Load Balancing dan Fail Over (1 CBN dan 2 SPEEDY)
Sudah cukup banyak load balancing dan fail over di bahas di FMI (Forum Mikrotik Indonesia) seperti pada beberapa tautan yang saya simpan di bawah ini:
- 2 Isp In 1 Router With Loadbalancing
- 3 Speedy Office Load balancing
- Load Balance + Fail Over dengan script
- Load Balance Mikrotik ROS 3 + fail Over 3 Koneksi
- Load Balancing nth buat Mikrotik Ver 3.xx dan 2.9xx
- Load Balancing PCC
- Manual PCC Mikrotik
Koneksi ke internet yang digunakan adalah 1 link dedicated ke cbn via fiber optic atau FO dan 2 link ke speedy via modem adsl. Pemodelan koneksi adalah sbb:
- Koneksi ke cbn dianggap stabil.
- Koneksi ke cbn hanya digunakan oleh server mail saja.
- Koneksi ke cbn adalah default gateway mikrotik.
- Koneksi ke internet seperti browsing dll dilewatkan ke speedy.
- Koneksi ke speedy dianggap tidak stabil dan perlu dibuat fail over sehingga jika salah satu speedy putus maka koneksi akan melalui 1 speedy.
- Koneksi internet user ke tcp port 80 (browsing) akan dilewatkan server proxy. Koneksi dari proxy keluar akan melalui load balancing nth.
- Koneksi internet user selain browsing di atas akan melalui load balancing pcc.
- Mikrotik bisa diakses dari luar baik melalui link CBN maupun speedy.
Network Topologi
/interface ethernet
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" \
disabled=no full-duplex=yes l2mtu=1598 mac-address=\
XX:XX:XX:XX:XX:B0 master-port=none mtu=1500 name=CBN speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" \
disabled=no full-duplex=yes l2mtu=1598 mac-address=\
XX:XX:XX:XX:XX:AF master-port=none mtu=1500 name=LAN speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" \
disabled=no full-duplex=yes l2mtu=1598 mac-address=\
XX:XX:XX:XX:XX:B1 master-port=none mtu=1500 name=ETH-SPEEDY1 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" \
disabled=no full-duplex=yes l2mtu=1598 mac-address=\
XX:XX:XX:XX:XX:B2 master-port=none mtu=1500 name=ETH-SPEEDY2 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" \
disabled=no full-duplex=yes l2mtu=1598 mac-address=\
XX:XX:XX:XX:XX:B5 master-port=none mtu=1500 name=SERVER speed=100Mbps
/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment="" \
dial-on-demand=no disabled=no interface=SPEEDY1 max-mru=1480 \
max-mtu=1480 mrru=disabled name=SPEEDY1 password=xxxxxx profile=\
default service-name="" use-peer-dns=no user=12260420xxxx@telkom.net
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment="" \
dial-on-demand=no disabled=no interface=SPEEDY2 max-mru=1480 \
max-mtu=1480 mrru=disabled name=SPEEDY2 password=xxxxxx profile=\
default service-name="" use-peer-dns=no user=12260420xxxx@telkom.net
Perhatikan bahwa default route tidak diset di kedua koneksi speedy.
