+ Responder ao Tópico



  1. #1
    andrefalcao
    Visitante

    Padrão 2 Wan 1 Lan

    Pessoa, gostaria de tentar fazer o seguinte...

    eu tenho 2 WAN´s,
    Uma com 1Mb
    Outra com 512Kb

    Tudo sair pela de 1Mb, o proprio Mikrotik descobrir atraves de algum script que ela caiu... E roteador tudo para a de 512Kb.

    Alguém pode me ajudar????

  2. #2

    Padrão

    não tou conseguindo entender a sua pergunta ... vc tem um hardware que faz o load balance e sai por uma porta Ethernet ou vc tem ligado direto no mikrotik dois cable modem ou dois adsl ... refaça a sua pergunta mais detalhada para ficar facil a compreensão ...



  3. #3

    Padrão

    Citação Postado originalmente por clecioe Ver Post
    não tou conseguindo entender a sua pergunta ... vc tem um hardware que faz o load balance e sai por uma porta Ethernet ou vc tem ligado direto no mikrotik dois cable modem ou dois adsl ... refaça a sua pergunta mais detalhada para ficar facil a compreensão ...
    Acho que ele quer fazer um load balance, porém um dos links funcionarar como sombra do outro, um caindo o outro assume.

    Eu nao sei como fazer.

  4. #4
    andrefalcao
    Visitante

    Padrão

    Isso mesmo, eu tenho o MikroTik, com 2 WAN e 1 LAN.
    Gostaria de deixar as duas ativas...
    Mas só saindo por uma.
    Caso essa caia, a outra assume!



  5. #5

    Padrão

    Citação Postado originalmente por andrefalcao Ver Post
    Isso mesmo, eu tenho o MikroTik, com 2 WAN e 1 LAN.
    Gostaria de deixar as duas ativas...
    Mas só saindo por uma.
    Caso essa caia, a outra assume!
    Esse link aqui resolve seu problema.

    ECMP Failover Script
    ECMP Failover Script - MikroTik Wiki

  6. #6
    andrefalcao
    Visitante

    Padrão

    Valeu...
    Era isso mesmo que eu estava precisando...
    Problema resolvido!



  7. #7

    Padrão

    Tenho a seguinte situação:
    link 1
    IP: 100.10.2.xxx
    mask: 255.255.255.0
    Gateway: 100.10.2.254

    link 2
    IP: 100.10.3.xxx
    masck: 255.255.255.0
    Gateway: 100.10.3.254

    a minha configuração ficaria desse jeito ???

    You setup the mangle:

    /ip firewall mangle add chain=prerouting protocol=tcp dst-port=80 action=mark-routing \
    new-routing-mark=ecmp-http-route passthrough=yes comment=" Route HTTP \
    traffic to ECMP" disabled=no

    You set up ECMP (Equal Cost Multipath Routing) by using something like

    (uma duvida nesse 0.0.0.0/0 eu colocou o meu IP: 100.10.2.254/24 ou deixo desse jeito que esta 0.0.0.0/0)

    /ip route add dst-address=0.0.0.0/0 gateway=100.10.2.254,100.10.3.254 routing-mark=ecmp-http-route comment="ECMP route for HTTP"

    Now you have ECMP for HTTP only. This is nice because MSN messenger, banking websites and other programs and problem sites will not be broken in the same way it might be if you used ECMP for all protocols.

    What I then do is for example mark SMTP traffic and route this out through 100.10.2.254:

    /ip firewall mangle add chain=prerouting protocol=tcp dst-port=25 action=mark-routing \
    new-routing-mark=smtp-out passthrough=yes comment="SMTP Traffic" disabled=no

    (uma duvida nesse 0.0.0.0/0 eu colocou o meu IP: 100.10.2.254/24 ou deixo desse jeito que esta 0.0.0.0/0)

    /ip route add dst-address=0.0.0.0/0 gateway=100.10.2.254 routing-mark=smtp-out comment="SMTP Traffic out"

    and route all other traffic through 100.10.3.254

    (uma duvida nesse 0.0.0.0/0 eu colocou o meu IP: 100.10.2.254/24 ou deixo desse jeito que esta 0.0.0.0/0)

