.1.1.1 routing-mark=ISP1_Route distance=1 add gateway=2.2.2.1 routing-mark=ISP2_Route distance=1
Routing tables - GUI
Traffic to connected networks • Connected networks are only in the “main” routing table • We need to make sure that traffic to these networks stays in the main routing table.
Connected networks – part 2 /ip firewall address-list add address=1.1.1.0/24 list=Connected add address=2.2.2.0/24 list=Connected add address=192.168.22.0/24 list=Connected add address=192.168.22.0/24 list=LAN /ip firewall mangle add chain=prerouting src-address-list=Connected dst-address-list=Connected action=accept
Topology – take 2 • In this topology, there are 4 possible traffic flows • WAN -> Router • Router -> WAN • WAN -> LAN • LAN -> WAN
Taking care of incoming connections • When a connection is initiated from the internet through one of the ISPs we need to ensure that this connections is replied through the same ISP (from the same public IP) • We need to mark these connections, and then put them in the proper routing table.
Router marking – WAN -> Router • Catch the connection from internet to the router, and mark them. /ip firewall mangle add chain=input connection-mark=no-mark in-interface=ISP_1 action=mark-connection new-connection-mark=WAN1->ROS add chain=input connection-mark=no-mark in-interface=ISP_2 action=mark-connection new-connection-mark=WAN2->ROS
Router marking – WAN -> Router • Then put these connections into the proper routing tables. add chain=output connection-mark=WAN1->ROS action=mark-routing new-routing-mark=ISP1_Route add chain=output connection-mark=WAN2->ROS action=mark-routing new-routing-mark=ISP2_Route
Taking care of the LAN • Same principle applies to the LAN. • Connections initiated from the internet through one ISP, should be replied to through the same ISP.
LAN marking /ip firewall mangle add chain=forward connection-mark=no-mark in-interface=ISP_1 action=mark-connection new-connection-mark=WAN1->LANs add chain=forward connection-mark=no-mark in-interface=ISP_2 action=mark-connection new-connection-mark=WAN2->LANs add chain=prerouting connection-mark=WAN1->LANs src-address-list=LAN action=mark-routing new-routing-mark=ISP1_Route add chain=prerouting connection-mark=WAN2->LANs src-address-list=LAN action=mark-routing new-routing-mark=ISP2_Route
Incoming connections - done • We have ensured that when a connection from the internet to our router, or services inside of our network is established, it works.
LAN – partially done • Connections from the internet to our LAN will now work through both ISPs • So what about connections outgoing from our LAN to the internet? • These we actually want to load-balance.
A sticky connection • A sticky connection is a connection, that once established through one interface, will always go out that exact interface. • This is required, because when we switch to a second link, we only need to switch new connections. • In PCC, this is done automatically. Using our approach however, this has to be done manually.
LAN -> WAN mangle /ip firewall mangle add chain=prerouting connection-mark=no-mark src-address-list=LAN dst-address- list=!Connected dst-address-type=!local action=mark-connection new-connection-mark=LAN->WAN add chain=prerouting connection-mark=LAN->WAN src-address-list=LAN action=mark-routing new-routing-mark=ISP1_Route comment="Load-Balancing here" • Configuring this, we can now manually influence which routing table will our connection from LAN to the internet take.
Sticky connections add chain=prerouting connection-mark=LAN->WAN routing-mark=ISP1_Route action=mark-connection new-connection-mark=Sticky_ISP1 add chain=prerouting connection-mark=LAN->WAN routing-mark=ISP2_Route action=mark-connection new-connection-mark=Sticky_ISP2 add chain=prerouting connection-mark=Sticky_ISP1 src-address-list=LAN action=mark-routing new-routing-mark=ISP1_Route add chain=prerouting connection-mark=Sticky_ISP2 src-address-list=LAN action=mark-routing new-routing-mark=ISP2_Route • This will assure that once a connection is routed through one ISP, it will stay there no matter what.
Mangle in GUI
What’s the final result? • We can load balancing manually • Connections go out ISP1, then we can switch the mangle rule to ISP2, but connections already using ISP1 will stay there.
Automating based on bandwidth
Switching back
Final result • Connections routed through ISP1, until its link is at 5mbit/s. • After this limit all new connections will go through ISP2 until the ISP1 link is under its limit. • Automated, bandwidth-based load balancing.
Easy Failover • If the gateway can’t be pinged, all routes using this gateway will become invalid.
A different approach • This approach will not work if the link failure happens after the gateway. • Recursive route lookup, netwatch etc. • http://wiki.mikrotik.com/wiki/Failover_Scripting
Thanks for listening Tomas Kirnak t.kirnak@atris.sk
Find me after the presentation for any questions.

