Mikrotik 4 WAN Load Balancing using PCC method. Complete Script !!!
Scenario:
- Mikrotik LAN IP = 192.168.0.1
- DSL1 Router IP = 192.168.1.1 / INTERFACE NAME = WAN1
- DSL2 Router IP = 192.168.1.1 / INTERFACE NAME = WAN2
- DSL3 Router IP = 192.168.1.1 / INTERFACE NAME = WAN3
- DSL4 Router IP = 192.168.1.1 / INTERFACE NAME = WAN4
the Script !
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 | # IP Addresses for reference purpose/ip addressadd address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Localadd address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 interface=WAN1add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN2add address=192.168.3.2/24 network=192.168.3.0 broadcast=192.168.3.255 interface=WAN3add address=192.168.4.2/24 network=192.168.4.0 broadcast=192.168.4.255 interface=WAN4# Add NET ALLOWED users Address list, to make sure only allowed users get internet access. Make sure to modify this as per your requirements, we can use this list later for other management purposes/ip firewall address-listadd address=192.168.0.1-192.168.0.255 list=allowed_users# Accept Connections/ip firewall mangleadd action=accept chain=prerouting in-interface=WAN1add action=accept chain=prerouting in-interface=WAN2add action=accept chain=prerouting in-interface=WAN3add action=accept chain=prerouting in-interface=WAN4# Mangle Section# Marking connections for 4 dsl distributionadd chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes src-address-list=allowed_usersadd chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes src-address-list=allowed_usersadd chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes src-address-list=allowed_usersadd chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/3 action=mark-connection new-connection-mark=WAN4_conn passthrough=yes src-address-list=allowed_users# Marking Routing Marks to be used by ROUTES Sectionadd chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2add chain=prerouting connection-mark=WAN3_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN3add chain=prerouting connection-mark=WAN4_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN4# Adding ROUTE for marked routes (done by mangle earlier)/ip routeadd dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 check-gateway=pingadd dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 check-gateway=pingadd dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_WAN3 check-gateway=pingadd dst-address=0.0.0.0/0 gateway=192.168.4.1 routing-mark=to_WAN4 check-gateway=ping# DEFAULT ROUTES, OR Fail over routes , just incase in any router goes offline, then these default routes as per distance, will be used as defaultadd dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=pingadd dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=pingadd dst-address=0.0.0.0/0 gateway=192.168.3.1 distance=3 check-gateway=pingadd dst-address=0.0.0.0/0 gateway=192.168.4.1 distance=4 check-gateway=ping# NAT/MASQUERADE the requests going on each interface (used by ROUTES)/ip firewall natadd chain=srcnat out-interface=WAN1 action=masquerade src-address-list=allowed_usersadd chain=srcnat out-interface=WAN2 action=masquerade src-address-list=allowed_usersadd chain=srcnat out-interface=WAN3 action=masquerade src-address-list=allowed_usersadd chain=srcnat out-interface=WAN4 action=masquerade src-address-list=allowed_users |
Now Configure DNS server so users can resolve host names using your mikrotik.
1 | /ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=8.8.8.8 |
All Done !
Now Test the link by putting user load, the more multiple users load you put on it, the better Load Balance result you will get
PCC WITH UN-EQUAL WAN LINKS
If you have Un-Equal WAN Links, for example WAN,1,2,3 are of 4MB and WAN,4 is of 8 Mb, and you want to force MT to use WAN4 link more then other because of its capacity, Then you have to Add more PCC rules assigning the same two marks to a specific link i.e WAN4 , something like
Code:
1 2 3 4 5 | add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yesadd chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yesadd chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yesadd chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/3 action=mark-connection new-connection-mark=WAN4_conn passthrough=yesadd chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/4 action=mark-connection new-connection-mark=WAN4_conn passthrough=yes |
PCC WITH SAME GATEWAY
Try defining the outbound interface.
For example replace this.