/ip address
add address=202.158.1.2/30 broadcast=202.158.1.3 comment="" disabled=no \
interface=CBN network=202.158.1.0
add address=192.168.0.254/24 broadcast=192.168.0.255 comment="" disabled=\
no interface=LAN network=192.168.0.0
add address=192.168.1.253/24 broadcast=192.168.1.255 comment="" disabled=no \
interface=ETH-SPEEDY1 network=192.168.1.0
add address=192.168.2.253/24 broadcast=192.168.2.255 comment="" disabled=no \
interface=ETH-SPEEDY2 network=192.168.2.0
add address=192.168.100.254/24 broadcast=192.168.100.255 comment="" disabled=no \
interface=SERVER network=192.168.100.0
/ip route
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
202.158.1.1 routing-mark=CBN scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=SPEEDY1 \
routing-mark=speedy1 scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=SPEEDY2 \
routing-mark=speedy2 scope=30 target-scope=10
add comment="CBN as default gateway" disabled=no distance=1 \
dst-address=0.0.0.0/0 gateway=202.158.1.1 scope=30 target-scope=10
add comment="network speedy" disabled=no distance=1 dst-address=202.134.0.0/16 gateway=\
SPEEDY1,SPEEDY2 scope=30 target-scope=10
/ip firewall address-list
# # Local network # add address=192.168.1.0/24 comment=speedy1 disabled=no list=local add address=192.168.2.0/24 comment=speedy2 disabled=no list=local add address=192.168.100.0/24 comment=server disabled=no list=local add address=192.168.0.0/24 comment=lan disabled=no list=local # # Users (Clients) # add address=192.168.0.0/24 comment="" disabled=no list=lan # # Server # add address=192.168.100.0/24 comment="" disabled=no list=server add address=192.168.100.200 comment="" disabled=no list=server-mail add address=192.168.100.201 comment="" disabled=no list=server-proxy
/ip firewall nat
#
# DNS TRANSPARENT
#
add action=dst-nat chain=dstnat comment="DNS transparent" disabled=no \
dst-port=53 protocol=tcp src-address-list=lan to-addresses=\
192.168.100.200 to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 protocol=\
udp src-address-list=lan to-addresses=192.168.100.200 to-ports=53
#
# DSTNAT to Server Mail
#
add action=dst-nat chain=dstnat comment="SMTP" disabled=no \
dst-address=202.158.1.2 dst-port=25 protocol=tcp to-addresses=\
192.168.100.200 to-ports=25
add action=dst-nat chain=dstnat comment=WEB disabled=no dst-address=\
202.158.1.2 dst-port=80 protocol=tcp to-addresses=192.168.100.200 \
to-ports=808
add action=dst-nat chain=dstnat comment=POP3 disabled=no dst-address=\
202.158.1.2 dst-port=110 protocol=tcp to-addresses=192.168.100.200 \
to-ports=110
add action=dst-nat chain=dstnat comment=IMAP disabled=no dst-address=\
202.158.1.2 dst-port=143 protocol=tcp to-addresses=192.168.100.200 \
to-ports=143
add action=dst-nat chain=dstnat comment=HTTPS disabled=no dst-address=\
202.158.1.2 dst-port=443 protocol=tcp to-addresses=192.168.100.200 \
to-ports=443
#
# PROXY TRANSPARENT
#
add action=dst-nat chain=dstnat comment="PROXY TRANSPARENT for clients" \
disabled=no dst-address-list=!local dst-port=80 in-interface=LAN \
protocol=tcp src-address-list=lan to-addresses=192.168.100.201 \
to-ports=8080
#
# MASQUERADE To Internet
#
add action=masquerade chain=srcnat comment="" disabled=no out-interface=CBN
add action=masquerade chain=srcnat comment="" disabled=no out-interface=SPEEDY1
add action=masquerade chain=srcnat comment="" disabled=no out-interface=SPEEDY2
#
# MASQUERADE To Modem ADSL
#
add action=masquerade chain=srcnat comment="" disabled=no out-interface=ETH-SPEEDY1
add action=masquerade chain=srcnat comment="" disabled=no out-interface=ETH-SPEEDY2
/ip firewall mangle
#
# MARK PACKET DOWN Proxy Cache Hits Mark
#
add action=mark-packet chain=forward comment="Proxy Cache Hits Mark" \
disabled=no dscp=12 new-packet-mark=proxy-hit passthrough=no protocol=tcp \
src-port=8080
#
# MARK PACKET DOWN from server proxy as internet connection
#
add action=mark-packet chain=forward comment=\
"MARK PACKET clients-down from proxy" disabled=no dst-address-list=\
