MikroTik Load Balance and FailOver

Tulipdame

Tulipdame

Active Member
Joined
Jul 5, 2019
Messages
55
Reaction score
3
Hello everyone!
I am still an extreme noob and was hoping I'd get some answers here.

I have three internet lines (yes, three, because we have no fiber in town and everything else is unstable so I have different types so I can hopefully have internet at all times).

1. Pure DSL through Afrihost - Run through a TP Link modem
I have my access details and can access the TP link as well

2. Air Fiber through a local company - Run through a Ruijie RG-EW1200
I don't know exactly how air fiber works with accounts and such and I can't access the Ruijie.

3. Rain - run through a Huawei B525 router and connected to an external Poynting dish

Now, I purchased a Mikrotik hAP AC3 hoping to at least load balance the three lines and have only one wifi network (instead of 3-5 SSID's and needing to switch between them when one goes down).

Ether3, 4 and 5 are setup as WAN ports and are also removed from the original bridge.
One bridge, applied to ether2 and the two wifi signals.
IP/Addresses: the IP range for each ISP assigned to each port where their routers are connected.
IP/DHCP Client: each of the three ports, use peer dns and assigned their IP ranges from the ISP.
Firewall/Nat: defconf: masquerade and masquerade for each of the ports under Out. Interface.
Firewall/Mangle: I added 13 lines here. See the following video I followed to set them up (only changed the IP's for accepts to my mikrotik)

I have seen videos adding new PPPoE clients, but that didn't work for me at all. I have no PPPoE clients registered.

I have a few questions, please bare with me:

1. I have not setup any firewall settings on the Mikrotik - am I safe to assume this won't be necessary as I have not disabled any firewall settings from each line's actual router?

2. Can I setup the load balancer as well as failover? And how do I do this?
Currently, the Mikrotik prioritizes ether5 with Afrihost DSL, but if I unplug it (to simulate internet loss), it doesn't automatically redirect traffic through ether4 (air fiber).
I have internet through the Mikrotik (and if I speed test through it, it tests Afrihost (ether5 - priority) and delivers better results than the TP link where the DSL actually comes through. No idea why)

3. At another school, there was no need to setup any accounts on the gateway for air fiber. It was as if the radio used to connect the internet, applied settings itself. (I am sorry, I really am this useless here at the moment.).
Is this the case? Does air fiber apply settings itself through the radio, and if so, would I be able to simply remove the Ruijie and connect the air fiber directly into the Mikrotik? The Ruijie has a POE-out port to power the radio, but the Mikrotik also has one.

Also, the Mikrotik app and winbox shows packets going through all three lines. They just don't failover to the next available one immediately and I am unsure if it is actually load balancing.

I have seen people post the whole configuration log, but I have no idea how to export this in order to make it easier for anyone willing to help me. That is why I typed the stuff up before the questions.

Any assistance will be greatly appreciated.
 
Last edited:
You're either looking for bonding or you'll be doing recursive routing. Scoop.co.za has a good setup on it you could also try microtik wiki.

Ts-s.co.za ask for Bennie
 
HartsockZA said:
You're either looking for bonding or you'll be doing recursive routing. Scoop.co.za has a good setup on it you could also try microtik wiki.

Ts-s.co.za ask for Bennie
Click to expand...
Ok, I just don't want to buy another setup if the Mikrotik can do what I need. Also, isn't bonding impossible with 3 different ISP's?
 
Tulipdame said:
Ok, I just don't want to buy another setup if the Mikrotik can do what I need. Also, isn't bonding impossible with 3 different ISP's?
Click to expand...
Yes so choose 2 and failover to the 3rd. Or recursive on 2 so 1 is prime if that fails ove to 2 and so on.

You'll be able to do it on the mikrotik. But you need a network mikrotik mcna guy and Bennie is that.
 
The last time I did this was in the ADSL days so stuff might have changed

The issue you going to have with load balancing is that your 3 public IP's are different - so if you doing per packet or per a connection load balancing a website will keep logging you out because there are requests from different IP's-among other issues.

You could of course do per source IP load-balancing so PC1 users connection1, PC2 uses connection 2, etc

The other issue is how does one detect for example packet loss - you would need to script this on the mikrotik

This is sort of why SD-wan stuff exists.

You could also do 3X wireguard tunnels to a hosted VPS/Server and do per packet over the 3 links and deal with packet loss via some other means-at least this way your public IP does not change.

lots to consider. :ROFL:
 
On a Mikrotik you can use

MikroCloud version 4 is here

Our 4th generation platform is the only solution that turns your existing MikroTik networks into enterprise-grade infrastructure.
www.mikrocloud.com www.mikrocloud.com

I have some higher end business stuff that usedsIntel, Linux and proprietary orchestration but that price bracket is higher and has different feature sets.
 
eddief1 said:
The last time I did this was in the ADSL days so stuff might have changed

The issue you going to have with load balancing is that your 3 public IP's are different - so if you doing per packet or per a connection load balancing a website will keep logging you out because there are requests from different IP's-among other issues.

