RouterOS bonding: Difference between revisions
mNo edit summary |
mNo edit summary |
||
(12 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
<indicator name="Front">[[File:Menu-bonding.svg|link=:Category:Bonding|30px|Back up to the Bonding Page]]</indicator> |
|||
*Also see [[Router - RouterOS and Routerboard]] |
*Also see [[Router - RouterOS and Routerboard]] |
||
*[irc://irc.z.je/routerboard irc://irc.z.je/routerboard] - which is hosted on the same irc server that AAISP use and contains (among others) lots of AAISP customers using Mikrotik |
|||
*[[irc://irc.z.je/routerboard]] - |
|||
'' |
''Info below is submitted by a customer:'' |
||
==Notes from AAISP== |
|||
*If you are NATing, then ask support to set you up with a SINGLE WAN IP that is routed to all of your lines. That way, the download will be bonded from the AAISP end, and your routerboard will route traffic up all the lines and AAISP won't source filter. |
|||
*In most cases AAISP can provide a block of IP4 addresses, so you don't need to NAT. |
|||
*AAISP support bonding IPv6 in the same way as a block of IPv4 |
|||
==Notes from the Customer setup== |
|||
*These notes are taken from |
|||
**http://0hq.net/RB/ros.txt |
|||
**http://0hq.net/RB/ros2.txt |
|||
My set up - |
My set up - |
||
5 adsl links via A&A. 1 adsl link via Orange. 2 lan subnets and 1 wlan. |
5 adsl links via A&A. 1 adsl link via Orange. 2 lan subnets and 1 wlan. |
||
The A&A adsl links are bonded, Orange adsl is a backup route + home traffic. 1 lan subnet for |
|||
home the other for servers/company network. wlan for laptops via A&A. |
home the other for servers/company network. wlan for laptops via A&A. |
||
Line 15: | Line 31: | ||
console so you can then move on to using the GUI util winbox. Its far easier than trying to do |
console so you can then move on to using the GUI util winbox. Its far easier than trying to do |
||
everything via console. |
everything via console. |
||
If you are using a fresh out the box RB it will have factory default settings which can bite ya arse if you don't know what its doing in relation to these notes. So a system reset-configuration with no default config |
|||
console> password |
console> password |
||
Line 22: | Line 40: | ||
console> ip address add address=w.x.y.z/24 interface=ether9 |
console> ip address add address=w.x.y.z/24 interface=ether9 |
||
That's it. Now to move over to winbox. |
|||
Making sure your winbox pc is on the same subnet (w.x.y.0/24) access the router (in this |
Making sure your winbox pc is on the same subnet (w.x.y.0/24) access the router (in this |
||
case w.x.y.z username: admin password: <whatever you set it too> |
case w.x.y.z username: admin password: <whatever you set it too> |
||
==Setting up PPPoE |
==Setting up PPPoE== |
||
*Select Interfaces. |
*Select Interfaces. |
||
*Select Interface tab. Click the red '+' and select PPPoE client. |
*Select Interface tab. Click the red '+' and select PPPoE client. |
||
*In the window that popped up :- |
*In the window that popped up :- |
||
*Select General. Type a name (e.g A&A1). |
*Select General. Type a name (e.g. A&A1). |
||
*Max MTU (I've found I've had to set this to 1454* to get reasonable results). |
*Max MTU (I've found I've had to set this to 1454* to get reasonable results). |
||
** updated- mtu 1492 works just fine now |
** updated- mtu 1492 works just fine now |
||
*Interface : The interface where the adsl modem can be found. (e.g ether1) |
*Interface : The interface where the adsl modem can be found. (e.g. ether1) |
||
*Select Dial Out tab |
*Select Dial Out tab |
||
Line 42: | Line 60: | ||
*Password : ***** (your adsl login password) |
*Password : ***** (your adsl login password) |
||
*profile : Default |
*profile : Default |
||
*Dial On |
*Dial On Demand : unticked |
||
*Add |
*Add default Route : unticked |
||
*Use Peer DNS : ticked |
*Use Peer DNS : ticked |
||
*pap : ticked chap : ticked |
*pap : ticked chap : ticked |
||
*mschap1 : untick mschap2 : unticked |
*mschap1 : untick mschap2 : unticked |
||
Click apply and you should see in the bottom right corner of that interface window saying |