More Related Content

PDF
Bonhomie
Bonhomie Bope
 
PPTX
IP routing in linux
gamer007
 
PDF
networking.pdf
fdsfds12
 
PDF
presentation_4086_1491889120 firewall.pdf
musaidris19
 
PPT
Presentation 4 for students of professordkinney.com
Arnold Derrick Kinney
 
PPTX
Mikrotik link redundancy solution
S M Tipu
 
PDF
Lec 3(Isp and Security)
maamir farooq
 
PDF
Ip firewall mangle
Marco Arias
 
Bonhomie
Bonhomie Bope
 
IP routing in linux
gamer007
 
networking.pdf
fdsfds12
 
presentation_4086_1491889120 firewall.pdf
musaidris19
 
Presentation 4 for students of professordkinney.com
Arnold Derrick Kinney
 
Mikrotik link redundancy solution
S M Tipu
 
Lec 3(Isp and Security)
maamir farooq
 
Ip firewall mangle
Marco Arias
 

Similar to mikrotik router two wan load-balancing.pdf (20)

PDF
Uccn1003 -may10_-_lect03a_-_lan_design_issues
Shu Shin
 
PDF
Mikrotik Load Balancing with PCC
GLC Networks
 
PDF
Linux network tools (Maarten Blomme)
Avansa Mid- en Zuidwest
 
PDF
Networking Fundamentals: Computer Network Basics
Andriy Berestovskyy
 
PPT
layer2-network-design.ppt
VimalMallick
 
PPT
Networking in college
Harpreet Gaba
 
PPTX
MTCNA Show.pptx
ahmedraed19
 
PPT
3 computer network - basic concepts
Ibrahim Mugis
 
PPT
computer network - basic concepts
Sithu PM
 
PPTX
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...
Tarun Khaneja
 
PPTX
Cloud interconnection networks basic .pptx
RahulBhole12
 
PPTX
Ducat
kirti pachauri
 
PPTX
NETWORK LAYER PRESENTATION IP ADDRESSING UNIT-3.pptx
troqia
 
PPT
Congection control and Internet working
TharuniDiddekunta
 
PPT
layer2-network-design.ppt
Patrick Theuri
 
PPTX
Networking lecture1
Vasanti Dutta
 
PDF
Mikrotik Traffic Control with HTB by Pennytone
risapalupi98
 
PPT
Network layer tanenbaum
Mahesh Kumar Chelimilla
 
PPT
Unit i packet switching networks
sangusajjan
 
PPT
2 computer network - basic concepts
Mayank Jain
 
Uccn1003 -may10_-_lect03a_-_lan_design_issues
Shu Shin
 
Mikrotik Load Balancing with PCC
GLC Networks
 
Linux network tools (Maarten Blomme)
Avansa Mid- en Zuidwest
 
Networking Fundamentals: Computer Network Basics
Andriy Berestovskyy
 
layer2-network-design.ppt
VimalMallick
 
Networking in college
Harpreet Gaba
 
MTCNA Show.pptx
ahmedraed19
 
3 computer network - basic concepts
Ibrahim Mugis
 
computer network - basic concepts
Sithu PM
 
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...
Tarun Khaneja
 
Cloud interconnection networks basic .pptx
RahulBhole12
 
Ducat
kirti pachauri
 
NETWORK LAYER PRESENTATION IP ADDRESSING UNIT-3.pptx
troqia
 
Congection control and Internet working
TharuniDiddekunta
 
layer2-network-design.ppt
Patrick Theuri
 
Networking lecture1
Vasanti Dutta
 
Mikrotik Traffic Control with HTB by Pennytone
risapalupi98
 
Network layer tanenbaum
Mahesh Kumar Chelimilla
 
Unit i packet switching networks
sangusajjan
 
2 computer network - basic concepts
Mayank Jain
 
Ad

Recently uploaded (20)

