Sharing loads across three ISP links with Mikrotik routing mark

In this lab, I will be sharing with us on how to use Mikrotik routing mark to distribute packets across three internet links connected to a Mikrotik router. If you have multiple internet connections to a Mikrotik router from one or more ISPs , and you do not fancy the option of load-balancing across these links, then an option open to you is the use of Mikrotik routing mark to distribute packets across these ISP links.

Mikrotik routing mark allows an administrator to mark packets based on predefined attributes and set gateways. Routing mark is to Mikrotik what route-map is to Cisco. With Mikrotik routing mark, a network administrator can classify packets into groups based on source/destination IP addresses or other attributes and set different gateways for the groups. With this, users who match the criteria set for a particular group will have their internet-bound traffics routed out an ISP connection through the gateway set for that group.

Mikrotik routing mark can be implemented using the mangle rule feature in the firewall sub-menu in routerOS. To mark routing, you will have to mark users’ connections, packets, then routing. The routing marks are then selected and given gateways in the route sub-menu.

IP address configuration

ip address

add address=197.26.1.2/30 interface=ether1 comment=ISP1_link

add address=41.12.8.2/30 interface=ether2 comment=ISP2_link

add address=62.6.14.2/30 interface=ether3 comment=ISP2_link

add address=192.168.10.1/24 interface=ether4 comment=Sales_LAN

add address=192.168.20.1/24 interface=ether5 comment=HR_LAN

add address=192.168.30.1/24 interface=ether6 comment=Finance_LAN

 

NAT Configuration

IP firewall nat

add chain=srcnat out-interface=ether1 action=masquerade

add chain=srcnat out-interface=ether2 action=masquerade

add chain=srcnat out-interface=ether3 action=masquerade

 

To mark connections, packets and routing for sales enter the commands below. Note that the connection mark is used to mark the packets and the packet mark is in turn, used to mark the routes.

 

You may also like: Send YouTube packets out of one ISP and the rest packets via another ISP

 

Mikrotik routing mark configuration

SInce I have three LANs configured for this lab, I will use mangle rules to mark the connections, packets, and routing for the three LANs; sales, HR, and finance respectively, starting with sales.

Routing mark for sales

ip firewall mangle

add chain=prerouting src-address=192.168.10.0/24 action=mark-connection new-connection-mark=sales_conn

add chain=prerouting connection-mark=sales_conn action=mark-packet new-packet-mark=sales_packets

add chain=prerouting packet-mark=sales_packets action=mark-routing new-routing-mark=sales_route

 

Routing mark for HR

ip firewall mangle

add chain=prerouting src-address=192.168.20.0/24 action=mark-connection new-connection-mark=HR_conn

add chain=prerouting connection-mark=HR_conn action=mark-packet new-packet-mark=HR_packets

add chain=prerouting packet-mark=HR_packets action=mark-routing new-routing-mark=HR_route

 

Routing mark for Finance

ip firewall mangle

add chain=prerouting src-address=192.168.30.0/24 action=mark-connection new-connection-mark=finance_conn

add chain=prerouting connection-mark=finance_conn action=mark-packet new-packet-mark=finance_packets

add chain=prerouting packet-mark=finance_packets action=mark-routing new-routing-mark=finance_route

 

Having marked the routes, we will use the route sub-menu to set different gateways for all our LANs. See commands below.

 

Setting a gateway for each LAN

ip route

add dst-address=0.0.0.0/0 routing-mark=sales_route gateway=197.26.1.1

add dst-address=0.0.0.0/0 routing-mark=HR_route gateway=41.12.8.1

add dst-address=0.0.0.0/0 routing-mark=finance_route gateway=62.6.14.1

 

To read more on mangle rule, please click here to read mikrotik’s official documentation.

If you enjoyed this tutorial, please subscribe to this blog to receive my posts via email. Also subscibe to my YouTube channel, like my Facebook page and follow me on Twitter.

Spread the love

Timigate

I believe that Africa will advance technologically if knowledge is shared among the living than out of greed, taken to the grave.

Leave a Reply

Your email address will not be published. Required fields are marked *