Click apply and you should see in the bottom right corner of that interface window saying dialing/authenticated/connected. |
||
⚫ | |||
dialing/authenticated/connected. |
|||
⚫ | |||
relivant details accordingly. |
|||
You now need to set up the 'mangle' section of 'IP firewall'. This is the part that marks the |
You now need to set up the 'mangle' section of 'IP firewall'. This is the part that marks the data packets ready for the desired outbound route. |
||
data packets ready for the desired outbound route. |
|||
Create a new mangle rule (click the red '+') |
Create a new mangle rule (click the red '+') |
||
Line 62: | Line 77: | ||
*Select the 'Extra' Tab |
*Select the 'Extra' Tab |
||
*Nth -> |
*Nth -> |
||
*Every : 5 (count every 5 packets - |
*Every : 5 (count every 5 packets - because I'm splitting the data across 5 lines) |
||
*Packet : 1 (1st packet out of 5) |
*Packet : 1 (1st packet out of 5) |
||
*Select 'Action' tab |
*Select 'Action' tab |
||
Line 71: | Line 86: | ||
Apply |
Apply |
||
Now I use the copy function again only this time I change 'Nth Packet' to '2' and 'New packet |
Now I use the copy function again only this time I change 'Nth Packet' to '2' and 'New packet mark : two'. |
||
mark : two'. |
|||
Keep repeating increasing the packet and mark till you get to (as in my setup of 5) 5/five. |
Keep repeating increasing the packet and mark till you get to (as in my setup of 5) 5/five. |
||
Now all packets coming in from ether9 are marked like this |
Now all packets coming in from ether9 are marked like this 'one,two,three,four,five,one,two,three..." and so on. We now need to mark the corresponding packets with the desired outbound route. e.g all packets marked 'one' go via 'A&A1', 'two' - A&A2 etc. |
||
'one,two,three,four,five,one,two,three..." and so on. We now need to mark the corresponding |
|||
packets with the desired outbound route. e.g all packets marked 'one' go via 'A&A1', 'two' - |
|||
A&A2 etc. |
|||
*IP Firewall - Mangle |
*IP Firewall - Mangle |
||
Line 91: | Line 102: | ||
Repeat for all packet marks (two, three, four, five) |
Repeat for all packet marks (two, three, four, five) |
||
At this point you maybe thinking.. "why not just do this section instead of marking the |
At this point you maybe thinking.. "why not just do this section instead of marking the packets first before marking them again for routing?" That's because I have more than 1 subnet that gets balanced in my setup. For every other subnet you only need to repeat the packet marking rules with the one, two, three etc. There's no need to repeat the routing marker rules. |
||
⚫ | |||
packets first before marking them again for routing?" Thats because I have more than 1 subnet that |
|||
gets balanced in my setup. For every other subnet you only need to repeat the packet marking |
|||
rules with the one, two, three etc. There's no need to repeat the routing marker rules. |
|||
⚫ | |||
wlan to use the packet making, the 2nd subnet (home lan) is marked to use the 'Orange' adsl |
|||
route. |
|||
Now the last bit to get the marked route packets out to the right adsl link. |
Now the last bit to get the marked route packets out to the right adsl link. |
||
You may have noticed in the PPPoE interface setups I did not tick |
You may have noticed in the PPPoE interface setups I did not tick "add default route", that's because I don't want the PPPoE to set up any default routes automatically otherwise everytime an adsl link drops and regains connection the default route will change. |
||
because I don't want the PPPoE to set up any default routes automatically otherwise everytime |
|||
an adsl link drops and regains connection the defualt route will change. |
|||
Ip Route |
Ip Route |
||
Line 109: | Line 113: | ||
*Add new route (click red +) |
*Add new route (click red +) |
||
*Destination : 0.0.0.0/0 |
*Destination : 0.0.0.0/0 |
||
*Gateway Interface : A&A1 (use the drop down menu to |
*Gateway Interface : A&A1 (use the drop down menu to select) |
||
*Check Gateway : Ping (used to see if the gateway is up) |
*Check Gateway : Ping (used to see if the gateway is up) |
||
*Routing Mark : one (again use the drop down menu to select) |
