Mikrotik PCC 3 Links PPPOE não navega
Galera bom dia, estou com problemas na configuração do meu MK para 3 links pppoe, não consigo navegar, segue configuração. link assim 20mb, e 2 links vivo de 8mb
# jan/01/2002 01:43:28 by RouterOS 6.28
# software id = RI27-0WZL
#
/interface ethernet
set [ find default-name=ether1 ] name=ether1-link-assim
set [ find default-name=ether2 ] name=ether2-link-vivo1
set [ find default-name=ether3 ] name=ether3-link-vivo2
set [ find default-name=ether5 ] name=ether5-lan
/interface pppoe-client
add disabled=no interface=ether1-link-assim max-mru=1480 max-mtu=1480 mrru=\
1600 name=pppoe-assim password=********* user=**********
add disabled=no interface=ether2-link-vivo1 max-mru=1480 max-mtu=1480 mrru=\
1600 name=pppoe-out1 password=****** user=***********
add disabled=no interface=ether3-link-vivo2 max-mru=1480 max-mtu=1480 mrru=\
1600 name=pppoe-out2 password=****** user=**********
/ip pool
add name=dhcp_pool1 ranges=192.168.0.2-192.168.0.254
add name=dhcp_pool2 ranges=192.168.0.2-192.168.0.254
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool2 disabled=no interface=ether5-lan \
name=dhcp1
/tool user-manager customer
set admin access=\
own-routers,own-users,own-profiles,own-limits,config-payment-gw
/ip address
add address=192.168.0.1/24 interface=ether5-lan network=192.168.0.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.1
/ip dns
set allow-remote-requests=yes servers=200.204.0.10,200.204.0.138
/ip firewall filter
add action=add-dst-to-address-list address-list=P_SCAN_BANK \
address-list-timeout=30m chain=forward comment=SSL dst-port=443 protocol=\
tcp
/ip firewall mangle
add action=mark-connection chain=prerouting comment="Link 1 - Assim" \
in-interface=ether5-lan new-connection-mark=link1_conn \
per-connection-classifier=both-addresses-and-ports:9/0
add action=mark-connection chain=prerouting in-interface=ether5-lan \
new-connection-mark=link1_conn per-connection-classifier=\
both-addresses-and-ports:9/1
add action=mark-connection chain=prerouting in-interface=ether5-lan \
new-connection-mark=link1_conn per-connection-classifier=\
both-addresses-and-ports:9/2
add action=mark-connection chain=prerouting in-interface=ether5-lan \
new-connection-mark=link1_conn per-connection-classifier=\
both-addresses-and-ports:9/3
add action=mark-connection chain=prerouting in-interface=ether5-lan \
new-connection-mark=link1_conn per-connection-classifier=\
both-addresses-and-ports:9/4
add action=mark-connection chain=prerouting comment="Link 2 - Vivo" \
in-interface=ether5-lan new-connection-mark=link2_conn \
per-connection-classifier=both-addresses-and-ports:9/5
add action=mark-connection chain=prerouting in-interface=ether5-lan \
new-connection-mark=link2_conn per-connection-classifier=\
both-addresses-and-ports:9/6
add action=mark-connection chain=prerouting comment="Link 3 - Vivo" \
in-interface=ether5-lan new-connection-mark=link3_conn \
per-connection-classifier=both-addresses-and-ports:9/7
add action=mark-connection chain=prerouting in-interface=ether5-lan \
new-connection-mark=link3_conn per-connection-classifier=\
both-addresses-and-ports:9/8
add action=mark-routing chain=prerouting comment="Marca\E7\F5es de Rotas" \
connection-mark=link1_conn in-interface=ether5-lan new-routing-mark=\
link1_routing
add action=mark-routing chain=prerouting connection-mark=link2_conn \
in-interface=ether5-lan new-routing-mark=link2_routing
add action=mark-routing chain=prerouting connection-mark=link3_conn \
in-interface=ether5-lan new-routing-mark=link3_routing
add action=mark-routing chain=prerouting comment=SSL dst-port=443 \
new-routing-mark=P_SCAN_BANK passthrough=no protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-link-assim
add action=masquerade chain=srcnat out-interface=ether2-link-vivo1
add action=masquerade chain=srcnat out-interface=ether3-link-vivo2
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip route
add distance=1 gateway=ether1-link-assim routing-mark=link1_routing
add distance=2 gateway=ether2-link-vivo1 routing-mark=link2_routing
add distance=3 gateway=ether3-link-vivo2 routing-mark=link3_routing
add distance=1 gateway=ether1-link-assim
add distance=2 gateway=ether2-link-vivo1
add distance=3 gateway=ether3-link-vivo2
/romon port
add disabled=no
#error exporting /tool user-manager database
Re: Mikrotik PCC 3 Links PPPOE não navega
Re: Mikrotik PCC 3 Links PPPOE não navega
Boa tarde @zamorabott
Aparentemente o seu PCC está incorreto. Eu reescrevi as regras baseadas nas suas interfaces, digitei num bloco de notas aqui, portanto pode ter algum erro.
