VNetLab

Mikrotik Load Balancing(policy based pcc)

by · Published · Updated

#Mikrotik#Load Balancing#Policy Based#PCC
#Load Balancing#Load Balancing#Load Balancing
Now we configure load balancing with 2 isp and every isp have primary and secondary link

 

172.16.67.130/30 ISP-B Primary
172.16.67.134/30 ISP-B Secondary
172.16.97.34/30 ISP-A Primary
172.16.97.38/30 ISP-A Secondary

192.168.0.0/16 Local Subnet
202.100.40.144/29 ISP-B Public IP
119.100.40.144/30 ISP-A Public IP

/interface list
add name=LAN
add name=ISP-A
add name=ISP-B

/interface list member
add interface=ether7-ISP-B-PRM list=ISP-B
add interface=ether8-ISP-B-SCN list=ISP-B
add interface=ether1-ISP-A-PRM list=ISP-A
add interface=ether5-ISP-A-SCN list=ISP-A
add interface=Public-to-Local-IP-bridge list=LAN

/ip route
add check-gateway=ping distance=1 gateway=172.16.67.129 routing-mark=TO_ISP-B
add check-gateway=ping distance=2 gateway=172.16.67.133 routing-mark=TO_ISP-B
add check-gateway=ping distance=1 gateway=172.16.97.33 routing-mark=TO_ISP-A
add check-gateway=ping distance=2 gateway=172.16.97.37 routing-mark=TO_ISP-A
add check-gateway=ping distance=22 gateway=172.16.67.129 distance=22
add check-gateway=ping distance=22 gateway=172.16.67.133 distance=22
add check-gateway=ping distance=22 gateway=172.16.97.33 distance=22
add check-gateway=ping distance=22 gateway=172.16.97.37 distance=22

user have some server which running via ISP-B public ip and for access these server add below route rules

/ip route rule
add dst-address=202.100.40.144/29 src-address=192.168.0.0/16 table=main
add dst-address=192.168.0.0/16 src-address=202.100.40.144/29 table=main

/ip firewall mangle
add action=mark-connection chain=input in-interface-list=ISP-B new-connection-mark=ISP-B_CONNECTION passthrough=no
add action=mark-connection chain=input in-interface-list=ISP-A new-connection-mark=ISP-A_CONNECTION passthrough=no

add action=mark-routing chain=output connection-mark=ISP-B_CONNECTION new-routing-mark=TO_ISP-B passthrough=no
add action=mark-routing chain=output connection-mark=ISP-A_CONNECTION new-routing-mark=TO_ISP-A passthrough=no

add action=accept chain=prerouting dst-address=119.100.40.144/30 in-interface-list=LAN
add action=accept chain=prerouting dst-address=202.100.40.144/29 in-interface-list=LAN

add action=mark-connection chain=prerouting dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP-B_CONNECTION passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=!local in-interface-list=LAN new-connection-mark=ISP-A_CONNECTION passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1

add action=mark-routing chain=prerouting connection-mark=ISP-B_CONNECTION in-interface-list=LAN new-routing-mark=TO_ISP-B passthrough=no
add action=mark-routing chain=prerouting connection-mark=ISP-A_CONNECTION in-interface-list=LAN new-routing-mark=TO_ISP-A passthrough=no

/ip firewall nat
add action=src-nat chain=srcnat comment=”Load Balancing NAT for ISP-A” out-interface-list=ISP-A src-address-list=Allow_IP to-addresses=202.84.36.145
add action=src-nat chain=srcnat comment=”Load Balancing NAT for ISP-B” out-interface-list=ISP-B  src-address-list=Allow_IP_ISP-B to-addresses=119.148.18.145

add action=src-nat chain=srcnat comment=”Total NAT with ISP-B” out-interface-list=ISP-B  src-address=192.168.0.0/16 to-addresses=119.148.18.145
add action=src-nat chain=srcnat comment=”Total NAT with ISP-A” out-interface-list=ISP-A src-address=192.168.0.0/16 to-addresses=202.84.36.145

You may also like...

Leave a Reply

Your email address will not be published.