Arief Yudhawarman

Masih belajar buat blog

Load Balancing dan Fail Over (1 CBN dan 2 SPEEDY)

with 21 comments

Sudah cukup banyak load balancing dan fail over di bahas di FMI (Forum Mikrotik Indonesia) seperti pada beberapa tautan yang saya simpan di bawah ini:

Koneksi ke internet yang digunakan adalah 1 link dedicated ke cbn via fiber optic atau FO dan 2 link ke speedy via modem adsl. Pemodelan koneksi adalah sbb:

  • Koneksi ke cbn dianggap stabil.
  • Koneksi ke cbn hanya digunakan oleh server mail saja.
  • Koneksi ke cbn adalah default gateway mikrotik.
  • Koneksi ke internet seperti browsing dll dilewatkan ke speedy.
  • Koneksi ke speedy dianggap tidak stabil dan perlu dibuat fail over sehingga jika salah satu speedy putus maka koneksi akan melalui 1 speedy.
  • Koneksi internet user ke tcp port 80 (browsing) akan dilewatkan server proxy. Koneksi dari proxy keluar akan melalui load balancing nth.
  • Koneksi internet user selain browsing di atas akan melalui load balancing pcc.
  • Mikrotik bisa diakses dari luar baik melalui link CBN maupun speedy.


Network Topologi

Network Topologi


/interface ethernet

set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=\
    XX:XX:XX:XX:XX:B0 master-port=none mtu=1500 name=CBN speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=\
    XX:XX:XX:XX:XX:AF master-port=none mtu=1500 name=LAN speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=\
    XX:XX:XX:XX:XX:B1 master-port=none mtu=1500 name=ETH-SPEEDY1 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=\
    XX:XX:XX:XX:XX:B2 master-port=none mtu=1500 name=ETH-SPEEDY2 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment="" \
    disabled=no full-duplex=yes l2mtu=1598 mac-address=\
    XX:XX:XX:XX:XX:B5 master-port=none mtu=1500 name=SERVER speed=100Mbps


/interface pppoe-client

add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment="" \
    dial-on-demand=no disabled=no interface=SPEEDY1 max-mru=1480 \
    max-mtu=1480 mrru=disabled name=SPEEDY1 password=xxxxxx profile=\
    default service-name="" use-peer-dns=no user=12260420xxxx@telkom.net
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment="" \
    dial-on-demand=no disabled=no interface=SPEEDY2 max-mru=1480 \
    max-mtu=1480 mrru=disabled name=SPEEDY2 password=xxxxxx profile=\
    default service-name="" use-peer-dns=no user=12260420xxxx@telkom.net

Perhatikan bahwa default route tidak diset di kedua koneksi speedy.

/ip address

add address=202.158.1.2/30 broadcast=202.158.1.3 comment="" disabled=no \
    interface=CBN network=202.158.1.0
add address=192.168.0.254/24 broadcast=192.168.0.255 comment="" disabled=\
    no interface=LAN network=192.168.0.0
add address=192.168.1.253/24 broadcast=192.168.1.255 comment="" disabled=no \
    interface=ETH-SPEEDY1 network=192.168.1.0
add address=192.168.2.253/24 broadcast=192.168.2.255 comment="" disabled=no \
    interface=ETH-SPEEDY2 network=192.168.2.0
add address=192.168.100.254/24 broadcast=192.168.100.255 comment="" disabled=no \
    interface=SERVER network=192.168.100.0


/ip route

add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    202.158.1.1 routing-mark=CBN scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=SPEEDY1 \
    routing-mark=speedy1 scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=SPEEDY2 \
    routing-mark=speedy2 scope=30 target-scope=10
add comment="CBN as default gateway" disabled=no distance=1 \
    dst-address=0.0.0.0/0 gateway=202.158.1.1 scope=30 target-scope=10
add comment="network speedy" disabled=no distance=1 dst-address=202.134.0.0/16 gateway=\
    SPEEDY1,SPEEDY2 scope=30 target-scope=10


/ip firewall address-list

#
# Local network
#
add address=192.168.1.0/24 comment=speedy1 disabled=no list=local
add address=192.168.2.0/24 comment=speedy2 disabled=no list=local
add address=192.168.100.0/24 comment=server disabled=no list=local
add address=192.168.0.0/24 comment=lan disabled=no list=local
#
# Users (Clients)
#
add address=192.168.0.0/24 comment="" disabled=no list=lan
#
# Server
#
add address=192.168.100.0/24 comment="" disabled=no list=server
add address=192.168.100.200 comment="" disabled=no list=server-mail
add address=192.168.100.201 comment="" disabled=no list=server-proxy


