This post is a continuation of my post on why you need load balancing on your network
We will start our load balancing strategy by applying Policy Routing.
Based on Client IP Address.
Based on Client IP Address.
The Policy Routing principle is used in networking to make routing decisions based on policies. These policies are set by the IT personal in the organization or the network administrator. So, in this tutorial together we are going to explore a policy in MikroTik router by which, you will need each time, you want to build a load balancing network.
So am assuming you have some reasonable number of hosts as well as dual ISP connections, the first thing you need to do is to group your hosts by IP addresses and then depending on the source IP address send traffic out through different ISP connections, this sounds pretty simple right. Okay let elaborate the deal now. In this tutorial we are considering a simple office network where two ISP connections are being used to send traffics of a MikroTik router.
In a real life scenario, you will be having two ISP connections that are being used for WAN connections terminating in the MikroTik router. you will also have a number of hosts connected, to this MikroTik router through a LAN switch from where you will be distributing your network.
Now that we are certain that the two WAN connections are set up for this MikroTik router, we will then start our load balancing journey by creating a policy rout for all of our traffics. In a way that our half of the total LAN users will access internet through WAN1 ISP connection and rest of the LAN users will access internet through WAN2 ISP connection.
Below is a one after the other steps that we need to follow to properly configure this network to work effectively and also give us what we are driving out. Recall that we are doing load balancing and also fail over as well in this tutorial.
So the first thing we will do is to Assig WAN and LAN IP Addresses
So from the scenario you will agree with me that we have two WAN link because we have two ISP to intergrate. Considering configuring load balancing network with policy based routing, first we have to assign WAN and LAN IP addresses to our your MikroTik Router. As you have two ISP connections, you must have two WAN IP addresses as well as two gateway addresses.
WAN1 IP Address:192.168.88.0/24 and Gateway: 192.168.88.1
WAN2 IP Address:172.168.210/24 and Gateway: 22.214.171.124
So here we are done with assigning IP’s to the two WAN links
We have got our WAN IP addresses and LAN IP block. Now I will show you how to assign these WAN IP addresses and LAN gateway address in your MikroTik router. Follow my bellow steps to assign WAN and LAN IP addresses in your MikroTik router.
Login to your MikroTik router with Winbox software. If you don’t have Winbox software in your collection, download Winbox from this site and then login to your MikroTik with username and password. If you are new in this article as well as in MikroTik router, follow my article about MikroTik router basic configuration which will show you the proper steps to configure a MikroTik router from very beginning.
Go to IP > Addresses menu item from the winbox menu bar. Address List window will appear.
Now click on add new button (PLUS Sign). New Address window will appear. Put your WAN1 IP address (in this article: 192.168.88.0/24) in Address input box and choose WAN1 interface (in this article: ether1) from Interface drop-down menu and then click Apply and OK button.
Similarly, click on add new button again and put your WAN2 IP address (in this article: 126.96.36.199/24) in Address input field and choose WAN2 interface (in this article: ether2) from Interface drop-down menu and then click Apply and OK button.
Again, click on add new button and put your LAN gateway IP (in this article: 192.168.88.1/24) in Address input field and choose your LAN interface (in this article: ether10) from Interface drop-down menu and then click Apply and OK button.
Assigning WAN and LAN IP addresses has been completed. Now we will configure DNS server in our next step.
Step 2. DNS Server Configuration
DNS is not a mandatory configuration in MikroTik router but it is necessary for a complete MikroTik router configuration. Optionally, you can turn your MikroTik router into a DNS server which will be beneficial for your network. So, if you want to set DNS IP in your MikroTik router as well as want to turn your MikroTik into a DNS server, follow my below simple steps.
So in general what DNS does is to resolve the host IP into domain name and Vis vase
In other to configure our DNS we will go to IP > DNS menu option. DNS Settings window will appear. Put your DNS server IP that is provided to you by your ISP or you can use Google public DNS server IP 188.8.131.52 in Servers input field.
Optionally, you can click on Allow Remote Requests checkbox to turn your MikroTik router into a DNS server. But you have to block DNS requests from outside of your LAN otherwise your MikroTik will be used as a DNS server by the public users if they know your MikroTik public IP. Follow my article about MikroTik router basic configuration which will show you how to block DNS requests from public network.
Now click Apply and OK button.
Our DNS configuration in MikroTik router has been completed. Now we will create masquerade NAT rule so that our LAN user can access internet through our MikroTik router.
Step 3. NAT Configuration
Now we will create a masquerade NAT rule so that our LAN IP can be NATed by MikroTik router. If we don’t create this rule, our LAN users cannot access internet through our MikroTik router. So, follow my bellow steps to create NAT rule in MikroTik router.
Go to IP > Firewall Firewall window will appear. Click on NAT tab in this window and then click on add new button (PLUS Sign). New NAT Rule window will appear.
Under General tab, choose srcnat from Chain drop-down menu and put your LAN IP block address (in this article: 192.168.88.0/24) in Address input field. Now click on Action tab and choose masquerade from Action drop-down menu and then click Apply and OK button.
NAT rule configuration in MikroTik router has been completed. Now we will create Mangle rules in our MikroTik router so that our LAN user can be divided into two groups.
Step 4. Mangle Rule Creation
As we want to send our LAN users through two ISP connections for load balancing, we have to create Mangle rules which will divide our LAN users into two groups and mark them for proper routing. In this article, I am using a class C IP block which is 192.168.88.0/24 for our LAN users. This IP block can be further sub divided into two groups by subnetting like below.
By doing this subnetting, our total users are now divided into two groups. The users who will use IP address between 192.168.88.1 to 192.168.88.126 will have in group A and those who will use IP address between 192.168.88.129 to 192.168.88.253 will have in group B. Now, I will show you two Mangle rules in MikroTik router those will do proper grouping and marking our LAN IP. Follow below steps to create these Mangle rules.
Go to IP > Firewall menu and click on Mangle tab in Firewall window and then click on add new button (PLUS Sign). New Mangle Rule window will appear now.
Choose prerouting option from Chain drop-down menu and put Group A IP block (in this article: 192.168.88.0/25) in Address input field. Click on Action tab and choose mark routing option from Action drop-down menu and put group name (here, GroupA) in New Routing Mark input box and uncheck the Passthrough option and then click Apply and OK button.
Similarly, click on add new button again and choose prerouting option from Chain drop-down menu and put Group B IP block (here, 192.168.88.128/25) in Address input field. Now click on Action tab and choose mark routing option from Action drop-down menu and put group name (here, GroupB) in New Routing Mark input field and uncheck the Passthrough option and then click Apply and OK button.
We have successfully created Mangle rules for grouping our LAN users. Now we will configure routes in MikroTik router so that different groups can access internet through different ISP connection.
Thanks and stick with us for more on this post…