Load Balance / Load Balancing Mikrotik is a technique or method to divide the
load into multiple lines (links) so that the use of the path (link) to be
better. Previous
load balancing Mikrotik I've discussed in this article Load Balance / Load
Balancing Mikrotik.
Later in this article I will discuss about
how to set load balancing proxy receipts PPC method. Due to time constraints and equipment, Load Balance mikrotik Tutorial this time I took from the web mikrotik.co.id as follows:
During this time many of us who think wrong, that by using load balance two connection lines, then the bandwidth that we will get into a doubling of bandwidth before using load balance (accumulation of the second bandwidth). It needs to be clear in advance, that load balance will not add much bandwidth we earn, but only served to divide the traffic from both the bandwidth to be used in a balanced manner.
With this article, we will prove that the use of load balancing unlike mathematical formulas 512 + 256 = 768, but 512 + 256 = 512 + 256 or 512 + 256 = 256 + 256 + 256.
In this article we use RB433UAH with the following conditions:
1. ether1 and ether2 connected to different ISPs with large bandwidth different. ISP1 at 512 kbps and 256 kbps for ISP2.
2. We will use internal web-proxy and use Open DNS.
3. RouterOS you use version 4.5 because the feature version of the PCC became known in 3:24.
If the above condition is different from your local network conditions, the configuration that we describe here will have to customize the configuration for your local network.
Basic Configuration
The following is the network topology and IP addresses that will be used
The following is the network topology and IP addresses that will be used
“/ ip address
add address = 192.168.101.2 / 30 interface = ether1
add address = 192.168.102.2 / 30 interface = ether2
add address = 10.10.10.1 / 24 interface = wlan2
/ ip dns
set allow-remote-requests = yes primary-secondary dns-dns = 208.67.222.222 = 208.67.220.220”
For client connections, we are using a wireless connection on wlan2 with a range of client IP 10.10.10.2 s / d 10.10.10.254 netmask 255.255.255.0, which are attached to the IP 10.10.10.1 wlan2 serves as a gateway and dns server from the client. If you use one of the DNS from your ISP, then there will be additional mangle we will provide bold mark
After configuring the IP and DNS are correct, we need to pair the default route to each of us that ISP gateway IP routers forward all traffic that is not connected to it to the gateway. Here we use the check-gateway feature is useful if one of the gateways we break up, then the connection will be diverted to the other gateways.
add address = 192.168.101.2 / 30 interface = ether1
add address = 192.168.102.2 / 30 interface = ether2
add address = 10.10.10.1 / 24 interface = wlan2
/ ip dns
set allow-remote-requests = yes primary-secondary dns-dns = 208.67.222.222 = 208.67.220.220”
For client connections, we are using a wireless connection on wlan2 with a range of client IP 10.10.10.2 s / d 10.10.10.254 netmask 255.255.255.0, which are attached to the IP 10.10.10.1 wlan2 serves as a gateway and dns server from the client. If you use one of the DNS from your ISP, then there will be additional mangle we will provide bold mark
After configuring the IP and DNS are correct, we need to pair the default route to each of us that ISP gateway IP routers forward all traffic that is not connected to it to the gateway. Here we use the check-gateway feature is useful if one of the gateways we break up, then the connection will be diverted to the other gateways.
“/ ip route
add dst-address = 0.0.0.0 / 0 gateway = 192.168.101.1 distance = 1 check-gateway = ping
add dst-address = 0.0.0.0 / 0 gateway = 192.168.102.1 distance = 2 check-gateway = ping”
For Access Point settings so the PC can connect to the wireless client, we use the command
“/ interface wireless
wlan2 set mode = ap-bridge-band = 2.4GHz b / g ssid = Mikrotik disabled = no”
In order for the client PC can connect to the Internet, we also need to change the client to the private IP public IP that is in the public interface we are ether1 and ether2.
“/ ip firewall nat
add action = masquerade chain = srcnat out-interface = ether1
add action = masquerade chain = srcnat out-interface = ether2”
Up to this step, routers and PC client has been able to make an internet connection. Ping both the router or client PC to the internet. If not successful, check your configuration again.
Internal webproxy
At certain routerboard, such RB450G, RB433AH, RB433UAH, RB800 and RB1100 has expansion slots (USB, MicroSD, CompactFlash) for additional storage. In the following example, we will use the usb flash drive attached to the USB slot. For the first time installation, additional storage will read invalid status in the / system store. To be used as a storage media cache, the storage must be formatted in advance and enabled Later we live webproxy activate and set-on-disk cache = yes to use our storage media. Do not forget to deflect HTTP traffic (TCP port 80) into webproxy us.