    /ip route add dst-address=0.0.0.0/0 gateway=100.10.3.254 comment="Default Route to Internet"

    / tool netwatch
    (que ip é esse 1.1.1.13)
    add host=1.1.1.13 timeout=2s interval=30s up-script="/ip route set \
    \[find comment=\"Default Route To Internet\"\] gateway=100.10.2.254" \
    down-script="/ip route set \[find comment=\"Default Route To Internet\"\] \
    gateway=100.10.3.254 comment="" disabled=no
    add host=1.1.1.12 timeout=2s interval=30s up-script="/ip route set \
    \[find comment=\"SMTP Traffic out\"\] gateway=100.10.2.254" down-script="/ip \
    \n" \route set \[find comment=\"SMTP Traffic out\"\] gateway=100.10.3.254
    comment="" disabled=no

    / system script (não entedi esse ip 1.1.1.12 e 1.1.1.13)
    add name="ecmp-startup" source=":if \(\[/ping 1.1.1.12 count=1\]=1 && \
    \[/ping 1.1.1.13 count=1\]=1 && \[/ip route get \[find \
    comment=\"ECMP Route For HTTP\"\] disabled\]=true\) do={ :log info \"Both gateways up" \
    \n/ip route set \[find routing-mark=ecmp-http-route\] \
    disabled=no}" policy=ftp,reboot,read,write,policy,test,winbox,password
    add name="ecmp-shutdown" source=":if \(\[/ping 1.1.1.12 count=1\]=1 && \
    \[/ping 1.1.1.13 count=1\]=0\) do={ :log info \"Gateway down"\
    \n/ip route set \[find routing-mark=ecmp-http-route\] \
    disabled=yes}" policy=ftp,reboot,read,write,policy,test,winbox,password

    ecmp starthp script
    :if ([/ping 1.1.1.13 count=1]=1 && [/ping 1.1.1.12 count=1]=1 && [/ip route get \
    [find routing-mark="ecmp-http-route"] disabled]=true) do={:log info "Both Gateways are up" \
    /n/ip route set [find routing-mark="ecmp-http-route"] disable=no}

    ecmp shutdown script
    :if ([/ping 1.1.1.13 count=1]=0 || [/ping 1.1.1.12 count=1]=0) do={:log info \
    "Gateway down" /ip route set [find routing-mark="ecmp-http-route"] disabled=yes}

    / system scheduler
    add name="gateway-check" on-event="/system script run ecmp-shutdown
    script run ecmp-startup" start-date=jan/01/1970 start-time=00:00:00 \
    interval=30s comment="" disabled=no


    Resumindo eu não conseguir entender o que seria esse IP 1.1.1.12 e 1.1.1.13 seria o meu ip normal 100.10.2.12 e 100.10.3.13 ... queria saber a onde errei na configuração ...




    script original do mikrotik




    You setup the mangle:

    /ip firewall mangle add chain=prerouting protocol=tcp dst-port=80 action=mark-routing \
    new-routing-mark=ecmp-http-route passthrough=yes comment=" Route HTTP \
    traffic to ECMP" disabled=no

    You set up ECMP (Equal Cost Multipath Routing) by using something like

    /ip route add dst-address=0.0.0.0/0 gateway=10.0.0.12,10.0.0.13 routing-mark=ecmp-http-route comment="ECMP route for HTTP"

    Now you have ECMP for HTTP only. This is nice because MSN messenger, banking websites and other programs and problem sites will not be broken in the same way it might be if you used ECMP for all protocols.

    What I then do is for example mark SMTP traffic and route this out through 10.0.0.12:

    /ip firewall mangle add chain=prerouting protocol=tcp dst-port=25 action=mark-routing \
    new-routing-mark=smtp-out passthrough=yes comment="SMTP Traffic" disabled=no

    /ip route add dst-address=0.0.0.0/0 gateway=10.0.0.12 routing-mark=smtp-out comment="SMTP Traffic out"

    and route all other traffic through 10.0.0.13

    /ip route add dst-address=0.0.0.0/0 gateway=10.0.0.13 comment="Default Route to Internet"

    Then I need to setup 2 routes to specific addresses to force the router through specific gateways to "test" the links. These should not be popular addresses with your users! Otherwise when a gateway goes down they will have no access to those sites. The addresses I am using as an example are 1.1.1.12 to test 10.0.0.12, and 1.1.1.13 to test 10.0.0.13.

