• Iklan text, 150 Karakter Free hingga akhir tahun
  • Iklan text, 150 Karakter Free hingga akhir tahun

Tutorial Load-balancing & Fail-over on Mikrotik

Posted by at
This time I will mengeshare how to load-balancing and Fail-over in this case exemplified MikroTik.Untuk ISP has 2 paths to the Internet. The access DSL (256 Kbps) and others using Wireless (512 Kbps). With DSL usage ratio: Wireless = 1:2.

Using all available paths to the gateway load-balancing techniques.
Make one of them as a back-up with fail-over techniques.
OK, let's just we started experiments:

IP address for accesss to LAN :
> /ip address add address=192.168.0.1/28 interface=LAN
IP address untuk akses ke jalur DSL :
> /ip address add address=10.32.57.253/29 interface=DSL
IP address untuk akses ke jalur Wireless :
> /ip address add address=10.9.8.2/29 interface=WIRELESS

Specify the gateway to the ratio of each :
> /ip route add gateway=10.32.57.254,10.9.8.1,10.9.8.1
In the case of fail-over techniques. Assumed to be the main route through the Wireless DSL line as a back-up if the main line is impassable. To check whether the main line can be passed or not, use the ping command.

> /ip firewall mangle add chain=prerouting src-address=192.168.0.0/28 action=mark-routing new-routing-mark=SUBNET1-RM
> /ip route add gateway=10.9.8.1 routing-mark=SUBNET1-RM check-gateway=ping
> /ip route add gateway=10.32.57.254

Good Luck!!

PCQ
By using type queue pcq in Mikrotik, we can divide the available bandwidth equally to the glutton-bandwidth when network at peak position.

For example, we subscribe to 256 Kbps. If anyone was surfing fun, so he can be all that bandwidth allocation. But once his friends come, say 9 people again, then each of them can be around 256/10 Kbps. Well .. still it is worth enough to open the open non-porn websites or just check e-mail and blogs.

Assumptions : Network Address 192.168.169.0/28, which leads to a user interface is named LAN, and interfaces leading to upstream provider named INTERNET;

Type in the console or terminal :
> /ip firewall mangle add chain=forward src-address=192.168.169.0/28 action=mark-connection new-connection-mark=NET1-CM
> /ip firewall mangle add connection-mark=NET1-CM action=mark-packet new-packet-mark=NET1-PM chain=forward
> /queue type add name=downsteam-pcq kind=pcq pcq-classifier=dst-address
> /queue type add name=upstream-pcq kind=pcq pcq-classifier=src-address
> /queue tree add parent=LAN queue=DOWNSTREAM packet-mark=NET1-PM
> /queue tree add parent=INTERNET queue=UPSTREAM packet-mark=NET1-PM

Good Luck!!

Manipulating ToS ICMP and DNS in Mikrotik

Objective: Minimize delay ping from the client side in the direction of the Internet. Accelerate resolving hostnames to IP addresses.

Assumptions : The clients are in the 10.10.10.0/28 subnet

Manipulating the Type of Service to the ICMP packet :
> ip firewall mangle add chain=prerouting src-address=10.10.10.0/28 protocol=icmp action=mark-connection new-connection-mark=ICMP-CM passthrough=yes 
> ip firewall mangle add chain=prerouting connection-mark=ICMP-CM action=mark-packet new-packet-mark=ICMP-PM passthrough=yes 
> ip firewall mangle add chain=prerouting packet-mark=ICMP-PM action=change-tos new-tos=min-delay
Memanipulasi Type of Service untuk DNS Resolving :
> ip firewall mangle add chain=prerouting src-address=10.10.10.0/28 protocol=tcp dst-port=53 action=mark-connection new-connection-mark=DNS-CM passthrough=yes 
> ip firewall mangle add chain=prerouting src-address=10.10.10.0/28 protocol=udp dst-port=53 action=mark-connection new-connection-mark=DNS-CM passthrough=yes 
> ip firewall mangle add chain=prerouting connection-mark=DNS-CM action=mark-packet new-packet-mark=DNS-PM passthrough=yes
> ip firewall mangle add chain=prerouting packet-mark=DNS-PM action=change-tos new-tos=min-delay
Adding Queue Type :
> queue type add name=”PFIFO-64″ kind=pfifo pfifo-limit=64
Mengalokasikan Bandwidth untuk ICMP Packet :
> queue tree add name=ICMP parent=INTERNET packet-mark=ICMP-PM priority=1 limit-at=8000 max-limit=16000 queue=PFIFO-64
Mengalokasikan Bandwidth untuk DNS Resolving :
> queue tree add name=DNS parent=INTERNET packet-mark=DNS-PM priority=1 limit-at=8000 max-limit=16000 queue=PFIFO-64
Good Luck!!
Queue Tree with more than two interfaces

Basic Setup

This page will tak about how to make QUEUE TREE in RouterOS that with Masquerading for more than two interfaces. It’s for sharing internet connection among users on each interfacess. In manual this possibility isn’t writted.

