In this project (click here for the detail), our client requests to combining 2 ISP with one mikrotik. This case is different from the previous one that was using BGP protocol and whole end devices are using public IP address.
This project is challenging because both ISP gives Public IP address which is just enough for point-to-point connection only. End-devices (laptop, PC, etc) will use private IP address, where router will do NAT (Network Address Translation) on these private IP when they are going out to internet. Topology of the network can be seen at the picture above.
So, the technical plan would be:
- Computers on LAN will access internet through ISP1 or ISP2. We expect the consumed bandwidth from both ISP are similar, so we will spread the traffic load among connections.
- Datarate of ISP1 is 5 mbps, and ISP2 is 5mbps
- RouterOS supports load balancing algorithm that could work on connection-mark (example: PCC – per connection classifier) or packet-mark (example: nth).
- Because NAT is applied, we gonna use connection-mark with source-ip-address as classifier. This means each IP address on LAN will be mapped into existing outgoing connections.
- In technical, we will use firewall mangle to mark the packets for further processing (we use mark-routing).
- After packet is marked, the next step to do “routing decision” which is reading the routing table to decide where the packets is forwarded.
Example imeplementation?
#creating PCC marking
/ip firewall mangle add chain=prerouting dst-address=!192.168.5.0/24 in-interface=ether3 connection-mark=no-mark per-connection-classifier=src-address:2/0 action=mark-connection new-connection-mark=conn-isp1
/ip firewall mangle add chain=prerouting dst-address=!192.168.5.0/24 in-interface=ether3 connection-mark=no-mark per-connection-classifier=src-address:2/1 action=mark-connection new-connection-mark=conn-isp2
#marking routing
/ip firewall mangle add chain=prerouting connection-mark=conn-isp1 action=mark-routing new-routing-mark=via-isp1
/ip firewall mangle add chain=prerouting connection-mark=conn-isp2 action=mark-routing new-routing-mark=via-isp2
#add routing entry
/ip route add dst-address=0.0.0.0/0 gateway=ether1 check-gateway=ping routing-mark=via-isp1
/ip route add dst-address=0.0.0.0/0 gateway=ether2 check-gateway=ping routing-mark=via-isp2
voila… we are done. this time, we already spread the load among outgoing links (combining 2 ISP with one mikrotik routerboard)
any comments are welcome 🙂
More from this site
Combining 8 ISPs with a single mikrotik device (2)- June 2019, MUM Kuala Lumpur, Troubleshooting load balancing (0)
- October 2017, ISP load balancing with Mikrotik Nth (0)
- Apakah bandwidth meningkat setelah terkoneksi dengan multi ISP (2)
- menggabungkan 2 isp ke dalam 1 routerboard (9)
- Central office, switch, trunks, local loop (0)
- September 2017, GLC webinar: Integrating Radius with Mikrotik (0)
- January 2018, MUM Manila, Philipines, GLC Networks Presentation : BGP vs OSPF (0)
- Intranet vs Extranet (0)
- March 2017, GLC webinar: IPv6 with Mikrotik (0)
/ip firewall mangle add chain=prerouting dst-address=!192.168.5.0/24 in-interface=ether3 connection-mark=no-mark per-connection-classifier=src-address:2/0 action=mark-connection new-connection-mark=conn-isp1
/ip firewall mangle add chain=prerouting dst-address=!192.168.5.0/24 in-interface=ether3 connection-mark=no-mark per-connection-classifier=src-address:2/1 action=mark-connection new-connection-mark=conn-isp2
why the dst address same as the other ip for isp, pls explain further
what about the DNS if we combine two different ISPs???
You should use Public DNS such as 8.8.8.8
Buen día
Se puede unir dos wan para sumar los anchos de banda y tener mejor velocidad?