Configuring Dual WAN Load Balancing and Failover on MikroTik Print

Hello there! I’m Corels from Emmanuel Corels Creatives, and welcome back to our practical MikroTik series. Today, we’re diving into a scenario many of you encounter in real-world networking—how to configure dual WAN load balancing and failover. In simple terms, we’ll set up your MikroTik router to use two internet connections efficiently, ensuring that if one connection fails, your network keeps running smoothly. I’ll explain each step and command with real-world context, so you know not only what to do, but why it matters.

Why Dual WAN Load Balancing and Failover?

Imagine you have two internet connections from different ISPs. With dual WAN, you can:

• Distribute Traffic: Share the load between two connections so no single link gets overwhelmed.
• Ensure Reliability: If one ISP experiences an outage, your router automatically switches to the backup connection, keeping your network online.
• Optimize Performance: Balance traffic based on current load or session types (e.g., using one link for general browsing and the other for critical applications).

This setup is ideal for small offices or even home networks that need constant connectivity.

Key Concepts and Commands

Before we get into the configuration, here are a few basic concepts and commands we’ll use:

• Default Route: The route that directs all traffic not destined for your local network.
  • Command: /ip route add dst-address=0.0.0.0/0 gateway=<gateway> distance=<value>
• Route Distance: A lower distance makes a route more preferred.
• Check Gateway: A feature that pings the gateway periodically to detect if it’s up.
  • Command option: check-gateway=ping

Step 1: Verify Your WAN Interfaces

First, confirm that both of your WAN interfaces are up and have IP addresses assigned. Let’s assume:

• WAN1 is on ether1 (IP assigned via DHCP or static, e.g., 1.2.3.10)
• WAN2 is on ether2 (IP, e.g., 4.5.6.10)

Check them with:

/interface print

This command lets you verify that both interfaces are “running” and ready for use.

Step 2: Configure the Primary Default Route

Your primary internet connection should have the lowest route distance so it’s used by default.

For WAN1:

/ip route add dst-address=0.0.0.0/0 gateway=1.2.3.1 distance=1 check-gateway=ping comment="Primary WAN via ether1"

Explanation:

• Gateway 1.2.3.1: The IP of your ISP’s router for WAN1.
• Distance=1: This makes the route highly preferred.
• check-gateway=ping: Ensures the route is only active if the gateway is reachable.

Step 3: Configure the Backup Default Route

Set up WAN2 as a backup with a higher route distance so it only kicks in if WAN1 fails.

/ip route add dst-address=0.0.0.0/0 gateway=4.5.6.1 distance=2 check-gateway=ping comment="Backup WAN via ether2"

Explanation:

• Distance=2: This route is less preferred than the primary.
• If the primary gateway (1.2.3.1) stops responding, the router will automatically switch to this route.

Step 4: Load Balancing with PCC (Per Connection Classifier)

For true load balancing (if you want to use both WANs simultaneously rather than a simple failover), you can employ PCC. Here’s a basic setup that splits traffic between both WANs:

1. Mark Connections Using Mangle Rules
   This step classifies traffic so that it’s divided between the two WANs.

   For WAN1:

   /ip firewall mangle add chain=prerouting dst-address-type=!local in-interface=bridge-lan protocol=tcp per-connection-classifier=src-address:2/0 action=mark-connection new-connection-mark=wan1_conn passthrough=yes comment="Mark half of TCP traffic for WAN1"
   

   For WAN2:

   /ip firewall mangle add chain=prerouting dst-address-type=!local in-interface=bridge-lan protocol=tcp per-connection-classifier=src-address:2/1 action=mark-connection new-connection-mark=wan2_conn passthrough=yes comment="Mark half of TCP traffic for WAN2"
   

   Explanation:

   • per-connection-classifier=src-address:2/0 and src-address:2/1 divide connections based on their source IP.
   • This roughly splits traffic into two groups, one for each WAN.

2. Create Routes for Marked Connections
   For traffic marked for WAN1:

   /ip route add dst-address=0.0.0.0/0 gateway=1.2.3.1 routing-mark=wan1_conn check-gateway=ping comment="PCC route for WAN1"
   

   For traffic marked for WAN2:

   /ip route add dst-address=0.0.0.0/0 gateway=4.5.6.1 routing-mark=wan2_conn check-gateway=ping comment="PCC route for WAN2"
   

   Explanation:

   • These routes ensure that marked connections are sent through the appropriate WAN.
   • If one connection fails, the corresponding route’s check-gateway feature will remove it, and unmarked traffic will fall back to the default route.

Note: Load balancing with PCC is more advanced and might require fine-tuning for your specific environment. It works best when your traffic consists of multiple concurrent sessions.

Step 5: Monitoring and Testing

After configuring your routes:

• Check the Routing Table:

  /ip route print
  

  Verify that the primary route has distance 1 and the backup has distance 2. If using PCC, also see routes with the routing-mark assigned.

• Test Failover:
  Physically disconnect WAN1 (or simulate a failure) and watch how the router automatically switches to WAN2. You can use:

  /log print
  

  to see log entries indicating that the primary route went down.

• Load Balancing Check:
  Run speed tests or use multiple devices simultaneously to see how traffic is split between the two WANs. Tools like Torch can help you monitor traffic on each interface:

  /tool torch interface=ether1
  /tool torch interface=ether2
  

Real-World Context

Consider a small business with two internet providers. During normal operation, most traffic flows through the primary connection (WAN1). If the primary ISP has an outage, the router automatically shifts all traffic to WAN2, ensuring your business stays online. Additionally, if you enable PCC, even when both connections are up, different users or applications can use different WANs simultaneously—optimizing bandwidth usage and improving overall performance.

Final Thoughts

Setting up dual WAN load balancing and failover on your MikroTik router is a robust solution to enhance reliability and performance. By configuring default routes with different distances and employing advanced techniques like PCC, you can ensure seamless connectivity even during outages or peak usage times.

Take your time to experiment with these settings in a test environment before rolling them out in production. As always, if you have any questions or need further guidance, feel free to reach out. Happy networking, and here’s to a more resilient and efficient network!

Explained with practical context by
Corels – Admin, Emmanuel Corels Creatives