Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 3 of 3 FirstFirst 123
Results 31 to 33 of 33
  1. #31
    Status
    Offline
    iyou's Avatar
    Member
    Join Date
    Aug 2008
    Location
    Luwu
    Posts
    187
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by awarmanf Click here to enlarge
    Jodoh saya tetap nth kalau pakai load balancing, hal ini karena tidak ada waktu untuk ngoprek dengan pcc. Obyek eksperimen belum ada Click here to enlarge. Setelah beberapa jam ngoprek akhirnya berhasil buat koneksi download ke rapidshare tidak stuck.

    Contoh script-nya (router dengan 5 koneksi spidi):

    Code:
    /ip firewall mangle
    ...
    25   chain=prerouting action=mark-connection new-connection-mark=wan5-rs-con passthrough=yes connection-state=new 
         src-address-list=client-rapid-5 dst-address-list=rapidshare in-interface=lan 
    26   chain=prerouting action=mark-routing new-routing-mark=wan5 passthrough=no in-interface=lan 
         connection-mark=wan5-rs-con 
    
    27   chain=prerouting action=mark-connection new-connection-mark=wan4-rs-con passthrough=yes connection-state=new 
         src-address-list=client-rapid-4 dst-address-list=rapidshare in-interface=lan 
    28   chain=prerouting action=mark-routing new-routing-mark=wan4 passthrough=no in-interface=lan 
         connection-mark=wan4-rs-con 
    
    29   chain=prerouting action=mark-connection new-connection-mark=wan3-rs-con passthrough=yes connection-state=new 
         src-address-list=client-rapid-3 dst-address-list=rapidshare in-interface=lan 
    30   chain=prerouting action=mark-routing new-routing-mark=wan3 passthrough=no in-interface=lan 
         connection-mark=wan3-rs-con 
    
    31   chain=prerouting action=mark-connection new-connection-mark=wan2-rs-con passthrough=yes connection-state=new 
         src-address-list=client-rapid-2 dst-address-list=rapidshare in-interface=lan 
    32   chain=prerouting action=mark-routing new-routing-mark=wan2 passthrough=no in-interface=lan 
         connection-mark=wan2-rs-con 
    
    33   chain=prerouting action=mark-connection new-connection-mark=wan1-rs-con passthrough=yes connection-state=new 
         src-address-list=client-rapid-1 dst-address-list=rapidshare in-interface=lan 
    34   chain=prerouting action=mark-routing new-routing-mark=wan1 passthrough=no in-interface=lan 
         connection-mark=wan1-rs-con 
    
    35   ;;; LB_NTH
         chain=prerouting action=mark-connection new-connection-mark=wan5-con passthrough=yes connection-state=new 
         dst-address-list=!local in-interface=lan nth=5,1 
    36   chain=prerouting action=add-src-to-address-list dst-address-list=rapidshare address-list=client-rapid-5 
         address-list-timeout=15m in-interface=lan connection-mark=wan5-con 
    37   ;;; LB_NTH
         chain=prerouting action=mark-routing new-routing-mark=wan5 passthrough=no in-interface=lan 
         connection-mark=wan5-con 
    
    38   ;;; LB_NTH
         chain=prerouting action=mark-connection new-connection-mark=wan4-con passthrough=yes connection-state=new 
         dst-address-list=!local in-interface=lan nth=4,1 
    39   chain=prerouting action=add-src-to-address-list dst-address-list=rapidshare address-list=client-rapid-4 
         address-list-timeout=15m in-interface=lan connection-mark=wan4-con 
    40   ;;; LB_NTH
         chain=prerouting action=mark-routing new-routing-mark=wan4 passthrough=no in-interface=lan 
         connection-mark=wan4-con 
    
    41   ;;; LB_NTH
         chain=prerouting action=mark-connection new-connection-mark=wan3-con passthrough=yes connection-state=new 
         dst-address-list=!local in-interface=lan nth=3,1 
    42   chain=prerouting action=add-src-to-address-list dst-address-list=rapidshare address-list=client-rapid-3 
         address-list-timeout=15m in-interface=lan connection-mark=wan3-con 
    43   ;;; LB_NTH
         chain=prerouting action=mark-routing new-routing-mark=wan3 passthrough=no in-interface=lan 
         connection-mark=wan3-con 
    
    44   ;;; LB_NTH
         chain=prerouting action=mark-connection new-connection-mark=wan2-con passthrough=yes connection-state=new 
         dst-address-list=!local in-interface=lan nth=2,1 
    45   chain=prerouting action=add-src-to-address-list dst-address-list=rapidshare address-list=client-rapid-2 
         address-list-timeout=15m in-interface=lan connection-mark=wan2-con 
    46   ;;; LB_NTH
         chain=prerouting action=mark-routing new-routing-mark=wan2 passthrough=no in-interface=lan 
         connection-mark=wan2-con 
    