*Routing Mark : one (again use the drop down menu to select) |
||
Line 115: | Line 119: | ||
Now apply, copy and repeat for A&A2, A&A3 with routing mark two, three and so on. |
Now apply, copy and repeat for A&A2, A&A3 with routing mark two, three and so on. |
||
That now gets the data out but doesn't cover a default route should lines start to drop. |
That now gets the data out but doesn't cover a default route should lines start to drop. Rather than setting up 1 default route, set up all the adsl links with increasing distance. e.g. all the marked routing routes have a distance of 1 (default) |
||
Rather than setting up 1 default route, set up all the adsl links with increasing distance. |
|||
e.g all the marked routing routes have a distance of 1 (default) |
|||
create new routes like so.. |
create new routes like so.. |
||
Line 127: | Line 129: | ||
apply, copy repeat with A&A2, distance 3. A&A3, distance 4. |
apply, copy repeat with A&A2, distance 3. A&A3, distance 4. |
||
This doesn't balance the data should a line drop, all that happens is the data that should be |
This doesn't balance the data should a line drop, all that happens is the data that should be going over e.g. A&A1 will now go over A&A2 which will already be carrying A&A2 marked packets. Should A&A2 also drop then it means A&A3 will carry A&A1 and A&A2 etc. Again, it works for me |
||
going over e.g. A&A1 will now go over A&A2 which will already be carrying A&A2 marked packets. |
|||
Should A&A2 also drop then it means A&A3 will carry A&A1 and A&A2 etc. Again, it works for me |
|||
but there are probably more efficient ways of doing it. |
but there are probably more efficient ways of doing it. |
||
That hopefully covers the basics. I've not included the NAT portion on the home lan/Orange |
That hopefully covers the basics. I've not included the NAT portion on the home lan/Orange adsl nor backup of the server lan via orange as this is integrated via a tunneled firebrick. |
||
adsl nor backup of the server lan via orange as this is integrated via a tunneled firebrick. |
|||
''bazzer'' |
''bazzer'' |
||
[[Category: |
[[Category:3rd Party Routers|RouterOS]] |
||
[[Category:Bonding Configuration]] |
Latest revision as of 09:29, 19 March 2018
- Also see Router - RouterOS and Routerboard
- irc://irc.z.je/routerboard - which is hosted on the same irc server that AAISP use and contains (among others) lots of AAISP customers using Mikrotik
Info below is submitted by a customer:
Notes from AAISP
- If you are NATing, then ask support to set you up with a SINGLE WAN IP that is routed to all of your lines. That way, the download will be bonded from the AAISP end, and your routerboard will route traffic up all the lines and AAISP won't source filter.
- In most cases AAISP can provide a block of IP4 addresses, so you don't need to NAT.
- AAISP support bonding IPv6 in the same way as a block of IPv4
Notes from the Customer setup
- These notes are taken from
My set up - 5 adsl links via A&A. 1 adsl link via Orange. 2 lan subnets and 1 wlan. The A&A adsl links are bonded, Orange adsl is a backup route + home traffic. 1 lan subnet for home the other for servers/company network. wlan for laptops via A&A.
I use PPPoE to manage all the adsl links. I find it easier for managing and IPv6 is delivered past the non ipv6 compliant adsl routers/modems. *NOTE* RouterOS > 3.17 removed IPv6 over PPPoE claiming there was bug. No idea if / when a fix will arrive.
Starting with a fresh, unconfigured RB (Routerboard), configure a lan interface via console so you can then move on to using the GUI util winbox. Its far easier than trying to do everything via console.
If you are using a fresh out the box RB it will have factory default settings which can bite ya arse if you don't know what its doing in relation to these notes. So a system reset-configuration with no default config
console> password old: new: repeat: console> ip address add address=w.x.y.z/24 interface=ether9
That's it. Now to move over to winbox.
Making sure your winbox pc is on the same subnet (w.x.y.0/24) access the router (in this case w.x.y.z username: admin password: <whatever you set it too>
Setting up PPPoE
- Select Interfaces.