“/ store disk-drive format USB1
/ store
add disk = USB1 name = cache-usb type = web-proxy
activate cache-usb
/ ip proxy
set-on-disk cache = yes enabled = yes max-cache-size = 200000KiB port = 8080
/ ip firewall nat
add chain = dstnat protocol = tcp dst-port = 80 in-interface = wlan2 action = redirect to-ports = 8080”
Setting Mangle
At loadbalancing this time we will use a feature called PCC (Per Connection Classifier). PCC we can categorize traffic connections through or out of the router into several groups. These groupings can be distinguished by src-address, dst-address, or src-port and dst-port. Router will remember the beginning of the path through which the traffic gateway connections, so that the subsequent packets are still associated with the connection will initially be passed on the same gateway path. The advantage of this PCC who answered the many complaints often break the connection on the other loadbalancing techniques prior to the PCC because of the displacement gateway.
Before making mangle loadbalance, to prevent routing loops in traffic, then all client traffic to the network that is connected directly to the router, should we bypass of loadbalancing. We can create a list of IPs that are still in the network router and install the first time following mangle
“/ ip firewall address-list
add address = 192.168.101.0 / 30 list = local
add address = 192.168.102.0 / 30 list = local
add address = 10.10.10.0 / 24 list = local”
“/ ip firewall mangle
add action = accept chain = prerouting dst-address-list = local in-interface = wlan2 comment = "local traffic"
add action = accept chain = output dst-address-list = local”
In certain cases, the first traffic can come from the Internet, such as the use of remote winbox or telnet from the internet and so on, therefore we also need mark-to mark the traffic connection so that traffic can pass through the interface behind which the incoming traffic
“/ ip firewall mangle
add action = mark-connection chain = prerouting connection-mark = no-mark in-interface = ether1 new-connection-mark = con-from-isp1 passthrough = yes comment = "traffic from isp1"
add action = mark-connection chain = prerouting connection-mark = no-mark in-interface = ether2 new-connection-mark = con-from-isp2 passthrough = yes comment = "traffic from isp2"
Generally, an ISP will restrict access to the DNS server of the IP that only the familiar, so if you use one of the DNS from your ISP, you must add a mangle so that the DNS traffic through the gateway ISP is concerned not with other ISPs gateway. Here we provide DNS mangle ISP1 through ISP1 gateway. If you are using a public independent DNS, such as OpenDNS, you do not need mangle below.
“/ ip firewall
mangle
add action = mark-connection chain = output comment = dns dst-address = 202.65.112.21 dst-port = 53 new-connection-mark = dns passthrough = yes protocol = tcp comment = "DNS traffic citra.net.id"
add action = mark-connection chain = output dst-address = 202.65.112.21 dst-port = 53 new-connection-mark = dns passthrough = yes protocol = udp
add action = mark-routing chain = output connection-mark = dns new-routing-mark = route-to-isp1 passthrough = no”
Because we use webproxy on the router, then the traffic we need loadbalance there are two types. The first is the traffic from the client to the Internet (non-HTTP), and the traffic of webproxy to the internet. To be more structured and easy in his reading, we will use a custom-chain as follows:
add action = mark-connection chain = output comment = dns dst-address = 202.65.112.21 dst-port = 53 new-connection-mark = dns passthrough = yes protocol = tcp comment = "DNS traffic citra.net.id"
add action = mark-connection chain = output dst-address = 202.65.112.21 dst-port = 53 new-connection-mark = dns passthrough = yes protocol = udp
add action = mark-routing chain = output connection-mark = dns new-routing-mark = route-to-isp1 passthrough = no”
Because we use webproxy on the router, then the traffic we need loadbalance there are two types. The first is the traffic from the client to the Internet (non-HTTP), and the traffic of webproxy to the internet. To be more structured and easy in his reading, we will use a custom-chain as follows:
“/ ip firewall mangle
add action = jump chain = prerouting comment = "jump to client-lb" connection-mark = no-mark in-interface = wlan2 jump-target = client-lb
add action = jump chain = output comment = "jump lb-proxy" connection-mark = no-mark out-interface =! wlan2 jump-target = lb-proxy”
At mangle above, to make sure the client loadbalance traffic parameters in-interface is the interface connected to the client, and for traffic loadbalance webproxy, we use the output chain with out-interface parameters that are not connected to the client interface. Once the chain for loadbalancing custom made, we can create a custom chain mangle in the following
“/ ip firewall mangle