    47   ;;; LB_NTH
         chain=prerouting action=mark-connection new-connection-mark=wan1-con passthrough=yes connection-state=new 
         dst-address-list=!local in-interface=lan nth=1,1 
    48   chain=prerouting action=add-src-to-address-list dst-address-list=rapidshare address-list=client-rapid-1 
         address-list-timeout=15m in-interface=lan connection-mark=wan1-con 
    49   ;;; LB_NTH
        chain=prerouting action=mark-routing new-routing-mark=wan1 passthrough=no in-interface=lan 
         connection-mark=wan1-con
    Prinsipnya sederhana

    1. Ada new connection, koneksi ini misalnya masuk ke wan5-con (rule 35).
    2. Di bawahnya ada rule yang cek apakah wan5-con mempunyai tujuan ke rapidshare? jika ya lakukan action=add-src-to-address-list, misal nama listnya client-rapid-5. List ini mempunyai usia tertentu atau timeout (rule 36).
    3. Rule di bawahnya buat routing mark untuk koneksi wan5-con (rule 37).
    4. Di atas rule load balancing nth ada rule sticky connection yang fungsinya membuat static routing berdasarkan src address list dan tujuan tertentu.
    5. Jika ada new connection ke rapidshare dan src-nya client-rapid-5 maka buat connection mark wan5-rs-con (rule 26).
    6. Di bawahnya ada rule routing mark yang akan menandai wan5 untuk connection wan5-rs-con (rule 27).
    7. Jadi setiap kali ada new connection ke rapidshare dan src-nya client-rapid-5 (usianya belum timeout) maka akan selalu mendapat connection mark wan5-rs-con.


    Trik ini bisa dipakai pula untuk koneksi yang lain seperti pada kasus point blank, dimana dituntut agar setiap kali ada new connection dari pengakses yang sama harus selalu lewat jalur wan yang sama seperti sebelumnya. Begitu pula untuk akses ke port tertentu seperti ssl. Caranya sederhana, buat rule seperti ini di setiap load balancing nth:

    Code:
    xx   ;;; LB_NTH
         chain=prerouting action=mark-connection new-connection-mark=wanX-con passthrough=yes connection-state=new 
         dst-address-list=!local in-interface=lan nth=X,1 
    xx   ;;; LB_NTH
         chain=prerouting action=mark-routing new-routing-mark=wanX passthrough=no in-interface=lan 
         connection-mark=wanX-con
    menjadi

    Code:
    xx   ;;; LB_NTH
         chain=prerouting action=mark-connection new-connection-mark=wanX-con passthrough=yes connection-state=new 
         dst-address-list=!local in-interface=lan nth=X,1
    xx   ;;; RAPIDSHARE
         chain=prerouting action=add-src-to-address-list dst-address-list=rapidshare address-list=client-rapid-X 
         address-list-timeout=24h in-interface=lan connection-mark=wanX-con
    xx   ;;; POINTBLANK
         chain=prerouting action=add-src-to-address-list dst-address-list=pointblank address-list=client-rapid-X 
         address-list-timeout=24h in-interface=lan connection-mark=wanX-con
    xx   ;;; SSL
         chain=prerouting action=add-src-to-address-list protocol=tcp dst-port=443 address-list=client-ssl-X 
         address-list-timeout=24h in-interface=lan connection-mark=wanX-con
    xx   ;;; LB_NTH
         chain=prerouting action=mark-routing new-routing-mark=wanX passthrough=no in-interface=lan 
         connection-mark=wanX-con
    Jadi disisipkan mangle lagi untuk menandai koneksi ke rapidshare, pointblank, dan ssl. Kemudian rule paling atas di-modifikasi sbb:

    Code:
    xx   ;;; RAPIDSHARE
         chain=prerouting action=mark-connection new-connection-mark=wanX-rapidshare-con passthrough=yes connection-state=new 
         src-address-list=client-rapid-X dst-address-list=rapidshare in-interface=lan
    xx   ;;; ROUTING MARK
         chain=prerouting action=mark-routing new-routing-mark=wanX passthrough=no in-interface=lan 
         connection-mark=wanX-rapidshare-con
    xx   ;;; POINTBLANK
         chain=prerouting action=mark-connection new-connection-mark=wanX-pointblank-con passthrough=yes connection-state=new 
         src-address-list=client-pointblank-X dst-address-list=pointblank in-interface=lan 
    xx   ;;; ROUTING MARK
         chain=prerouting action=mark-routing new-routing-mark=wanX passthrough=no in-interface=lan 
         connection-mark=wanX-pointblank-con
    xx   ;;; SSL
         chain=prerouting action=mark-connection new-connection-mark=wanX-ssl-con passthrough=yes connection-state=new 
         src-address-list=client-ssl-X protocol=tcp dst-port=443 in-interface=lan
    xx   ;;; ROUTING MARK
         chain=prerouting action=mark-routing new-routing-mark=wanX passthrough=no in-interface=lan 
         connection-mark=wanX-ssl-con
    Mungkin ada yang bertanya mengapa timeout diset 24 jam? Hal ini untuk antisipasi berapa lama waktu yang dibutuhkan client untuk konek ke suatu aplikasi apakah itu download rapidshare, main pb atau ssl. Konek di sini dalam arti dia akan selalu buat new connection selama masih pakai aplikasi tersebut. Kalau rapidshare rasanya cukup diset 2 menit, ssl mungkin 15 menit dan point blank tergantung berapa lamanya user main. Nah ini yang bikin bingung. Untuk amannya diset 24 jam dan dibantu script lain yang mantau connection-mark.

    Code:
    # number of wan
    :local wan 5;
    :for i from=1 to="$wan" \
    do={ :local a [ :len [/ip firewall connection find connection-mark="wan$i-rapidshare-con"] ]; \
         :if ( $a<1 ) do={ /ip firewall address-list remove [ find list="client-rapid-$i" ] }; \
         :local a [ :len [/ip firewall connection find connection-mark="wan$i-pointblank-con"] ]; \
         :if ( $a<1 ) do={ /ip firewall address-list remove [ find list="client-pointblank-$i" ] }; \
         :local a [ :len [/ip firewall connection find connection-mark="wan$i-ssl-con"] ]; \
         :if ( $a<1 ) do={ /ip firewall address-list remove [ find list="client-ssl-$i" ] }; \
    };
    Maksud script ini adalah jika tidak ditemukan connection mark yang dicari maka hapus address-list yang bersesuaian dengan connection mark tersebut. Contoh wan1-ssl-con selalu berkorelasi dengan client-ssl-1, dst.

    Script ini dischedule untuk dieksekusi secara periodik misal 1 jam. Cara lain, buat script untuk ping ke ip client, jika tidak direspon berarti client mati, sehingga langkah selanjutnya hapus address-list yang bersesuai dengan client tersebut.

    Code:
    # ip client 192.168.0.1-10
    :for i from=1 to=10 \
    do={ :if ([ /ping "192.168.0.$i" count=5 size=28]>1) \
    do { } \
    else={ /ip firewall address-list remove [ find list="client-rapid-$i" ]; \
              /ip firewall address-list remove [ find list="client-pointblank-$i" ]; \
              /ip firewall address-list remove [ find list="client-ssl-$i" ] }
    };
    Jalankan script dengan schedule 1 menit.

    Penjelasan lengkap dengan gambar2 akan saya taruh di tutorial load balancing.

    Salam,
    gan... kalo mangle dengan 2 line sapidi... script yang dihilangkan pada mangle diatas yang mana....

    maklum newbie....Click here to enlarge

  2. #32
    Status
    Offline
    vistavidea's Avatar
    Baru Gabung
    Join Date
    Jan 2010
    Posts
    17
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    jadi bingung,,, nganut yg mana ???Click here to enlarge

  3. #33
    Status
    Offline
    suzuki_dewa's Avatar
    Baru Gabung
    Join Date
    Jul 2011
    Posts
    6
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    ijin nyimak gan Click here to enlarge

 

 
Page 3 of 3 FirstFirst 123

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. 2 Isp In 1 Router With Loadbalancing
    By kucingGarong in forum Tutorial
    Replies: 141
    Last Post: 13-05-2014, 15:46
  2. Loadbalancing Mikrotik Speedtest
    By dyandra in forum Beginner Basics
    Replies: 48
    Last Post: 21-08-2009, 17:18
  3. [ASK] loadbalancing + manajemen BW
    By trineaku in forum Beginner Basics
    Replies: 3
    Last Post: 08-08-2008, 23:27
  4. Hotspot with loadbalancing (4 koneksi ) ..help
    By fooman in forum Beginner Basics
    Replies: 1
    Last Post: 30-05-2008, 00:16
  5. [ask] LoadBalancing
    By mrymodion in forum General Networking
    Replies: 5
    Last Post: 05-12-2007, 13:30

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •