MikroTik PCC Load Balancing over Unequal Dual WAN Links

Abu Sayeed

6 years ago

Hi, you are here means you are finding a Load Balancing and Link Redundancy solution with Unequal WAN links in your MikroTik Router. If so, it is your right place. In my previous article I discussed how to configure a Dual WAN Load Balancing and Link Redundancy network using PCC method but it was assumed that both WAN links have equal bandwidth. But in real situation, you may have unequal WAN links such as ISP1 may have 10MB bandwidth and ISP2 may have 20MB bandwidth. In this case, PCC Load Balancing and Link Redundancy configuration will be a little bit different. So, in this article I will show how to configure Load Balancing and Link Redundancy network using PCC method which will have unequal Dual WAN connections.

Core Devices and IP Information

To configure a load balancing with failover network, I am using MikroTik RouterOS v6.38.1 that has two ISP connections and a LAN network. IP information that I am using for this network configuration are given below.

ISP1 IP 192.168.30.2/30 and Gateway IP 192.168.30.1
ISP2 IP 192.168.60.2/30 and Gateway IP 192.168.60.1
LAN network: 10.10.70.0/24 and LAN Gateway IP 10.10.70.1/24
DNS IP: 8.8.8.8 and 8.8.4.4

This IP information is just for my RND purpose. Change this information according to your network requirements.

Network Diagram

To configure a Load Balancing and Link Redundancy network with MikroTik RouterOS, I am following a network diagram like below image.

MikroTik PCC Load Balancing over Unequal WAN

In this network, MikroTik Router’s 1st Interface (ether1) is connected to ISP1 having IP Address 192.168.30.2/30 and 10 Mbps bandwidth and 2^nd Interface (ether2) is connected to ISP2 having IP Address 192.168.60.2/30 and 20 Mbps bandwidth. In real network these IP Addresses should replace with your ISP given public IP Address. Again, 3^rd Interface (ether3) is connected to LAN having IP network 10.10.70.0/24.

We will configure Dual WAN Load Balancing and Link Redundancy in this MikroTik Router using PCC method and after PCC configuration MikroTik will pass one third LAN traffic through ISP1 connection and two third LAN traffic through ISP2 connection and if any ISP is disconnected, other ISP will be used to pass all LAN traffic until the disconnected ISP becomes alive. If disconnected ISP becomes alive, both ISP will be used to pass LAN traffic again automatically.

MikroTik Load Balancing with Failover Configuration over Unequal WAN Links

We will now configure PCC Load Balancing with failover according to our above network diagram. Complete configuration can be divided into the following four parts.

MikroTik Router basic configuration
Creating Mangle rule
Policy based routing configuration
NAT configuration

Part 1: MikroTik Router Basic Configuration

In the basic part, we will assign 1^st WAN IP address given from ISP1, 2^nd WAN IP address given from ISP2, LAN gateway and DNS. The following steps will show how to perform these steps in MikroTik Router.

Login to MikroTik Router with winbox by admin privilege credential.
Click on Interfaces menu item. Interface List window will appear.
Double click on ether1 interface and rename it as ISP1 and then click Apply and OK button. Similarly, click on ether2 interface and rename it as ISP2 and then click Apply and OK button. Again, click on ether3 interface and rename it as LAN and then click Apply and OK button.
Go to IP > Addresses menu item and click on PLUS SIGN (+). In New Address window, put ISP1 IP address (192.168.30.2/30) in Address input field and choose ISP1 from Interface dropdown menu and then click on Apply and OK button.
Similarly, click on PLUS SIGN (+). In New Address window, put ISP2 IP address (192.168.60.2/30) in Address input field and choose ISP2 from Interface dropdown menu and then click on Apply and OK button.
Again, click on PLUS SIGN (+). In New Address window, put LAN Gateway IP address (10.10.70.1/24) in Address input field and choose LAN from Interface dropdown menu and then click on Apply and OK button.
Go to IP > DNS menu item and put DNS IP (8.8.8.8) in Servers input field and click Apply and OK button.

Alternatively, you can run below command from MikroTik CLI.

/interfaceset “ether1″ name=”ISP1”

set “ether2″ name=”ISP2”

set “ether3″ name=”LAN”

/ ip address

add address=192.168.30.2/30 interface=ISP1

add address=192.168.60.2/30 interface=ISP2

add address=10.10.70.1/24 interface=LAN

MikroTik Router basic configuration has been completed. Now we will create Mangle rule to mark connection and routing.

Part 2: Creating Mangle Rule

Mangle rule is used to mark packet for proper routing. In this part we will create various mangle rules that will help to mark connection and routing and pass different network traffics to different WAN connections. Go to IP > Firewall menu item and click on Mangle tab and create the following 10 rules as indicated.

