Página 2 de 2 PrimeiroPrimeiro 12
+ Responder ao Tópico



  1. #6
    andrefalcao
    Valeu...
    Era isso mesmo que eu estava precisando...
    Problema resolvido!

  2. Tenho a seguinte situação:
    link 1
    IP: 100.10.2.xxx
    mask: 255.255.255.0
    Gateway: 100.10.2.254

    link 2
    IP: 100.10.3.xxx
    masck: 255.255.255.0
    Gateway: 100.10.3.254

    a minha configuração ficaria desse jeito ???

    You setup the mangle:

    /ip firewall mangle add chain=prerouting protocol=tcp dst-port=80 action=mark-routing \
    new-routing-mark=ecmp-http-route passthrough=yes comment=" Route HTTP \
    traffic to ECMP" disabled=no

    You set up ECMP (Equal Cost Multipath Routing) by using something like

    (uma duvida nesse 0.0.0.0/0 eu colocou o meu IP: 100.10.2.254/24 ou deixo desse jeito que esta 0.0.0.0/0)

    /ip route add dst-address=0.0.0.0/0 gateway=100.10.2.254,100.10.3.254 routing-mark=ecmp-http-route comment="ECMP route for HTTP"

    Now you have ECMP for HTTP only. This is nice because MSN messenger, banking websites and other programs and problem sites will not be broken in the same way it might be if you used ECMP for all protocols.

    What I then do is for example mark SMTP traffic and route this out through 100.10.2.254:

    /ip firewall mangle add chain=prerouting protocol=tcp dst-port=25 action=mark-routing \
    new-routing-mark=smtp-out passthrough=yes comment="SMTP Traffic" disabled=no

    (uma duvida nesse 0.0.0.0/0 eu colocou o meu IP: 100.10.2.254/24 ou deixo desse jeito que esta 0.0.0.0/0)

    /ip route add dst-address=0.0.0.0/0 gateway=100.10.2.254 routing-mark=smtp-out comment="SMTP Traffic out"

    and route all other traffic through 100.10.3.254

    (uma duvida nesse 0.0.0.0/0 eu colocou o meu IP: 100.10.2.254/24 ou deixo desse jeito que esta 0.0.0.0/0)

    /ip route add dst-address=0.0.0.0/0 gateway=100.10.3.254 comment="Default Route to Internet"

    / tool netwatch
    (que ip é esse 1.1.1.13)
    add host=1.1.1.13 timeout=2s interval=30s up-script="/ip route set \
    \[find comment=\"Default Route To Internet\"\] gateway=100.10.2.254" \
    down-script="/ip route set \[find comment=\"Default Route To Internet\"\] \
    gateway=100.10.3.254 comment="" disabled=no
    add host=1.1.1.12 timeout=2s interval=30s up-script="/ip route set \
    \[find comment=\"SMTP Traffic out\"\] gateway=100.10.2.254" down-script="/ip \
    \n" \route set \[find comment=\"SMTP Traffic out\"\] gateway=100.10.3.254
    comment="" disabled=no

    / system script (não entedi esse ip 1.1.1.12 e 1.1.1.13)
    add name="ecmp-startup" source=":if \(\[/ping 1.1.1.12 count=1\]=1 && \
    \[/ping 1.1.1.13 count=1\]=1 && \[/ip route get \[find \
    comment=\"ECMP Route For HTTP\"\] disabled\]=true\) do={ :log info \"Both gateways up" \
    \n/ip route set \[find routing-mark=ecmp-http-route\] \
    disabled=no}" policy=ftp,reboot,read,write,policy,test,winbox,password
    add name="ecmp-shutdown" source=":if \(\[/ping 1.1.1.12 count=1\]=1 && \
    \[/ping 1.1.1.13 count=1\]=0\) do={ :log info \"Gateway down"\
    \n/ip route set \[find routing-mark=ecmp-http-route\] \
    disabled=yes}" policy=ftp,reboot,read,write,policy,test,winbox,password

