Load Balancing with Mikrotik 3.x

When we want to make Loadbalancing system used Mikrotik 2.9.x, we can using the rule from here. But there is little different with Mikrotik 3.x
Ok then, let's started, i will use 5 connection here.

IP Address Configuration

/ ip address add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local comment="" disabled=no
/ ip address add address=10.111.0.2/30 network=10.111.0.0 broadcast=10.111.0.3 interface=Uplink1 comment="" disabled=no
/ ip address add address=10.112.0.2/30 network=10.112.0.0 broadcast=10.112.0.3 interface=Uplink2 comment="" disabled=no
/ ip address add address=10.113.0.2/30 network=10.113.0.0 broadcast=10.113.0.3 interface=Uplink3 comment="" disabled=no
/ ip address add address=10.114.0.2/30 network=10.114.0.0 broadcast=10.114.0.3 interface=Uplink4 comment="" disabled=no
/ ip address add address=10.115.0.2/30 network=10.115.0.0 broadcast=10.115.0.3 interface=Uplink5 comment="" disabled=no

Mangle Configuration

/ ip firewall mangle add chain=prerouting in-interface=Local connection-state=new nth=5,1 action=mark-connection new-connection-mark=conn1 passthrough=yes comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=Local connection-mark=conn1 action=mark-routing new-routing-mark=conn1 passthrough=no comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=Local connection-state=new nth=4,1 action=mark-connection new-connection-mark=conn2 passthrough=yes comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=Local connection-mark=conn2 action=mark-routing new-routing-mark=conn2 passthrough=no comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=Local connection-state=new nth=3,1 action=mark-connection new-connection-mark=conn3 passthrough=yes comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=Local connection-mark=conn3 action=mark-routing new-routing-mark=conn3 passthrough=no comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=Local connection-state=new nth=2,1 action=mark-connection new-connection-mark=conn4 passthrough=yes comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=Local connection-mark=conn4 action=mark-routing new-routing-mark=conn4 passthrough=no comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=Local connection-state=new action=mark-connection new-connection-mark=conn5 passthrough=yes comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=Local connection-mark=conn5 action=mark-routing new-routing-mark=conn5 passthrough=no comment="" disabled=no

Masquerade Local Network

/ ip firewall nat add chain=srcnat connection-mark=conn1 action=masquerade out-interface=Uplink1 comment="" disabled=no
/ ip firewall nat add chain=srcnat connection-mark=conn2 action=masquerade out-interface=Uplink2 comment="" disabled=no
/ ip firewall nat add chain=srcnat connection-mark=conn3 action=masquerade out-interface=Uplink3 comment="" disabled=no
/ ip firewall nat add chain=srcnat connection-mark=conn4 action=masquerade out-interface=Uplink4 comment="" disabled=no
/ ip firewall nat add chain=srcnat connection-mark=conn5 action=masquerade out-interface=Uplink5 comment="" disabled=no

Route

/ ip route add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=conn1 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=conn2 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=10.113.0.1 scope=255 target-scope=10 routing-mark=conn3 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=10.114.0.1 scope=255 target-scope=10 routing-mark=conn4 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=10.115.0.1 scope=255 target-scope=10 routing-mark=conn5 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 comment="" disabled=no

Explanation
First we give a code snippet and then explain what it actually does.

IP Address and Mangle

/ ip address add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local comment="" disabled=no
/ ip address add address=10.111.0.2/30 network=10.111.0.0 broadcast=10.111.0.3 interface=Uplink1 comment="" disabled=no
/ ip address add address=10.112.0.2/30 network=10.112.0.0 broadcast=10.112.0.3 interface=Uplink2 comment="" disabled=no
/ ip address add address=10.113.0.2/30 network=10.113.0.0 broadcast=10.113.0.3 interface=Uplink3 comment="" disabled=no
/ ip address add address=10.114.0.2/30 network=10.114.0.0 broadcast=10.114.0.3 interface=Uplink4 comment="" disabled=no
/ ip address add address=10.115.0.2/30 network=10.115.0.0 broadcast=10.115.0.3 interface=Uplink5 comment="" disabled=no

The router has 5 upstream (WAN) interfaces with the addresses of 10.111.0.2/30; 10.112.0.2/24; 10.113.0.2/30; 10.114.0.2/24 and 10.115.0.2/30. The LAN interface has the name "Local" and IP address of 192.168.0.1/24.