Click on PLUS SIGN (+). New Mangle Rule window will appear. Click on General tab and choose prerouting from Chain dropdown menu and put ISP1 network address (192.168.30.0/30) in Dst. Address input and then choose LAN from In. Interface dropdown menu. Now click on Action tab and choose accept from Action dropdown menu and then click on Apply and OK button.
Click on PLUS SIGN (+). New Mangle Rule window will appear. Click on General tab and choose prerouting from Chain dropdown menu and put ISP2 network address (192.168.60.0/30) in Dst. Address input and then choose LAN from In. Interface dropdown menu. Now click on Action tab and choose accept from Action dropdown menu and then click on Apply and OK button.
Click on PLUS SIGN (+). New Mangle Rule window will appear. Click on General tab and choose prerouting from Chain dropdown menu and choose ISP1 from In. Interface dropdown menu and then choose no-mark from Connection Mark dropdown menu. Now click on Action tab and choose mark connection from Action dropdown menu and put a connection mark name (ISP1_conn) in New Connection Mark input field. Uncheck Passthrough checkbox if it is checked. Click on Apply and OK button.
Click on PLUS SIGN (+). New Mangle Rule window will appear. Click on General tab and choose prerouting from Chain dropdown menu and choose ISP2 from In. Interface dropdown menu and then choose no-mark from Connection Mark dropdown menu. Now click on Action tab and choose mark connection from Action dropdown menu and put a connection mark name (ISP2_conn) in New Connection Mark input field. Uncheck Passthrough checkbox if it is checked. Click on Apply and OK button.
Click on PLUS SIGN (+). New Mangle Rule window will appear. Click on General tab and choose prerouting from Chain dropdown menu and choose LAN from In. Interface dropdown menu and then choose no-mark from Connection Mark dropdown menu. Click on Advanced tab and choose both addresses from Per Connection Classifier dropdown menu and put 2 in next 1^st input field and 0 in 2^nd input field. Click on Extra tab and click on Dst. Address Type option and choose local from Address Type dropdown menu and then click on Invert checkbox. Click on Action tab and choose mark connection from Action dropdown menu and put a connection mark name (ISP1_conn) in New Connection Mark input field. Uncheck Passthrough checkbox if it is checked. Click on Apply and OK button.
Click on PLUS SIGN (+). New Mangle Rule window will appear. Click on General tab and choose prerouting from Chain dropdown menu and choose LAN from In. Interface dropdown menu and then choose no-mark from Connection Mark dropdown menu. Click on Advanced tab and choose both addresses from Per Connection Classifier dropdown menu and put 2 in next 1^st input field and 1 in 2^nd input field. Click on Extra tab and click on Dst. Address Type option and choose local from Address Type dropdown menu and then click on Invert checkbox. Click on Action tab and choose mark connection from Action dropdown menu and put a connection mark name (ISP2_conn) in New Connection Mark input field. Uncheck Passthrough checkbox if it is checked. Click on Apply and OK button.
Click on PLUS SIGN (+). New Mangle Rule window will appear. Click on General tab and choose prerouting from Chain dropdown menu and choose LAN from In. Interface dropdown menu and then choose no-mark from Connection Mark dropdown menu. Click on Advanced tab and choose both addresses from Per Connection Classifier dropdown menu and put 2 in next 1^st input field and 2 in 2^nd input field. Click on Extra tab and click on Dst. Address Type option and choose local from Address Type dropdown menu and then click on Invert checkbox. Click on Action tab and choose mark connection from Action dropdown menu and put a connection mark name (ISP2_conn) in New Connection Mark input field. Uncheck Passthrough checkbox if it is checked. Click on Apply and OK button.
Click on PLUS SIGN (+). New Mangle Rule window will appear. Click on General tab and choose prerouting from Chain dropdown menu and choose LAN from In. Interface dropdown menu and then choose ISP1_conn from Connection Mark dropdown menu. Now click on Action tab and choose mark routing from Action dropdown menu and put a routing mark name (to_ISP1) in New Routing Mark input field. Uncheck Passthrough checkbox if it is checked. Click on Apply and OK button.
Click on PLUS SIGN (+). New Mangle Rule window will appear. Click on General tab and choose prerouting from Chain dropdown menu and choose LAN from In. Interface dropdown menu and then choose ISP2_conn from Connection Mark dropdown menu. Now click on Action tab and choose mark routing from Action dropdown menu and put a routing mark name (to_ISP2) in New Routing Mark input field. Uncheck Passthrough checkbox if it is checked. Click on Apply and OK button.
Click on PLUS SIGN (+). New Mangle Rule window will appear. Click on General tab and choose output from Chain dropdown menu and then choose ISP1_conn from Connection Mark dropdown menu. Now click on Action tab and choose mark routing from Action dropdown menu and put a routing mark name (to_ISP1) in New Routing Mark input field. Uncheck Passthrough checkbox if it is checked. Click on Apply and OK button.
Click on PLUS SIGN (+). New Mangle Rule window will appear. Click on General tab and choose output from Chain dropdown menu and then choose ISP2_conn from Connection Mark dropdown menu. Now click on Action tab and choose mark routing from Action dropdown menu and put a routing mark name (to_ISP2) in New Routing Mark input field. Uncheck Passthrough checkbox if it is checked. Click on Apply and OK button.

