Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

RouterOS bonding

From AAISP Support Site
Revision as of 09:23, 25 July 2013 by AA-Andrew (talk | contribs) (Created page with "''Submitted by a customer:'' My set up - 5 adsl links via A&A. 1 adsl link via Orange. 2 lan subnets and 1 wlan. Thw A&A adsl links are bonded, Orange adsl is a backup route ...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Submitted by a customer:

My set up - 5 adsl links via A&A. 1 adsl link via Orange. 2 lan subnets and 1 wlan. Thw A&A adsl links are bonded, Orange adsl is a backup route + home traffic. 1 lan subnet for home the other for servers/company network. wlan for laptops via A&A.

I use PPPoE to manage all the adsl links. I find it easier for managing and IPv6 is delivered past the non ipv6 compliant adsl routers/modems. *NOTE* RouterOS > 3.17 removed IPv6 over PPPoE claiming there was bug. No idea if / when a fix will arrive.

Starting with a fresh, unconfigured RB (Routerboard), configure a lan interface via console so you can then move on to using the GUI util winbox. Its far easier than trying to do everything via console.

console> password
old:
new:
repeat:
console> ip address add address=w.x.y.z/24 interface=ether9

Thats it. Now to move over to winbox.

Making sure your winbox pc is on the same subnet (w.x.y.0/24) access the router (in this case w.x.y.z username: admin password: <whatever you set it too>

Setting up PPPoE.

  • Select Interfaces.
  • Select Interface tab. Click the red '+' and select PPPoE client.
  • In the window that popped up :-
  • Select General. Type a name (e.g A&A1).
  • Max MTU (I've found I've had to set this to 1454* to get reasonable results).
 ** updated- mtu 1492 works just fine now
  • Interface : The interface where the adsl moden can be found. (e.g ether1)
  • Select Dial Out tab
  • Service : AAISP
  • User : abc@a.1
  • Password : ***** (your adsl login password)
  • profile : Default
  • Dial On Demana : unticked
  • Add fefault Route : unticked
  • Use Peer DNS : ticked
  • pap : ticked chap : ticked
  • mschap1 : untick mschap2 : unticked

Click apply and you should see in the bottom right corner of that interface window saying dialing/authenticated/connected. For multiple lines, I use the 'copy' feature to duplicate the PPPoE interfaces changing the relivant details accordingly.

You now need to set up the 'mangle' section of 'IP firewall'. This is the part that marks the data packets ready for the desired outbound route.

Create a new mangle rule (click the red '+')

  • chain : prerouting
  • Dst. Address : 0.0.0.0/0
  • In. Interface ether9
  • Select the 'Extra' Tab
  • Nth ->
  • Every : 5 (count every 5 packets - becasue I'm splitting the data across 5 lines)
  • Packet : 1 (1st packet out of 5)
  • Select 'Action' tab
  • Action : mark packet
  • New packet mark : one
  • Pass through : ticked (this means the packet continues through the mangle ruling. unticked would mean to bypass anymore rules)

Apply

Now I use the copy function again only this time I change 'Nth Packet' to '2' and 'New packet mark : two'.

Keep repeating increasing the packet and mark till you get to (as in my setup of 5) 5/five.

Now all packets coming in from ether9 are marked like this 'one,two,three,four,five,one,two,three..." and so on. We now need to mark the corresponding packets with the desired outbound route. e.g all packets marked 'one' go via 'A&A1', 'two' - A&A2 etc.

  • IP Firewall - Mangle
  • New mangle rule
  • Chain : prerouting
  • packet Mark : one (selected from the drop down box)
  • Action tab

Action : mark routing

  • New Routing Mark : one
  • Passthrough : unticked

Repeat for all packet marks (two, three, four, five) At this point you maybe thinking.. "why not just do this section instead of marking the packets first before marking them again for routing?" Thats because I have more than 1 subnet that gets balanced in my setup. For every other subnet you only need to repeat the packet marking rules with the one, two, three etc. There's no need to repeat the routing marker rules. There may be better ways to do this but in my setup, it works. I configure 1 subnet and the wlan to use the packet making, the 2nd subnet (home lan) is marked to use the 'Orange' adsl route.

Now the last bit to get the marked route packets out to the right adsl link.

You may have noticed in the PPPoE interface setups I did not tick ""add default route", thats because I don't want the PPPoE to set up any default routes automatically otherwise everytime an adsl link drops and regains connection the defualt route will change.

Ip Route

  • Add new route (click red +)
  • Destination : 0.0.0.0/0
  • Gateway Interface : A&A1 (use the drop down menu to selct)
  • Check Gateway : Ping (used to see if the gateway is up)
  • Routing Mark : one (again use the drop down menu to select)

Now apply, copy and repeat for A&A2, A&A3 with routing mark two, three and so on.

That now gets the data out but doesn't cover a default route should lines start to drop. Rather than setting up 1 default route, set up all the adsl links with increasing distance. e.g all the marked routing routes have a distance of 1 (default)

create new routes like so..

  • destination : 0.0.0.0/0
  • Gateway Interface : A&A1
  • Distance 2

apply, copy repeat with A&A2, distance 3. A&A3, distance 4.

This doesn't balance the data should a line drop, all that happens is the data that should be going over e.g. A&A1 will now go over A&A2 which will already be carrying A&A2 marked packets. Should A&A2 also drop then it means A&A3 will carry A&A1 and A&A2 etc. Again, it works for me but there are probably more efficient ways of doing it.

That hopefully covers the basics. I've not included the NAT portion on the home lan/Orange adsl nor backup of the server lan via orange as this is integrated via a tunneled firebrick.

bazzer