Bandwidth Based Load Balancing
Bandwidth Based Load Balancing
Bandwidth Based Load Balancing
Presenter information
Tomas Kirnak
Network design
Security, wireless
Servers, Virtualization
Mikrotik Certified Trainer
Atris, Slovakia
Established 1991
Complete IT solutions
Networking, servers
Virtualization
IP security systems
Load-balancing, why?
Distributing workload to multiple network links to
maximize throughput and minimize latency.
Using multiple network links, when properly
configured, will also provide redundancy.
Bonding
Policy routing
PCC
Bandwidth based
Bonding
+ Easy to implement
Automatic redundancy with fail-over
Policy routing
+ Easy to implement
You have exact control of traffic
- Not dynamic
Scalability problems
PCC
+ Easy to configure
Good scalability
Bandwidth based
If interface ISP1 is over 10 mbit/s; use ISP2
Easily scalable
Takes link status into consideration
You have control over the connections
You decide when the switch to second link
happends (on 10mbit link, switch after 50% util.)
Implementation considerations
There are multiple ways to do bandwidth based
load balancing, neither is so easy.
MPLS TE
Mangle + bit of scripting <-- this presentation
www.tiktube.com PL 2010 and PL 2012
Underlying technologies
What is a connection
We can define a connection as a packet flow with
the same pair of source and destination IP
addresses and ports.
Mangle
Mangle is a facility in ROS which allows us to
mark packets or connections, and later use
that mark for our purposes.
Mangle marks do NOT leave the router.
Mangle where to
/ip
firewall
mangle
Routing tables
A routing table tells the router which next hop
to forward packets to, depending on the
packets destination IP.
0.0.0.0/0 -> 77.21.34.12
Topology
Required steps
Create routing tables
Setup address-lists
Setup mangle
Configure Traffic Monitor
Basic configuration
/interface ethernet
set 0 name=LAN
set 3 name=ISP_1
set 4 name=ISP_2
/ip address
add address=192.168.22.1/24 interface=LAN
add address=1.1.1.32/24 interface=ISP_1
add address=2.2.2.65/24 interface=ISP_2
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ISP_1
add action=masquerade chain=srcnat out-interface=ISP_2
Routing tables
/ip route
add gateway=1.1.1.1 distance=1
add gateway=2.2.2.1 distance=2
Topology take 2
In this topology, there are 4
possible traffic flows
WAN -> Router
Router -> WAN
WAN -> LAN
LAN -> WAN
LAN marking
/ip firewall mangle
add chain=forward connection-mark=no-mark in-interface=ISP_1
action=mark-connection new-connection-mark=WAN1->LANs
add chain=forward connection-mark=no-mark in-interface=ISP_2
action=mark-connection new-connection-mark=WAN2->LANs
add chain=prerouting connection-mark=WAN1->LANs src-address-list=LAN
action=mark-routing new-routing-mark=ISP1_Route
add chain=prerouting connection-mark=WAN2->LANs src-address-list=LAN
action=mark-routing new-routing-mark=ISP2_Route
A sticky connection
A sticky connection is a connection, that once
established through one interface, will always go out
that exact interface.
This is required, because when we switch to a second
link, we only need to switch new connections.
In PCC, this is done automatically. Using our approach
however, this has to be done manually.
Sticky connections
add chain=prerouting connection-mark=LAN->WAN routing-mark=ISP1_Route
action=mark-connection new-connection-mark=Sticky_ISP1
add chain=prerouting connection-mark=LAN->WAN routing-mark=ISP2_Route
action=mark-connection new-connection-mark=Sticky_ISP2
add chain=prerouting connection-mark=Sticky_ISP1 src-address-list=LAN
action=mark-routing new-routing-mark=ISP1_Route
add chain=prerouting connection-mark=Sticky_ISP2 src-address-list=LAN
action=mark-routing new-routing-mark=ISP2_Route
Mangle in GUI
Switching back
Final result
Connections routed through ISP1, until its link is
at 5mbit/s.
After this limit all new connections will go
through ISP2 until the ISP1 link is under its limit.
Easy Failover
If the gateway
cant be pinged,
all routes using
this gateway will
become invalid.
A different approach
This approach will not work if the link failure
happens after the gateway.
Recursive route lookup, netwatch etc.
http://wiki.mikrotik.com/wiki/Failover_Scripting