Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 6 of 6
  1. #1
    Status
    Offline
    pupusyae's Avatar
    Baru Gabung
    Join Date
    Aug 2015
    Posts
    4
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Mohon bantuannya load balance static ip + web proxy

    Dear All,

    Mohon bantuannya agan-agan sekalian..

    ceritanya ane sedang memperbaiki jaringan di kantor yg berantakan, tapi terkendala pengetahuan yg minim mengenai mikrotik..

    topolaginya gini...


    ISP1--------------
    ------------Mikrotik-------Swicth------
    ISP2--------------

    ane sudah setting LB menggunakan addres list dan sudah berjalan dengan baik..tapi bermasalah ketika mengaktifkan webproxy internalnya, Load balance jdi tidak berfungsi..mohon pencerahannya agan-agan sekalian...Click here to enlarge

    berikut konfigurasi mikrotik yang sdh ane lakuin..

    [admin@MikroTik] > interface pr
    Flags: D - dynamic, X - disabled, R - running, S - slave
    # NAME TYPE ACTUAL-MTU L2MTU MAX-L2MTU MAC-ADDRESS
    0 R ISP1 ether 1500 00:00:00:00:00:00
    1 R ISP2 ether 1500 1500 00:00:00:00:00:00
    2 R LAN ether 1500 7152 00:00:00:00:00:00

    [admin@MikroTik] > ip address pr
    Flags: X - disabled, I - invalid, D - dynamic
    # ADDRESS NETWORK INTERFACE
    0 xxx.xxx.xxx.183/28 xxx.xxx.xxx.176 ISP1
    1 192.168.99.1/24 192.168.99.0 LAN
    2 xxx.xxx.xxx.38/29 xxx.xxx.xxx.32 ISP2

    [admin@MikroTik] > ip firewall nat pr
    Flags: X - disabled, I - invalid, D - dynamic
    0 ;;; via ISP1
    chain=srcnat action=masquerade to-addresses=xxx.xxx.xxx.183 src-address-list=ISP1 log=no log-prefix=""

    1 ;;; via ISP2
    chain=srcnat action=masquerade to-addresses=xxx.xxx.xxx.38 src-address-list=ISP2 log=no log-prefix=""
    [admin@MikroTik] > ip firewall mangle pr
    Flags: X - disabled, I - invalid, D - dynamic
    0 ;;; Mark Routing ISP1
    chain=prerouting action=mark-routing new-routing-mark=ISP1-route passthrough=no src-address-list=ISP1 in-interface=LAN log=no log-prefix=""

    1 ;;; Mark Routing ISP2
    chain=prerouting action=mark-routing new-routing-mark=ISP2-route passthrough=no src-address-list=ISP2 in-interface=LAN log=no log-prefix=""

    [admin@MikroTik] > ip firewall address-list pr
    Flags: X - disabled, D - dynamic
    # LIST ADDRESS TIMEOUT
    0 ISP2 192.168.99.100
    1 ISP2 192.168.99.101
    2 ISP1 192.168.99.102
    3 ISP2 192.168.99.103

    [admin@MikroTik] > ip route pr
    Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
    # DST-ADDRESS PREF-SRC GATEWAY DISTANCE
    0 A S 0.0.0.0/0 xxx.xxx.xxx.177 1
    1 S 0.0.0.0/0 xxx.xxx.xxx.33 1
    2 A S 0.0.0.0/0 xxx.xxx.xxx.33 1
    3 S 0.0.0.0/0 xxx.xxx.xxx.177 1
    4 A S 0.0.0.0/0 xxx.xxx.xxx.177 1
    5 S 0.0.0.0/0 xxx.xxx.xxx.33 1
    6 ADC xxx.xxx.xxx.32/29 xxx.xxx.xxx.38 ISP2 0
    7 ADC 192.168.99.0/24 192.168.99.1 LAN 0
    8 ADC xxx.xxx.xxx.176/28 xxx.xxx.xxx.183 ISP1 0


    [admin@MikroTik] > ip route rule pr
    Flags: X - disabled, I - inactive
    0 dst-address=xxx.xxx.xxx.176/28 action=lookup table=main

