Konfiguracja krok po kroku, mirotik ( Konfiguracja mikrotik 2x WAN + load balancing  )

Założenia:

2x WAN
1x LAN ( w konfiguracji bridge z portami LAN + WLAN ),

Cel:

+ Failover na dwa łącza ( jedno nie działa uruchamia się drugie ),
+ Load balancing ( markowanie ruchu – przekierowanie część ruchu na jedno lub drugie łącze )

Wykonanie:

– LAN : 192.168.0.0
– WAN1 : 192.168.1.0 gateway: 192.168.1.1
– WAN2 : 192.168.2.0 gateway: 192.168.2.1

 

/ip address
add address=192.168.0.1/24 disabled=no interface=LAN network=192.168.0.0
add address=192.168.1.2/24 disabled=no interface=WAN1 network=192.168.1.0
add address=192.168.2.2/24 disabled=no interface=WAN2 network=192.168.2.0
 
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=208.67.222.222,202.141.224.34
 
/ip firewall mangle
add action=accept chain=prerouting disabled=no dst-address=192.168.1.0/24 in-interface=LAN
add action=accept chain=prerouting disabled=no dst-address=192.168.2.0/24 in-interface=LAN
add action=mark-connection chain=input disabled=no in-interface=WAN1 new-connection-mark=WAN1_mark passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=WAN2 new-connection-mark=WAN2_mark passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_mark disabled=no new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_mark disabled=no new-routing-mark=to_ISP2 passthrough=yes
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local in-interface=LAN new-connection-mark=WAN1_mark passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local in-interface=LAN new-connection-mark=WAN2_mark passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_mark disabled=no in-interface=LAN new-routing-mark=to_ISP1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_mark disabled=no in-interface=LAN new-routing-mark=to_ISP2 passthrough=yes
 
# Default masquerade rule for both WAN links
 
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=WAN1
add action=masquerade chain=srcnat disabled=no out-interface=WAN2
 
 
###   ROUTE SECTION   ###
### Magic begins here
 
/ip route
 
# Adding static routes for Google/TW which will be used further below to test both WAN link connectivity
add dst-address=8.8.8.8 gateway=192.168.1.1 scope=10
add dst-address=221.132.112.8 gateway=192.168.2.1 scope=10
## Now we create route for PCC marked packets routing mark:
 
add distance=1 gateway=8.8.8.8 routing-mark=to_ISP1 check-gateway=ping
add distance=2 gateway=221.132.112.8 routing-mark=to_ISP2 check-gateway=ping
 
## Create destinations to "virtual" hops to be use in further routes
add dst-address=10.0.0.1 gateway=8.8.8.8 scope=10 target-scope=10 check-gateway=ping
add dst-address=10.0.0.2 gateway=221.132.112.8 scope=10 target-scope=10 check-gateway=ping
 
## Add default routes for both isp's marked packets by PCC mangle section
add distance=1 gateway=10.0.0.1 routing-mark=to_ISP1
add distance=2 gateway=10.0.0.2 routing-mark=to_ISP2
 
## Add default routes for no routing marks , For router itself
add distance=1 gateway=10.0.0.1
add distance=2 gateway=10.0.0.2