How-To: Bond Multiple DSL connections with MLPPP and a MikroTik RouterBoard
Posted by Wayne on Friday, 14 February 2014
Multi Link Point to Point Protocol is a nifty protocol which allows for the bonding of multiple lines. With a MLPPP enabled DSL account, two or more lines, DSL modems in bridged mode and a bonding router such as a Mikrotik routerboard, you can effectively quadruple the speed (minus a little overhead) of a DSL connection.
Here's how! connect to the Mikrotik via the Winbox application and follow along.
PPP -> "Interface" Tab:
- Hit the red plus sign
- pick "PPPoE Client"
- under the "General" tab:
1. add the interfaces to be bonded at the bottom.
- under the "Dial Out" tab:
1. add the PPPoE authentication information to the "User" and "Password" fields.
Interfaces -> "Interface" Tab:
- There should be a pppoe-out1 interface listed
- Double click each interface you added to the bonded connection in the previous step.
1. Click the dropdown "Master Port" field, and select "none" (rather than ether2-master). This step is absolutely essential. If you don't do it, the bonding will not work.
IP -> DHCP Client:
- Delete the default DHCP client set up on ether1-gateway, as it will interfere with the PPPoE connection otherwise.
IP -> DHCP Server:
- Disable or delete the default DHCP server set up on ether2-master if something else on the customer network is handling DHCP. If you do not disable this, the routerboard will hand out addresses on the 192.168.88.0/24 network, possibly interfering with the existing LAN configuration.
IF YOU NEED TO ADD A BLOCK OF IP ADDRESSES (eg: 22.214.171.124/29 totally made up of course)
IP -> Addresses:
- Hit the red plus sign
- Fill in the "Address" field: Give the routerboard the first "usable" IP address in the range (in this example, it is 126.96.36.199), but with the proper netmask. Don't worry about filling in the "Network" and "Broadcast" fields, since these are populated automatically when you fill in a netmask in the Address field and hit "OK" or "Apply".
- EG: 188.8.131.52/29, and hit Apply.
- Choose "ether2-master" from the dropdown. Hit "OK".
IP -> Firewall -> "Filter Rules" Tab:
- Change all default rules from triggering on all -> ether1-gateway, to pppoe-out1, or they won't take effect.
- Add a rule for the Routerboard management port so we can connect remotely and make changes:
General Tab -> Chain: Input, Protocol: 6 (tcp), Dst. Port: 8291, In. Interface: pppoe-out1
NOTE: Ensure the rule is ABOVE the final drop rule in the default configuration, or attempts to connect to the Routerboard on 8291 will not succeed, and we will not have remote access.
IP -> Firewall -> "NAT" Tab:
- Change default rule to do masquerading via pppoe-out1 rather than ether1-gateway (as per default).
- IF THERE IS A BLOCK OF ROUTED IPs ADDED TO THE ROUTERBOARD:
-> add an additional condition to the NAT rule: Add the IP range to the "Src. Address" field, and then click the box that appears to the left of the "Src. Address" field. An exclamation mark will appear, indicating that the rule is INVERSE. ie: the rule effectively now says that IF a packet comes from an IP address that IS NOT in the range of specified IPs, it should be masqueraded with the external public IP address of the Routerboard. If a packet comes from a normal LAN private IP address, it will still be masqueraded. This allows you to have both a LAN of firewalled workstations AND several network appliances that have their own public IP addresses on the Internet.