Load Balancing Dengan NTH Mikrotik

Ini contoh versi penyempurnaan dari load balancing. Ini menambahkan user sessions yang tetap, contoh : group customer 1 anda dengan ip tertentu menggunakan gateway pertama dan group customer 2 anda dengan ip tertentu menggunakan gateway kedua. Kasus ini memudahkan anda jika anda mempunyai 2 ISP dan ingin menggunakan kedua bandwidth ISP itu secara bersamaan. 

Quick Start

Konfigurasi dari gateway router :

'''/ ip address''' add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=ether2 add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=ether1 '''/ ip firewall mangle''' add chain=prerouting src-address-list=odd in-interface=Local action=mark-connection new-connection-mark=odd passthrough=yes add chain=prerouting src-address-list=odd in-interface=Local action=mark-routing new-routing-mark=odd passthrough=no add chain=prerouting src-address-list=even in-interface=Local action=mark-connection new-connection-mark=even passthrough=yes add chain=prerouting src-address-list=even in-interface=Local action=mark-routing new-routing-mark=even passthrough=no add chain=prerouting in-interface=Local connection-state=new nth=1,1,0 action=mark-connection new-connection-mark=odd passthrough=yes add chain=prerouting in-interface=Local action=add-src-to-address-list address-list=odd address-list-timeout=1d connection-mark=odd passthrough=yes add chain=prerouting in-interface=Local connection-mark=odd action=mark-routing new-routing-mark=odd passthrough=no add chain=prerouting in-interface=Local connection-state=new nth=1,1,1 action=mark-connection new-connection-mark=even passthrough=yes add chain=prerouting in-interface=Local action=add-src-to-address-list address-list=even address-list-timeout=1d connection-mark=even passthrough=yes add chain=prerouting in-interface=Local connection-mark=even action=mark-routing new-routing-mark=even passthrough=no '''/ ip firewall nat''' add chain=srcnat connection-mark=odd action=src-nat to-addresses=10.111.0.2 to-ports=0-65535 add chain=srcnat connection-mark=even action=src-nat to-addresses=10.112.0.2 to-ports=0-65535 '''/ ip route''' add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=even add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

'''/ ip address''' add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=ether2 add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=ether1   '''/ ip firewall mangle''' add chain=prerouting src-address-list=odd in-interface=Local action=mark-connection new-connection-mark=odd passthrough=yes add chain=prerouting src-address-list=odd in-interface=Local action=mark-routing new-routing-mark=odd passthrough=no add chain=prerouting src-address-list=even in-interface=Local action=mark-connection new-connection-mark=even passthrough=yes add chain=prerouting src-address-list=even in-interface=Local action=mark-routing new-routing-mark=even passthrough=no add chain=prerouting in-interface=Local connection-state=new nth=1,1,0 action=mark-connection new-connection-mark=odd passthrough=yes add chain=prerouting in-interface=Local action=add-src-to-address-list address-list=odd address-list-timeout=1d connection-mark=odd passthrough=yes add chain=prerouting in-interface=Local connection-mark=odd action=mark-routing new-routing-mark=odd passthrough=no add chain=prerouting in-interface=Local connection-state=new nth=1,1,1 action=mark-connection new-connection-mark=even passthrough=yes add chain=prerouting in-interface=Local action=add-src-to-address-list address-list=even address-list-timeout=1d connection-mark=even passthrough=yes add chain=prerouting in-interface=Local connection-mark=even action=mark-routing new-routing-mark=even passthrough=no   '''/ ip firewall nat''' add chain=srcnat connection-mark=odd action=src-nat to-addresses=10.111.0.2 to-ports=0-65535 add chain=srcnat connection-mark=even action=src-nat to-addresses=10.112.0.2 to-ports=0-65535   '''/ ip route''' add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=even add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10

Explanation

Pertama saya coba pisahkan code diatas dan menjelaskan satu per satu.
IP Addresses

/ ip address add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=ether2 add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=ether1

1 2 3 4

/ ip address add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=ether2 add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=ether1

Router mempunyai 2 interface upstream (WAN/ISP) dengan IP 10.111.0.2/24 dan 10.112.0.2/24. Interface LAN dinamai “Local” dan dengan IP 192.168.0.1/24.

Mangle

/ ip firewall mangle add chain=prerouting src-address-list=odd in-interface=Local action=mark-connection new-connection-mark=odd passthrough=yes add chain=prerouting src-address-list=odd in-interface=Local action=mark-routing new-routing-mark=odd

1 2 3

/ ip firewall mangle add chain=prerouting src-address-list=odd in-interface=Local action=mark-connection new-connection-mark=odd passthrough=yes add chain=prerouting src-address-list=odd in-interface=Local action=mark-routing new-routing-mark=odd

Menandai koneksi (mark connection) dari IP customer group1 yang dimasukan dalam address list “odd” dan membuat routing mark “odd”.