- Select Interface tab. Click the red '+' and select PPPoE client.
- In the window that popped up :-
- Select General. Type a name (e.g. A&A1).
- Max MTU (I've found I've had to set this to 1454* to get reasonable results).
- updated- mtu 1492 works just fine now
- Interface : The interface where the adsl modem can be found. (e.g. ether1)
- Select Dial Out tab
- Service : AAISP
- User : abc@a.1
- Password : ***** (your adsl login password)
- profile : Default
- Dial On Demand : unticked
- Add default Route : unticked
- Use Peer DNS : ticked
- pap : ticked chap : ticked
- mschap1 : untick mschap2 : unticked
Click apply and you should see in the bottom right corner of that interface window saying dialing/authenticated/connected. For multiple lines, I use the 'copy' feature to duplicate the PPPoE interfaces changing the relevant details accordingly.
You now need to set up the 'mangle' section of 'IP firewall'. This is the part that marks the data packets ready for the desired outbound route.
Create a new mangle rule (click the red '+')
- chain : prerouting
- Dst. Address : 0.0.0.0/0
- In. Interface ether9
- Select the 'Extra' Tab
- Nth ->
- Every : 5 (count every 5 packets - because I'm splitting the data across 5 lines)
- Packet : 1 (1st packet out of 5)
- Select 'Action' tab
- Action : mark packet
- New packet mark : one
- Pass through : ticked (this means the packet continues through the mangle ruling. unticked would mean to bypass anymore rules)
Apply
Now I use the copy function again only this time I change 'Nth Packet' to '2' and 'New packet mark : two'.
Keep repeating increasing the packet and mark till you get to (as in my setup of 5) 5/five.
Now all packets coming in from ether9 are marked like this 'one,two,three,four,five,one,two,three..." and so on. We now need to mark the corresponding packets with the desired outbound route. e.g all packets marked 'one' go via 'A&A1', 'two' - A&A2 etc.
- IP Firewall - Mangle
- New mangle rule
- Chain : prerouting
- packet Mark : one (selected from the drop down box)
- Action tab
Action : mark routing
- New Routing Mark : one
- Passthrough : unticked
Repeat for all packet marks (two, three, four, five) At this point you maybe thinking.. "why not just do this section instead of marking the packets first before marking them again for routing?" That's because I have more than 1 subnet that gets balanced in my setup. For every other subnet you only need to repeat the packet marking rules with the one, two, three etc. There's no need to repeat the routing marker rules. There may be better ways to do this but in my setup, it works. I configure 1 subnet and the wlan to use the packet making, the 2nd subnet (home lan) is marked to use the 'Orange' adsl route.
Now the last bit to get the marked route packets out to the right adsl link.
You may have noticed in the PPPoE interface setups I did not tick "add default route", that's because I don't want the PPPoE to set up any default routes automatically otherwise everytime an adsl link drops and regains connection the default route will change.
Ip Route
- Add new route (click red +)
- Destination : 0.0.0.0/0
- Gateway Interface : A&A1 (use the drop down menu to select)
- Check Gateway : Ping (used to see if the gateway is up)
- Routing Mark : one (again use the drop down menu to select)
Now apply, copy and repeat for A&A2, A&A3 with routing mark two, three and so on.
That now gets the data out but doesn't cover a default route should lines start to drop. Rather than setting up 1 default route, set up all the adsl links with increasing distance. e.g. all the marked routing routes have a distance of 1 (default)
create new routes like so..
- destination : 0.0.0.0/0
- Gateway Interface : A&A1
- Distance 2
apply, copy repeat with A&A2, distance 3. A&A3, distance 4.
This doesn't balance the data should a line drop, all that happens is the data that should be going over e.g. A&A1 will now go over A&A2 which will already be carrying A&A2 marked packets. Should A&A2 also drop then it means A&A3 will carry A&A1 and A&A2 etc. Again, it works for me but there are probably more efficient ways of doing it.
That hopefully covers the basics. I've not included the NAT portion on the home lan/Orange adsl nor backup of the server lan via orange as this is integrated via a tunneled firebrick.
bazzer