RouterOS bonding

From AAISP Support Site
Revision as of 21:24, 6 Ocak 2015 by Reedy (talk | contribs) (clean up, typos fixed: selct → select, Thats → That's (3), Thw → The, e.g → e.g. (3))

Info below is submitted by a customer:


Notes from AAISP

  • If you are NATing, then ask support to set you up with a SINGLE WAN IP that is routed to all of your lines. That way, the download will be bonded from the AAISP end, and your routerboard will route traffic up all the lines and AAISP won't source filter.
  • In most cases AAISP can provide a block of IP4 addresses, so you don't need to NAT.
  • AAISP support bonding IPv6 in the same way as a block of IPv4


Notes from the Customer setup

My set up - 5 adsl links via A&A. 1 adsl link via Orange. 2 lan subnets and 1 wlan. The A&A adsl links are bonded, Orange adsl is a backup route + home traffic. 1 lan subnet for home the other for servers/company network. wlan for laptops via A&A.

I use PPPoE to manage all the adsl links. I find it easier for managing and IPv6 is delivered past the non ipv6 compliant adsl routers/modems. *NOTE* RouterOS > 3.17 removed IPv6 over PPPoE claiming there was bug. No idea if / when a fix will arrive.

Starting with a fresh, unconfigured RB (Routerboard), configure a lan interface via console so you can then move on to using the GUI util winbox. Its far easier than trying to do everything via console.

If you are using a fresh out the box RB it will have factory default settings which can bite ya arse if you don't know what its doing in relation to these notes. So a system reset-configuration with no default config

console> password
old:
new:
repeat:
console> ip address add address=w.x.y.z/24 interface=ether9

That's it. Now to move over to winbox.

Making sure your winbox pc is on the same subnet (w.x.y.0/24) access the router (in this case w.x.y.z username: admin password: <whatever you set it too>

Setting up PPPoE

  • Select Interfaces.
  • Select Interface tab. Click the red '+' and select PPPoE client.
  • In the window that popped up :-
  • Select General. Type a name (e.g. A&A1).
  • Max MTU (I've found I've had to set this to 1454* to get reasonable results).
    • updated- mtu 1492 works just fine now
  • Interface : The interface where the adsl modem can be found. (e.g. ether1)
  • Select Dial Out tab
  • Service : AAISP
  • User : abc@a.1
  • Password : ***** (your adsl login password)
  • profile : Default
  • Dial On Demand : unticked
  • Add default Route : unticked
  • Use Peer DNS : ticked
  • pap : ticked chap : ticked
  • mschap1 : untick mschap2 : unticked

Click apply and you should see in the bottom right corner of that interface window saying dialing/authenticated/connected. For multiple lines, I use the 'copy' feature to duplicate the PPPoE interfaces changing the relevant details accordingly.

You now need to set up the 'mangle' section of 'IP firewall'. This is the part that marks the data packets ready for the desired outbound route.

Create a new mangle rule (click the red '+')

  • chain : prerouting
  • Dst. Address : 0.0.0.0/0
  • In. Interface ether9
  • Select the 'Extra' Tab
  • Nth ->
  • Every : 5 (count every 5 packets - because I'm splitting the data across 5 lines)
  • Packet : 1 (1st packet out of 5)
  • Select 'Action' tab
  • Action : mark packet
  • New packet mark : one
  • Pass through : ticked (this means the packet continues through the mangle ruling. unticked would mean to bypass anymore rules)

Apply

Now I use the copy function again only this time I change 'Nth Packet' to '2' and 'New packet mark : two'.

Keep repeating increasing the packet and mark till you get to (as in my setup of 5) 5/five.

Now all packets coming in from ether9 are marked like this 'one,two,three,four,five,one,two,three..." and so on. We now need to mark the corresponding packets with the desired outbound route. e.g all packets marked 'one' go via 'A&A1', 'two' - A&A2 etc.

  • IP Firewall - Mangle
  • New mangle rule
  • Chain : prerouting
  • packet Mark : one (selected from the drop down box)
  • Action tab

Action : mark routing

  • New Routing Mark : one
  • Passthrough : unticked

Repeat for all packet marks (two, three, four, five) At this point you maybe thinking.. "why not just do this section instead of marking the packets first before marking them again for routing?" That's because I have more than 1 subnet that gets balanced in my setup. For every other subnet you only need to repeat the packet marking rules with the one, two, three etc. There's no need to repeat the routing marker rules. There may be better ways to do this but in my setup, it works. I configure 1 subnet and the wlan to use the packet making, the 2nd subnet (home lan) is marked to use the 'Orange' adsl route.

Now the last bit to get the marked route packets out to the right adsl link.

You may have noticed in the PPPoE interface setups I did not tick "add default route", that's because I don't want the PPPoE to set up any default routes automatically otherwise everytime an adsl link drops and regains connection the default route will change.

Ip Route

  • Add new route (click red +)
  • Destination : 0.0.0.0/0
  • Gateway Interface : A&A1 (use the drop down menu to select)
  • Check Gateway : Ping (used to see if the gateway is up)
  • Routing Mark : one (again use the drop down menu to select)

Now apply, copy and repeat for A&A2, A&A3 with routing mark two, three and so on.

That now gets the data out but doesn't cover a default route should lines start to drop. Rather than setting up 1 default route, set up all the adsl links with increasing distance. e.g. all the marked routing routes have a distance of 1 (default)

create new routes like so..

  • destination : 0.0.0.0/0
  • Gateway Interface : A&A1
  • Distance 2

apply, copy repeat with A&A2, distance 3. A&A3, distance 4.

This doesn't balance the data should a line drop, all that happens is the data that should be going over e.g. A&A1 will now go over A&A2 which will already be carrying A&A2 marked packets. Should A&A2 also drop then it means A&A3 will carry A&A1 and A&A2 etc. Again, it works for me but there are probably more efficient ways of doing it.

That hopefully covers the basics. I've not included the NAT portion on the home lan/Orange adsl nor backup of the server lan via orange as this is integrated via a tunneled firebrick.

bazzer