add action = mark-connection client-lb chain = dst-address-type =! local new-connection-mark = to-isp1 passthrough = yes per-connection-classifier = both-addresses: 3/0 comment = "initial client loadbalancing "
add action = mark-connection client-lb chain = dst-address-type =! local new-connection-mark = to-isp1 passthrough = yes per-connection-classifier = both-addresses: 3/1
add action = mark-connection client-lb chain = dst-address-type =! local new-connection-mark = to-isp2 passthrough = yes per-connection-classifier = both-addresses: 3/2
add action = return chain = client-lb comment = "end of loadbalancing"
/ ip firewall mangle
add action = mark-connection proxy chain = lb-dst-address-type =! local new-connection-mark = con-from-isp1 passthrough = yes per-connection-classifier = both-addresses: 3/0 comment = "early load balancing proxy "
add action = mark-connection proxy chain = lb-dst-address-type =! local new-connection-mark = con-from-isp1 passthrough = yes per-connection-classifier = both-addresses: 3/1
add action = mark-connection proxy chain = lb-dst-address-type =! local new-connection-mark = con-from-isp2 passthrough = yes per-connection-classifier = both-addresses: 3/2
add action = return chain = lb-proxy comment = "end of loadbalancing"
For the example above, the client and webproxy loadbalancing using PCC traffic separation parameters the same, ie both-address, so that the router will remember by src and dst-address-address of a connection. Because we are different ISP traffic (512kbps and 256kbps), we divide the traffic load into 3 parts. 2 The first part will pass through the gateway ISP1, and one last section will pass through the gateway ISP2. If each traffic from a client and the proxy has been marked, the next step we just made a mangle mark-route that will be used in the routing process later
“/ ip firewall mangle
add action = jump chain = prerouting comment = "marking the route client" connection-mark =! no-mark in-interface = wlan2 jump-target = route-client
add action = mark-routing chain = route-client connection-mark = to-isp1 new-routing-mark = route-to-isp1 passthrough = no
add action = mark-routing chain = route-client connection-mark = to-isp2 new-routing-mark = route-to-isp2 passthrough = no
add action = mark-routing chain = route-client connection-mark = con-from-isp1 new-routing-mark = route-to-isp1 passthrough = no
add action = mark-routing chain = route-client connection-mark = con-from-isp2 new-routing-mark = route-to-isp2 passthrough = no
add action = return route-client chain = disabled = no
/ ip firewall mangle
add action = mark-routing chain = output comment = "marking the route proxy" connection-mark = con-from-isp1 new-routing-mark = route-to-isp1 out-interface =! wlan2 passthrough = no
add action = mark-routing chain = output connection-mark = con-from-isp2 new-routing-mark = route-to-isp2 out-interface =! wlan2 passthrough = no”
Routing settings
Mangle settings above will not be useful if you do not make routing based on mark-route we've created. Here we will also make a backup routing, so that when a gateway is lost, then all connections will pass through each gateway connected
“/ ip route
add check-gateway = ping dst-address = 0.0.0.0 / 0 gateway = 192.168.101.1 routing-mark = route-to-isp1 distance = 1
add check-gateway = ping dst-address = 0.0.0.0 / 0 gateway = 192.168.102.1 routing-mark = route-to-isp1 distance = 2
add check-gateway = ping dst-address = 0.0.0.0 / 0 gateway = 192.168.102.1 routing-mark = route-to-isp2 distance = 1
add check-gateway = ping dst-address = 0.0.0.0 / 0 gateway = 192.168.101.1 routing-mark = route-to-isp2 distance = 2”
Testing
From our test results, obtained as follows
From our test results, obtained as follows
From
the pictures
look, that just by doing one file download
(1 connection), we
only get a speed
of 56kbps (448kbps) because at the time it passes
through the gateway ISP1, whereas if we download
the file (open a new
connection) again on another web,
will get 30kBps
(240kbps). From this
test looks can be concluded that
≠ + 256kbps 512kbps 768kbps
Note:
* Loadbalancing use this PCC technique will be effective and balanced approach if a growing number of connections (from the client) that occurred.
* Use an ISP that has a bandwidth FIX not Share to obtain a more optimal result.
* Load Balance using the PCC is not always and entirely a solution that should work well in all types of network, because the process of balancing of traffic is based on the logic of probability.
≠ + 256kbps 512kbps 768kbps
Note:
* Loadbalancing use this PCC technique will be effective and balanced approach if a growing number of connections (from the client) that occurred.
* Use an ISP that has a bandwidth FIX not Share to obtain a more optimal result.
* Load Balance using the PCC is not always and entirely a solution that should work well in all types of network, because the process of balancing of traffic is based on the logic of probability.
No comments:
Post a Comment