Konfiguracja mikrotik 2x WAN + load balancing

Konfiguracja krok po kroku, mirotik ( Konfiguracja mikrotik 2x WAN + load balancing  )

Założenia:

2x WAN
1x LAN ( w konfiguracji bridge z portami LAN + WLAN ),

Cel:

+ Failover na dwa łącza ( jedno nie działa uruchamia się drugie ),
+ Load balancing ( markowanie ruchu – przekierowanie część ruchu na jedno lub drugie łącze )

Wykonanie:

– LAN : 192.168.0.0
– WAN1 : 192.168.1.0 gateway: 192.168.1.1
– WAN2 : 192.168.2.0 gateway: 192.168.2.1

/ip address


add address=192.168.0.1/24 disabled=no interface=LAN network=192.168.0.0
add address=192.168.1.2/24 disabled=no interface=WAN1 network=192.168.1.0
add address=192.168.2.2/24 disabled=no interface=WAN2 network=192.168.2.0

 

/ip dns

set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=208.67.222.222,202.141.224.34

 

/ip firewall mangle

add action=accept chain=prerouting disabled=no dst-address=192.168.1.0/24 in-interface=LAN

add action=accept chain=prerouting disabled=no dst-address=192.168.2.0/24 in-interface=LAN

add action=mark-connection chain=input disabled=no in-interface=WAN1 new-connection-mark=WAN1_mark passthrough=yes

add action=mark-connection chain=input disabled=no in-interface=WAN2 new-connection-mark=WAN2_mark passthrough=yes

add action=mark-routing chain=output connection-mark=WAN1_mark disabled=no new-routing-mark=to_ISP1 passthrough=yes

add action=mark-routing chain=output connection-mark=WAN2_mark disabled=no new-routing-mark=to_ISP2 passthrough=yes

add action=mark-connection chain=prerouting disabled=no dst-address-type=!local in-interface=LAN new-connection-mark=WAN1_mark passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0

add action=mark-connection chain=prerouting disabled=no dst-address-type=!local in-interface=LAN new-connection-mark=WAN2_mark passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1

add action=mark-routing chain=prerouting connection-mark=WAN1_mark disabled=no in-interface=LAN new-routing-mark=to_ISP1 passthrough=yes

add action=mark-routing chain=prerouting connection-mark=WAN2_mark disabled=no in-interface=LAN new-routing-mark=to_ISP2 passthrough=yes

 

# Default masquerade rule for both WAN links

 

/ip firewall nat

add action=masquerade chain=srcnat disabled=no out-interface=WAN1

add action=masquerade chain=srcnat disabled=no out-interface=WAN2

 

 

###   ROUTE SECTION   ###

### Magic begins here

 

/ip route

 

# Adding static routes for Google/TW which will be used further below to test both WAN link connectivity

add dst-address=8.8.8.8 gateway=192.168.1.1 scope=10

add dst-address=221.132.112.8 gateway=192.168.2.1 scope=10

## Now we create route for PCC marked packets routing mark:

 

add distance=1 gateway=8.8.8.8 routing-mark=to_ISP1 check-gateway=ping

add distance=2 gateway=221.132.112.8 routing-mark=to_ISP2 check-gateway=ping

 

## Create destinations to "virtual" hops to be use in further routes

add dst-address=10.0.0.1 gateway=8.8.8.8 scope=10 target-scope=10 check-gateway=ping

add dst-address=10.0.0.2 gateway=221.132.112.8 scope=10 target-scope=10 check-gateway=ping

 

## Add default routes for both isp's marked packets by PCC mangle section

add distance=1 gateway=10.0.0.1 routing-mark=to_ISP1

add distance=2 gateway=10.0.0.2 routing-mark=to_ISP2

 

## Add default routes for no routing marks , For router itself

add distance=1 gateway=10.0.0.1

add distance=2 gateway=10.0.0.2