/ip firewall nat

#
# DNS TRANSPARENT
#
add action=dst-nat chain=dstnat comment="DNS transparent" disabled=no \
    dst-port=53 protocol=tcp src-address-list=lan to-addresses=\
    192.168.100.200 to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 protocol=\
    udp src-address-list=lan to-addresses=192.168.100.200 to-ports=53
#
# DSTNAT to Server Mail
#
add action=dst-nat chain=dstnat comment="SMTP" disabled=no \
    dst-address=202.158.1.2 dst-port=25 protocol=tcp to-addresses=\
    192.168.100.200 to-ports=25
add action=dst-nat chain=dstnat comment=WEB disabled=no dst-address=\
    202.158.1.2 dst-port=80 protocol=tcp to-addresses=192.168.100.200 \
    to-ports=808
add action=dst-nat chain=dstnat comment=POP3 disabled=no dst-address=\
    202.158.1.2 dst-port=110 protocol=tcp to-addresses=192.168.100.200 \
    to-ports=110
add action=dst-nat chain=dstnat comment=IMAP disabled=no dst-address=\
    202.158.1.2 dst-port=143 protocol=tcp to-addresses=192.168.100.200 \
    to-ports=143
add action=dst-nat chain=dstnat comment=HTTPS disabled=no dst-address=\
    202.158.1.2 dst-port=443 protocol=tcp to-addresses=192.168.100.200 \
    to-ports=443
#
# PROXY TRANSPARENT
#
add action=dst-nat chain=dstnat comment="PROXY TRANSPARENT for clients" \
    disabled=no dst-address-list=!local dst-port=80 in-interface=LAN \
    protocol=tcp src-address-list=lan to-addresses=192.168.100.201 \
    to-ports=8080
#
# MASQUERADE To Internet
#
add action=masquerade chain=srcnat comment="" disabled=no out-interface=CBN
add action=masquerade chain=srcnat comment="" disabled=no out-interface=SPEEDY1
add action=masquerade chain=srcnat comment="" disabled=no out-interface=SPEEDY2
#
# MASQUERADE To Modem ADSL
#
add action=masquerade chain=srcnat comment="" disabled=no out-interface=ETH-SPEEDY1
add action=masquerade chain=srcnat comment="" disabled=no out-interface=ETH-SPEEDY2