1 2 3 4 5 6 7 8 9 | /ip route add dst-address=0.0.0.0/0 gateway=1.2.3.4 routing-mark=to_wan-ISP1 check-gateway=ping add dst-address=0.0.0.0/0 gateway=1.2.3.4 routing-mark=to_wan-ISP2 check-gateway=pingWith following/ip routeadd dst-address=0.0.0.0/0 gateway=1.2.3.4%eth1-ISP routing-mark=to_wan-ISP1 check-gateway=pingadd dst-address=0.0.0.0/0 gateway=1.2.3.4%eth2-ISP routing-mark=to_wan-ISP2 check-gateway=ping |
Replace the eth1-ISP with your own wan interface name , use the notation % for sure.
If it works , let me know
TIP:
Using modems in BRIDGE mode will probably give you some better performance and control 
Try it 
22 WAN PCC script , using TPLINK routers as wan gateways
Just for reference purposes,
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 | # IP addresses for WAN Modems (TPLINK Routers)#192.168.1.1#192.168.2.1#and so on/ip addressadd address=172.16.0.1/16 interface=Local network=172.16.0.0add address=192.168.1.50/24 interface=vlan1 network=192.168.1.0add address=192.168.2.50/24 interface=vlan2 network=192.168.2.0add address=192.168.3.50/24 interface=vlan3 network=192.168.3.0add address=192.168.4.50/24 interface=vlan4 network=192.168.4.0add address=192.168.5.50/24 interface=vlan5 network=192.168.5.0add address=192.168.6.50/24 interface=vlan6 network=192.168.6.0add address=192.168.7.50/24 interface=vlan7 network=192.168.7.0add address=192.168.8.50/24 interface=vlan8 network=192.168.8.0add address=192.168.9.25/24 interface=vlan9 network=192.168.9.0add address=192.168.10.50/24 interface=vlan10 network=192.168.10.0add address=192.168.11.50/24 interface=vlan11 network=192.168.11.0add address=192.168.12.50/24 interface=vlan12 network=192.168.12.0add address=192.168.13.50/24 interface=vlan13 network=192.168.13.0add address=192.168.14.50/24 interface=vlan14 network=192.168.14.0add address=192.168.15.50/24 interface=vlan15 network=192.168.15.0add address=192.168.16.50/24 interface=vlan16 network=192.168.16.0add address=192.168.17.50/24 interface=vlan17 network=192.168.17.0add address=192.168.18.50/24 interface=vlan18 network=192.168.18.0add address=192.168.19.50/24 interface=vlan19 network=192.168.19.0add address=192.168.20.50/24 interface=vlan20 network=192.168.20.0add address=192.168.21.50/24 interface=vlan21 network=192.168.21.0add address=192.168.22.50/24 interface=vlan22 network=192.168.22.0/interface vlanadd comment=WAN-1 interface=WAN_TRUNK name=vlan1 vlan-id=2add comment=WAN-2 interface=WAN_TRUNK name=vlan2 vlan-id=3add comment=WAN-3 interface=WAN_TRUNK name=vlan3 vlan-id=4add comment=WAN-4 interface=WAN_TRUNK name=vlan4 vlan-id=5add comment=WAN-5 interface=WAN_TRUNK name=vlan5 vlan-id=6add comment=WAN-6 interface=WAN_TRUNK name=vlan6 vlan-id=7add comment=WAN-7 interface=WAN_TRUNK name=vlan7 vlan-id=8add comment=WAN-8 interface=WAN_TRUNK name=vlan8 vlan-id=9add comment=WAN-9 interface=WAN_TRUNK name=vlan9 vlan-id=10add comment=WAN-10 interface=WAN_TRUNK name=vlan10 vlan-id=11add comment=WAN-11 interface=WAN_TRUNK name=vlan11 vlan-id=12add comment=WAN-12 interface=WAN_TRUNK name=vlan12 vlan-id=13add comment=WAN-13 interface=WAN_TRUNK name=vlan13 vlan-id=14add comment=WAN-14 interface=WAN_TRUNK name=vlan14 vlan-id=15add comment=WAN-15 interface=WAN_TRUNK name=vlan15 vlan-id=16add comment=WAN-16 interface=WAN_TRUNK name=vlan16 vlan-id=17add comment=WAN-17 interface=WAN_TRUNK name=vlan17 vlan-id=18add comment=WAN-18 interface=WAN_TRUNK name=vlan18 vlan-id=19add comment=WAN-19 interface=WAN_TRUNK name=vlan19 vlan-id=20add comment=WAN-20 interface=WAN_TRUNK name=vlan20 vlan-id=21add comment=WAN-20 interface=WAN_TRUNK name=vlan21 vlan-id=22add comment=WAN-21 interface=WAN_TRUNK name=vlan22 vlan-id=23/ip firewall address-listadd address=10.0.0.1-10.0.0.255 list=net_allowed_list/ip firewall mangleadd action=accept chain=prerouting dst-address=192.168.1.0/24add action=accept chain=prerouting dst-address=192.168.2.0/24add action=accept chain=prerouting dst-address=192.168.3.0/24add action=accept chain=prerouting dst-address=192.168.4.0/24add action=accept chain=prerouting dst-address=192.168.5.0/24add action=accept chain=prerouting dst-address=192.168.6.0/24add action=accept chain=prerouting dst-address=192.168.7.0/24add action=accept chain=prerouting dst-address=192.168.8.0/24add action=accept chain=prerouting