MikroTik Load Balancing and Link Redundancy with PBR

In computer networking, the Load Balancing technique is used to send network traffic over multiple gateways. If you have multiple ISP connections available, you can use load balancing technique to establish a stable network. You may now ask, why will I use multiple ISP connections? What are the benefits to use multiple ISP connections in my network? For your satisfaction, the following points are some reasons to use load balancing technique in your network.

1. No ISP can give you 100% uptime guarantee. So, it will be better to use more than one ISP connection to ensure 100% uptime network.
2. Sometimes you may have dependency (such as Mail, IPPBX etc.) on your uplink ISP but their service is not so good. In this case, you can use another ISP which provides better service.
3. Your current ISP is better but high paid bandwidth. In this case, you can purchase another ISP bandwidth which is cheap but their connection is good, not better.

If these are your current status, it is suggested to configure a load balancing and link redundancy network with multiple gateways. MikroTik Router has various load balancing and link redundancy methods (such as ECMP method, PCC method and PBR method) to establish a stable network. Among these, PBR (Policy Based Routing) is simple but efficient method to make a stable load balancing and link redundancy network. In this article, I will discuss how to create a load balancing and link redundancy network over two WAN connections using Policy Based Routing in MikroTik Router.

Network Diagram

To configure a load balancing and link redundancy network with Policy Based Routing (PBR), I am following a network diagram like the below image.

In this network, MikroTik Router’s ether1 port is connected to ISP1having IP network 192.168.30.0/30 and ether2 port is connected to ISP2 having IP network 172.30.30./30. On the other hand, ether3 port is connected to LAN network and its IP networks are 10.10.10.0/24 and 10.10.20.0/24 (categorized by GroupA and GroupB respectively). PC-1 and PC-2 are two LAN workstations. PC-1 is under GroupA network and PC-2 is under GroupB network.

After PBR load balancing and link redundancy configuration, GroupA traffics will pass through WAN1 connection and GroupB traffic will pass through WAN2 connection. If WAN1 is disconnected for any unwanted reason, all traffics (from GrpupA and GroupB) will pass through WAN2 connection until the WAN1connection comes back again. Similarly, if WAN2 is disconnected, all traffics (from GrpupA and GroupB) will pass through WAN1 connection and ensure a link redundancy network.

Load Balancing and Link Redundancy Configuration in MikroTik Router

 We will now start load balancing and link redundancy configuration in MikroTik Router according to the above network diagram. Complete configuration can be divided into the following five steps.

• Renaming interface name
• Assigning WAN and LAN IP
• Assigning DNS IP
• Firewall configuration and
• Routing configuration

Step 1: Renaming Interface Name

We will first rename interface name to understand and remember the configuration easily. The following steps will show how to rename MikroTik interface name.

• Login to MikroTik Router using Winbox with the full permission user privilege.
• Click on Interfaces menu item. Interface List window will appear.
• Double click on ether1 interface. The properties window of the ether1 interface will appear.
• Put WAN1 in Name input field under General tab and then click Apply and OK button.
• Similarly, rename ether2 to WAN2 and ether3 to LAN.
• Your Interface List window will look like the below image.

Step 2: Assigning WAN and LAN IP

 We will now assign WAN and LAN IP addresses on our respected interface. The following steps will show how to assign IP address on MikroTik Router’s interfaces.

• Go to IP > Addresses menu item. Address List window will appear.
• Click on PLUS SIGN (+) and put ISP1 provided IP address (192.168.30.2/30) in Address input field.
• Choose WAN1 from Interface dropdown menu and click Apply and OK button.
• Similarly, Click on PLUS SIGN (+) again and put ISP2 provided IP address (172.30.30.2/30) in Address input field and choose WAN2 from interface dropdown menu and then click Apply and OK button.
• Click on PLUS SIGN (+) again and put the gateway IP (10.10.10.1/24) for the GroupA workstations in Address input field and choose LAN from Interface drop down menu and then click Apply and OK button.
• Similarly, click on PLUS SIGN (+) again and put the gateway IP (10.10.20.1/24) for the GroupB workstations in Address input field and choose LAN from Interface drop down menu and then click Apply and OK button.
• Your Address List window will look like the below image.

Step 3: Assigning DNS IP

DNS is required to resolve domain name to IP address. Without DNS server MikroTik Router cannot resolve domain name to IP address and fail to communicate with the public domain server. The following steps will show how to assign DNS IP in MikroTik Router.

• Go to IP > DNS menu item. DNS Settings window will appear.
• Put your DNS server IP provided by your ISP or put Google public DNS Server IP 8.8.8in Servers input field.
• Click Apply and OK button.