/ip firewall mangle

#
# MARK PACKET DOWN Proxy Cache Hits Mark
#
add action=mark-packet chain=forward comment="Proxy Cache Hits Mark" \
    disabled=no dscp=12 new-packet-mark=proxy-hit passthrough=no protocol=tcp \
    src-port=8080
#
# MARK PACKET DOWN from server proxy as internet connection
#
add action=mark-packet chain=forward comment=\
    "MARK PACKET clients-down from proxy" disabled=no dst-address-list=\
    lan new-packet-mark=clients-down passthrough=no protocol=tcp \
    src-address-list=server-proxy src-port=8080
#
# MARK PACKET UP local connection
#
add action=mark-packet chain=prerouting comment=\
    "MARK PACKETS server to local as server-up" disabled=no \
    dst-address-list=local new-packet-mark=server-up passthrough=no \
    src-address-list=server
#
# MARK ROUTING cbn from server mail
#
add action=mark-routing chain=prerouting comment=\
    "MARK routing for server mail via cbn" disabled=no \
    new-routing-mark=CBN passthrough=no src-address-list=server-mail
#
# MARK PACKET UP DIRECT to server proxy as internet connection
#
add action=mark-packet chain=prerouting comment=\
    "MARK PACKET DIRECT to proxy clients-up" disabled=no dst-address-list=\
    server-proxy dst-port=8080 new-packet-mark=clients-up passthrough=no \
    protocol=tcp src-address-list=lan
#
# MARK PACKET UP local connection
#
add action=mark-packet chain=prerouting comment="MARK PACKET LOCAL local-up" \
    disabled=no dst-address-list=local in-interface=LAN new-packet-mark=clients-local-up \
    passthrough=no src-address-list=lan
#
# MARK PACKET UP REDIRECT to server proxy as internet connection
#
add action=mark-packet chain=prerouting comment=\
    "MARK PACKET tcp port 80 REDIRECT to proxy clients-up" disabled=no \
    dst-address-list=!local dst-port=80 new-packet-mark=clients-up \
    passthrough=no protocol=tcp src-address-list=lan
#
# MARK CONNECTION from internet via cbn/speedy to mikrotik
#
add action=mark-connection chain=input comment=\
    "ACCEPT connection from cbn" connection-state=new disabled=no \
    in-interface=CBN new-connection-mark=cbn_rt_con passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=cbn_rt_con \
    disabled=no new-routing-mark=CBN passthrough=no
add action=mark-connection chain=input comment=\
    "ACCEPT connection from speedy1" connection-state=new disabled=\
    no in-interface=SPEEDY1 new-connection-mark=speedy1_rt_con passthrough=\
    yes
add action=mark-routing chain=output comment="" connection-mark=\
    speedy1_rt_con disabled=no new-routing-mark=speedy1 passthrough=no
add action=mark-connection chain=input comment=\
    "ACCEPT connection from speedy2" connection-state=new disabled=\
    no in-interface=SPEEDY2 new-connection-mark=speedy2_rt_con passthrough=\
    yes
add action=mark-routing chain=output comment="" connection-mark=\
    speedy2_rt_con disabled=no new-routing-mark=speedy2 passthrough=no
#
# MARK PACKET DOWN local connection
#
add action=mark-packet chain=forward comment=\
    "MARK PACKET LOCAL clients-local-down" disabled=no dst-address-list=\
    lan new-packet-mark=clients-local-down passthrough=no \
    src-address-list=local
#
# MARK PACKET DOWN internet connection
#
add action=mark-packet chain=forward comment=\
    "MARK PACKET clients-down" disabled=no dst-address-list=\
    lan new-packet-mark=clients-down passthrough=no
#
# MARK PACKET UP internet connection (classified by connection marking)
#
add action=mark-packet chain=forward comment="MARK PACKET clients-up" \
    connection-mark=speedy1_con disabled=no new-packet-mark=clients-up \
    passthrough=no src-address-list=lan
add action=mark-packet chain=forward comment="MARK PACKET clients-up" \
    connection-mark=speedy2_con disabled=no new-packet-mark=clients-up \
    passthrough=no src-address-list=lan
#
# LOAD BALANCING NTH server proxy
#
add action=mark-connection chain=prerouting comment=LB_PCC_NTH_Proxy \
    connection-state=new disabled=no dst-address-list=!local \
    new-connection-mark=speedy1_pr_con nth=2,1 passthrough=yes \
    src-address-list=server-proxy
add action=mark-routing chain=prerouting comment=LB_PCC_NTH_Proxy \
    connection-mark=speedy1_pr_con disabled=no dst-address-list=!local \
    new-routing-mark=speedy1 passthrough=no src-address-list=server-proxy
add action=mark-connection chain=prerouting comment=LB_PCC_NTH_Proxy \
    connection-state=new disabled=no dst-address-list=!local \
    new-connection-mark=speedy2_pr_con nth=1,1 passthrough=yes \
    src-address-list=server-proxy
add action=mark-routing chain=prerouting comment=LB_PCC_NTH_Proxy \
    connection-mark=speedy2_pr_con disabled=no dst-address-list=!local \
    new-routing-mark=speedy2 passthrough=no src-address-list=server-proxy
#
# LOAD BALANCING PCC clients
#
add action=mark-connection chain=prerouting comment=LB_PCC_NTH_Clients \
    connection-state=new disabled=no dst-address-list=!local \
    dst-address-type=!local new-connection-mark=speedy1_con passthrough=yes \
    per-connection-classifier=both-addresses:2/0 src-address-list=lan
add action=mark-routing chain=prerouting comment=LB_PCC_NTH_Clients \
    connection-mark=speedy1_con disabled=no dst-address-list=!local \
    new-routing-mark=speedy1 passthrough=no src-address-list=lan
add action=mark-connection chain=prerouting comment=LB_PCC_NTH_Clients \
    connection-state=new disabled=no dst-address-list=!local \
    dst-address-type=!local new-connection-mark=speedy2_con passthrough=yes \
    per-connection-classifier=both-addresses:1/0 src-address-list=lan
add action=mark-routing chain=prerouting comment=LB_PCC_NTH_Clients \
    connection-mark=speedy2_con disabled=no dst-address-list=!local \
    new-routing-mark=speedy2 passthrough=no src-address-list=lan


/queue type

set default kind=pfifo name=default pfifo-limit=50
set ethernet-default kind=pfifo name=ethernet-default pfifo-limit=50
set wireless-default kind=sfq name=wireless-default sfq-allot=1514 \
    sfq-perturb=5
set synchronous-default kind=red name=synchronous-default red-avg-packet=1000 \
    red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set hotspot-default kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
add kind=pcq name=pcq-download pcq-classifier=dst-address pcq-limit=20 \
    pcq-rate=0 pcq-total-limit=1000
add kind=pcq name=pcq-upload pcq-classifier=src-address pcq-limit=20 \
    pcq-rate=0 pcq-total-limit=1000
set default-small kind=pfifo name=default-small pfifo-limit=10