dst-address=192.168.9.0/24add action=accept chain=prerouting dst-address=192.168.10.0/24add action=accept chain=prerouting dst-address=192.168.11.0/24add action=accept chain=prerouting dst-address=192.168.12.0/24add action=accept chain=prerouting dst-address=192.168.13.0/24add action=accept chain=prerouting dst-address=192.168.14.0/24add action=accept chain=prerouting dst-address=192.168.15.0/24add action=accept chain=prerouting dst-address=192.168.16.0/24add action=accept chain=prerouting dst-address=192.168.17.0/24add action=accept chain=prerouting dst-address=192.168.18.0/24add action=accept chain=prerouting dst-address=192.168.19.0/24add action=accept chain=prerouting dst-address=192.168.20.0/24add action=accept chain=prerouting dst-address=192.168.21.0/24add action=accept chain=prerouting dst-address=192.168.22.0/24add action=mark-connection chain=prerouting comment=2 dst-address-type=!local new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/0 src-address-list=net_allowed_listadd action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/1 src-address-list=net_allowed_listadd action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN3_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/2 src-address-list=net_allowed_listadd action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN4_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/3 src-address-list=net_allowed_listadd action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN5_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/4 src-address-list=net_allowed_listadd action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN6_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/5 src-address-list=net_allowed_listadd action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN7_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/6 src-address-list=net_allowed_listadd action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN8_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/7 src-address-list=net_allowed_listadd action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN9_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/8 src-address-list=net_allowed_listadd action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN10_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/9 src-address-list=net_allowed_listadd action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN11_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/10 src-address-list=net_allowed_listadd action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN12_Conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/11 src-address-list=net_allowed_listadd action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN13_Conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/12 src-address-list=net_allowed_listadd action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN14_Conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/13 src-address-list=net_allowed_listadd action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN15_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/14 src-address-list=net_allowed_listadd action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN16_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/15 src-address-list=net_allowed_listadd action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN17_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/16 src-address-list=net_allowed_listadd action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN18_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/17 src-address-list=net_allowed_listadd action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN19_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/18 src-address-list=net_allowed_listadd action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN20_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/19 src-address-list=net_allowed_listadd action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN21_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:22/20 src-address-list=net_allowed_listadd action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN22_con passthrough=yes per-connection-classifier=both-addresses-and-ports:22/21 src-address-list=net_allowed_listadd action=mark-routing chain=prerouting connection-mark=WAN1_conn