    1 dst-address=xxx.xxx.xxx.32/29 action=lookup table=main

    2 dst-address=192.168.99.0/24 action=lookup table=main

    3 src-address=xxx.xxx.xxx.176/28 action=lookup table=ISP1-route

    4 src-address=xxx.xxx.xxx.32/29 action=lookup table=ISP2-route

    5 routing-mark=ISP1-route action=lookup table=ISP1-route

    6 routing-mark=ISP2-route action=lookup table=ISP2-route

    [admin@MikroTik] > ip dns pr
    servers: 8.8.8.8,8.8.4.4
    dynamic-servers:
    allow-remote-requests: yes
    max-udp-packet-size: 4096
    query-server-timeout: 2s
    query-total-timeout: 10s
    cache-size: 2048KiB
    cache-max-ttl: 1w
    cache-used: 83KiB

    [admin@MikroTik] > ip proxy pr
    enabled: yes
    src-address: ::
    port: 8080
    anonymous: no
    parent-proxy: ::
    parent-proxy-port: 0
    cache-administrator: webmaster
    max-cache-size: unlimited
    max-cache-object-size: 2048KiB
    cache-on-disk: no
    max-client-connections: 600
    max-server-connections: 600
    max-fresh-time: 3d
    serialize-connections: no
    always-from-cache: no
    cache-hit-dscp: 4
    cache-path: disk1

    dengan menambahkan nat ini

    0 ;;; Proxy
    chain=dstnat action=dst-nat to-addresses=192.168.99.1 to-ports=8080 protocol=tcp dst-port=80 log=no log-prefix=""

    mohon bantuannya ya gan, Click here to enlarge

  2. #2
    Status
    Offline
    henDra's Avatar
    Baru Gabung
    Join Date
    Nov 2007
    Location
    Pekanbaru, Riau
    Posts
    13
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Pakai mangle aja Proxynya.. Load balancenya pakai mode ECMP aja..

  3. #3
    Status
    Offline
    pupusyae's Avatar
    Baru Gabung
    Join Date
    Aug 2015
    Posts
    4
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by henDra Click here to enlarge
    Pakai mangle aja Proxynya.. Load balancenya pakai mode ECMP aja..
    thanks gan, bisa contohin ganClick here to enlarge msh belajar niey..Click here to enlarge

  4. #4
    Status
    Offline
    Anto.PJ's Avatar
    Forum Guru
    Join Date
    May 2011
    Location
    macz
    Posts
    1,697
    Reviews
    Read 0 Reviews
    Downloads
    7
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by pupusyae Click here to enlarge
    Dear All,
    [admin@MikroTik] > ip firewall mangle pr
    Flags: X - disabled, I - invalid, D - dynamic
    0 ;;; Mark Routing ISP1
    chain=prerouting action=mark-routing new-routing-mark=ISP1-route passthrough=no src-address-list=ISP1 in-interface=LAN log=no log-prefix=""

    1 ;;; Mark Routing ISP2
    chain=prerouting action=mark-routing new-routing-mark=ISP2-route passthrough=no src-address-list=ISP2 in-interface=LAN log=no log-prefix=""

    0 ;;; Proxy
    chain=dstnat action=dst-nat to-addresses=192.168.99.1 to-ports=8080 protocol=tcp dst-port=80 log=no log-prefix=""

    mohon bantuannya ya gan, Click here to enlarge
    perlu diketahui, bahwa dalam chain prerouting, mangle prerouting dulu baru dst-nat
    masalahnya adalah, setelah melalui NAT redirecting .. mark-routingnya langsung menghilang, jadi tidak terbaca di routing decision

    dalam kasus ini proxy internal, berarti paket di belokkan ke local process/input. (sepakat ya..)
    berarti paket udah berubah IP asalnya menjadi 192.168.99.1
    disini ente akan kesulitan melakukan load balancing dengan memisahkan berdasarkan ip address list karena semua port 80 akan terbaca berasal dari 192.168.99.1

    tapi bukan berarti tidak bisa, ente masih bisa melakukan loadbalancing dengan PCC mode
    garis besarnya begini
    1. setiap koneksi baru (new) yang keluar dari internal proxy ditandai sebagai connection1, dan koneksi yang menyusul berikut ditandai sebagai connection2. kita menggunakan chain output karena keluarnya dari proxy internal
    Code:
          ;;; Mark connection proxy
          chain=output action=mark-connection connection-state=new new-connection-mark=connection1 dst-port=80 per-connection-classifier=src-port:2/0 dst-address-type=!local
          chain=output action=mark-connection connection-state=new new-connection-mark=connection2 dst-port=80 per-connection-classifier=src-port:2/1 dst-address-type=!local
    2. nah kemudian dibuatkan mark routing, connection1 ke ISP1, dan connection2 ke ISP2
    Code:
     0    ;;; Mark Routing ISP1
          chain=output action=mark-routing new-routing-mark=ISP1-route passthrough=no
    