lan new-packet-mark=clients-down passthrough=no protocol=tcp \
src-address-list=server-proxy src-port=8080
#
# MARK PACKET UP local connection
#
add action=mark-packet chain=prerouting comment=\
"MARK PACKETS server to local as server-up" disabled=no \
dst-address-list=local new-packet-mark=server-up passthrough=no \
src-address-list=server
#
# MARK ROUTING cbn from server mail
#
add action=mark-routing chain=prerouting comment=\
"MARK routing for server mail via cbn" disabled=no \
new-routing-mark=CBN passthrough=no src-address-list=server-mail
#
# MARK PACKET UP DIRECT to server proxy as internet connection
#
add action=mark-packet chain=prerouting comment=\
"MARK PACKET DIRECT to proxy clients-up" disabled=no dst-address-list=\
server-proxy dst-port=8080 new-packet-mark=clients-up passthrough=no \
protocol=tcp src-address-list=lan
#
# MARK PACKET UP local connection
#
add action=mark-packet chain=prerouting comment="MARK PACKET LOCAL local-up" \
disabled=no dst-address-list=local in-interface=LAN new-packet-mark=clients-local-up \
passthrough=no src-address-list=lan
#
# MARK PACKET UP REDIRECT to server proxy as internet connection
#
add action=mark-packet chain=prerouting comment=\
"MARK PACKET tcp port 80 REDIRECT to proxy clients-up" disabled=no \
dst-address-list=!local dst-port=80 new-packet-mark=clients-up \
passthrough=no protocol=tcp src-address-list=lan
#
# MARK CONNECTION from internet via cbn/speedy to mikrotik
#
add action=mark-connection chain=input comment=\
"ACCEPT connection from cbn" connection-state=new disabled=no \
in-interface=CBN new-connection-mark=cbn_rt_con passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=cbn_rt_con \
disabled=no new-routing-mark=CBN passthrough=no
add action=mark-connection chain=input comment=\
"ACCEPT connection from speedy1" connection-state=new disabled=\
no in-interface=SPEEDY1 new-connection-mark=speedy1_rt_con passthrough=\
yes
add action=mark-routing chain=output comment="" connection-mark=\
speedy1_rt_con disabled=no new-routing-mark=speedy1 passthrough=no
add action=mark-connection chain=input comment=\
"ACCEPT connection from speedy2" connection-state=new disabled=\
no in-interface=SPEEDY2 new-connection-mark=speedy2_rt_con passthrough=\
yes
add action=mark-routing chain=output comment="" connection-mark=\
speedy2_rt_con disabled=no new-routing-mark=speedy2 passthrough=no
#
# MARK PACKET DOWN local connection
#
add action=mark-packet chain=forward comment=\
"MARK PACKET LOCAL clients-local-down" disabled=no dst-address-list=\
lan new-packet-mark=clients-local-down passthrough=no \
src-address-list=local
#
# MARK PACKET DOWN internet connection
#
add action=mark-packet chain=forward comment=\
"MARK PACKET clients-down" disabled=no dst-address-list=\
lan new-packet-mark=clients-down passthrough=no
#
# MARK PACKET UP internet connection (classified by connection marking)
#
add action=mark-packet chain=forward comment="MARK PACKET clients-up" \
connection-mark=speedy1_con disabled=no new-packet-mark=clients-up \
passthrough=no src-address-list=lan
add action=mark-packet chain=forward comment="MARK PACKET clients-up" \
connection-mark=speedy2_con disabled=no new-packet-mark=clients-up \
passthrough=no src-address-list=lan
#
# LOAD BALANCING NTH server proxy
#
add action=mark-connection chain=prerouting comment=LB_PCC_NTH_Proxy \
connection-state=new disabled=no dst-address-list=!local \
new-connection-mark=speedy1_pr_con nth=2,1 passthrough=yes \
src-address-list=server-proxy
add action=mark-routing chain=prerouting comment=LB_PCC_NTH_Proxy \
connection-mark=speedy1_pr_con disabled=no dst-address-list=!local \
new-routing-mark=speedy1 passthrough=no src-address-list=server-proxy
add action=mark-connection chain=prerouting comment=LB_PCC_NTH_Proxy \
connection-state=new disabled=no dst-address-list=!local \
new-connection-mark=speedy2_pr_con nth=1,1 passthrough=yes \
