iannet

Mikrotik Router with a Dual WAN Connections

I have two internet connections a 4mBit WiMAX connection and another 4mbit ADSL connection (with a 25Gb limit). Since I wanted to have the best speed possible I decided to group both connections into 1, to have a powerful internet connection which uses both connections simultaneously.

For this reason I needed a powerful router and RouterOS is in fact the right thing to have for this kind of job. I bought a Mikrotik routerboard and started configuring it to have both connections route packets.

Since the WiMAX connection is unlimited and the ADSL (which is not that stable) is limited I decided to have a 2:1 ratio for outgoing tcp connections. Thus if you have 3 tcp connections A, B and C then connection A and B will go through WiMAX, while C will go through the ADSL.

The firewall mangle is as follows:

/ ip firewall mangle
add action=mark-connection chain=prerouting comment="LOCAL NETWORKS" \
    connection-state=new disabled=no dst-address=192.168.88.0/24 \
    new-connection-mark=local passthrough=no

add action=mark-connection chain=prerouting comment="LOCAL NETWORKS" \
    connection-state=new disabled=no dst-address=10.0.0.0/24 \
    new-connection-mark=local passthrough=no


add action=mark-connection chain=prerouting comment=\
    "LOAD BALANCING - 1 of 3 [WiMAX]" connection-state=new disabled=no \
    in-interface=bridge new-connection-mark=conn1 nth=3,1 \
    passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=conn1 \
    disabled=no in-interface=bridge new-routing-mark=conn1 \
    passthrough=no
    
add action=mark-connection chain=prerouting comment=\
    "LOAD BALANCING - 2 of 3 [ADSL]" connection-state=new disabled=no \
    in-interface=bridge new-connection-mark=conn2 nth=2,1 passthrough=\
    yes
add action=mark-routing chain=prerouting comment="" connection-mark=conn2 \
    disabled=no in-interface=bridge new-routing-mark=conn2 \
    passthrough=no
    
add action=mark-connection chain=prerouting comment=\
    "LOAD BALANCING - 3 of 3 [WiMAX]" connection-state=new disabled=no \
    in-interface=bridge new-connection-mark=conn1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=conn1 \
    disabled=no in-interface=bridge new-routing-mark=conn1 \
    passthrough=no

As one can see the first two rules mark local packets with the local mark. These are connections which do not end up flowing outside of the router. The rest are the packets which will need to go to the external networks so they are either marked with the conn1 or conn2 mark.

The NAT is as follows:

/ ip firewall nat 
add chain=srcnat out-interface=gateway5 action=masquerade routing-mark=conn2
add chain=srcnat out-interface=gateway1 action=masquerade routing-mark=conn1

Regarding the routing please note that the WiMAX is connection to ether1 while the ADSL is connected to ether5. The WiMAX uses a dhcp IP Address while for the ether5 there is a static IP Address assigned.

/ ip route 
add dst-address=0.0.0.0/0 gateway=10.0.0.138 scope=255 target-scope=10 routing-mark=conn2
add dst-address=0.0.0.0/0 gateway=gateway1 scope=255 target-scope=10 routing-mark=conn1
add dst-address=0.0.0.0/0 gateway=gateway1 scope=255 target-scope=10

If you need further info feel free to contact me.
Ian