     1    ;;; Mark Routing ISP2
          chain=output action=mark-routing new-routing-mark=ISP2-route passthrough=no
    3. LB sebelumnya ga perlu dihapus. buat antisipasi jika proxy internal disable, loadbalance tetap jalan, jadi kedua duanya tetap jalan hanya saja LB PCC hanya melayani port 80(http) saja
    Last edited by Anto.PJ; 06-09-2015 at 05:45.

  5. #5
    Status
    Offline
    pupusyae's Avatar
    Baru Gabung
    Join Date
    Aug 2015
    Posts
    4
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by Anto.PJ Click here to enlarge
    perlu diketahui, bahwa dalam chain prerouting, mangle prerouting dulu baru dst-nat
    masalahnya adalah, setelah melalui NAT redirecting .. mark-routingnya langsung menghilang, jadi tidak terbaca di routing decision

    dalam kasus ini proxy internal, berarti paket di belokkan ke local process/input. (sepakat ya..)
    berarti paket udah berubah IP asalnya menjadi 192.168.99.1
    disini ente akan kesulitan melakukan load balancing dengan memisahkan berdasarkan ip address list karena semua port 80 akan terbaca berasal dari 192.168.99.1

    tapi bukan berarti tidak bisa, ente masih bisa melakukan loadbalancing dengan PCC mode
    garis besarnya begini
    1. setiap koneksi baru (new) yang keluar dari internal proxy ditandai sebagai connection1, dan koneksi yang menyusul berikut ditandai sebagai connection2. kita menggunakan chain output karena keluarnya dari proxy internal
    Code:
          ;;; Mark connection proxy
          chain=output action=mark-connection connection-state=new new-connection-mark=connection1 dst-port=80 per-connection-classifier=src-port:2/0 dst-address-type=!local
          chain=output action=mark-connection connection-state=new new-connection-mark=connection2 dst-port=80 per-connection-classifier=src-port:2/1 dst-address-type=!local
    2. nah kemudian dibuatkan mark routing, connection1 ke ISP1, dan connection2 ke ISP2
    Code:
     0    ;;; Mark Routing ISP1
          chain=output action=mark-routing new-routing-mark=ISP1-route passthrough=no
    
     1    ;;; Mark Routing ISP2
          chain=output action=mark-routing new-routing-mark=ISP2-route passthrough=no
    3. LB sebelumnya ga perlu dihapus. buat antisipasi jika proxy internal disable, loadbalance tetap jalan, jadi kedua duanya tetap jalan hanya saja LB PCC hanya melayani port 80(http) saja
    [SOLVED] thanks gan..penjelasannya enak banget Click here to enlarge sudah bs jalan lb + internal proxynya..

    [/SOLVED]

  6. #6
    Status
    Offline
    aaputha's Avatar
    Member
    Join Date
    Oct 2012
    Location
    Bekasi, Indonesia
    Posts
    107
    Reviews
    Read 0 Reviews
    Downloads
    1
    Uploads
    0
    Feedback Score
    0
    save. makasih.

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. (mohon koreksi) load balance menggunakan 2 modem USB
    By yuganoberic in forum Beginner Basics
    Replies: 3
    Last Post: 25-10-2012, 09:01
  2. [ASK] Load Balance 3 LINK+External Proxy(Topologi+Script Attached) - Route dr Proxy Bandel
    By tukangbajaksawah in forum General Networking
    Replies: 0
    Last Post: 02-03-2012, 13:20
  3. Replies: 6
    Last Post: 02-12-2011, 13:50
  4. [ASK] Gabungin Tunneling + Load Balance + Proxy
    By mikrotikboy in forum General Networking
    Replies: 0
    Last Post: 15-11-2009, 15:30
  5. Load Balance + web proxy
    By ahri in forum Scripting @ Mikrotik
    Replies: 2
    Last Post: 11-04-2008, 15:38

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •