MikroTik Dual WAN Load Balancing and Failover Configuration

MikroTik Dual WAN Load Balancing and failover is a highly sought-after configuration for businesses and advanced home networks looking to maximize uptime and optimize internet usage. This guide provides step-by-step instructions on setting up Dual WAN Load Balancing and failover on the MikroTik RB750Gr3 router. While the steps focus on this model, they are applicable to most MikroTik routers.

What You Need

1. MikroTik router (RB750Gr3 in this guide).
2. Two active internet connections:
   • WAN1: Dynamic IP (via DHCP).
   • WAN2: Static IP (example: 172.28.62.195/24, Gateway: 172.28.62.1).
3. A computer to access the MikroTik router using WinBox.

Note: You can configure the settings using either the terminal commands provided or the GUI steps outlined below. Please choose the method you’re most comfortable with and avoid combining both methods to prevent configuration conflicts.

Step 1: Download and Install WinBox

1. Visit the MikroTik official website.
2. Download the WinBox utility for your OS.
3. Install and launch WinBox on your computer.
4. Connect your computer to the MikroTik router using an Ethernet cable.
5. Open WinBox and log in to the router:
   • Default username: admin
   • Default password: (leave blank) or check the back of the router for a printed password if “blank” doesn’t work.
6. For Linux or macOS users, consider using a browser-based configuration by accessing the router’s default IP (192.168.88.1) or running WinBox through a Windows emulator like Wine.

Step 2: Configure WAN Interfaces

Terminal Commands

/interface ethernet set [find default-name=ether1] name=WAN1
/interface ethernet set [find default-name=ether2] name=WAN2
/ip dhcp-client add interface=WAN1 disabled=no
/ip address add address=172.28.62.195/24 interface=WAN2
/ip route add gateway=172.28.62.1

Steps in WinBox

1. In WinBox, navigate to Interfaces.
2. Rename Ethernet ports for clarity:
   • ether1 → WAN1
   • ether2 → WAN2
3. Assign the IP configurations:
   • WAN1: Set to DHCP client.
   • WAN2: Assign a static IP (e.g., 172.28.62.195/24) with the gateway as 172.28.62.1.

Explanation

• WAN1 Configuration: This assigns a dynamic IP address to WAN1 using DHCP, ensuring it receives an IP from the ISP automatically.
• WAN2 Configuration: Assigning a static IP ensures WAN2 uses the fixed IP address provided by your ISP. This step is crucial for ISPs that do not provide DHCP for certain plans.

Step 3: Set Up Firewall NAT Rules

Terminal Commands

/ip firewall nat add chain=srcnat action=masquerade out-interface=WAN1 comment="NAT for WAN1"
/ip firewall nat add chain=srcnat action=masquerade out-interface=WAN2 comment="NAT for WAN2"

Steps in WinBox

1. Navigate to IP > Firewall > NAT.
2. Configure the following rules:
   • Rule 1 (WAN1):
     • Chain: srcnat
     • Action: masquerade
     • Out Interface: WAN1
     • Comment: NAT for WAN1
   • Rule 2 (WAN2):
     • Chain: srcnat
     • Action: masquerade
     • Out Interface: WAN2
     • Comment: NAT for WAN2

Explanation

• Why NAT Rules Are Needed: These rules ensure that outgoing traffic from your local network (LAN) is properly translated to use the respective public IPs of WAN1 and WAN2. Without these rules, devices on your LAN cannot access the internet.

Step 4: Configure Mangle Rules for Load Balancing

Terminal Commands

/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=WAN1_conn passthrough=yes dst-address-type=!local connection-mark=no-mark in-interface=Local_Network per-connection-classifier=src-address:2/0
/ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=WAN2_conn passthrough=yes dst-address-type=!local connection-mark=no-mark in-interface=Local_Network per-connection-classifier=src-address:2/1
/ip firewall mangle add chain=prerouting action=mark-routing new-routing-mark=to_WAN1 passthrough=yes connection-mark=WAN1_conn in-interface=Local_Network
/ip firewall mangle add chain=prerouting action=mark-routing new-routing-mark=to_WAN2 passthrough=yes connection-mark=WAN2_conn in-interface=Local_Network

Steps in WinBox

1. Navigate to IP > Firewall > Mangle.
2. Add connection marking rules:
   • Rule 1 (WAN1 Connection Mark):
     • Chain: prerouting
     • Action: mark-connection
     • New Connection Mark: WAN1_conn
     • Per Connection Classifier: src-address:2/0
     • In Interface: LAN
   • Rule 2 (WAN2 Connection Mark):
     • Chain: prerouting
     • Action: mark-connection
     • New Connection Mark: WAN2_conn
     • Per Connection Classifier: src-address:2/1
     • In Interface: LAN
3. Add routing marking rules:
   • Rule 1 (Route WAN1):
     • Chain: prerouting
     • Action: mark-routing
     • New Routing Mark: to_WAN1
     • Connection Mark: WAN1_conn
     • In Interface: LAN
   • Rule 2 (Route WAN2):
     • Chain: prerouting
     • Action: mark-routing
     • New Routing Mark: to_WAN2
     • Connection Mark: WAN2_conn
     • In Interface: LAN

Explanation

• Connection Marking*: This step divides traffic based on source addresses into two group*s, directing them to either WAN1 or WAN2.
• Routing Marking: Ensures marked traffic is routed through the correct WAN interface, enabling effective load balancing.

Step 5: Add Static Routes

Terminal Commands

/ip route add dst-address=0.0.0.0/0 gateway=10.0.0.1 distance=1 routing-mark=to_WAN1 check-gateway=ping
/ip route add dst-address=0.0.0.0/0 gateway=172.28.62.1 distance=2 routing-mark=to_WAN2 check-gateway=ping

Steps in WinBox

1. Navigate to IP > Routes.
2. Configure the following:
   • Route 1 (WAN1):
     • Destination Address: 0.0.0.0/0
     • Gateway: 10.0.0.1
     • Distance: 1
     • Routing Mark: to_WAN1
   • Route 2 (WAN2):
     • Destination Address: 0.0.0.0/0
     • Gateway: 172.28.62.1
     • Distance: 2
     • Routing Mark: to_WAN2

Explanation

• Static Routes: Define how marked traffic flows through the respective WAN gateways. Check-gateway=ping ensures routes remain active only if the gateway is reachable.

Step 6: Test Load Balancing and Failover

Terminal Commands

/tool torch interface=WAN1
/tool torch interface=WAN2
/ip firewall connection print where connection-mark~"WAN"

Steps in WinBox

1. Use Torch to monitor traffic on WAN1 and WAN2:
   • Navigate to Tools > Torch.
   • Select WAN1 or WAN2 to monitor traffic.
2. Disconnect one WAN to test failover functionality.
   • Traffic should seamlessly switch to the active WAN.
3. Reconnect the WAN and verify load balancing resumes.

Explanation

• Torch Tool: Helps visualize traffic distribution across interfaces.
• Failover Test: Ensures uninterrupted internet access if one WAN connection fails.

Final Thoughts

Setting up MikroTik Dual WAN Load Balancing and Failover enhances your network’s reliability and performance by optimizing traffic distribution and ensuring redundancy. By following this guide, your MikroTik router can provide uninterrupted internet access tailored to your needs.

For more networking tips, visit TechBreeze.