- Network
- A
Another MultiWan on Mikrotik ROS7 with Load Balancing and QOS. Part 1
Hello, tekkix! I want to share my implementation, vision of MultiWan on Mikrotik equipment.
1.2.1 Let's set up addresses or get DHCP from providers
We add a script to DHCP, this is necessary because we get a different address from LTE each time, accordingly the provider's gateway changes
Default Route can not be added, we will get it with a script, but you can also enable it, the main thing is to specify its cost, otherwise it will be the main one
1.2.2 A little trick with DHCP
/ip/route/set gateway=$"gateway-address" numbers=[find comment=ISP-1-GW]
/ip/firewall/nat/set to-addresses=$"lease-address" numbers=[find comment=ISP1]
/ip/firewall/mangle/set src-address=$"lease-address" numbers=[find comment=ISP1-out]
/interface/l2tp-client/set src-address=$"lease-address" numbers=[find comment=ISP1]
/interface/l2tp-client/set src-address=$"lease-address" numbers=[find comment=VPS-LTE]
Script description
In IP/route we look for an entry with the comment ISP-1-GW, and set the Gateway given to us by DHCP as the Gateway
In Firewall Nat we similarly look for the comment ISP1 and in the SRC-NAT construction we set the address received from DHCP in the to address field
In Firewall Mange we look for the comment ISP1-out and this entry is set with the address from DHCP, more on this in the Mangle section below
The last two entries are needed to connect LTP clients through this particular provider, the search is also done by comment
1.3 It is necessary to create routing tables
This is necessary so that the traffic from each provider is in its own table, and where we could send certain users.
We need as many additional tables as there will be providers.
1.4 Let's set the necessary routes, where ISP1 will be with a distance of 1, ISP2 will be with a distance of 2, ISP3 will be with a distance of 3, this is visible in the next picture
1.4.4 We duplicate each route in its own table. This is necessary so that in its own table, its provider is "default"
For routes that work through DHCP, do not forget to specify a comment, it is by this comment that the entry for the correct gateway address will be searched.
Collect all routes
What do we see here?
From each provider there are "zeros" in the main table and these same routes are present in their rtab tables.
2. NAT
We will not use action masquerade, instead we will use SRC-NAT
An important note, it is also necessary to specify comments for the rules, in one case it makes the firewall more readable, and in the other we have a script in the DHCP client that will substitute the source address in the required field when receiving a new address
In fact, if suddenly all your connections are via DHCP, or you suddenly carry the mikrotik everywhere with you, then you can specify all comments in nat, mangle route, and scripts in DHCP clients in advance.
3. Magic Mangle for correct traffic passing
For each provider, we need to add several rules so that the router can "respond" correctly, that is, if the traffic came from the first provider, from the first interface, then the router will respond to the provider from the same interface.
Let's analyze each provider separately.
first rule of the first provider ISP1 (also known as LTE)
With this rule, we say - from the WAN-LTE interface (we have this first provider ISP1) mark all packets "con-isp1". The name of the marking "con-isp1" is arbitrary, write it so that you understand where these packets come from, this will also be necessary when building QOS
Second rule of the first provider ISP1
Here I want to draw special attention to the construction of the rule. Here we tell the router to send all packets marked with con-isp1 (we created it with the first rule) not from the Interface list WAN to the rtab-ISP1 table (actually give the route tag, but the meaning does not change)
In many instructions, I have not seen such a construction, and with their examples, it did not work for me.
The third rule of the first provider ISP2
Here everything is simple, we specify the source address as our IP address and direct it to the rtap-ISP1 table
An important addition, the screenshot shows the comment ISP1-out, according to this comment, the outgoing address is automatically substituted using a script in the DHCP client.
Other providers are configured in the same way.
In general, three providers are configured and working, but there is no reservation or switching between them when there is a link but no internet. In some cases, the check gateway option in the route settings or the so-called failover can help solve this problem, which we will configure in the next part of the article.
Since the topic of QOS and Balancing is quite large and closely related, their continuation will be in the next part of the article.
Write comment