As regras a seguir são referentes ao mangle, que fará o load balance entre os 3 links utilizando PCC. Você pode deletar todas suas regras e substituir por essas para testar, sempre lembrando de tirar um backup de tudo antes pra caso não funcione nada do que eu postar aqui você poder voltar ao ponto que estava.
Código :
/ip firewall mangle
add chain=input in-interface=pppoe-assim connection-mark=no-mark action=mark-connection new-connection-mark=link1_to_ros
add chain=input in-interface=pppoe-out1 connection-mark=no-mark action=mark-connection new-connection-mark=link2_to_ros
add chain=input in-interface=pppoe-out2 connection-mark=no-mark action=mark-connection new-connection-mark=link3_to_ros
add chain=output connection-mark=link1_to_ros action=mark-routing new-routing-mark=link1_routing
add chain=output connection-mark=link2_to_ros action=mark-routing new-routing-mark=link2_routing
add chain=output connection-mark=link3_to_ros action=mark-routing new-routing-mark=link3_routing
add chain=forward in-interface=pppoe-assim connection-mark=no-mark action=mark-connection new-connection-mark=from_link1
add chain=forward in-interface=pppoe-out1 connection-mark=no-mark action=mark-connection new-connection-mark=from_link2
add chain=forward in-interface=pppoe-out2 connection-mark=no-mark action=mark-connection new-connection-mark=from_link3
add chain=prerouting connection-mark=from_link1 action=mark-routing new-routing-mark=link1_routing
add chain=prerouting connection-mark=from_link2 action=mark-routing new-routing-mark=link2_routing
add chain=prerouting connection-mark=from_link3 action=mark-routing new-routing-mark=link3_routing
add chain=prerouting connection-mark=no-mark dst-address-type=!local new-connection-mark=lan_to_wan
add chain=prerouting connection-mark=lan_to_wan per-connection-classifier=both-addresses-and-ports:3/0 action=mark-routing new-connection-mark=link1_routing
add chain=prerouting connection-mark=lan_to_wan per-connection-classifier=both-addresses-and-ports:3/1 action=mark-routing new-connection-mark=link2_routing
add chain=prerouting connection-mark=lan_to_wan per-connection-classifier=both-addresses-and-ports:3/2 action=mark-routing new-connection-mark=link3_routing
add chain=prerouting connection-mark=lan_to_wan routing-mark=link1_routing action=mark-connection new-connection-mark=sticky_to_link1
add chain=prerouting connection-mark=lan_to_wan routing-mark=link2_routing action=mark-connection new-connection-mark=sticky_to_link2
add chain=prerouting connection-mark=lan_to_wan routing-mark=link3_routing action=mark-connection new-connection-mark=sticky_to_link3
add chain=prerouting connection-mark=sticky_to_link1 new-routing-mark=link1_routing
add chain=prerouting connection-mark=sticky_to_link2 new-routing-mark=link2_routing
add chain=prerouting connection-mark=sticky_to_link3 new-routing-mark=link3_routing
As suas rotas, vale notar que, para cada tabela de roteamento na qual você só tem 1 item, não tem porque você alterar a distância deles. Por enquanto, vamos testar sem fail-over deste tipo, então você adiciona um item para cada tabela. Nas configurações da interface pppoe-cliente, lembre-se de usar a opção "add-default-route=yes" (pelo menos por enquanto, senão seu DNS não vai ter uma rota padrão na tabela main para funcionar, e nem o próprio routeros vai ter acesso direto a internet).
Código :
/ip route
add dst-address=0.0.0.0/0 gateway=pppoe-assim routing-mark=link1_routing
add dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=link2_routing
add dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=link3_routing
Vale notar também que as suas regras de mascaramento, estão (também), nas interfaces erradas. Elas deveriam estar nas interfaces pppoe, e não nas interfaces LAN sobre as quais os tuneis são criados. O túnel, depois de criado, funciona como se fosse uma interface física, portanto, mude suas 3 regras de nat assim:
Código :
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-assim
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=pppoe-out2
Eu nunca fiz um PCC entre interfaces pppoe-client, não sei como se comporta as rotas quando configuradas nos tuneis pppoe. Mas testa ai, a vai dando retorno, por nada tem solução.
Re: Mikrotik PCC 3 Links PPPOE não navega
Amigo PCC se faz com poucas regras rsrs. No caso vc não precisar marcar a opção da rota default no pppoe client faça vc manualmente utilizando por rota em ip/route após isso add add e em gateway vc colocar lá os pesos do link.
Re: Mikrotik PCC 3 Links PPPOE não navega
Fora a parte do mangle o resto vc faz o código da caixa 2 e 3 do amigo que fica show sim sempre lembrando que vc tem que setar a src-address origem do cliente: No caso o seu DHCP