new-routing-mark=to_WAN1 passthrough=yesadd action=mark-routing chain=prerouting connection-mark=WAN2_conn new-routing-mark=to_WAN2 passthrough=yesadd action=mark-routing chain=prerouting connection-mark=WAN3_conn new-routing-mark=to_WAN3 passthrough=yesadd action=mark-routing chain=prerouting connection-mark=WAN4_conn new-routing-mark=to_WAN4 passthrough=yesadd action=mark-routing chain=prerouting connection-mark=WAN5_conn new-routing-mark=to_WAN5 passthrough=yesadd action=mark-routing chain=prerouting connection-mark=WAN6_conn new-routing-mark=to_WAN6 passthrough=yesadd action=mark-routing chain=prerouting connection-mark=WAN7_conn new-routing-mark=to_WAN7 passthrough=yesadd action=mark-routing chain=prerouting connection-mark=WAN8_conn new-routing-mark=to_WAN8 passthrough=yesadd action=mark-routing chain=prerouting connection-mark=WAN9_conn new-routing-mark=to_WAN9 passthrough=yesadd action=mark-routing chain=prerouting connection-mark=WAN10_conn new-routing-mark=to_WAN10 passthrough=yesadd action=mark-routing chain=prerouting connection-mark=WAN11_conn new-routing-mark=to_WAN11 passthrough=yesadd action=mark-routing chain=prerouting connection-mark=WAN12_Conn new-routing-mark=to_WAN12 passthrough=yesadd action=mark-routing chain=prerouting connection-mark=WAN13_Conn new-routing-mark=to_WAN13 passthrough=yesadd action=mark-routing chain=prerouting connection-mark=WAN14_Conn new-routing-mark=to_WAN14 passthrough=yesadd action=mark-routing chain=prerouting connection-mark=WAN15_conn new-routing-mark=to_WAN15 passthrough=yesadd action=mark-routing chain=prerouting connection-mark=WAN16_conn new-routing-mark=to_WAN16 passthrough=yesadd action=mark-routing chain=prerouting connection-mark=WAN17_conn new-routing-mark=to_WAN17 passthrough=yesadd action=mark-routing chain=prerouting connection-mark=WAN18_conn new-routing-mark=to_WAN18 passthrough=yesadd action=mark-routing chain=prerouting connection-mark=WAN19_conn new-routing-mark=to_WAN19 passthrough=yesadd action=mark-routing chain=prerouting connection-mark=WAN20_conn new-routing-mark=to_WAN20 passthrough=yesadd action=mark-routing chain=prerouting connection-mark=WAN21_conn new-routing-mark=to_WAN21 passthrough=yesadd action=mark-routing chain=prerouting connection-mark=WAN22_con new-routing-mark=to_WAN22 passthrough=yes/ip firewall natadd action=masquerade chain=srcnat src-address-list=net_allowed_list/ip routeadd check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=to_WAN1add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=to_WAN2add check-gateway=ping distance=1 gateway=192.168.3.1 routing-mark=to_WAN3add check-gateway=ping distance=1 gateway=192.168.4.1 routing-mark=to_WAN4add check-gateway=ping distance=1 gateway=192.168.5.1 routing-mark=to_WAN5add check-gateway=ping distance=1 gateway=192.168.6.1 routing-mark=to_WAN6add check-gateway=ping distance=1 gateway=192.168.7.1 routing-mark=to_WAN7add check-gateway=ping distance=1 gateway=192.168.8.1 routing-mark=to_WAN8add check-gateway=ping distance=1 gateway=192.168.9.1 routing-mark=to_WAN9add check-gateway=ping distance=1 gateway=192.168.10.1 routing-mark=to_WAN10add check-gateway=ping distance=1 gateway=192.168.11.1 routing-mark=to_WAN11add check-gateway=ping distance=1 gateway=192.168.12.1 routing-mark=to_WAN12add check-gateway=ping distance=1 gateway=192.168.13.1 routing-mark=to_WAN13add check-gateway=ping distance=1 gateway=192.168.14.1 routing-mark=to_WAN14add check-gateway=ping distance=1 gateway=192.168.15.1 routing-mark=to_WAN15add check-gateway=ping distance=1 gateway=192.168.16.1 routing-mark=to_WAN16add check-gateway=ping distance=1 gateway=192.168.17.1 routing-mark=to_WAN17add check-gateway=ping distance=1 gateway=192.168.18.1 routing-mark=to_WAN18add check-gateway=ping distance=1 gateway=192.168.19.1 routing-mark=to_WAN19add check-gateway=ping distance=1 gateway=192.168.20.1 routing-mark=to_WAN20add check-gateway=ping distance=1 gateway=192.168.21.1 routing-mark=to_WAN21add check-gateway=ping distance=1 gateway=192.168.22.1 routing-mark=to_WAN22add check-gateway=ping comment="WAN-1 / DEFAULT ROUTE" distance=1 gateway=192.168.1.1 |
Labels: Loadbalancing, Mikrotik, Netwokingssolution
posted by Networking Solution @ August 05, 2023
0 Comments
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home