PDF
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PDF
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PPTX
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
PDF
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PPTX
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
PPTX
Modernising the Digital Integration Hub
Daniel Toomey
 
PDF
August Patch Tuesday
Ivanti
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PPTX
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PPT
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PPTX
Chapter 5: Probability Theory and Statistics
RandyFin
 
PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
Modernising the Digital Integration Hub
Daniel Toomey
 
August Patch Tuesday
Ivanti
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
Chapter 5: Probability Theory and Statistics
RandyFin
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 
Ad

mikrotik router two wan load-balancing.pdf

  • 1. Bandwidth-based load-balancing with failover. The easy way. We need more bandwidth.
  • 2. Presenter information Tomas Kirnak Network design Security, wireless Servers, Virtualization Mikrotik Certified Trainer Atris, Slovakia Established 1991 Complete IT solutions Networking, servers Virtualization IP security systems
  • 3. Load-balancing, why? • Distributing workload to multiple network links to maximize throughput and minimize latency. • Using multiple network links, when properly configured, will also provide redundancy.
  • 4. Load balancing types • Bonding • Policy routing • PCC • Bandwidth based
  • 6. Bonding + Easy to implement Automatic redundancy with fail-over - You need to control of both ends of the link
  • 8. Policy routing + Easy to implement You have exact control of traffic - Not dynamic Scalability problems
  • 9. Load balancing types PCC per connection classifier
  • 10. PCC + Easy to configure Good scalability - Not aware of link state (bandwidth wise) Not so great with very un-similiar links (4:1)
  • 11. Load balancing types For presentations on these load-balancing methods, please see www.tiktube.com – PL 2010 and PL 2012
  • 12. Load balancing types Bandwidth based If interface ISP1 is over 10 mbit/s; use ISP2
  • 13. Why use bandwidth-based LB + Easily scalable + Takes link status into consideration + You have control over the connections + You decide when the switch to second link happends (on 10mbit link, switch after 50% util.) - Comes with its own problems
  • 14. Implementation considerations • There are multiple ways to do bandwidth based load balancing, neither is so easy. • MPLS TE • Mangle + bit of scripting <-- this presentation www.tiktube.com – PL 2010 and PL 2012
  • 17. What is a connection • We can define a connection as a packet flow with the same pair of source and destination IP addresses and ports. • In case of UDP, this is would be an UDP stream. • 192.168.2.10:49481 <-> 8.8.8.8:53
  • 18. Mangle • Mangle is a facility in ROS which allows us to “mark” packets or connections, and later use that mark for our purposes. • Mangle marks do NOT leave the router.
  • 19. Mangle – where to /ip firewall mangle
  • 20. Routing tables • A routing table tells the router which next hop to forward packets to, depending on the packets destination IP. • 0.0.0.0/0 -> 77.21.34.12
  • 21. Routing tables – part 2 • By default all packets are put into the “main” routing table • We can create our own routing tables, and force packets to use them.
  • 23. Required steps • Create routing tables • Setup address-lists • Setup mangle • Configure Traffic Monitor
  • 24. Basic configuration /interface ethernet set 0 name=LAN set 3 name=ISP_1 set 4 name=ISP_2 /ip address add address=192.168.22.1/24 interface=LAN add address=1.1.1.32/24 interface=ISP_1 add address=2.2.2.65/24 interface=ISP_2 /ip firewall nat add action=masquerade chain=srcnat out-interface=ISP_1 add action=masquerade chain=srcnat out-interface=ISP_2
  • 25. Routing tables /ip route add gateway=1.1.1.1 distance=1 add gateway=2.2.2.1 distance=2 add gateway=1.1.1.1 routing-mark=ISP1_Route distance=1 add gateway=2.2.2.1 routing-mark=ISP2_Route distance=1
  • 27. Traffic to connected networks • Connected networks are only in the “main” routing table • We need to make sure that traffic to these networks stays in the main routing table.
  • 28. Connected networks – part 2 /ip firewall address-list add address=1.1.1.0/24 list=Connected add address=2.2.2.0/24 list=Connected add address=192.168.22.0/24 list=Connected add address=192.168.22.0/24 list=LAN /ip firewall mangle add chain=prerouting src-address-list=Connected dst-address-list=Connected action=accept
