MikroTik Load Balancing

Of course, you want to do load balancing! There are several ways how to do it. Depending on the particular situation, you may find one best suited for you.

Policy Routing based on Client IP Address

If you have a number of hosts, you may group them by IP addresses. Then, depending on the source IP address, send the traffic out through Gateway #1 or #2. This is not really the best approach, giving you perfect load balancing, but it's easy to implement, and gives you some control too.

Let us assume we use for our workstations IP addresses from network 192.168.100.0/24. The IP addresses are assigned as follows:

• 192.168.100.1-127 are used for Group A workstations
• 192.168.100.128-253 are used for Group B workstations
• 192.168.100.254 is used for the router.

All workstations have IP configuration with the IP address from the relevant group, they all have network mask 255.255.255.0, and 192.168.100.254 is the default gateway for them. We will talk about DNS servers later.

Now, when we have workstations divided into groups, we can refer to them using subnet addressing:

• Group A is 192.168.100.0/25, i.e., addresses 192.168.100.0-127
• Group B is 192.168.100.128/25, i.e., addresses 192.168.100.128-255

If you do not understand this, take the TCP/IP Basics course,
or, look for some resources about subnetting on the Internet!

We need to add two IP Firewall Mangle rules to mark the packets originated from Group A or Group B workstations.

For Group A, specify

• Chain prerouting and Src. Address 192.168.100.0/25
• Action mark routing and New Routing Mark GroupA.

It is a good practice to add a comment as well. Your mangle rules might be interesting for someone else and for yourself as well after some time.

For Group B, specify

• Chain prerouting and Src. Address 192.168.100.128/25
• Action mark routing and New Routing Mark GroupB

All IP traffic coming from workstations is marked with the routing marks GroupA or GroupB. We can use these marks in the routing table.Next, we should specify two default routes (destination 0.0.0.0/0) with appropriate routing marks and gateways:

This thing is not going to work, unless you do masquerading for your LAN! The simplest way to do it is by adding one NAT rule for Src. Address 192.168.100.0/24 and Actionmasquerade:

Test the setup by tracing the route to some IP address on the Internet!

From a workstation of Group A, it should go like this:

C:\>tracert -d 8.8.8.8

Tracing route to 8.8.8.8 over a maximum of 30 hops

1     2 ms     2 ms     2 ms  192.168.100.254
  2    10 ms     4 ms     3 ms  10.1.0.1
  ...

From a workstation of Group B, it should go like this:

C:\>tracert -d 8.8.8.8

Tracing route to 8.8.8.8 over a maximum of 30 hops

1     2 ms     2 ms     2 ms  192.168.100.254
  2    10 ms     4 ms     3 ms  10.5.8.1