For the ip firewall mangle, 5 uplink connection need 5 connection mark and 5 routing mark.
Mangle 1 : nth : 5,1
Mangle 2 : nth : 4,1
Mangle 3 : nth : 3,1
Mangle 4 : nth : 2,1
Mangle 5 : No nth
Here the explanation :
Mangle 1 : read all traffic and match 1/5 of traffic
Mangle 2 : read 4/5 traffic and match 1/4 of they traffic (1/5 total traffic)
Mangle 3 : read 3/4 from 4/5 traffic above (or 3/5 total traffic) and match 1/2 traffic above (1/5 total traffic)
Mangle 4 : read 2/3 from 3/5 total traffic (or 2/5 total traffic) and match 1/2 traffic above (1/5 total traffic)
Mengle 5 : read the rest of traffic (1/5 total traffic)

Thats it. Now you can try your setting.

Happy Surfing with 5 Connection.. :)

=================================================

Update :

Route
In addition to using the route as above, you can also use rules like this:

/ ip route add dst-address=0.0.0.0/0 gateway=Uplink1 scope=255 target-scope=10 routing-mark=conn1 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=Uplink2 scope=255 target-scope=10 routing-mark=conn2 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=Uplink3 scope=255 target-scope=10 routing-mark=conn3 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=Uplink4 scope=255 target-scope=10 routing-mark=conn4 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=Uplink5 scope=255 target-scope=10 routing-mark=conn5 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=Uplink1 scope=255 target-scope=10 comment="" disabled=no

| More...

Comments  

 

0 # 2010-01-04 02:52

lho mirip ma yang di forummikrotik.com COPAS kali ya... mana creditnya ke forum yang bersangkutan yak.. kalo gak salah ini tulisannya akange. Cuma di alih bahasakan sedikit ke english hmmmmmmm....!!

Reply | Reply with quote | Quote

 

 

0 # 2010-01-04 04:48

Sory bang, kalo masalah copas, saya tidak pernah copas, kalaupun ada, pasti saya kasih kreditnya. Banyak artikel yang membahas masalah ini. Dan ini sudah lama buanget artikel ini saya tulis, tahun 2008 kalo ga salah... Jadi jangan berburuk sangka dulu bang...

Reply | Reply with quote | Quote

 

 

0 # 2010-01-04 08:35

ok juga neh tutorialnya nanti gw cobain dulu kalo ga berhasil gi mana ?

Reply | Reply with quote | Quote

 

 

0 # 2010-01-04 11:35

Quoting yongkray:

ok juga neh tutorialnya nanti gw cobain dulu kalo ga berhasil gi mana ?

Kalo ga berhasil, bisalah nanti aku bantuin

Reply | Reply with quote | Quote

 

 

0 # 2010-01-07 15:49

Quoting NoFee:

Quoting yongkray:

ok juga neh tutorialnya nanti gw cobain dulu kalo ga berhasil gi mana ?

Kalo ga berhasil, bisalah nanti aku bantuin :-)

Gratis (No Fee) yo mas... aku melu

Reply | Reply with quote | Quote

 

 

0 # 2010-01-04 10:16

ohh gak yah bang,,, ok dah... thanks keep posting bro hehehe. Mantep letak adsense nya kekee

Reply | Reply with quote | Quote

 

 

0 # 2010-01-11 17:10

om, untuk yg update routenya, error di tempat saya kalo dipake semua, akhirnya cuman saya pake 1 aja

Reply | Reply with quote | Quote

 

 

0 # 2010-01-11 23:49

errornya gimana mas?
Seharusnya itu tidak error lho, karena itu emang dah ada fasilitasnya di mikrotik 3.x

Reply | Reply with quote | Quote

 

 

0 # JIn Lee 2010-02-02 13:53

Hi.
I have 6 ether port like this example and have 6 of public/dynamic IP with 100Mbps per IP.
as you discribe, i want using ether1 for incoming transaction from remote pptp clients and load balancing outgoing traffic for ether2~ether6 for pptp clients.

this is sample configuration for it. please check and fix it. if there are some mitake.