Alternatively, you can run below command from MikroTik CLI.

/ ip firewall mangleadd chain=prerouting dst-address=192.168.30.0/30 action=accept in-interface=LAN

add chain=prerouting dst-address=192.168.60.0/30 action=accept in-interface=LAN

add chain=prerouting in-interface=ISP1 connection-mark=no-mark action=mark-connection \

new-connection-mark=ISP1_conn

add chain=prerouting in-interface=ISP2 connection-mark=no-mark action=mark-connection \

new-connection-mark=ISP2_conn

add chain=prerouting in-interface=LAN connection-mark=no-mark dst-address-type=!local \

per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=ISP1_conn

add chain=prerouting in-interface=LAN connection-mark=no-mark dst-address-type=!local \

per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=ISP2_conn

add chain=prerouting in-interface=LAN connection-mark=no-mark dst-address-type=!local \

per-connection-classifier=both-addresses:2/2 action=mark-connection new-connection-mark=ISP2_conn

add chain=prerouting connection-mark=ISP1_conn in-interface=LAN action=mark-routing \

new-routing-mark=to_ISP1

add chain=prerouting connection-mark=ISP2_conn in-interface=LAN action=mark-routing \

new-routing-mark=to_ISP2

add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=to_ISP1

add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=to_ISP2

Mangle rules for matching and marking packets has been created successfully. Now we will configure policy based routing so that marked packet can be routed properly through appropriate ISP connection.

Part 3: Policy Based Routing Configuration

Mangle rules that we have created will mark connection but do not do anything in routing. To pass marked connection to appropriate ISP connection, we need to configure policy based routing. The following steps will show how to configure policy based routing for the marked connection.

Go to IP > Routes menu item. Route List window will appear.
Click on PLUS SIGN (+). New Route window will appear. Put ISP1 gateway address (192.168.30.1) in Gateway input field. Choose ping from Check Gateway dropdown menu. Choose ISP1 routing mark (to_ISP1) from Routing Mark dropdown menu. Click Apply and OK button.
Click on PLUS SIGN (+). New Route window will appear. Put ISP2 gateway address (192.168.60.1) in Gateway input field. Choose ping from Check Gateway dropdown menu. Choose ISP2 routing mark (to_ISP2) from Routing Mark dropdown menu. Click Apply and OK button.
Click on PLUS SIGN (+). New Route window will appear. Put ISP1 gateway address (192.168.30.1) in Gateway input field. Choose ping from Check Gateway dropdown menu. Put 1 in Distance input field and Click Apply and OK button.
Click on PLUS SIGN (+). New Route window will appear. Put ISP2 gateway address (192.168.60.1) in Gateway input field. Choose ping from Check Gateway dropdown menu. Put 2 in Distance input field and Click Apply and OK button.

Alternatively, you can run below command from MikroTik CLI.

/ ip routeadd dst-address=0.0.0.0/0 gateway=192.168.30.1 routing-mark=to_ISP1 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=192.168.60.1 routing-mark=to_ISP2 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=192.168.30.1 distance=1 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=192.168.60.1 distance=2 check-gateway=ping

Routing configuration for selecting proper ISP has been completed. Now we need to configure NATing so that LAN traffic can reach to internet.

Part 4: NAT Configuration

In last part, we will configure NATing. Otherwise LAN user cannot reach to internet through MikroTik Router. The following steps will guide how to configure NAT in MikroTik Router for a specific ISP connection.

Go to IP > Firewall menu item and click on NAT tab.
Click on PLUS SIGN (+). New NAT Rule window will appear. In General tab, choose srcnat from Chain dropdown menu and choose ISP1 from Out. Interface dropdown menu. Click on Action tab and choose masquerade from Action dropdown menu and click Apply and OK button.
Similarly, click on PLUS SIGN (+) again. New NAT Rule window will appear. In General tab, choose srcnat from Chain dropdown menu and choose ISP2 from Out. Interface dropdown menu. Click on Action tab and choose masquerade from Action dropdown menu and click Apply and OK button.

Alternatively, you can run below command from MikroTik CLI.

/ ip firewall natadd chain=srcnat out-interface=ISP1 action=masquerade

add chain=srcnat out-interface=ISP2 action=masquerade

NAT configuration as well as all our configurations for PCC Load Balancing and Link Redundancy has been completed. Now LAN user will get uninterrupted internet connection until both ISP connection is lost.

MikroTik Unequal Dual WAN Load Balancing and Link Redundancy using PCC have been discussed in this article from very beginning. I hope you will now be able to configure a 100% reliable Load Balancing and Link Redundancy network with your MikroTik Router using PCC method. However, if you face any confusion to apply PCC method, feel free to discuss in comment or contact with me from Contact page. I will try my best to stay with you.