How to Load Balance PCC and Failover on Mikrotik
To configure load balancing with PCC (Per Connection Classifier) and failover on a Mikrotik router, here's a step-by-step overview:
1. Interface and IP Setup
- Assign IP addresses to your WAN interfaces (e.g., WAN1 and WAN2) and your LAN interface.
- Configure gateways for the WAN connections.
2. DNS Configuration
- Add reliable DNS servers under **IP > DNS** to ensure proper name resolution.
3. Mangle Rules Creation
- Navigate to IP > Firewall > Mangle
- Create rules to mark connections and routing for each WAN based on PCC settings, such as dividing traffic by source or destination IP ranges. Example of PCC rules:
For WAN1:
- Match specific connections ('src-address' or 'dst-address').
- Use 'per-connection-classifier=src-address:2/0` to mark traffic.
For WAN2:
- Similar rule but change 'per-connection-classifier=src-address:2/1'.
4. Routing Table Configuration
- Go to IP > Routes
- Add routing rules for both WAN connections using the marked routing information.
- Assign different distances for failover. For example:
- WAN1: Distance 1.
- WAN2: Distance 2 (secondary route for failover).
5. Testing Load Balancing and Failover
- Disconnect one WAN link to verify that failover works properly.
- Monitor traffic to ensure connections are distributed between both WANs.
### Example Outcome:
- Traffic will be distributed evenly across both WANs based on the PCC rules.
- If one WAN link fails, traffic will automatically shift to the remaining active connection.
a simple configuration example is as follows:
# Adress-list
/ip firewall address-list
add address=192.168.0.0/16 list=LOCAL-IP
add address=172.16.0.0/12 list=LOCAL-IP
add address=10.0.0.0/8 list=LOCAL-IP
# Firewall nat
/ip firewall nat
add chain=srcnat out-interface="wan1" action=masquerade
add chain=srcnat out-interface="wan2" action=masquerade
# Mangle rules to mark traffic
/ip firewall mangle
add action=mark-connection chain=input in-interface="wan1" new-connection-mark="cm-wan1" passthrough=yes
add action=mark-connection chain=input in-interface="wan2" new-connection-mark="cm-wan2" passthrough=yes
add action=mark-routing chain=output connection-mark="cm-wan1" new-routing-mark="to-wan1" passthrough=yes
add action=mark-routing chain=output connection-mark="cm-wan2" new-routing-mark="to-wan2" passthrough=yes
add action=mark-connection chain=prerouting dst-address-list=!LOCAL-IP dst-address-type=!local new-connection-mark="cm-wan1" passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 src-address-list=LOCAL-IP
add action=mark-connection chain=prerouting dst-address-list=!LOCAL-IP dst-address-type=!local new-connection-mark="cm-wan2" passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 src-address-list=LOCAL-IP
add action=mark-routing chain=prerouting connection-mark="cm-wan1" dst-address-list=!LOCAL-IP new-routing-mark="to-wan1" passthrough=yes src-address-list=LOCAL-IP
add action=mark-routing chain=prerouting connection-mark="cm-wan2" dst-address-list=!LOCAL-IP new-routing-mark="to-wan2" passthrough=yes src-address-list=LOCAL-IP
# Route Gateway
/ip route
add check-gateway=ping comment=isp1 distance=1 gateway=1.1.1.1 routing-mark=\
to-ether1 target-scope=30
add comment="backup isp2" distance=2 gateway=gateway_address_isp2 routing-mark=\
to-ether1
add check-gateway=ping comment=isp2 distance=1 gateway=8.8.8.8 routing-mark=\
to-ether2 target-scope=30
add comment="backup isp1" distance=2 gateway=gateway_address_isp1 routing-mark=\
to-ether2
add check-gateway=ping distance=1 gateway=gateway_address_isp1
add check-gateway=ping distance=2 gateway=gateway_address_isp2
add distance=1 dst-address=1.1.1.1/32 gateway=gateway_address_isp1
add distance=1 dst-address=8.8.8.8/32 gateway=gateway_address_isp2