Untuk bandwidth management hanya trafik upstream dan downstream dari dan ke internet melalui koneksi dua speedy yang diatur. Nama packetnya adalah clients-up untuk trafik upstream dan clients-down untuk downstream. Ada pun pengaturan bandwidthnya sbb:

Bandwidth Downstream

Root
  - Ceiling  : 3500kbps
  - Rate     :     0kbps
Client
  - Ceiling  : 3500kbps
  - Rate     :      0kbps


Bandwidth Upstream

Root
  - Ceiling  : 512kbps
  - Rate     :    0kbps
Client
  - Ceiling  : 512kbps
  - Rate     :    0kbps


/queue tree

add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=512k name=UPSTREAM parent=global-out priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=512k name=clients-up packet-mark=clients-up parent=\
    UPSTREAM priority=1 queue=pcq-upload
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=3500k name=DOWNSTREAM parent=global-out priority=8
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \
    max-limit=3500k name=clients-down packet-mark=clients-down parent=\
    DOWNSTREAM priority=1 queue=pcq-download


/system clock

set time-zone-name=Asia/Jakarta


/system clock manual

set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
    "jan/01/1970 00:00:00" time-zone=+00:00


/tool graphing interface

add allow-address=0.0.0.0/0 disabled=no interface=CBN store-on-disk=yes
add allow-address=0.0.0.0/0 disabled=no interface=SPEEDY1 store-on-disk=yes
add allow-address=0.0.0.0/0 disabled=no interface=SPEEDY2 store-on-disk=yes
add allow-address=0.0.0.0/0 disabled=no interface=LAN store-on-disk=yes
add allow-address=0.0.0.0/0 disabled=no interface=SERVER store-on-disk=yes


/tool graphing resource

add allow-address=0.0.0.0/0 disabled=no store-on-disk=yes


Berikut ini script-script untuk load balancing dan fail over speedy. Penjelasan fungsi-fungsi script ada di bagian bawah:

1. param

#
# param
#
#
# Jumlah wan
#
:global wans 2;
#
# Interface speedy
#   1. SPEEDY1
#   2. SPEEDY2
#
:global iface "ETH-SPEEDY1, ETH-SPEEDY2";
#
# Nama koneksi
#
:global wan "SPEEDY1, SPEEDY2";
#
# Scoring
#
# No  speedy1  speedy2
# 0   off      off
# 2   on       off
# 4   off      on
# 6   on       on
:global scrs "2,4";
:global SCORE 0;


Penjelasan:

  1. Variable global iface untuk menyimpan nama interface ethernet mikrotik yang terhubung ke modem ADSL speedy.
  2. Variable global wan untuk menyimpan nama interface pppoe client (mikrotik) ke koneksi internet speedy.
  3. Variable SCORE untuk menyimpan status koneksi yang berlangsung.
    • SCORE 0 berarti semua speedy tidak online.
    • SCORE 2 berarti hanya speedy1 yang online.
    • SCORE 4 berarti hanya speedy2 yang online.
    • SCORE 6 berarti hanya kedua speedy online bersamaan.

2. lb-detection

#
# lb-detection
#
:global SCORE;
:global wans;
:global scrs;
:global iface;
:global wan;
:local scrArr [:toarray $scrs];
:local ifaceArr [:toarray $iface];
:local wanArr [:toarray $wan];
:local score 0;
:local nth 0;
:local ifaceStatus "";
:local wanStatus "";

:for x from=1 to="$wans" \
do={ :local wanIface [:pick $ifaceArr ($x-1)];
     :local wanName [:pick $wanArr ($x-1)];
     /interface ethernet monitor "$wanIface" once do={ :set ifaceStatus $status };
     :if ( $ifaceStatus="link-ok" ) \
     do { /interface pppoe-client monitor "$wanName" once do={:set wanStatus $status };
          :if ( $wanStatus="connected" ) \
          do { :set score ($score+[:pick $scrArr ($x-1)]); :set nth ($nth+1);
             } else { :log warning "$wanName is disconnected"; }
        } else { :log warning "$wanIface is down"; }
   };
#:put $score;
#
:if ($SCORE!=$score) \
do { :local ptr [ /system logging find topics="info"];
   /system logging disable $ptr;
   :if ($score=6) do { /system script run LB_SPEEDY; }
   :if ($score=4) do { /system script run SPEEDY2; }
   :if ($score=2) do { /system script run SPEEDY1; }
   /system logging enable $ptr;
};
#
:set SCORE $score;
:put $SCORE;


Penjelasan:

  1. Baris 4-8 membaca variable global yang telah dideklarasikan sewaktu booting dan melalui eksekusi script seperti variable SCORE.
  2. Baris 9-15 mendeklarasikan variable local.
  3. Baris 17-27 adalah inti dari load balancing detection.
    • Pertama mikrotik mendeteksi apakah link ke interface modem adsl (ETH-SPEEDY1 atau ETH-SPEEDY2) menunjukkan link-ok atau tidak. Jika tidak maka koneksi melalui modem ADSL tersebut dianggap putus seraya menampilkan pesan log interface_name is down dan tidak perlu cek koneksi internet speedy . Jika link ok maka lanjut ke langkah di bawah ini.
    • Selanjutnya mikrotik melihat status koneksi internet speedy jika menunjukkan connected maka nilai score bertambah 1. Jika statusnya disconnected mikrotik akan menampilkan isi log “PPPoE_Client_Name is disconnected”.
  4. Baris 30-37, mikrotik akan menjalankan salah satu script ini, LB_SPEEDY, SPEEDY1 atau SPEEDY2, hanya jika nilai score baru berbeda dengan nilai SCORE lama.
  5. Baris 39-40 nilai score baru disimpan ke variable global SCORE.


3. LB_SPEEDY

#
# LB_SPEEDY
#
# Hapus rule-rule mangle lama berdasarkan isi comment
/ip firewall mangle remove [ find comment="LB_PCC_NTH_Proxy"];
/ip firewall mangle remove [ find comment="LB_PCC_NTH_Clients"];
#
# Tambahkan rule-rule mangle baru
/ip firewall mangle
#
# LB_PCC_NTH_Proxy
#
#add action=mark-connection chain=prerouting comment=LB_PCC_NTH_Proxy \
#    connection-state=new disabled=no dst-address-list=!local \
#    dst-address-type=!local new-connection-mark=speedy1_pr_con passthrough=\
#    yes per-connection-classifier=both-addresses:2/0 src-address-list=\
#    server-proxy
add action=mark-connection chain=prerouting comment=LB_PCC_NTH_Proxy \
    connection-state=new disabled=no dst-address-list=!local \
    new-connection-mark=speedy1_pr_con nth=2,1 passthrough=\
    yes src-address-list=server-proxy
add action=mark-routing chain=prerouting comment="LB_PCC_NTH_Proxy" connection-mark=\
    speedy1_pr_con disabled=no dst-address-list=!local new-routing-mark=\
    speedy1 passthrough=no src-address-list=server-proxy
#add action=mark-connection chain=prerouting comment=LB_PCC_NTH_Proxy \
#    connection-state=new disabled=no dst-address-list=!local \
#    dst-address-type=!local new-connection-mark=speedy2_pr_con passthrough=\
#    yes per-connection-classifier=both-addresses:1/0 src-address-list=\
#    server-proxy
add action=mark-connection chain=prerouting comment=LB_PCC_NTH_Proxy \
    connection-state=new disabled=no dst-address-list=!local \
    new-connection-mark=speedy2_pr_con nth=1,1 passthrough=\
    yes src-address-list=server-proxy
add action=mark-routing chain=prerouting comment="LB_PCC_NTH_Proxy" connection-mark=\
    speedy2_pr_con disabled=no dst-address-list=!local new-routing-mark=\
    speedy2 passthrough=no src-address-list=server-proxy
#
# LB_PCC_NTH_Clients
#
add action=mark-connection chain=prerouting comment=LB_PCC_NTH_Clients \
    connection-state=new disabled=no dst-address-list=!local \
    dst-address-type=!local new-connection-mark=speedy1_con passthrough=yes \
    per-connection-classifier=both-addresses:2/0 src-address-list=lan
add action=mark-routing chain=prerouting comment="LB_PCC_NTH_Clients" connection-mark=\
    speedy1_con disabled=no dst-address-list=!local new-routing-mark=speedy1 \
    passthrough=no src-address-list=lan
add action=mark-connection chain=prerouting comment=LB_PCC_NTH_Clients \
    connection-state=new disabled=no dst-address-list=!local \
    dst-address-type=!local new-connection-mark=speedy2_con passthrough=yes \
    per-connection-classifier=both-addresses:1/0 src-address-list=lan
add action=mark-routing chain=prerouting comment="LB_PCC_NTH_Clients" connection-mark=\
    speedy2_con disabled=no dst-address-list=!local new-routing-mark=speedy2 \
    passthrough=no src-address-list=lan
#
/queue tree {
set DOWNSTREAM max-limit=3500k
set UPSTREAM max-limit=512k
}


