Ver Feed RSS

eduardomazolini

Só mais um loadbalance

Avalie este Post de Blog
/ip firewall mangle
add action=mark-connection chain=input connection-state=new in-interface=ether-link1 new-connection-mark=LINK1 passthrough=yes protocol=tcp
add action=mark-connection chain=forward connection-state=new in-interface=ether-link1 new-connection-mark=LINK1 passthrough=yes protocol=tcp
add action=mark-connection chain=input connection-state=new in-interface=ether-link2 new-connection-mark=LINK2 passthrough=yes protocol=tcp
add action=mark-connection chain=forward connection-state=new in-interface=ether-link2 new-connection-mark=LINK2 passthrough=yes protocol=tcp
add action=mark-packet chain=output connection-mark=LINK1 new-packet-mark=LINK1 passthrough=yes
add action=mark-packet chain=forward connection-mark=LINK1 new-packet-mark=LINK1 passthrough=yes
add action=mark-packet chain=output connection-mark=LINK2 new-packet-mark=LINK2 passthrough=yes
add action=mark-packet chain=forward connection-mark=LINK2 new-packet-mark=LINK2 passthrough=yes
add action=mark-routing chain=output new-routing-mark=LINK1 packet-mark=LINK1 passthrough=yes
add action=mark-routing chain=prerouting new-routing-mark=LINK1 packet-mark=LINK1 passthrough=yes
add action=mark-routing chain=output new-routing-mark=LINK2 packet-mark=LINK2 passthrough=yes
add action=mark-routing chain=prerouting new-routing-mark=LINK2 packet-mark=LINK2 passthrough=yes

/ip route rule
add dst-address=192.168.0.0/16 table=main
add dst-address=10.0.0.0/8 table=main
add dst-address=172.16.0.0/12 table=main
add routing-mark=LINK1 table=LINK1 comment="permite IPs marcados abaixo sejam acessados por outro link"
add routing-mark=LINK2 table=LINK2 comment="permite IPs marcados abaixo sejam acessados por outro link"
add comment="recepcao1" dst-address=192.168.10.10/32 table=LINK1
add comment="recepcao2" dst-address=192.168.10.18/32 table=LINK2

/ip route
add distance=1 gateway=xx.yy.zz.ww routing-mark=LINK1
add distance=1 gateway=aa.bb.cc.dd routing-mark=LINK2
add distance=1 gateway=xx.yy.zz.ww,aa.bb.cc.dd


Eu não marco os pacotes as conexões de saída pois uso route rule para os PCs definidos e ECMP(loadbalance simples) para os demais.

Colocar na rules os ips internos para irem pela rota sem marca é necessário para achar o destino das rotas conectadas dinâmicas.
Alternativa seria adicionar src-address igual ips internos na chain forward nas ações de marcar pacotes. Com isso só pacotes de saída seriam marcados e por sua vez receberiam route mark.

Clique na imagem para uma versão maior

Nome:	         nf-packet-flow.png
Visualizações:	43
Tamanho: 	310,5 KB
ID:      	66946

WIKI MIKROTIK ECMP
Categorias
Não Categorizado

Comentários


+ Enviar Comentário



Visite: BR-Linux ·  VivaOLinux ·  Dicas-L