You could of course do per source IP load-balancing so PC1 users connection1, PC2 uses connection 2, etc

The other issue is how does one detect for example packet loss - you would need to script this on the mikrotik

This is sort of why SD-wan stuff exists.

You could also do 3X wireguard tunnels to a hosted VPS/Server and do per packet over the 3 links and deal with packet loss via some other means-at least this way your public IP does not change.

lots to consider. :ROFL:
Click to expand...
You have it well described but the big issue is putting packets back in order on the far side. You need an algorithm that is fast as they will all be out of order. Basically use a tree and not a table.
Unluckily that is a bridge too far on a Mikrotik as it's not designed for that processing. But it can do failover well. But expect many a sleepless night if you going to do it yourself using scripts.
Rather use the stuff Hannes has developed which I referenced it the post above.
 
r00igev@@r said:
You have it well described but the big issue is putting packets back in order on the far side. You need an algorithm that is fast as they will all be out of order. Basically use a tree and not a table.
Unluckily that is a bridge too far on a Mikrotik as it's not designed for that processing. But it can do failover well. But expect many a sleepless night if you going to do it yourself using scripts.
Rather use the stuff Hannes has developed which I referenced it the post above.
Click to expand...
Nice one - i forgot about the out of order packets
 
Tulipdame said:
Hello everyone!
I am still an extreme noob and was hoping I'd get some answers here.

I have three internet lines (yes, three, because we have no fiber in town and everything else is unstable so I have different types so I can hopefully have internet at all times).

1. Pure DSL through Afrihost - Run through a TP Link modem
I have my access details and can access the TP link as well

2. Air Fiber through a local company - Run through a Ruijie RG-EW1200
I don't know exactly how air fiber works with accounts and such and I can't access the Ruijie.

3. Rain - run through a Huawei B525 router and connected to an external Poynting dish

Now, I purchased a Mikrotik hAP AC3 hoping to at least load balance the three lines and have only one wifi network (instead of 3-5 SSID's and needing to switch between them when one goes down).

Ether3, 4 and 5 are setup as WAN ports and are also removed from the original bridge.
One bridge, applied to ether2 and the two wifi signals.
IP/Addresses: the IP range for each ISP assigned to each port where their routers are connected.
IP/DHCP Client: each of the three ports, use peer dns and assigned their IP ranges from the ISP.
Firewall/Nat: defconf: masquerade and masquerade for each of the ports under Out. Interface.
Firewall/Mangle: I added 13 lines here. See the following video I followed to set them up (only changed the IP's for accepts to my mikrotik)

I have seen videos adding new PPPoE clients, but that didn't work for me at all. I have no PPPoE clients registered.

I have a few questions, please bare with me:

1. I have not setup any firewall settings on the Mikrotik - am I safe to assume this won't be necessary as I have not disabled any firewall settings from each line's actual router?

2. Can I setup the load balancer as well as failover? And how do I do this?
Currently, the Mikrotik prioritizes ether5 with Afrihost DSL, but if I unplug it (to simulate internet loss), it doesn't automatically redirect traffic through ether4 (air fiber).
I have internet through the Mikrotik (and if I speed test through it, it tests Afrihost (ether5 - priority) and delivers better results than the TP link where the DSL actually comes through. No idea why)

3. At another school, there was no need to setup any accounts on the gateway for air fiber. It was as if the radio used to connect the internet, applied settings itself. (I am sorry, I really am this useless here at the moment.).
Is this the case? Does air fiber apply settings itself through the radio, and if so, would I be able to simply remove the Ruijie and connect the air fiber directly into the Mikrotik? The Ruijie has a POE-out port to power the radio, but the Mikrotik also has one.

Also, the Mikrotik app and winbox shows packets going through all three lines. They just don't failover to the next available one immediately and I am unsure if it is actually load balancing.

I have seen people post the whole configuration log, but I have no idea how to export this in order to make it easier for anyone willing to help me. That is why I typed the stuff up before the questions.

Any assistance will be greatly appreciated.
Click to expand...
Failover is possible with netwatch and script that changes default gw weights. Failover when u manually unplug is just a case of default gw weights. With mangle and custom routing tables it is possible to get a measure of load balancing by:

1. Pushing certain services e.g. email, dns over a specific link

2. Pushing certain machines over specific links.


One can be achieved with static weighted routes to end points, or via mangle packet matching and sending the traffic to a routing table. Two can be achieved via mangle and custom routing tables.

Essentially u mark certain traffic (either by port or by source IP) and push it to a custom routing table that has a different default gateway.

I have this running in a few places, with dual or tri fibre lines.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter