Load Balancing used to the MikroTiK (PCC Method)

MikroTik load balancing is a technique for distributing traffic loads on two or more connection lines in a balanced way, so that traffic can run optimally, maximizing throughput, minimizing response times and avoiding overloading on one of the connection lines.

Load balance
Load balance

During this time many of us think wrongly, that by using a load balancing of two connection lines, the bandwidth we get will be double the bandwidth before using load balancing (the accumulation of the two bandwidths). We need to clarify this first, that load balance will not increase the bandwidth we get, but only serves to divide the traffic of the two bandwidths so that it can be used equally.

With this article, we will prove that the use of load balancing is not like the mathematical formula 512 + 256 = 768, but 512 + 256 = 512 + 256, or 512 + 256 = 256 + 256 + 256.

In this article we use RB433UAH with the following conditions:

  • Ether1, Ether2 connected to different ISPs with different bandwidths. ISP1 of 512kbps and ISP2 of 256kbps.
  • We will use internal web-proxy and use OpenDNS.
  • MikroTik RouterOS you use version 4.5 because the PCC known in version 3.24.

The configuration that we will describe here must be adjusted to the configuration for your local network.

Basic Configuration of Load Balancing using the PCC Method

The following is the Network Topology and IP address that we will use :

topologi loadbalance pcc
topology load-balance PCC

Client, with WLAN cable use IP to netmask, where IP be compiled with DNS and Gateway. If you use DNS from one of your ISPs, then there will be an additional mangle that we will give a bold sign.
Configuring IP and DNS is correct. We must install a default route to each of our ISP’s IP gateways so that the router forwards all traffic that is not connected to it to the gateway. Here we use the check-gateway feature to be useful if one of our gateways is broken, then the connection will be deflected to another gateway.

For setting the Access Point so that the client PC can connect to our wireless, we use the command.

/interface wireless
set wlan2 mode=ap-bridge band=2.4ghz-b/g ssid=Mikrotik disabled=no

In order for the client PC to connect to the internet, we must also change the client’s private IP to the public IP that is on our public interface, namely ether1 and ether2.

/ ip firewall nat
add action = masquerade chain = srcnat out-interface = ether1
add action = masquerade chain = srcnat out-interface = ether2

Until this step, the router and PC client can already connect to the internet. Ping both the router or PC client to the internet. If that doesn’t work, check your configuration again.

Web Proxy Internal Load Balance using the PCC Method

On certain routerboard, such as RB450G, RB433AH, RB433UAH, RB800 and RB1100 have expansion slots (USB, MicroSD, CompactFlash) for additional storage. In the following example, we will use a USB flash that is paired with a USB slot. For the first time installation, this additional storage will read invalid status in / system store. order as a cache storage media, storage must be formatted and activated. Later we just need to activate web proxy and set cache-on-disk = yes to use our storage media. Don’t forget to turn HTTP traffic (TCP port 80) into our web proxy.

/store disk format-drive usb1
add disk=usb1 name=cache-usb type=web-proxy
activate cache-usb/ip proxy
set cache-on-disk=yes enabled=yes max-cache-size=200000KiB port=8080

/ip firewall nat
add chain=dstnat protocol=tcp dst-port=80 in-interface=wlan2 action=redirect to-ports=8080

Mangle Load Balance settings using the PCC Method

At load balancing this time we will use a feature called PCC (Per Connection Classifier). With PCC we can classify the connection traffic that goes through or out of the router into several groups. This grouping distinguished by src-address, dst-address, src-port and or dst-port. remember the gateway path that is passed at the beginning of the connection traffic.

So that the next packets are still related to the connection will initially be passed on the same gateway path. The advantage of this PCC that answers many complaints is frequent connection breakdowns in other load-balancing techniques before the existence of PCC because of gateway switching.

Before creating mangle load balance, to prevent routing loops from occurring traffic, all client traffic to the network that is connected directly to the router must bypass load balancing. We can make a list of IPs that are still in a network router and install the first mangle as follows.

In certain cases, the first traffic can originate from the Internet, such as using a remote winbox or telnet from the internet and so on, therefore we also need a mark-connection to mark the traffic so that the back traffic can also pass through the interface where the traffic is entering.