4. SPEEDY1

#
# SPEEDY1
#
# Hapus rule-rule mangle lama berdasarkan isi comment
/ip firewall mangle remove [ find comment="LB_PCC_NTH_Proxy"];
/ip firewall mangle remove [ find comment="LB_PCC_NTH_Clients"];
#
# Tambahkan rule-rule mangle baru
/ip firewall mangle
#
# LB_PCC_NTH_Proxy
#
add action=mark-connection chain=prerouting comment=LB_PCC_NTH_Proxy \
    connection-state=new disabled=no dst-address-list=!local \
    new-connection-mark=speedy1_pr_con passthrough=\
    yes src-address-list=server-proxy
add action=mark-routing chain=prerouting comment="LB_PCC_NTH_Proxy" connection-mark=\
    speedy1_pr_con disabled=no dst-address-list=!local new-routing-mark=\
    speedy1 passthrough=no src-address-list=server-proxy
#
# LB_PCC_NTH_Clients
#
add action=mark-connection chain=prerouting comment=LB_PCC_NTH_Clients \
    connection-state=new disabled=no dst-address-list=!local \
    new-connection-mark=speedy1_con passthrough=yes \
    src-address-list=lan
add action=mark-routing chain=prerouting comment="LB_PCC_NTH_Clients" connection-mark=\
    speedy1_con disabled=no dst-address-list=!local new-routing-mark=speedy1 \
    passthrough=no src-address-list=
#
/queue tree {
set DOWNSTREAM max-limit=1750k
set UPSTREAM max-limit=256k
}


5. SPEEDY2

#
# SPEEDY2
#
#
/ip firewall mangle remove [ find comment="LB_PCC_NTH_Proxy"];
/ip firewall mangle remove [ find comment="LB_PCC_NTH_Clients"];
/ip firewall mangle
#
# LB_PCC_NTH_Proxy
#
add action=mark-connection chain=prerouting comment=LB_PCC_NTH_Proxy \
    connection-state=new disabled=no dst-address-list=!local \
    new-connection-mark=speedy2_pr_con passthrough=\
    yes src-address-list=server-proxy
add action=mark-routing chain=prerouting comment="LB_PCC_NTH_Proxy" connection-mark=\
    speedy2_pr_con disabled=no dst-address-list=!local new-routing-mark=\
    speedy2 passthrough=no src-address-list=server-proxy
#
# LB_PCC_NTH_Clients
#
add action=mark-connection chain=prerouting comment=LB_PCC_NTH_Clients \
    connection-state=new disabled=no dst-address-list=!local \
    new-connection-mark=speedy2_con passthrough=yes \
    src-address-list=lan
add action=mark-routing chain=prerouting comment="LB_PCC_NTH_Clients" connection-mark=\
    speedy2_con disabled=no dst-address-list=!local new-routing-mark=speedy2 \
    passthrough=no src-address-list=lan
#
/queue tree {
set DOWNSTREAM max-limit=1750k
set UPSTREAM max-limit=256k
}


Penjelasan:

  1. Saat mikrotik booting maka script param akan dieksekusi. Script ini menyimpan beberapa variable global dan penilaian atau scoring jumlah koneksi speedy yang online (tersambung ke internet). Nilai atau score 0 berarti semua speedy tidak online, 2 berarti speedy1 yang online, 4 hanya speedy2 yang online dan 6 jika semua speedy online. Mengapa perlu scoring? Tujuannya adalah agar seusai script lb-detection dijalankan setiap 30 detik maka hanya jika ada perubahan koneksi, salah satu dari script di bawah ini yang akan dijalankan:
    • LB_SPEEDY jika 2 speedy online bersamaan.
    • SPEEDY1 jika hanya speedy1 yang online.
    • SPEEDY2 jika hanya speedy2 yang online.

    Misal pertama kali semua speedy online, 30 detik kemudian script lb-detection dieksekusi, mikrotik melihat bahwa tidak ada perubahan koneksi alias SCORE baru tidak berbeda dengan SCORE lama, script LB_SPEEDY tidak akan dijalankan. Sekian menit atau jam kemudian salah satu koneksi speedy ada yang putus maka mikrotik akan meng-eksekusi salah satu script, SPEEDY1 atau SPEEDY2, karena melihat SCORE baru berbeda dengan SCORE lama.

  2. Script LB_SPEEDY akan menjalankan load balancing nth dan pcc dengan dua koneksi speedy.
  3. Script SPEEDY1 akan menjalankan koneksi ke internet dengan jalur speedy1.
  4. Script SPEEDY2 akan menjalankan koneksi ke internet dengan jalur speedy2.

