1. NTH load balancing with masquerade
Untuk metode ini dns mikrotik harus sama dengan dns di client. Jika tidak load balancing tidak akan jalan
A. Penggunaan di Mikrotik versi 2.xx
- Pada mikrotik versi 2.xx, Definisi NTH-nya adalah NTH=Every,Counter,Packet contoh : nth=1,1,0 . 1,1,1 . 1,1,2
Contoh implementasi pada 3 koneksi :
/ip firewall mangle
add chain=prerouting in-interface=lan connection-state=new nth=1,1,0 action=mark-connection new-connection-mark=odd passthrough=yes comment=”Load Balancing” disabled=no
add chain=prerouting in-interface=lan connection-mark=odd action=mark-routing new-routing-mark=odd passthrough=no comment=”" disabled=no
add chain=prerouting in-interface=lan connection-state=new nth=1,1,1 action=mark-connection new-connection-mark=even passthrough=yes comment=”" disabled=no
add chain=prerouting in-interface=lan connection-mark=even action=mark-routing new-routing-mark=even passthrough=no comment=”" disabled=no
add chain=prerouting in-interface=lan connection-state=new nth=1,1,2 action=mark-connection new-connection-mark=last passthrough=yes comment=”" disabled=no
add chain=prerouting in-interface=lan connection-mark=even action=mark-routing new-routing-mark=last passthrough=no comment=”" disabled=no
/ip firewall nat
add chain=srcnat connection-mark=odd action=src-nat to-addresses=172.16.0.2(ip mikrotik ke modem1) to-ports=0-65535 comment="" disabled=no
add chain=srcnat connection-mark=even action=src-nat to-addresses=172.16.1.2 (ip mikrotik ke modem 2 ) to-ports=0-65535 comment="" disabled=no
add chain=srcnat connection-mark=last action=src-nat to-addresses=172.16.2.2 (ip mikrotik ke modem 3 ) to-ports=0-65535 comment="" disabled=no
/ip route
add dst-address=0.0.0.0/0 gateway=172.16.0.1 scope=255 target-scope=10 routing-mark=odd comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=172.16.1.1 scope=255 target-scope=10 routing-mark=even comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=172.16.2.1 scope=255 target-scope=10 routing-mark=last comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=172.16.0.1 scope=255 target-scope=10 disabled=no comment="gateway for the router itself"
B. Penggunaan di Mikrotik versi 3.xx - 4.xx-Pada mikrotik versi 3.xx dan 4 keatas, Definisi NTH-nya adalah NTH=Counter,Packet contoh : NTH=3,1 . 3,2 . 3,3 atau bisa juga NTH=3,1 . 2,1 . 1,1
Contoh implementasi pada 2 koneksi NTH=2,1 . 2,2 bisa juga NTH=2,1 . 1,1 :
/ip firewall mangle
Jika menambahkan persistent user sessions:
add chain=prerouting src-address-list=odd in-interface=lan action=mark-connection new-connection-mark=odd passthrough=yes
add chain=prerouting src-address-list=odd in-interface=lan action=mark-routing new-routing-mark=odd
add chain=prerouting src-address-list=even in-interface=lan action=mark-connection new-connection-mark=even passthrough=yes
add chain=prerouting src-address-list=even in-interface=lan action=mark-routing new-routing-mark=even
Tanpa persistent user sessions hilangkan rule yang merah
add chain=prerouting in-interface=lan connection-state=new nth=2,1 action=mark-connection new-connection-mark=odd passthrough=yes
add chain=prerouting in-interface=lan action=add-src-to-address-list address-list=odd address-list-timeout=1d connection-mark=odd passthrough=yes
add chain=prerouting in-interface=lan connection-mark=odd action=mark-routing new-routing-mark=odd passthrough=no
add chain=prerouting in-interface=lan connection-state=new nth=2,2 action=mark-connection new-connection-mark=even passthrough=yes
add chain=prerouting in-interface=lan action=add-src-to-address-list address-list=even address-list-timeout=1d connection-mark=even passthrough=yes
add chain=prerouting in-interface=lan connection-mark=even action=mark-routing new-routing-mark=even passthrough=no
(Persistent user)Untuk menghindari ip sama pada list address odd dan event tambahkan rule berikut :
add chain=prerouting in-interface=lan connection-state=new nth=2,1 src-address-list=!even action=mark-connection new-connection-mark=odd passthrough=yes
add chain=prerouting in-interface=lan connection-state=new nth=2,2 src-address-list=!odd action=mark-connection new-connection-mark=even passthrough=yes
/ ip firewall nat
add chain=srcnat out-interface=speedy1 action=masquerade
add chain=srcnat out-interface=speedy2 action=masquerade
/ ip route
add dst-address=0.0.0.0/0 gateway=172.16.0.1 scope=255 target-scope=10 routing-mark=odd
add dst-address=0.0.0.0/0 gateway=172.16.1.1 scope=255 target-scope=10 routing-mark=even
add dst-address=0.0.0.0/0 gateway=172.16.0.1 scope=255 target-scope=10 comment="gateway for router"
2. ECMP (Equal Cost Multi-Path) load balancing with masquerade
Yang perlu diperhatikan disini bagaimana mikrotik terkoneksi dgn internet, misalnya jika salah satu modem melakukan dial-up ke internet, maka modem yang lain harus diset dial-up juga tidak bridge. Begitu juga jika mikrotik diset melakukan dial-up ke speedy (pppoe), maka kedua koneksi harus didial-up oleh mikrotik ( kedua modem diset bridging).