  • 29. Topology – take 2 • In this topology, there are 4 possible traffic flows • WAN -> Router • Router -> WAN • WAN -> LAN • LAN -> WAN
  • 30. Taking care of incoming connections • When a connection is initiated from the internet through one of the ISPs we need to ensure that this connections is replied through the same ISP (from the same public IP) • We need to mark these connections, and then put them in the proper routing table.
  • 31. Router marking – WAN -> Router • Catch the connection from internet to the router, and mark them. /ip firewall mangle add chain=input connection-mark=no-mark in-interface=ISP_1 action=mark-connection new-connection-mark=WAN1->ROS add chain=input connection-mark=no-mark in-interface=ISP_2 action=mark-connection new-connection-mark=WAN2->ROS
  • 32. Router marking – WAN -> Router • Then put these connections into the proper routing tables. add chain=output connection-mark=WAN1->ROS action=mark-routing new-routing-mark=ISP1_Route add chain=output connection-mark=WAN2->ROS action=mark-routing new-routing-mark=ISP2_Route
  • 33. Taking care of the LAN • Same principle applies to the LAN. • Connections initiated from the internet through one ISP, should be replied to through the same ISP.
  • 34. LAN marking /ip firewall mangle add chain=forward connection-mark=no-mark in-interface=ISP_1 action=mark-connection new-connection-mark=WAN1->LANs add chain=forward connection-mark=no-mark in-interface=ISP_2 action=mark-connection new-connection-mark=WAN2->LANs add chain=prerouting connection-mark=WAN1->LANs src-address-list=LAN action=mark-routing new-routing-mark=ISP1_Route add chain=prerouting connection-mark=WAN2->LANs src-address-list=LAN action=mark-routing new-routing-mark=ISP2_Route
  • 35. Incoming connections - done • We have ensured that when a connection from the internet to our router, or services inside of our network is established, it works.
  • 36. LAN – partially done • Connections from the internet to our LAN will now work through both ISPs • So what about connections outgoing from our LAN to the internet? • These we actually want to load-balance.
  • 37. A sticky connection • A sticky connection is a connection, that once established through one interface, will always go out that exact interface. • This is required, because when we switch to a second link, we only need to switch new connections. • In PCC, this is done automatically. Using our approach however, this has to be done manually.
  • 38. LAN -> WAN mangle /ip firewall mangle add chain=prerouting connection-mark=no-mark src-address-list=LAN dst-address- list=!Connected dst-address-type=!local action=mark-connection new-connection-mark=LAN->WAN add chain=prerouting connection-mark=LAN->WAN src-address-list=LAN action=mark-routing new-routing-mark=ISP1_Route comment="Load-Balancing here" • Configuring this, we can now manually influence which routing table will our connection from LAN to the internet take.
  • 39. Sticky connections add chain=prerouting connection-mark=LAN->WAN routing-mark=ISP1_Route action=mark-connection new-connection-mark=Sticky_ISP1 add chain=prerouting connection-mark=LAN->WAN routing-mark=ISP2_Route action=mark-connection new-connection-mark=Sticky_ISP2 add chain=prerouting connection-mark=Sticky_ISP1 src-address-list=LAN action=mark-routing new-routing-mark=ISP1_Route add chain=prerouting connection-mark=Sticky_ISP2 src-address-list=LAN action=mark-routing new-routing-mark=ISP2_Route • This will assure that once a connection is routed through one ISP, it will stay there no matter what.
  • 41. What’s the final result? • We can load balancing manually • Connections go out ISP1, then we can switch the mangle rule to ISP2, but connections already using ISP1 will stay there.
  • 42. Automating based on bandwidth
  • 44. Final result • Connections routed through ISP1, until its link is at 5mbit/s. • After this limit all new connections will go through ISP2 until the ISP1 link is under its limit. • Automated, bandwidth-based load balancing.
  • 45. Easy Failover • If the gateway can’t be pinged, all routes using this gateway will become invalid.
  • 46. A different approach • This approach will not work if the link failure happens after the gateway. • Recursive route lookup, netwatch etc. • http://wiki.mikrotik.com/wiki/Failover_Scripting
  • 47. Thanks for listening Tomas Kirnak t.kirnak@atris.sk
  • 48. Find me after the presentation for any questions.