src-address-list=server-proxy
add action=mark-routing chain=prerouting comment=LB_PCC_NTH_Proxy \
connection-mark=speedy2_pr_con disabled=no dst-address-list=!local \
new-routing-mark=speedy2 passthrough=no src-address-list=server-proxy
#
# LOAD BALANCING PCC clients
#
add action=mark-connection chain=prerouting comment=LB_PCC_NTH_Clients \
connection-state=new disabled=no dst-address-list=!local \
dst-address-type=!local new-connection-mark=speedy1_con passthrough=yes \
per-connection-classifier=both-addresses:2/0 src-address-list=lan
add action=mark-routing chain=prerouting comment=LB_PCC_NTH_Clients \
connection-mark=speedy1_con disabled=no dst-address-list=!local \
new-routing-mark=speedy1 passthrough=no src-address-list=lan
add action=mark-connection chain=prerouting comment=LB_PCC_NTH_Clients \
connection-state=new disabled=no dst-address-list=!local \
dst-address-type=!local new-connection-mark=speedy2_con passthrough=yes \
per-connection-classifier=both-addresses:1/0 src-address-list=lan
add action=mark-routing chain=prerouting comment=LB_PCC_NTH_Clients \
connection-mark=speedy2_con disabled=no dst-address-list=!local \
new-routing-mark=speedy2 passthrough=no src-address-list=lan
/queue type
set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \
sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
add kind=pcq name=pcq-download pcq-classifier=dst-address pcq-limit=20 \
pcq-rate=0 pcq-total-limit=1000
add kind=pcq name=pcq-upload pcq-classifier=src-address pcq-limit=20 \
pcq-rate=0 pcq-total-limit=1000
set default-small kind=pfifo name=default-small pfifo-limit=10
Untuk bandwidth management hanya trafik upstream dan downstream dari dan ke internet melalui koneksi dua speedy yang diatur. Nama packetnya adalah clients-up untuk trafik upstream dan clients-down untuk downstream. Ada pun pengaturan bandwidthnya sbb:
Bandwidth Downstream
Root - Ceiling : 3500kbps - Rate : 0kbps Client - Ceiling : 3500kbps - Rate : 0kbps
Bandwidth Upstream
Root - Ceiling : 512kbps - Rate : 0kbps Client - Ceiling : 512kbps - Rate : 0kbps
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=512k name=UPSTREAM parent=global-out priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=512k name=clients-up packet-mark=clients-up parent=\
UPSTREAM priority=1 queue=pcq-upload
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=3500k name=DOWNSTREAM parent=global-out priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
max-limit=3500k name=clients-down packet-mark=clients-down parent=\
DOWNSTREAM priority=1 queue=pcq-download
/system clock
set time-zone-name=Asia/Jakarta
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
"jan/01/1970 00:00:00" time-zone=+00:00
/tool graphing interface
add allow-address=0.0.0.0/0 disabled=no interface=CBN store-on-disk=yes add allow-address=0.0.0.0/0 disabled=no interface=SPEEDY1 store-on-disk=yes add allow-address=0.0.0.0/0 disabled=no interface=SPEEDY2 store-on-disk=yes add allow-address=0.0.0.0/0 disabled=no interface=LAN store-on-disk=yes add allow-address=0.0.0.0/0 disabled=no interface=SERVER store-on-disk=yes
/tool graphing resource
add allow-address=0.0.0.0/0 disabled=no store-on-disk=yes
Berikut ini script-script untuk load balancing dan fail over speedy. Penjelasan fungsi-fungsi script ada di bagian bawah:
1. param
# # param # # # Jumlah wan # :global wans 2; # # Interface speedy # 1. SPEEDY1 # 2. SPEEDY2 # :global iface "ETH-SPEEDY1, ETH-SPEEDY2"; # # Nama koneksi # :global wan "SPEEDY1, SPEEDY2"; # # Scoring # # No speedy1 speedy2 # 0 off off # 2 on off # 4 off on # 6 on on :global scrs "2,4"; :global SCORE 0;
Penjelasan:
- Variable global iface untuk menyimpan nama interface ethernet mikrotik yang terhubung ke modem ADSL speedy.
- Variable global wan untuk menyimpan nama interface pppoe client (mikrotik) ke koneksi internet speedy.
- Variable SCORE untuk menyimpan status koneksi yang berlangsung.
- SCORE 0 berarti semua speedy tidak online.