/ interface ethernet
set ether1 name="income"
set ether2 name="out1"
set ether3 name="out2"
set ether4 name="out3"
set ether5 name="out4"
set ether6 name="out5"

/ interface bridge
add name="income" arp=proxy-arp

/ interface bridge port
add interface=income bridge=lan

/ ip address
add address=10.0.0.1/16 interface=lan

/ ip dns
allow-remote-requests=yes

/ ip firewall service-port
set pptp disabled=no

/ ip pool
add name="pptp" ranges=10.0.0.2-10.0.254.254

Reply | Reply with quote | Quote

 

 

0 # JIn Lee 2010-02-02 13:56

/ ppp profile
add name="pptp-in" local-address=10.0.0.1 remote-address=pptp use-encryption=default only-one=default change-tcp-mss=yes dns-server=10.0.0.1

/ interface pptp-server server
set enabled=yes max-mtu=1460 max-mru=1460 authentication=chap,mschap1,mschap2 default-profile=pptp-in

/ ip firewall nat add chain=srcnat src-address=10.0.0.2-10.0.254.254 action=masquerade


/ ip dhcp-client add interface=income user-peer=yes add-default-route=yes disable=no
/ ip dhcp-client add interface=out1 user-peer=yes add-default-route=yes disable=no
/ ip dhcp-client add interface=out2 user-peer=yes add-default-route=yes disable=no
/ ip dhcp-client add interface=out3 user-peer=yes add-default-route=yes disable=no
/ ip dhcp-client add interface=out4 user-peer=yes add-default-route=yes disable=no
/ ip dhcp-client add interface=out5 user-peer=yes add-default-route=yes disable=no

Reply | Reply with quote | Quote

 

 

0 # JIn Lee 2010-02-02 13:59

/ ip firewall mangle add chain=prerouting in-interface=lan connection-state=new nth=5,1 action=mark-connection new-connection-mark=conn1 passthrough=yes comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=lan connection-mark=conn1 action=mark-routing new-routing-mark=conn1 passthrough=no comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=lan connection-state=new nth=4,1 action=mark-connection new-connection-mark=conn2 passthrough=yes comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=lan connection-mark=conn2 action=mark-routing new-routing-mark=conn2 passthrough=no comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=lan connection-state=new nth=3,1 action=mark-connection new-connection-mark=conn3 passthrough=yes comment="" disabled=no

Reply | Reply with quote | Quote

 

 

0 # JIn Lee 2010-02-02 14:00

/ ip firewall mangle add chain=prerouting in-interface=lan connection-mark=conn3 action=mark-routing new-routing-mark=conn3 passthrough=no comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=lan connection-state=new nth=2,1 action=mark-connection new-connection-mark=conn4 passthrough=yes comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=lan connection-mark=conn4 action=mark-routing new-routing-mark=conn4 passthrough=no comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=lan connection-state=new action=mark-connection new-connection-mark=conn5 passthrough=yes comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=lan connection-mark=conn5 action=mark-routing new-routing-mark=conn5 passthrough=no comment="" disabled=no

Reply | Reply with quote | Quote

 

 

0 # JIn Lee 2010-02-02 14:01

/ ip firewall nat add chain=srcnat connection-mark=conn1 action=masquerade out-interface=out1 comment="" disabled=no
/ ip firewall nat add chain=srcnat connection-mark=conn2 action=masquerade out-interface=out2 comment="" disabled=no
/ ip firewall nat add chain=srcnat connection-mark=conn3 action=masquerade out-interface=out3 comment="" disabled=no
/ ip firewall nat add chain=srcnat connection-mark=conn4 action=masquerade out-interface=out4 comment="" disabled=no
/ ip firewall nat add chain=srcnat connection-mark=conn5 action=masquerade out-interface=out5 comment="" disabled=no

/ ip route add dst-address=0.0.0.0/0 gateway=out1 scope=255 target-scope=10 routing-mark=conn1 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=out2 scope=255 target-scope=10 routing-mark=conn2 comment="" disabled=no

Reply | Reply with quote | Quote

 

 

0 # JIn Lee 2010-02-02 14:02

/ ip route add dst-address=0.0.0.0/0 gateway=out3 scope=255 target-scope=10 routing-mark=conn3 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=out4 scope=255 target-scope=10 routing-mark=conn4 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=out5 scope=255 target-scope=10 routing-mark=conn5 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=out1 scope=255 target-scope=10 comment="" disabled=no

I don't know What i need to do again... please help..

Reply | Reply with quote | Quote

 

 

0 # JIn Lee 2010-02-02 14:15

There are some mistake

/ interface bridge
add name="lan" arp=proxy-arp

My goal is simple.
if user1 connect to pptp server interface "income" then assign to user1's pptp client 10.0.254.254 and all of user1's traffic need to goingout to "out1" interface.

and next, user2 connect to pptp server interface "income" again then assign to user2's pptp client 10.0.254.253 and all of user1's traffic need to goingout to "out2" interface.

Reply | Reply with quote | Quote

 

Refresh comments list
RSS feed for comments to this post.

Add comment

Thanks for your comment

Name (required)

E-mail (required)

Website

Notify me of follow-up comments

Refresh

Send

Cancel

JComments