/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether1 new-connection-mark=con-from-isp1 passthrough=yes comment=”Trafik from isp1”
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether2 new-connection-mark=con-from-isp2 passthrough=yes comment=”Trafik from isp2”

Generally, an ISP will restrict its DNS server access from IPs that it only knows, so if you use DNS from one of your ISPs, you must add a mangle so that the DNS traffic through the ISP’s gateway is not through another ISP’s gateway. Here we provide mangle DNS ISP1 through the ISP1 gateway. If you use public independent DNS, like OpenNns, you don’t need the mangle below.

/ip firewall mangle

Because we use web proxy on a router, there are 2 types of traffic we need to load. The first is the traffic from the client to the internet (non HTTP). And traffic from the web proxy to the internet. To be more structured and easy to read, we will use custom-chain as follows:

/ip firewall mangle
add action=jump chain=prerouting comment=”jump to client-lb” connection-mark=no-mark in-interface=wlan2 jump-target=client-lb
add action=jump chain=output comment=”jump to lb-proxy” connection-mark=no-mark out-interface=!wlan2 jump-target=lb-proxy

mangle above, for client load balancing traffic, make sure the in-interface parameter is the interface connected to the client, and for web proxy load balancing traffic.

Use chain output with out-interface parameters that are not connected to the client interface.

Custom chains for load balancing are created, we can create a Mangle in the custom chain as follows.

/ip firewall mangle
add action=mark-connection chain=client-lb dst-address-type=!local new-connection-mark=to-isp1 passthrough=yes per-connection-classifier=both-addresses:3/0 comment=”awal loadbalancing klien”
add action=mark-connection chain=client-lb dst-address-type=!local new-connection-mark=to-isp1 passthrough=yes per-connection-classifier=both-addresses:3/1
add action=mark-connection chain=client-lb dst-address-type=!local new-connection-mark=to-isp2 passthrough=yes per-connection-classifier=both-addresses:3/2
add action=return chain=client-lb comment=”End Of Balancing”/ip firewall mangle
add action=mark-connection chain=lb-proxy dst-address-type=!local new-connection-mark=con-from-isp1 passthrough=yes per-connection-classifier=both-addresses:3/0 comment=”awal load balancing proxy”
add action=mark-connection chain=lb-proxy dst-address-type=!local new-connection-mark=con-from-isp1 passthrough=yes per-connection-classifier=both-addresses:3/1
add action=mark-connection chain=lb-proxy dst-address-type=!local new-connection-mark=con-from-isp2 passthrough=yes per-connection-classifier=both-addresses:3/2
add action=return chain=lb-proxy comment=”End Of Balancing”

For the example above, the client and web proxy load balancing use the same PCC traffic separation parameter, both-address, so the router will remember based on the src-address and dst-address of a connection. Because our ISP traffic is different (512kbps and 256kbps), we divide the traffic load into 3 parts. The first 2 sections will pass through the ISP1 gateway, and the last 1 section will pass through the ISP2 gateway. If each of the client and proxy traffic has been marked, the next step is to create a mangle mark-route that will be used in the routing process later.

/ip firewall mangle

Routing Load Balance settings using the PCC Method

Setting the mangle above will not be useful if you have not made routing based on the mark-routes that we have made.

Make a backup, so that if the Gateway is lost, then all connections will pass the respective Gateway connected.

/ip route

Load Balancing Testing using the PCC Method

From our test results, obtained as follows:

tetsing loadbalance pcc
testing load-balance PCC

The picture shows that only by downloading 1 file (1 connection). We only get the speed of 56kBps (448kbps) because when it passes through the ISP1 gateway, whereas if we download the file (open a new connection) again on another website, we will get 30kBps (240kbps).

From this test, it can be concluded that 512kbps + 256kbps ≠ 768kbps.


  • Load balancing using this PCC technique will run effectively and close to balanced if more connections (from the client) occur.
  • Use an ISP that has FIX bandwidth instead of Share to get more optimal results.
  • Load Balancing using PCC is not always a complete solution that will work well on all types of networks. Because the process of balancing traffic is based on probability logic.

Thus the article about the Load Balance tutorial using the PCC Method using a Mikrotik. I hope this helps.

Leave a Reply

Your email address will not be published. Required fields are marked *