- SCORE 2 berarti hanya speedy1 yang online.
- SCORE 4 berarti hanya speedy2 yang online.
- SCORE 6 berarti hanya kedua speedy online bersamaan.
2. lb-detection
#
# lb-detection
#
:global SCORE;
:global wans;
:global scrs;
:global iface;
:global wan;
:local scrArr [:toarray $scrs];
:local ifaceArr [:toarray $iface];
:local wanArr [:toarray $wan];
:local score 0;
:local nth 0;
:local ifaceStatus "";
:local wanStatus "";
:for x from=1 to="$wans" \
do={ :local wanIface [:pick $ifaceArr ($x-1)];
:local wanName [:pick $wanArr ($x-1)];
/interface ethernet monitor "$wanIface" once do={ :set ifaceStatus $status };
:if ( $ifaceStatus="link-ok" ) \
do { /interface pppoe-client monitor "$wanName" once do={:set wanStatus $status };
:if ( $wanStatus="connected" ) \
do { :set score ($score+[:pick $scrArr ($x-1)]); :set nth ($nth+1);
} else { :log warning "$wanName is disconnected"; }
} else { :log warning "$wanIface is down"; }
};
#:put $score;
#
:if ($SCORE!=$score) \
do { :local ptr [ /system logging find topics="info"];
/system logging disable $ptr;
:if ($score=6) do { /system script run LB_SPEEDY; }
:if ($score=4) do { /system script run SPEEDY2; }
:if ($score=2) do { /system script run SPEEDY1; }
/system logging enable $ptr;
};
#
:set SCORE $score;
:put $SCORE;
Penjelasan:
- Baris 4-8 membaca variable global yang telah dideklarasikan sewaktu booting dan melalui eksekusi script seperti variable SCORE.
- Baris 9-15 mendeklarasikan variable local.
- Baris 17-27 adalah inti dari load balancing detection.
- Pertama mikrotik mendeteksi apakah link ke interface modem adsl (ETH-SPEEDY1 atau ETH-SPEEDY2) menunjukkan link-ok atau tidak. Jika tidak maka koneksi melalui modem ADSL tersebut dianggap putus seraya menampilkan pesan log interface_name is down dan tidak perlu cek koneksi internet speedy . Jika link ok maka lanjut ke langkah di bawah ini.
- Selanjutnya mikrotik melihat status koneksi internet speedy jika menunjukkan connected maka nilai score bertambah 1. Jika statusnya disconnected mikrotik akan menampilkan isi log “PPPoE_Client_Name is disconnected”.
- Baris 30-37, mikrotik akan menjalankan salah satu script ini, LB_SPEEDY, SPEEDY1 atau SPEEDY2, hanya jika nilai score baru berbeda dengan nilai SCORE lama.
- Baris 39-40 nilai score baru disimpan ke variable global SCORE.
3. LB_SPEEDY
#
# LB_SPEEDY
#
# Hapus rule-rule mangle lama berdasarkan isi comment
/ip firewall mangle remove [ find comment="LB_PCC_NTH_Proxy"];
/ip firewall mangle remove [ find comment="LB_PCC_NTH_Clients"];
#
# Tambahkan rule-rule mangle baru
/ip firewall mangle
#
# LB_PCC_NTH_Proxy
#
#add action=mark-connection chain=prerouting comment=LB_PCC_NTH_Proxy \
# connection-state=new disabled=no dst-address-list=!local \
# dst-address-type=!local new-connection-mark=speedy1_pr_con passthrough=\
# yes per-connection-classifier=both-addresses:2/0 src-address-list=\
# server-proxy
add action=mark-connection chain=prerouting comment=LB_PCC_NTH_Proxy \
connection-state=new disabled=no dst-address-list=!local \
new-connection-mark=speedy1_pr_con nth=2,1 passthrough=\
yes src-address-list=server-proxy
add action=mark-routing chain=prerouting comment="LB_PCC_NTH_Proxy" connection-mark=\
speedy1_pr_con disabled=no dst-address-list=!local new-routing-mark=\
speedy1 passthrough=no src-address-list=server-proxy
#add action=mark-connection chain=prerouting comment=LB_PCC_NTH_Proxy \