    Next I use the Netwatch Function to switch all traffic to the working gateway should any of the gateways fail:

    / tool netwatch
    add host=1.1.1.13 timeout=2s interval=30s up-script="/ip route set \
    \[find comment=\"Default Route To Internet\"\] gateway=10.0.0.13" \
    down-script="/ip route set \[find comment=\"Default Route To Internet\"\] \
    gateway=10.0.0.12 comment="" disabled=no
    add host=1.1.1.12 timeout=2s interval=30s up-script="/ip route set \
    \[find comment=\"SMTP Traffic out\"\] gateway=1.0.0.12" down-script="/ip \
    \n" \route set \[find comment=\"SMTP Traffic out\"\] gateway=10.0.0.13
    comment="" disabled=no

    The problem is that the ECMP http route will still be active, therefore http traffic wont work, so I have 2 scripts to check if both gateways are up or down and take action accordingly:

    / system script
    add name="ecmp-startup" source=":if \(\[/ping 1.1.1.12 count=1\]=1 && \
    \[/ping 1.1.1.13 count=1\]=1 && \[/ip route get \[find \
    comment=\"ECMP Route For HTTP\"\] disabled\]=true\) do={ :log info \"Both gateways up" \
    \n/ip route set \[find routing-mark=ecmp-http-route\] \
    disabled=no}" policy=ftp,reboot,read,write,policy,test,winbox,password
    add name="ecmp-shutdown" source=":if \(\[/ping 1.1.1.12 count=1\]=1 && \
    \[/ping 1.1.1.13 count=1\]=0\) do={ :log info \"Gateway down"\
    \n/ip route set \[find routing-mark=ecmp-http-route\] \
    disabled=yes}" policy=ftp,reboot,read,write,policy,test,winbox,password

    Hi I found this error while trying to use this script, what worked for me was
    ecmp start/shut script. Looks like in the start and shut script (") are missing
    from the find, well other the script works wonders for me. Thanks a lot savagedavid

    ecmp starthp script
    :if ([/ping 1.1.1.13 count=1]=1 && [/ping 1.1.1.12 count=1]=1 && [/ip route get \
    [find routing-mark="ecmp-http-route"] disabled]=true) do={:log info "Both Gateways are up" \
    /n/ip route set [find routing-mark="ecmp-http-route"] disable=no}

    ecmp shutdown script
    :if ([/ping 1.1.1.13 count=1]=0 || [/ping 1.1.1.12 count=1]=0) do={:log info \
    "Gateway down" /ip route set [find routing-mark="ecmp-http-route"] disabled=yes}


    Notice that it first checks to see if the route is enable before trying to re-enable it. Otherwise it will reset the route and users will be dropped momentarily.

    Then finally schedule the scripts to check every 30 seconds:

    / system scheduler
    add name="gateway-check" on-event="/system script run ecmp-shutdown
    script run ecmp-startup" start-date=jan/01/1970 start-time=00:00:00 \
    interval=30s comment="" disabled=no

  8. #8
    Avatar de marcelomg
    Ingresso
    Jan 2006
    Localização
    São Lourenço do Sul, Brazil
    Posts
    1.476

    Padrão

    Citação Postado originalmente por andrefalcao Ver Post
    Valeu...
    Era isso mesmo que eu estava precisando...
    Problema resolvido!
    e como ta a navegação em sites ssl e msn?



  9. #9

    Padrão

    Citação Postado originalmente por marcelomg Ver Post
    e como ta a navegação em sites ssl e msn?
    Ola marcelomg.

    O que ele estava querendo na verdade é apenas um FailOver, e n fazer balanceamnto entre os link, ele queria apenas se o link principal dele cair o outro de 512k assumir, apenas isso, entâo na verdade n tem o pq dar problemas de MSN ou SSL.
    Pelo menos foi o que eu entendi o que ele queria era isso.

    Abraços