Mikrotik Load Balancing 2 WAN 2 LAN with Failover - Load balance 2 WAN on Mikrotik Router is a technique to distribute the traffic load on the two-paths connection in a balanced manner, so that traffic can run optimally, maximize throughput, minimize response time and avoid overload on one connection path. This experiment, I have 2 internet connections different ip WAN and 2 LAN. I've tried it, load balancing and failover can run normally. You can see the mikrotik script below.
Network Topology
IP WAN 1 = 10.10.10.2/29
IP WAN 2 = 10.10.11.2/29
Block IP LAN 1 = 192.168.1.0/24 Gatheway 192.168.1.1 Mask 255.255.255.0
Block IP LAN 2 = 192.168.100.0/24 Gatheway 192.168.100.254 Mask 255.255.255.0
1. Add Ip address to interfaces mikrotik router
Mikrotik Script :
/ip address
add address=10.10.11.2/29 interface=ether2 network=10.10.11.1
add address=10.10.10.2/29 interface=ether1 network=10.10.10.1
add address=192.168.1.1/24 interface=ether3 network=192.168.1.0
2. Setting IP Pool to restrict the range of IP that will distributed automatically by DHCP system that we enable.
Mikrotik Script :
Mikrotik Script :
/ip pool
add name="LAN 1" ranges=192.168.1.10-192.168.1.254
add name="LAN 2" ranges=192.168.100.20-192.168.100.30
3. Setting DHCP Server on mikrotik router
Mikrotik Script :
/ip dhcp-server
add address-pool="LAN 1" disabled=no interface=ether3 name="staff"
add address-pool="LAN 2" disabled=no interface=ether6 name= manager
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.1.1
add address=192.168.100.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.100.254
4. Add the both private address (IP LAN) to the firewall address list
Mikrotik Script :
/ip firewall address-list
add address=192.168.1.0/24 list="block lan"
add address=192.168.100.0/24 list="block lan"
5. Setting Firewall NAT
Mikrotik Script :
add action=masquerade chain=srcnat out-interface=ether1 src-address-list=
"block lan" to-addresses=10.10.10.2
add action=masquerade chain=srcnat out-interface=ether2 src-address-list=\
"block lan" to-addresses=10.10.11.2
6. Setting Mangle
Mikrotik Script :
/ip firewall mangle
add action=mark-connection chain=input in-interface=ether1 \
new-connection-mark=ip10con passthrough=no
add action=mark-connection chain=input in-interface=ether2 \
new-connection-mark=ip11con passthrough=no
add action=mark-routing chain=output connection-mark=ip10con new-routing-mark=\
to-ip10 passthrough=no
add action=mark-routing chain=output connection-mark=ip11con \
new-routing-mark=to-ip11 passthrough=no
7. Setting IP Route
Mikrotik Script :
/ip route
add distance=1 gateway=10.10.10.1 routing-mark=to-ip10
add distance=1 gateway=10.10.11.1 routing-mark=to-ip11
add check-gateway=ping distance=1 gateway=10.10.10.1,10.10.10.1
Test Result
This is winbox capture of test result
 |
| Mikrotik Load Balance running normal with 2 WAN 2 LAN |
 |
| Mikrotik load balance and Fail Over running normal when WAN 1 down |
 |
| Mikrotik load balance and Fail Over running normal when WAN 2 down |
4 Responses to "Mikrotik Load Balancing 2 WAN 2 LAN RB1100AHx"
Hi, I want to do my mikrotik like that, ether1(WAN1) =50Mbps fiber, ether2(WAN2)=10Mbps fiber,& ether3(LAN) for PPPoE server. I've total 250 PPPoE Clients who share internet from the total (50+10=60Mbps)60Mbps bandwidth when both WAN1 & WAN2 are active. When WAN1 is absent somehow, WAN2 will do the backup (minimum connectivity) for the total PPPoE clients. When WAN2 is absent somehow, WAN1 will do the same.
What should I do in that case? Please need your suggestion badly.
Thanks a lot.
Great document. Now how could i do the same config but with the ISP WAN IP not manual is over DHCP?
Great document. Now how can i do the same config but with the ISP WAN IP not manual because it is DHCP assigned.
Great! I have 2 WAN and 4 LAN. One win server from LAN 2 has to be "seen" on RDP port from LAN 1. I have tried firewall filter rulle "forward", action "accept" from ip address of a server on tcp protocol, port 3389 to wholle addres range of LAN 1, but without success. Without "Load Balance" mangle rulles, I can "see" that server on RDP port. Sorry for my bad English. Thanks!
Post a Comment