# connection-state=new disabled=no dst-address-list=!local \
# dst-address-type=!local new-connection-mark=speedy2_pr_con passthrough=\
# yes per-connection-classifier=both-addresses:1/0 src-address-list=\
# server-proxy
add action=mark-connection chain=prerouting comment=LB_PCC_NTH_Proxy \
connection-state=new disabled=no dst-address-list=!local \
new-connection-mark=speedy2_pr_con nth=1,1 passthrough=\
yes src-address-list=server-proxy
add action=mark-routing chain=prerouting comment="LB_PCC_NTH_Proxy" connection-mark=\
speedy2_pr_con disabled=no dst-address-list=!local new-routing-mark=\
speedy2 passthrough=no src-address-list=server-proxy
#
# LB_PCC_NTH_Clients
#
add action=mark-connection chain=prerouting comment=LB_PCC_NTH_Clients \
connection-state=new disabled=no dst-address-list=!local \
dst-address-type=!local new-connection-mark=speedy1_con passthrough=yes \
per-connection-classifier=both-addresses:2/0 src-address-list=lan
add action=mark-routing chain=prerouting comment="LB_PCC_NTH_Clients" connection-mark=\
speedy1_con disabled=no dst-address-list=!local new-routing-mark=speedy1 \
passthrough=no src-address-list=lan
add action=mark-connection chain=prerouting comment=LB_PCC_NTH_Clients \
connection-state=new disabled=no dst-address-list=!local \
dst-address-type=!local new-connection-mark=speedy2_con passthrough=yes \
per-connection-classifier=both-addresses:1/0 src-address-list=lan
add action=mark-routing chain=prerouting comment="LB_PCC_NTH_Clients" connection-mark=\
speedy2_con disabled=no dst-address-list=!local new-routing-mark=speedy2 \
passthrough=no src-address-list=lan
#
/queue tree {
set DOWNSTREAM max-limit=3500k
set UPSTREAM max-limit=512k
}
4. SPEEDY1
#
# SPEEDY1
#
# Hapus rule-rule mangle lama berdasarkan isi comment
/ip firewall mangle remove [ find comment="LB_PCC_NTH_Proxy"];
/ip firewall mangle remove [ find comment="LB_PCC_NTH_Clients"];
#
# Tambahkan rule-rule mangle baru
/ip firewall mangle
#
# LB_PCC_NTH_Proxy
#
add action=mark-connection chain=prerouting comment=LB_PCC_NTH_Proxy \
connection-state=new disabled=no dst-address-list=!local \
new-connection-mark=speedy1_pr_con passthrough=\
yes src-address-list=server-proxy
add action=mark-routing chain=prerouting comment="LB_PCC_NTH_Proxy" connection-mark=\
speedy1_pr_con disabled=no dst-address-list=!local new-routing-mark=\
speedy1 passthrough=no src-address-list=server-proxy
#
# LB_PCC_NTH_Clients
#
add action=mark-connection chain=prerouting comment=LB_PCC_NTH_Clients \
connection-state=new disabled=no dst-address-list=!local \
new-connection-mark=speedy1_con passthrough=yes \
src-address-list=lan
add action=mark-routing chain=prerouting comment="LB_PCC_NTH_Clients" connection-mark=\
speedy1_con disabled=no dst-address-list=!local new-routing-mark=speedy1 \
passthrough=no src-address-list=
#
/queue tree {
set DOWNSTREAM max-limit=1750k
set UPSTREAM max-limit=256k
}
5. SPEEDY2
#
# SPEEDY2
#
#
/ip firewall mangle remove [ find comment="LB_PCC_NTH_Proxy"];
/ip firewall mangle remove [ find comment="LB_PCC_NTH_Clients"];
/ip firewall mangle
#
# LB_PCC_NTH_Proxy
#
add action=mark-connection chain=prerouting comment=LB_PCC_NTH_Proxy \
connection-state=new disabled=no dst-address-list=!local \
new-connection-mark=speedy2_pr_con passthrough=\
yes src-address-list=server-proxy
add action=mark-routing chain=prerouting comment="LB_PCC_NTH_Proxy" connection-mark=\
speedy2_pr_con disabled=no dst-address-list=!local new-routing-mark=\