/ip firewall mangle
add chain=input in-interface=speedy1 action=mark-connection new-connection-mark=speedy1_conn
add chain=input in-interface=speedy2 action=mark-connection new-connection-mark=speedy2_conn
add chain=output connection-mark=speedy1_conn action=mark-routing new-routing-mark=to_speedy1
add chain=output connection-mark=speedy2_conn action=mark-routing new-routing-mark=to_speedy2
/ ip firewall nat
add chain=srcnat out-interface=speedy1 action=masquerade
add chain=srcnat out-interface=speedy2 action=masquerade
/ ip route
add dst-address=0.0.0.0/0 gateway=172.16.0.1 routing-mark=to_speedy1
add dst-address=0.0.0.0/0 gateway=172.16.1.1 routing-mark=to_speedy2
Rule dibawah ini akan mengaktifkan failover effect
add dst-address=0.0.0.0/0 gateway=172.16.0.1,172.16.1.1 check-gateway=ping
Jika bandwith 2 koneksi tersebut berbeda misal yang satunya 2 mb dan satu lagi 10 mb maka digunakan asymmetric bandwidth links dgn perbandingan 1:5. Penerapannya sbb:
add dst-address=0.0.0.0/0 gateway=172.16.0.1,172.16.1.1,172.16.1.1,172.16.1.1,172.16.1.1,172.16.1.1 check-gateway=ping
3. Load balancing dgn policy routing berdasarkan ip address client
Maksudnya disini jika kita mempunyai 2 koneksi . Maka 2 koneksi itu akan dibagi ke client menjadi 2 kelompok, misalnya ; 192.168.1.1 - 192.168.1.3 akan dirouting ke speedy1 dan 192.168.1.4 - 192.168.1.6 akan dirouting ke speedy2
/ip firewall address-list
add address=192.168.1.1 disabled=no list=ipwarnet
add address=192.168.1.2 disabled=no list=ipwarnet
add address=192.168.1.3 disabled=no list=ipwarnet
add address=192.168.1.4 disabled=no list=ipwarnet2
add address=192.168.1.5 disabled=no list=ipwarnet2
add address=192.168.1.6 disabled=no list=ipwarnet2
/ip firewall mangle
add chain=prerouting src-address-list=ipwarnet action=mark-routing new-routing-mark=speedy1 comment="ke speedy1"
add chain=prerouting src-address-list=ipwarnet2 action=mark-routing new-routing-mark=speedy2 comment="ke speedy1"
/ip firewall nat
- add action=masquerade chain=srcnat comment="default configuration" disabled=no
/ip route
add dst-address=0.0.0.0/0 gateway=172.16.0.1 routing-mark=speedy1
add dst-address=0.0.0.0/0 gateway=172.16.1.1 routing-mark=speedy2
4. Load Balancing menggunakan PCC method ( not tested yet ) di RB750
Source : http://aacable.wordpress.com
Load Balance menggunakan PCC (
per-connection-classifier)dengan both addresses and ports sebagai classifier ( bisa juga dgn src-address sebagai classifier )===============================================
/ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 interface=WAN1
add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN2
/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=221.132.112.8,8.8.8.8
/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping
/ip firewall nat add chain=srcnat out-interface=WAN1 action=masquerade add chain=srcnat out-interface=WAN2 action=masquerade
=======================================================
Jika bandiwth wan berbeda misalnya wan1 = 4 mbps dan wan2 = 8 mbps,
dgn ratio 1:2 maka tambahkan rule PCC untuk marking koneksi di wan2
/ip firewall mangleadd chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/2 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
ijin belajar bg
ReplyDelete