Step 4: Firewall Configuration

Firewall is the place where we will create Policy for load balancing and link redundancy. In Firewall, we will do the following three types of configurations.

NATing Configuration

The local user cannot communicate with the public servers without masquerade NATing configuration. So, do the following steps to configure masquerade NAT in MikroTik Router.

• Go to IP > Firewall menu item. Firewall window will appear.
• Click on NAT tab and then click on PLUS SIGN (+). New NAT Rule window will appear.
• Choose srcnat from Chain dropdown menu under General tab.
• Click on Action tab and choose masquerade from Action dropdown menu.
• Click Apply and OK button.

Address Lists Configuration

We will now create our desired network groups in Firewall Address List. The following steps will show how to create network groups using Firewall Address List features.

• Click on Address Lists tab from Firewall window and click on PLUS SIGN (+). New Firewall Address List window will appear.
• Put your first group name (GroupA_Block) in Name input field.
• Put your first group network block (10.10.10.0/24) in Address input field.
• Click Apply and OK button.
• Similarly, create second group (GroupB_Block) for second network block (10.10.20.0/24).
• At last, create another group (Local_Block) and put whole network block (10.0.0.0/8) to select both the above network blocks.
• Your Firewall Address Lists window will look like the below image.

Mangle Rule Configuration

Mangle Rule creates policy for Policy Based Routing. As we have two groups, we will create two Mangle Rules to mark two different routing. The following steps will show how to create Mangle Rule to mark routing for incoming packets from LAN interface.

• Click on Mangle tab and then click on PLUS SIGN (+). New Mangle Rule window will appear.
• Choose prerouting from Chain dropdown menu under General tab.
• Click on Advanced tab and choose your first group (GroupA_Block) from Src Address List dropdown menu
• Choose whole network block (Local_Block) from Dst. Address List and click on invert or not box.
• Click on Action tab and choose mark routing option from Action dropdown menu and put a name (to_WAN1) for this routing mark and uncheck the Passthrough checkbox.
• Click Apply and OK button.
• Similarly, click on PLUS SIGN (+) again and choose prerouting from Chain dropdown menu under General tab. From Advanced tab, choose your second group (GroupB_Block) from Src Address List dropdown menu and choose whole network block (Local_Block) from Dst Address List dropdown menu. Don’t forget to click on invert or not box in Dst. Address List option. Click Apply and OK button.
• Your Mangle List window will look like the below image.

Step 5: Routing Configuration

After creating policy using Mangle rule, we will now configure routing based on created policy and pass different groups to different WAN connections. The following steps will show how to create policy based routing in MikroTik Router.

• Go to IP > Routes menu item. Route List window will appear.
• Click on PLUS SIGN (+). New Route window will appear.
• Click on Gateway input field and put WAN1 gateway IP (192.168.30.1) in this field.
• Click on Check Gateway input field and choose ping from dropdown menu.
• Click on Distance input field and put value 1 in this field.
• Click on Routing Mark input field and choose to_WAN1 from dropdown menu.
• Click Apply and OK button.
• Similarly, click on PLUS SIGN (+) again and put WAN2 gateway IP (172.30.30.1) in Gateway input field and choose ping from Check Gateway dropdown menu and put value 1 in Distance input field and choose to_WAN2 from Routing Mark dropdown menu and then Click Apply and OK button.
• Now click on PLUS SIGN (+) again and put WAN1 gateway IP (192.168.30.1) in Gateway input field and choose ping from Check Gateway dropdown menu and put value 1 in Distance input field and then click Apply and OK button .
• Similarly, click on PLUS SIGN (+) again and put WAN2 gateway IP (172.30.30.1) in Gateway input field and choose ping from Check Gateway dropdown menu and put value 2 in Distance input field and then click Apply and OK button .
• Your Route List window will look like the below image.

Load Balancing and Link Redundancy configuration in MikroTik Router with Policy Based Routing has been completed. Now assign GroupA_Block IP to those users whose you want to pass through WAN1 connection and assign GroupB_Block IP to those users whose you want to pass through WAN2 connection. Being a link redundancy network, if the WAN1 connection goes down, all the network traffics (both GroupA snd GroupB) will pass through the WAN2 connection and if the WAN2 connection goes down, traffic will pass through the WAN1connection.

If you face any confusion to follow the above steps properly, watch the following video about MikroTik Load Balancing with Failover using Policy Based Routing. I hope it will reduce your any confusion.

How to configure Load Balancing and Link Redundancy network in MikroTik Router with Policy Based Routing has been discussed in this article. I hope you will now be able to configure a load balancing and link redundancy network with Policy Based Routing. However, if you face any confusion, feel free to discuss in comment or contact with me from Contact page.  I will try my best to stay with you.