Load Balancing – Working

Ane lupa nyertain daftar pustakanya ( dapet googling ) tapi perintah – perintah mikrotik di bawaha ini udah ane coba dan bisa jalan buat load balancing dari 2 atau lebih sumber internet yang akan kita gunakan. Ane harap bisa membantu buat temen – temen yang lagi membutuhkan. 😀

Introduction

This example is improved (different) version of round-robin load balancing example. It adds persistent user sessions, i.e. a particular user would use the same source IP address for all outgoing connections. Consider the following network layout:

 

Quick Start for Impatient

Configuration export from the gateway router:

/ ip address

add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local

add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=wlan2

add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=wlan1

 

/ ip route

add dst-address=0.0.0.0/0 gateway=10.111.0.1,10.112.0.1 check-gateway=ping

 

/ ip firewall nat

add chain=srcnat out-interface=wlan1 action=masquerade

add chain=srcnat out-interface=wlan2 action=masquerade

 

/ ip firewall mangle

add chain=input in-interface=wlan1 action=mark-connection new-connection-mark=wlan1_conn

add chain=input in-interface=wlan2 action=mark-connection new-connection-mark=wlan2_conn

add chain=output connection-mark=wlan1_conn action=mark-routing new-routing-mark=to_wla1

add chain=output connection-mark=wlan1_conn action=mark-routing new-routing-mark=to_wla2

 

/ ip route

add dst-address=0.0.0.0/0 gateway=10.111.0.1 routing-mark=to_wla1

add dst-address=0.0.0.0/0 gateway=10.111.0.2 routing-mark=to_wla2

Explanation

First we give a code snippet and then explain what it actually does.

IP Addresses

/ ip address

add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local

add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=wlan2

add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=wlan1

The router has two upstream (WAN) interfaces with the addresses of 10.111.0.2/24 and 10.112.0.2/24. The LAN interface has the name “Local” and IP address of 192.168.0.1/24.

 

NAT

/ ip firewall nat

add chain=srcnat out-interface=wlan1 action=masquerade

add chain=srcnat out-interface=wlan2 action=masquerade

As routing decision is already made we just need rules that will fix src-addresses for all outgoing packets. if this packet will leave via wlan1 it will be NATed to 10.112.0.2/24, if via wlan2 then NATed to 10.111.0.2/24

 

Routing

/ ip route

add dst-address=0.0.0.0/0 gateway=10.111.0.1,10.112.0.1 check-gateway=ping

This is typical ECMP (Equal Cost Multi-Path) gateway with check-gateway. ECMP is “persistent per-connection load balancing” or “per-src-dst-address combination load balancing”. As soon as one of the gateway will not be reachable, check-gateway will remove it from gateway list. And you will have a “failover” effect.
You can use asymmetric bandwidth links also – for example one link is 2Mbps other 10Mbps. Just use this command to make load balancing 1:5

/ ip route

add dst-address=0.0.0.0/0 gateway=10.111.0.1,10.112.0.1,10.112.0.1,10.112.0.1,10.112.0.1,10.112.0.1 check-gateway=ping

 

Connections to the router itself

/ ip firewall mangle

add chain=input in-interface=wlan1 action=mark-connection new-connection-mark=wlan1_conn

add chain=input in-interface=wlan2 action=mark-connection new-connection-mark=wlan2_conn

add chain=output connection-mark=wlan1_conn action=mark-routing new-routing-mark=to_wlan1

add chain=output connection-mark=wlan1_conn action=mark-routing new-routing-mark=to_wlan2

/ ip route

add dst-address=0.0.0.0/0 gateway=10.111.0.1 routing-mark=to_wlan1

add dst-address=0.0.0.0/0 gateway=10.111.0.2 routing-mark=to_wlan2

With all multi-gateway situations there is a usual problem to reach router from public network via one, other or both gateways. Explanations is very simple – Outgoing packets uses same routing decision as packets that are going trough the router. So reply to a packet that was received via wlan1 might be send out and masqueraded via wlan2.

To avoid that we need to policy routing those connections.

Known Issues

Iklan