Multiple uplinks using PCC, Load balancing

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
Hello everyone, my name is Martins and I am one of the guys from the MikroTik Technical Support Team. Today I am here to try to explain to you how to configure multiple internet connection scenarios on your RouterOS device and make sure that it will work even if not all of the internet connections are available at the time. First of all, let us go through the game plan. When I have to make a network or network configuration, I make a plan first and only then I make sure that I follow all the steps in the way. So what we will do in this video today? First of all, we will go through my test setup so we can understand what and why are we trying to configure. Then we will create a router configuration for multiple uplinks which will allow for the router to work properly when you try to access the router itself from the internet, access your local network from the internet and finally also distribute internet access from your LAN to the public network between your multiple uplinks. So let us start with my setup. In order to test this scenario I did choose to use four separate routers and my computer. We will be doing configuration only on one of the routers which in your case would be your network gateway. We will connect the computer to this router LAN network and in my scenario I will use three different devices which will be used as ISP routers for my gateway. I will use different types of ISP connections, static one, dynamic and VPN just to show you that load balancing configuration does not care what kind of internet connection or how many internet connections you have. It is possible to build it on any RouterOS installation. Before we put the configuration in a real environment we do need to test it in the lab first. So in my test case I have configured one dummy IP address on all of these three routers, which we will call as my.internet.test and which I will try to reach from my computer later on you will see that it is reachable through multiple uplinks and connections to it are distributed between ISPs automatically. In RouterOS and other networking devices there are several ways how to make a load balancing scenario type of setup. PCC, NTH, BONDING, ECMP and others. Today we will use the so called PCC or pair connection classifier method. Why? Because we do consider this as the most flexible configuration for the user and it is really easy to configure. Before we are moving to the setup itself there is one very very important thing that you have to understand. Do you remember old movies from the 90s where twins are born and separated? Each of them gets half of a medallion and later on after many years they do find each other and join their medallions. Well this is not how networking works. This method is called the pair connection classifier for a reason. It is not possible to break a network connection in half, send each half of the connection to the internet through different ISPs and hope that they will somehow meet again. We will distribute connections, not bandwidth or parts of connections between different ISPs. It will be as simple as that. Connection number 1 - uses ISP1 Connection number 2 - uses ISP2 Connection number 3 - uses ISP3 and connection number 4 uses ISP1 again and so on. The router does not know how much bandwidth each connection will consume. It will just lead them to the internet through different uplinks based on a simple counter. Ok, that is enough for the introduction. Let us move on to the RouterOS. I have already set up my ISP routers and all three client connections on my gateway since this video is not about that. Here I have three internet connections. Static one, dynamic one and VPN. My router is configured as a simple DHCP server for LAN network just for simulation purposes. As I mentioned before, we do test this setup in the lab first and we will use the domain my.internet.test in order to simulate internet access. So the first thing that we need to do is create routing tables in order to force a connection to use a specific path, a specific road in a separate routing table will be created. In order to do so, we need to create these routing tables first. I just add new tables under the routing menu and make sure that checkbox FIB is selected, which means that routes in these routing tables will be installed in the actual routing table used for traffic processing. After that, I have to add default routes for each ISP in their specific routing tables. I also specify the check gateway so the routers would check their status and become invalid if ISP is not reachable. Specifically for the load balancing scenario, this is all that is required to be added under the routing menu. However, I will also make a few adjustments in my already existing main routing table and specify the distance for my uplinks. Why you may ask? We will point connections towards specific routing tables later on by using a firewall. However, when ISP is down and there is no internet, for example on ISP 3, then the traffic still needs to be processed. Connection marked with ISP 3 will at that moment fall back to the main routing table and will use the main routing table priorities list. That is why I create prioritized default routes and specify different distance parameters on them. You can consider distance as a priority, lower distance, higher priority. Now we can forget about our routing table. That is all that we had to do here. The remaining part of the configuration now has to be done in firewall. We will use a firewall mangle section in which you can do a lot of stuff. But now we will only need to mark connections since we use a per connection classifier load balancing method. And then tell the router which connections must use which routing table. It's actually very very simple. We do separate incoming connections between each other based on the incoming interface. And we do that in the pre routing chain which is the first place where we can detect traffic on firewall. We cannot do that earlier. If the connection reaches the router through for example ISP 2, then we need to make sure that it is also replied through ISP 2. You can do this in many ways, but I will show you the configuration which I do consider the most effective. In our scenario we need to mark connections. So there is no need to recheck incoming ISP on each and every network packet. That is why I create a rule with parameter connection state new specified. My personal recommendation, I specify the connection mark as no mark. Since later on you will