/ ip firewall mangle add chain=prerouting src-address-list=even in-interface=Local action=mark-connection new-connection-mark=even passthrough=yes add chain=prerouting src-address-list=even in-interface=Local action=mark-routing new-routing-mark=even

1 2 3

/ ip firewall mangle add chain=prerouting src-address-list=even in-interface=Local action=mark-connection new-connection-mark=even passthrough=yes add chain=prerouting src-address-list=even in-interface=Local action=mark-routing new-routing-mark=even

Sama seperti diatas, hanya untuk customer group2 yang ip nya terdaftar dalam address-list “even” yang ditandai. Mark connection dengan nama “even” dan Routing Mark dengan nama “even”

/ ip firewall mangle add chain=prerouting in-interface=Local connection-state=new nth=1,1,0 action=mark-connection new-connection-mark=odd passthrough=yes add chain=prerouting in-interface=Local action=add-src-to-address-list address-list=odd address-list-timeout=1d connection-mark=odd passthrough=yes add chain=prerouting in-interface=Local connection-mark=odd action=mark-routing new-routing-mark=odd passthrough=no

1 2 3 4

/ ip firewall mangle add chain=prerouting in-interface=Local connection-state=new nth=1,1,0 action=mark-connection new-connection-mark=odd passthrough=yes add chain=prerouting in-interface=Local action=add-src-to-address-list address-list=odd address-list-timeout=1d connection-mark=odd passthrough=yes add chain=prerouting in-interface=Local connection-mark=odd action=mark-routing new-routing-mark=odd passthrough=no

Pertama kita ambil setiap detik paket yang dikenal sebagai new session (koneksi baru, connection-state=new), dan menandai dengan connection mark “odd”. Dengan konsuekensi semua paket yang diurutkan dalam session yang sama akan dimasukan dalam connection mark “odd”. Dengan catatan kita melewatkan paket itu dari kedua dan ketiga rules itu (passthrough=yes). Rule kedua menambahkan ip address client ke address list untuk membolehkan semua session yang diurutkan ke gateway yg sama. Rule ketiga menempatkan routing mark “odd” dalam semua paket yang menjadi bagian koneksi “odd” dan memberhentikan semua proses mangle yang lain untuk paket itu dalam chain prerouting

/ ip firewall mangle add chain=prerouting in-interface=Local connection-state=new nth=1,1,1 action=mark-connection new-connection-mark=even passthrough=yes add chain=prerouting in-interface=Local action=add-src-to-address-list address-list=even address-list-timeout=1d connection-mark=even passthrough=yes add chain=prerouting in-interface=Local connection-mark=even action=mark-routing new-routing-mark=even passthrough=no

1 2 3 4

/ ip firewall mangle add chain=prerouting in-interface=Local connection-state=new nth=1,1,1 action=mark-connection new-connection-mark=even passthrough=yes add chain=prerouting in-interface=Local action=add-src-to-address-list address-list=even address-list-timeout=1d connection-mark=even passthrough=yes add chain=prerouting in-interface=Local connection-mark=even action=mark-routing new-routing-mark=even passthrough=no

[ad]Sama seperti yang diatas. Semua koneksi baru ditandai dengan routing dan connection mark “even”
Kode diatas berarti secara efektif untuk setiap koneksi baru yang memulai melewati router dari jaringan lokal akan ditandai di “odd” atau “even” dengan routing mark dan connection mark.
Bagaimanapun ada beberapa kasus jika mungkin anda menemukan IP yg sama terdaftar dalam src-address-list “odd” dan “even”. Masalah ini bisa timbul dengan aplikasi router yang membutuhkan koneksi tetap ke gateway tertentu. Untuk memperbaiki kasus ini tambahkan rules ini ke mangle anda :

add chain=prerouting in-interface=Local connection-state=new nth=1,1,1 src-address-list=!odd action=mark-connection new-connection-mark=even passthrough=yes

1	add chain=prerouting in-interface=Local connection-state=new nth=1,1,1 src-address-list=!odd action=mark-connection new-connection-mark=even passthrough=yes

Ini akan memastikan ip dengan koneksi baru tidak exist dalam src-address-list “odd”. Anda bisa melakukan yang sama untuk mangle “even” yang tidak termasuk yg sudah ada dalam src-address-list “even”


NAT

/ ip firewall nat add chain=srcnat connection-mark=odd action=src-nat to-addresses=10.111.0.2 to-ports=0-65535 add chain=srcnat connection-mark=even action=src-nat to-addresses=10.112.0.2 to-ports=0-65535

1 2 3

/ ip firewall nat add chain=srcnat connection-mark=odd action=src-nat to-addresses=10.111.0.2 to-ports=0-65535 add chain=srcnat connection-mark=even action=src-nat to-addresses=10.112.0.2 to-ports=0-65535

Semua trafik yang ditandai “odd” di NAT ke IP address 10.111.0.2, dan yang ditandai “even” di NAT ke IP Address 10.113.0.2


Routing

/ ip route add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=even

1 2 3

/ ip route add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=odd add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=even

Untuk semua trafik yang ditandai “odd” (jika sudah benar di NAT ke 10.111.0.2) kita gunakan gateway 10.111.0.1. dan sama juga dengan “even” di route melewati gateway 10.112.0.1

/ ip route add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10

1 2	/ ip route add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10

Trafik tanpa routing mark akan ter arah ke gateway 10.112.0.1
Akhirnya, kita punya tambahan untuk membuat koneksi yang lebih spesifik akan kemana mereka arahnya.