speedy2 passthrough=no src-address-list=server-proxy
#
# LB_PCC_NTH_Clients
#
add action=mark-connection chain=prerouting comment=LB_PCC_NTH_Clients \
connection-state=new disabled=no dst-address-list=!local \
new-connection-mark=speedy2_con passthrough=yes \
src-address-list=lan
add action=mark-routing chain=prerouting comment="LB_PCC_NTH_Clients" connection-mark=\
speedy2_con disabled=no dst-address-list=!local new-routing-mark=speedy2 \
passthrough=no src-address-list=lan
#
/queue tree {
set DOWNSTREAM max-limit=1750k
set UPSTREAM max-limit=256k
}
Penjelasan:
- Saat mikrotik booting maka script param akan dieksekusi. Script ini menyimpan beberapa variable global dan penilaian atau scoring jumlah koneksi speedy yang online (tersambung ke internet). Nilai atau score 0 berarti semua speedy tidak online, 2 berarti speedy1 yang online, 4 hanya speedy2 yang online dan 6 jika semua speedy online. Mengapa perlu scoring? Tujuannya adalah agar seusai script lb-detection dijalankan setiap 30 detik maka hanya jika ada perubahan koneksi, salah satu dari script di bawah ini yang akan dijalankan:
- LB_SPEEDY jika 2 speedy online bersamaan.
- SPEEDY1 jika hanya speedy1 yang online.
- SPEEDY2 jika hanya speedy2 yang online.
Misal pertama kali semua speedy online, 30 detik kemudian script lb-detection dieksekusi, mikrotik melihat bahwa tidak ada perubahan koneksi alias SCORE baru tidak berbeda dengan SCORE lama, script LB_SPEEDY tidak akan dijalankan. Sekian menit atau jam kemudian salah satu koneksi speedy ada yang putus maka mikrotik akan meng-eksekusi salah satu script, SPEEDY1 atau SPEEDY2, karena melihat SCORE baru berbeda dengan SCORE lama.
- Script LB_SPEEDY akan menjalankan load balancing nth dan pcc dengan dua koneksi speedy.
- Script SPEEDY1 akan menjalankan koneksi ke internet dengan jalur speedy1.
- Script SPEEDY2 akan menjalankan koneksi ke internet dengan jalur speedy2.
Dan ini schedule untuk menjalankan script di atas:
/system scheduler
#
# Script param akan dijalankan setiap mikrotik reboot
#
add comment="" disabled=no interval=0s name=startup-param on-event=param \
policy=reboot,write,test start-time=startup
#
# Script lb-detectio (load balancing detection) dijalankan setiap 30 detik
#
add comment="" disabled=no interval=30s name=speedy-detection on-event=\
lb-detection policy=reboot,read,write,test start-date=jan/01/1970 \
start-time=00:00:10
Tool netwatch untuk monitoring koneksi dari mikrotik ke interface speedy:
/tool netwatch
add comment="interface speedy2" disabled=no down-script="" host=\
192.168.2.254 interval=30s timeout=1s up-script=""
add comment="interface speedy1" disabled=no down-script="" host=\
192.168.1.254 interval=30s timeout=1s up-script=""
Bahan bacaan, terutama untuk memahami script programming mikrotik:
Last update: 2011-05-01 15:52 +07:00
Advertisement
mancapppp lengkap poll
keren
cool
lupamikir
May 1, 2011 at 1:52 am
nh buat 2 ISP y bos …?
REZPECT
May 1, 2011 at 9:48 am
Ya. Sebenarnya pakai 1 ISP seperti speedy tapi dengan dua koneksi atau lebih bisa juga dipakai. Nanti default gateway mikrotik pakai 2 koneksi.
Arief Yudhawarman
May 1, 2011 at 12:31 pm
ujung2nya kok tool netwatch ya???
ujung
May 1, 2011 at 7:19 pm
Hanya sekedar tambahan yg tidak perlu. Awalnya saya buat script lb-balancing dengan membaca status di tool netwatch tetapi krn tidak berhasil akhirnya menemukan cara lain yg lebih simple.