Dan ini schedule untuk menjalankan script di atas:
/system scheduler

#
# Script param akan dijalankan setiap mikrotik reboot
#
add comment="" disabled=no interval=0s name=startup-param on-event=param \
    policy=reboot,write,test start-time=startup
#
# Script lb-detectio (load balancing detection) dijalankan setiap 30 detik
#
add comment="" disabled=no interval=30s name=speedy-detection on-event=\
    lb-detection policy=reboot,read,write,test start-date=jan/01/1970 \
    start-time=00:00:10


Tool netwatch untuk monitoring koneksi dari mikrotik ke interface speedy:

/tool netwatch

add comment="interface speedy2" disabled=no down-script="" host=\
    192.168.2.254 interval=30s timeout=1s up-script=""
add comment="interface speedy1" disabled=no down-script="" host=\
    192.168.1.254 interval=30s timeout=1s up-script=""


Bahan bacaan, terutama untuk memahami script programming mikrotik:

  1. Scripts
  2. Theory of Scripting
  3. Scripting Examples



Last update: 2011-05-01 15:52 +07:00

Written by awarmanf

April 30, 2011 at 4:21 pm

Posted in Mikrotik

21 Responses

Subscribe to comments with RSS.

  1. mancapppp lengkap poll
    keren
    cool

    lupamikir

    May 1, 2011 at 1:52 am

  2. nh buat 2 ISP y bos …?

    REZPECT

    May 1, 2011 at 9:48 am

    • Ya. Sebenarnya pakai 1 ISP seperti speedy tapi dengan dua koneksi atau lebih bisa juga dipakai. Nanti default gateway mikrotik pakai 2 koneksi.

      Arief Yudhawarman

      May 1, 2011 at 12:31 pm

  3. ujung2nya kok tool netwatch ya???

    ujung

    May 1, 2011 at 7:19 pm

    • Hanya sekedar tambahan yg tidak perlu. Awalnya saya buat script lb-balancing dengan membaca status di tool netwatch tetapi krn tidak berhasil akhirnya menemukan cara lain yg lebih simple.

      Arief Yudhawarman

      May 2, 2011 at 1:20 am

  4. Dear Bg Arifff

    Thank’s sudah ingin berbagi.

    konfigurasi ini bisa dipakai untuk warnet ya ?
    kalo hanya pakai 2 speedy apa banyak perubahan konfigurasi seperti punya abang ini??

    salam

    Syamsul Rizal

    May 2, 2011 at 1:01 am

    • Bisa dipakai. Tinggal memperbagus bandwidth management atau menambah rule di mangle. Rule yg lain sih tetap.

      Arief Yudhawarman

      May 2, 2011 at 1:18 am

  5. […] Load Balancing dan Fail Over (1 CBN dan 2 SPEEDY) […]

  6. kalau untuk 2 line speedy yang secara ppoe gimn ?
    aku sudah nyuba berbagai tutorial dan berbagai versi tapi blm berhasil
    hiks

    aderaimu

    November 25, 2011 at 9:25 pm

    • Justru ini lebih gampang. Tutorialnya ada disini juga. Lihat koneksi dengan 5 wan/speedy. Itu semua pakai pppoe.

      awarmanf

      February 20, 2012 at 8:12 am

  7. wah, tingkat tinggi ni bahasanya

    butik batik online

    January 29, 2012 at 4:22 pm

  8. tutorial yang bagus, rencana mo sy terapkan di kantor.. tapi sebelumnya saya mo nanya,, nama interface ethernet untuk speedy yaitu ETH-SPEEDY1 & ETH-SPEEDY2 sedangkan nama interface pada pppoe-client yaitu SPEEDY1 & SPEEDY2, ko bisa ya? cmiiw..

    cakeutreukhideung

    February 14, 2012 at 3:10 pm

    • ETH-SPEEDY1 itu nama interface di mikrotik yang konek ke modem adsl speedy 1.
      ETH-SPEEDY2 itu nama interface di mikrotik yang konek ke modem adsl speedy 2.
      Sedangkan SPEEDY1 itu nama koneksi bridge di mikrotik untuk konek ke speedy via modem adsl speedy1. Begitu pula SPEEDY2.

      awarmanf

      February 20, 2012 at 8:07 am

      • /interface pppoe-client

        add ac-name=”” add-default-route=no allow=pap,chap,mschap1,mschap2 comment=”” \
        dial-on-demand=no disabled=no interface=SPEEDY1 max-mru=1480 \
        max-mtu=1480 mrru=disabled name=SPEEDY1 password=xxxxxx profile=\
        default service-name=”” use-peer-dns=no user=12260420xxxx@telkom.net
        add ac-name=”” add-default-route=no allow=pap,chap,mschap1,mschap2 comment=”” \
        dial-on-demand=no disabled=no interface=SPEEDY2 max-mru=1480 \
        max-mtu=1480 mrru=disabled name=SPEEDY2 password=xxxxxx profile=\
        default service-name=”” use-peer-dns=no user=12260420xxxx@telkom.net

