Só mais um loadbalance
por
em 19-05-2017 às 21:41 (7992 Visualizações)
/ip firewall mangle
add action=mark-connection chain=input connection-state=new in-interface=ether-link1 new-connection-mark=LINK1 passthrough=yes protocol=tcp
add action=mark-connection chain=forward connection-state=new in-interface=ether-link1 new-connection-mark=LINK1 passthrough=yes protocol=tcp
add action=mark-connection chain=input connection-state=new in-interface=ether-link2 new-connection-mark=LINK2 passthrough=yes protocol=tcp
add action=mark-connection chain=forward connection-state=new in-interface=ether-link2 new-connection-mark=LINK2 passthrough=yes protocol=tcp
add action=mark-packet chain=output connection-mark=LINK1 new-packet-mark=LINK1 passthrough=yes
add action=mark-packet chain=forward connection-mark=LINK1 new-packet-mark=LINK1 passthrough=yes
add action=mark-packet chain=output connection-mark=LINK2 new-packet-mark=LINK2 passthrough=yes
add action=mark-packet chain=forward connection-mark=LINK2 new-packet-mark=LINK2 passthrough=yes
add action=mark-routing chain=output new-routing-mark=LINK1 packet-mark=LINK1 passthrough=yes
add action=mark-routing chain=prerouting new-routing-mark=LINK1 packet-mark=LINK1 passthrough=yes
add action=mark-routing chain=output new-routing-mark=LINK2 packet-mark=LINK2 passthrough=yes
add action=mark-routing chain=prerouting new-routing-mark=LINK2 packet-mark=LINK2 passthrough=yes
/ip route rule
add dst-address=192.168.0.0/16 table=main
add dst-address=10.0.0.0/8 table=main
add dst-address=172.16.0.0/12 table=main
add routing-mark=LINK1 table=LINK1 comment="permite IPs marcados abaixo sejam acessados por outro link"
add routing-mark=LINK2 table=LINK2 comment="permite IPs marcados abaixo sejam acessados por outro link"
add comment="recepcao1" dst-address=192.168.10.10/32 table=LINK1
add comment="recepcao2" dst-address=192.168.10.18/32 table=LINK2
/ip route
add distance=1 gateway=xx.yy.zz.ww routing-mark=LINK1
add distance=1 gateway=aa.bb.cc.dd routing-mark=LINK2
add distance=1 gateway=xx.yy.zz.ww,aa.bb.cc.dd
Eu não marco os pacotes as conexões de saída pois uso route rule para os PCs definidos e ECMP(loadbalance simples) para os demais.
Colocar na rules os ips internos para irem pela rota sem marca é necessário para achar o destino das rotas conectadas dinâmicas.
Alternativa seria adicionar src-address igual ips internos na chain forward nas ações de marcar pacotes. Com isso só pacotes de saída seriam marcados e por sua vez receberiam route mark.
WIKI MIKROTIK ECMP
Comentários
+ Enviar Comentário