First, let’s set the basic setting first. I’m using a machine with 3 or more network interfaces:
[admin@instaler] > in pr
# NAME TYPE RX-RATE TX-RATE MTU
0 R public ether 0 0 1500
1 R wifi1 wlan 0 0 1500
2 R wifi2 wlan 0 0 1500
3 R wifi3 wlan 0 0 1500
And this is the IP Addresses for each interface:

[admin@instaler] > ip ad pr
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 10.20.1.0/24 10.20.1.0 10.20.1.255 public
1 10.10.2.0/24 10.10.2.0 10.10.2.255 wifi1
2 10.10.3.0/24 10.10.3.0 10.10.3.255 wifi2
3 10.10.4.0/24 10.10.4.0 10.10.4.255 wifi3
On the public you can add NAT or proxy if you want.

Mangle Setup

And now is the most important part in this case.
We need to mark our users. One connectoin for upload and second for download. In this example I add mangle for one user. At the end I add mangle for local transmission because I don’t QoS local trafic emong users. But for user I need to separate upload and download.

[admin@instaler] ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
disabled=no
0 chain=forward dst-address=10.10.2.36 action=mark-connection
new-connection-mark=users-userU passthrough=yes comment=”” disabled=no
1 chain=forward dst-address=10.10.2.36 action=mark-connection
new-connection-mark=users-userD passthrough=yes comment=”” disabled=no
2 chain=forward connection-mark=users-userU action=mark-packet
new-packet-mark=userU passthrough=yes comment=”” disabled=no
3 chain=forward connection-mark=users-userD action=mark-packet
new-packet-mark=userD passthrough=yes comment=”” disabled=no
98 chain=forward src-address=10.10.0.0/16 dst-address=10.10.0.0/16
action=mark-connection new-connection-mark=users-lokal passthrough=yes
99 chain=forward connection-mark=users-lokal action=mark-packet
new-packet-mark=lokalTrafic passthrough=yes
Queue Tree Setup
And now, the queue tree setting. We need one rule for downlink and one rule for uplink. Be careful when choosing the parent. for downlink traffic, we use parent “global-out”, because we have two or more downloading interfaces. And for uplink, we are using parent “public”, we want QoS uplink traffic. (I’m using pcq-up and download from manual) This example is for 2Mb/1Mb

[admin@instaler] > queue tree pr
Flags: X - disabled, I - invalid
0 name=”Download” parent=global-out packet-mark=”” limit-at=0
queue=pcq-download priority=1 max-limit=2000000 burst-limit=0
burst-threshold=0 burst-time=0s
1 name=”Upload” parent=WGW packet-mark=”” limit-at=0 queue=pcq-upload
priority=1 max-limit=1000000 burst-limit=0 burst-threshold=0
burst-time=0s
Now we add our user :
2 name=”user10D” parent=Download packet-mark=userD limit-at=0
queue=pcq-download priority=5 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0s
3 name=”user10U” parent=Upload packet-mark=userU limit-at=0
queue=pcq-upload priority=5 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s

MAC Address + IP Address Linux

#!/bin/sh

iptables=/sbin/iptables

#definition default policy in here
$iptables -F INPUT
$iptables -F OUTPUT
$iptables -P INPUT DROP
$iptables -P OUTPUT DROP #remember for open policy outpu
$iptables -F FORWARD
$iptables -F -t nat
$iptables -P FORWARD DROP

#The default definition of policy and make a new chain named maccheck in interface eth1
$iptables -t mangle -F
$iptables -t mangle -F maccheck
$iptables -t mangle -X maccheck
$iptables -t mangle -N maccheck
$iptables -t mangle -I PREROUTING -i eth1 -p all -j maccheck

#self explanatory… ip address + mac
$iptables -t mangle -A maccheck -s 192.168.0.1 -i eth1 -m mac -j RETURN
–mac-source
00:80:11:11:11:11
$iptables -t mangle -A maccheck -s 192.168.0.2 -i eth1 -m mac -j RETURN
–mac-source
00:80:22:22:22:22
$iptables -t mangle -A maccheck -s 192.168.0.3 -i eth1 -m mac -j RETURN
–mac-source
00:80:33:33:33:33

# other than those listed both isp and ac will be on the mark for later in the drop, fill it with one that is active mac anywhere who
#example 00:80:11:11:11:11 which we have defined above
$iptables -t mangle -A maccheck -s 0/0 -i eth1 -m mac -j MARK –mac-source !
00:80:11:11:11:11
–set-mark 1
$iptables -t mangle -A maccheck -s 0/0 -i eth1 -p all -j MARK –set-mark 1

#reply packet drop in mark
$iptables -A INPUT -i eth1 -m mark –mark 1 -j DROP
$iptables -A OUTPUT -o eth1 -m mark –mark 1 -j DROP
$iptables -A FORWARD -i eth1 -m mark –mark 1 -j DROP

Thanks :D

Tidak ada komentar untuk " Tutorial Load-balancing & Fail-over on Mikrotik "

Prohibited from using harsh words and the words of the SARA, the words that indicate the Flame against someone that I would quarrel delete and block from this blogspot!!
--------------------------------------------
Dilarang menggunakan kata-kata kasar dan kata-kata yang mengandung SARA, kata-kata yang mengindikasikan Flame terhadap seseorang sehingga terjadi pertengkaran akan saya hapus dan blok dari blogspot ini !!

Back to Top