add new mangle rules before the configuration that we are making now. And since mangle marking rules works as pass through rules by default, this rule would override the exception that you made earlier. But if you specify connection mark as no mark, then you are safe. At this point I try to reach my router from ISP 2 and ISP 3. It does not work. Because the connection reaches the router through ISP 2 and ISP 3, but replies to it through ISP 1 due to the main routing table. Now I will force the router to reply to connections with ISP 2 and ISP 3 mark through correct routing table. Here all I need to do is create three mangle rules, one for each ISP, in the output chain. Output is responsible for packets leaving the router itself. Not the LAN, but the router. I just specify that all connections in the output chain that how connection mark ISP 1 will use routing table ISP 1, ISP 2 will use routing table ISP 2 and ISP 3 will use ISP 3 routing table. And that is it. Access to your router is now working properly as you can see on my screen. However, sometimes you might see that you did just add a marking type of configuration, but it is not working yet. Yes, that might happen, because we are now marking new connections. It will not apply to connections that were already active. So just to be sure that we do use a new set of mangle rules, I will clear the connection tracking table. Now all connections will be new. Remember this when debugging your load balancing setups. Usually this is forgotten. Now let us work on connections from LAN to the internet. This is a part of the configuration where this video gets its name. We will force the router to make a routing decision based on a counter called per connection classifier. Now we will mark connections similarly as we did with incoming traffic from the internet. But now we will mark new connections from LAN. We will make sure that we specify the connection mark as an o-mark as I explained already before why. Now we add a parameter called destination address type. Since we are now talking about forwarded traffic, I will specify that I want to use this rule only for connections that are not destined to the router itself, because I do not want to mark input traffic from LAN. I specify that I want to increase the counter on each connection where source address and port is different to make setup more flexible and balance load more frequently. Finally, we will specify per connection classifier parameter. It is super easy actually. We need to count how many ISPs we have. We do have 3 ISPs in my lab, so the divider for PCC will be 3. And for ISP1 we will use a connection in which the sequence number divided by 3 has nothing left. This reminder is 0. Of course we now do a sign connection mark on the action tab for each per connection classifier reminder and make a separate rule for each PCC divider. For ISP2, the connection with the reminder is 1. And for ISP3 the reminder is 2. This counter will do the same thing also for connections number 26. If we divide 26 by 3 then the reminder is too. So the mark will be ISP3. One interesting side note here. Remember that at the beginning of this video I told you that we will distribute connections here, not the bandwidth. That is still true but more often than not you have ISP connections with different guaranteed speeds. For example 1 gigabit from ISP1 and 500 megabits from others ISP2 and ISP3. Then we can divide all the traffic into not three but four parts and simply increase the divider by one and add one more Mangle rule which will mark connections with mark ISP1. So two rules for ISP1, one for ISP2, one for ISP3. In total four rules. You will not be able to consume more bandwidth but the possibility of fully utilizing one of the ISPs will be lower now. For the forwarded traffic from LAN all I need to add now is mark routing rules which again will tell for connection which routing table to choose. We need to show the way only four packets from LAN to the internet. We do not want to mark packets from the internet to LAN. That is absolutely unnecessary because routing to LAN is already done in the main routing table. So now we can see that if I try to access the internet from my computer, then I can access the same IP address, but through different ISPs on each new connection. In my example, you can see that I try to access our dummy fake internet IP, and on each connection I have accessed another device. This is just to show you the idea, in real life it will also work for any connections passing through your router. Now here is the last thing that you should notice. If there is traffic from the internet towards your LAN, for example a port forwarding type of scenario, then this will work right away. Because at the very beginning we did mark connections, coming into the router from each ISP, the very first manual rules that we added. And just now we did tell packets coming from the LAN which routing table to use based on the connection mark. So also this will work right away. Now last but not least, I will disconnect the cable from my router to, for example, ISP2. We do see that route for ISP2 is not active anymore, but we can still create new connections from our computer to the internet, and even if they do get ISP2 marked, then they are able to reach the internet. But through ISP1, which was selected as the main uplink at the beginning of this video due to the lowest default route distance in the main routing table. So what did we just do? We learned a little bit about how load balancing works in general. We made sure that if we do have multiple ISP connections, then we can access the router itself through all of them. We can access LAN from internet through any of the ISPs. Traffic from LAN to the internet is distributed between all ISPs and can be actually distributed based on guaranteed bandwidth speed differences between uplinks. If some ISP is not working at the time, the traffic marked for this ISP usage will fall back to the main routing table and will use ISP, which has the highest priority. I think that this is kind of a good job for one video. I hope that it will help you to understand something about networking on RouterOS a little bit better, and we will receive fewer and fewer support emails about this topic. So good luck, and sorry that the video was so long. Goodbye!
Info
Channel: MikroTik
Views: 61,255
Rating: undefined out of 5
Keywords: mikrotik, routerboard, routeros, latvia
Id: nlb7XAv57tw
Channel Id: undefined
Length: 16min 22sec (982 seconds)
Published: Tue Jun 13 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.