        Maksud @cakeutreukhideung mungkin yg ini pak…. itu kan interface=SPEEDY1 sedangkan di /iface ethernet yang ada cuma ETH-SPEEDY1, saya juga berasumsi seharusnya interfacenya=ETH-SPEEDY1…. Mohon penjelasannya pak kalo salah… Terima Kasih sebelumnya… (Y)

        Reds_Ryan

        February 21, 2012 at 3:17 pm

        • Interface SPEEDY1 dan SPEEDY2 itu nama interface pppoe-client.
          Sewaktu setup koneksi pppoe dengan speedy kita bisa beri nama bebas.
          Namun jangan set namanya sama dengan nama interface di mikrotik yang konek ke modem adsl speedy.
          Hal ini untuk memudahkan dalam pembuatan filter, nat dan mangle.

          Kalau di OS linux, nama interface pppoe itu biasanya diawali dengan ppp, seperti ppp0, ppp1 dst.
          Sedangkan nama interface ethernet yang konek ke modem adsl speedy itu berawalan eth, seperti eth0, eth1, dst.

          awarmanf

          February 24, 2012 at 7:24 am

        • Yups betul sekali Pak…. Tapi yang dipermasalahkan saudara @cakeutreukhideung dari turotial diatas adalah interface=SPEEDY1 dan name=SPEEDY1 cuma itu aja kok….😀 disitu bapak membuat name=SPEEDY1 sedangkan interface nya yang ada ketika membuat pppoe itu sendiri adalah ETH-SPEEDY1 dan ETH-SPEEDY2….. saya rasa cuma salah penulisan saja…. Ok.

          Reds_Ryan

          February 25, 2012 at 8:22 pm

  9. Anda benar. Berikut ini saya tulis ulang:

    /interface pppoe-client print
    Flags: X – disabled, R – running
    0 R name=”SPEEDY1″ max-mtu=1480 max-mru=1480 mrru=disabled interface=ETH3-SPEEDY1 user=”12260420xxxx@telkom.net”
    password=”xxxxxx” profile=default service-name=”” ac-name=”” add-default-route=no dial-on-demand=no
    use-peer-dns=no allow=pap,chap,mschap1,mschap2

    1 R name=”SPEEDY2″ max-mtu=1480 max-mru=1480 mrru=disabled interface=ETH4-SPEEDY2 user=”12260420xxxxx@telkom.net”
    password=”xxxxx” profile=default service-name=”” ac-name=”” add-default-route=no dial-on-demand=no
    use-peer-dns=no allow=pap,chap,mschap1,mschap2

    Arief Yudhawarman

    February 26, 2012 at 1:29 pm

  10. @Reds_Ryan thank bantuan koreksi nya.. mas arief,, saya dah coba tutorial di atas dengan beberapa modifikasi.. namun sekarang muncul beberapa masalah salah satu nya ketika masuk ke situs tertentu kadang2 muncul error ‘no dns records’, ‘dns lookup failed’. saya dah utak atik di dns tapi tetap aja. apa mungkin karena beda isp(speedy & icon+), ip dns nya berpengaruh? cmiiw..
    mohon pencerahannya,, mas arif da ym u/ sharing2 ilmu nya.. thanks b4..

    cakeutreukhideung

    March 8, 2012 at 2:18 am

  11. […] Load Balancing dan Fail Over (1 CBN dan 2 SPEEDY) […]

  12. salut buat mas arif,

    saya punya kendala yang hampir mirip namun saya hanya ada 2 koneksi internet, pertanyaan saya adalah:

    jawaban ini akan saya terpakan di kantor saya dan saya akan sangat berterima kasih sekali dan akan menjadi pelajaran yang sangat berharga buat saya.

    saya ada 2 line internet yang beda gateway namun DNS-nya sama, internetnya akan di bedakan menjadi A dan B

    line A untuk user 1-100
    line Bhanya mailserver.

    user A akan mengakses ke line A dan tidak akan pernah nyasar ke line B dan apabila line A maka user A tidak akan pernah bisa pindah atau nyasar ke line B
    begitu juga sebaliknya dengan line B

    Mohon pencerahan dan bantuannya karena ini akan sangat membantu saya dalam pembagian line internet di mikrotik. atas perhatiannya say ucapkan Terima Kasih

    Mohamad Yuliardi

    July 27, 2013 at 3:22 am

  13. mas setting di atas bisa untuk 2 modem usb ??

    ipunk

    June 6, 2014 at 6:11 am


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: