HƯỚNG DẪN LOAD BALANCE DUAL-WAN PCC TRÊN MIKROTIK

HƯỚNG DẪN: LOAD BALANCE DUAL-WAN PCC TRÊN MIKROTIK

📌 Mô hình LAB

📋 Thông tin cấu hình

🖥️ Cấu hình bằng Winbox

🔹 BƯỚC 1 — Tạo Interface List

Vào:

Interfaces → Interface List

➕ Tạo:

• WAN: Lists > New > điền tên

• LAN, cũng tạo list tương tự như WAN.

Tab Members: News > chọn list > chọn cổng thêm vào list

🔹 BƯỚC 2 — Tạo Routing Table

Vào: Routing → Tables → New

➕ Tạo:

Table 1: Name: rtab-1

Table 2: Name: rtab-2

(lưu ý nhớ tích FIB)

👉 Đây là routing table riêng cho từng WAN.

🔹 BƯỚC 3 — MANGLE

Vào:IP → Firewall → Mangle → New

📝 PHẦN A — MARK CONNECTION INPUT

✅ Rule 1 — Traffic vào từ WAN1

General

• Chain:input

• In Interface:FPT (WAN 1)

• Connection State:new

Action

• mark-connection

New Connection Mark:ISP1 (bạn có thể đặt tên gợi nhớ khác)

✅ Rule 2 — Traffic vào từ WAN2

Tương tự: New Connection Mark là ISP2

General

• Chain:input

• In Interface:VT (WAN 2)

• Connection State:new

Action

• mark-connection

New Connection Mark:ISP2 (bạn có thể đặt tên gợi nhớ khác)

📝 PHẦN B — PCC CHO ROUTER TRAFFIC (OUTPUT)

✅ Rule 3 — PCC OUTPUT WAN1

General

• Chain:output

• Connection State:new

• Connection Mark:no-mark

Advanced

Per Connection Classifier:both-addresses-and-ports:2/0

Action

• mark-connection

New Connection Mark:ISP1

✅ Rule 4 — PCC OUTPUT WAN2

General

• Chain:output

• Connection State:new

• Connection Mark:no-mark

Advanced

Per Connection Classifier:both-addresses-and-ports:2/1

Action

• mark-connection

New Connection Mark:ISP2

📝 PHẦN C — PCC CHO LAN USER

✅ Rule 5 — PCC WAN1

General

• Chain:prerouting

• In Interface:bridge

• Connection State:new

• Dst Address Type:!local

• Connection Mark:no-mark

Advanced

PCC:both-addresses-and-ports:2/0

Action

• mark-connection

New Connection Mark:ISP1

✅ Rule 6 — PCC WAN2

General

• Chain:prerouting

• In Interface:bridge

• Connection State:new

• Dst Address Type:!local

• Connection Mark:no-mark

Advanced

PCC:both-addresses-and-ports:2/1

Action

• mark-connection

New Connection Mark:ISP2

📝 PHẦN D — MARK ROUTING

✅ Rule 7 — Route WAN1 (OUTPUT)

General

• Chain:output

• Connection Mark:ISP1

Action

• mark-routing

New Routing Mark:rtab-1

✅ Rule 8 — Route WAN1 (PREROUTING)

• Chain:prerouting

• In Interface:bridge

• Connection Mark:ISP1

Routing Mark:rtab-1

✅ Rule 9 — Route WAN2 (OUTPUT)

General

• Chain:output

• Connection Mark:ISP2

Action

• mark-routing

New Routing Mark:rtab-2

✅ Rule 10 — Route WAN2 (PREROUTING)

• Chain:prerouting

• In Interface:bridge

• Connection Mark:ISP2

Routing Mark:rtab-2

🔹 BƯỚC 5 — ROUTES

Vào:IP → Routes

✅ PCC ROUTING TABLE

WAN1 TABLE

Dst: 0.0.0.0/0

Gateway: 192.168.1.1

Routing Table: rtab-1

Check Gateway: ping (tùy chọn)

WAN2 TABLE

Gateway: 192.168.2.1

Routing Table: rtab-2

Check Gateway: ping (tùy chọn)

5. 💻 FULL CLI CONFIG

# INTERFACE LIST

/interface list

add name=WAN

add name=LAN

/interface list member

add interface=FPT list=WAN

add interface=VT list=WAN

add interface=bridge list=LAN

# ROUTING TABLE

/routing table

add fib name=rtab-1

add fib name=rtab-2

# NAT

/ip firewall nat

add chain=srcnat out-interface=FPT action=masquerade comment="WAN1 NAT"

add chain=srcnat out-interface=VT action=masquerade comment="WAN2 NAT"

# MANGLE

/ip firewall mangle

# INPUT MARK

add action=mark-connection chain=input connection-state=new \

    in-interface=FPT new-connection-mark=ISP1 \

    comment="INPUT ISP1"

add action=mark-connection chain=input connection-state=new \

    in-interface=VT new-connection-mark=ISP2 \

    comment="INPUT ISP2"

# OUTPUT PCC

add action=mark-connection chain=output connection-mark=no-mark \

    connection-state=new new-connection-mark=ISP1 \

    per-connection-classifier=both-addresses-and-ports:2/0 \

    comment="OUTPUT PCC ISP1"

add action=mark-connection chain=output connection-mark=no-mark \

    connection-state=new new-connection-mark=ISP2 \

    per-connection-classifier=both-addresses-and-ports:2/1 \

    comment="OUTPUT PCC ISP2"

# PREROUTING PCC

add action=mark-connection chain=prerouting connection-mark=no-mark \

    connection-state=new dst-address-type=!local \

    in-interface=bridge new-connection-mark=ISP1 \

    per-connection-classifier=both-addresses-and-ports:2/0 \

    comment="LAN PCC ISP1"

add action=mark-connection chain=prerouting connection-mark=no-mark \

    connection-state=new dst-address-type=!local \

    in-interface=bridge new-connection-mark=ISP2 \

    per-connection-classifier=both-addresses-and-ports:2/1 \

    comment="LAN PCC ISP2"

# ROUTING MARK

add action=mark-routing chain=output connection-mark=ISP1 \

    new-routing-mark=rtab-1 comment="ROUTE ISP1 OUTPUT"

add action=mark-routing chain=prerouting connection-mark=ISP1 \

    in-interface=bridge new-routing-mark=rtab-1 \

    comment="ROUTE ISP1 LAN"

add action=mark-routing chain=output connection-mark=ISP2 \

    new-routing-mark=rtab-2 comment="ROUTE ISP2 OUTPUT"

add action=mark-routing chain=prerouting connection-mark=ISP2 \

    in-interface=bridge new-routing-mark=rtab-2 \

    comment="ROUTE ISP2 LAN"

# MAIN ROUTE

/ip route

add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1

add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2

# PCC ROUTE TABLE

add dst-address=0.0.0.0/0 gateway=192.168.1.1 \

    routing-table=rtab-1 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=192.168.2.1 \

    routing-table=rtab-2 check-gateway=ping

⚠️ Lưu ý FastTrack sẽ bỏ qua mangle nên cần Disable

👉 FastTrack bypass:

• mangle
• routing-mark

☑️ Fix:

Disable FastTrack:/ip firewall filter