Arief Yudhawarman
May 2, 2011 at 1:20 am
Dear Bg Arifff
Thank’s sudah ingin berbagi.
konfigurasi ini bisa dipakai untuk warnet ya ?
kalo hanya pakai 2 speedy apa banyak perubahan konfigurasi seperti punya abang ini??
salam
Syamsul Rizal
May 2, 2011 at 1:01 am
Bisa dipakai. Tinggal memperbagus bandwidth management atau menambah rule di mangle. Rule yg lain sih tetap.
Arief Yudhawarman
May 2, 2011 at 1:18 am
[...] Load Balancing dan Fail Over (1 CBN dan 2 SPEEDY) [...]
Load Balancing 5 WAN dengan Failover « Arief Yudhawarman
August 7, 2011 at 1:27 pm
kalau untuk 2 line speedy yang secara ppoe gimn ?
aku sudah nyuba berbagai tutorial dan berbagai versi tapi blm berhasil
hiks
aderaimu
November 25, 2011 at 9:25 pm
Justru ini lebih gampang. Tutorialnya ada disini juga. Lihat koneksi dengan 5 wan/speedy. Itu semua pakai pppoe.
awarmanf
February 20, 2012 at 8:12 am
wah, tingkat tinggi ni bahasanya
butik batik online
January 29, 2012 at 4:22 pm
tutorial yang bagus, rencana mo sy terapkan di kantor.. tapi sebelumnya saya mo nanya,, nama interface ethernet untuk speedy yaitu ETH-SPEEDY1 & ETH-SPEEDY2 sedangkan nama interface pada pppoe-client yaitu SPEEDY1 & SPEEDY2, ko bisa ya? cmiiw..
cakeutreukhideung
February 14, 2012 at 3:10 pm
ETH-SPEEDY1 itu nama interface di mikrotik yang konek ke modem adsl speedy 1.
ETH-SPEEDY2 itu nama interface di mikrotik yang konek ke modem adsl speedy 2.
Sedangkan SPEEDY1 itu nama koneksi bridge di mikrotik untuk konek ke speedy via modem adsl speedy1. Begitu pula SPEEDY2.
awarmanf
February 20, 2012 at 8:07 am
/interface pppoe-client
add ac-name=”" add-default-route=no allow=pap,chap,mschap1,mschap2 comment=”" \
dial-on-demand=no disabled=no interface=SPEEDY1 max-mru=1480 \
max-mtu=1480 mrru=disabled name=SPEEDY1 password=xxxxxx profile=\
default service-name=”" use-peer-dns=no user=12260420xxxx@telkom.net
add ac-name=”" add-default-route=no allow=pap,chap,mschap1,mschap2 comment=”" \
dial-on-demand=no disabled=no interface=SPEEDY2 max-mru=1480 \
max-mtu=1480 mrru=disabled name=SPEEDY2 password=xxxxxx profile=\
default service-name=”" use-peer-dns=no user=12260420xxxx@telkom.net
Maksud @cakeutreukhideung mungkin yg ini pak…. itu kan interface=SPEEDY1 sedangkan di /iface ethernet yang ada cuma ETH-SPEEDY1, saya juga berasumsi seharusnya interfacenya=ETH-SPEEDY1…. Mohon penjelasannya pak kalo salah… Terima Kasih sebelumnya… (Y)
Reds_Ryan
February 21, 2012 at 3:17 pm
Interface SPEEDY1 dan SPEEDY2 itu nama interface pppoe-client.
Sewaktu setup koneksi pppoe dengan speedy kita bisa beri nama bebas.
Namun jangan set namanya sama dengan nama interface di mikrotik yang konek ke modem adsl speedy.
Hal ini untuk memudahkan dalam pembuatan filter, nat dan mangle.
Kalau di OS linux, nama interface pppoe itu biasanya diawali dengan ppp, seperti ppp0, ppp1 dst.
Sedangkan nama interface ethernet yang konek ke modem adsl speedy itu berawalan eth, seperti eth0, eth1, dst.
awarmanf
February 24, 2012 at 7:24 am