    ecmp starthp script
    :if ([/ping 1.1.1.13 count=1]=1 && [/ping 1.1.1.12 count=1]=1 && [/ip route get \
    [find routing-mark="ecmp-http-route"] disabled]=true) do={:log info "Both Gateways are up" \
    /n/ip route set [find routing-mark="ecmp-http-route"] disable=no}

    ecmp shutdown script
    :if ([/ping 1.1.1.13 count=1]=0 || [/ping 1.1.1.12 count=1]=0) do={:log info \
    "Gateway down" /ip route set [find routing-mark="ecmp-http-route"] disabled=yes}

    / system scheduler
    add name="gateway-check" on-event="/system script run ecmp-shutdown
    script run ecmp-startup" start-date=jan/01/1970 start-time=00:00:00 \
    interval=30s comment="" disabled=no


    Resumindo eu não conseguir entender o que seria esse IP 1.1.1.12 e 1.1.1.13 seria o meu ip normal 100.10.2.12 e 100.10.3.13 ... queria saber a onde errei na configuração ...




    script original do mikrotik




    You setup the mangle:

    /ip firewall mangle add chain=prerouting protocol=tcp dst-port=80 action=mark-routing \
    new-routing-mark=ecmp-http-route passthrough=yes comment=" Route HTTP \
    traffic to ECMP" disabled=no

    You set up ECMP (Equal Cost Multipath Routing) by using something like

    /ip route add dst-address=0.0.0.0/0 gateway=10.0.0.12,10.0.0.13 routing-mark=ecmp-http-route comment="ECMP route for HTTP"

    Now you have ECMP for HTTP only. This is nice because MSN messenger, banking websites and other programs and problem sites will not be broken in the same way it might be if you used ECMP for all protocols.

    What I then do is for example mark SMTP traffic and route this out through 10.0.0.12:

    /ip firewall mangle add chain=prerouting protocol=tcp dst-port=25 action=mark-routing \
    new-routing-mark=smtp-out passthrough=yes comment="SMTP Traffic" disabled=no

    /ip route add dst-address=0.0.0.0/0 gateway=10.0.0.12 routing-mark=smtp-out comment="SMTP Traffic out"

    and route all other traffic through 10.0.0.13

    /ip route add dst-address=0.0.0.0/0 gateway=10.0.0.13 comment="Default Route to Internet"

    Then I need to setup 2 routes to specific addresses to force the router through specific gateways to "test" the links. These should not be popular addresses with your users! Otherwise when a gateway goes down they will have no access to those sites. The addresses I am using as an example are 1.1.1.12 to test 10.0.0.12, and 1.1.1.13 to test 10.0.0.13.

    Next I use the Netwatch Function to switch all traffic to the working gateway should any of the gateways fail:

    / tool netwatch
    add host=1.1.1.13 timeout=2s interval=30s up-script="/ip route set \
    \[find comment=\"Default Route To Internet\"\] gateway=10.0.0.13" \
    down-script="/ip route set \[find comment=\"Default Route To Internet\"\] \
    gateway=10.0.0.12 comment="" disabled=no
    add host=1.1.1.12 timeout=2s interval=30s up-script="/ip route set \
    \[find comment=\"SMTP Traffic out\"\] gateway=1.0.0.12" down-script="/ip \
    \n" \route set \[find comment=\"SMTP Traffic out\"\] gateway=10.0.0.13
    comment="" disabled=no

    The problem is that the ECMP http route will still be active, therefore http traffic wont work, so I have 2 scripts to check if both gateways are up or down and take action accordingly:

    / system script
    add name="ecmp-startup" source=":if \(\[/ping 1.1.1.12 count=1\]=1 && \
    \[/ping 1.1.1.13 count=1\]=1 && \[/ip route get \[find \
    comment=\"ECMP Route For HTTP\"\] disabled\]=true\) do={ :log info \"Both gateways up" \
    \n/ip route set \[find routing-mark=ecmp-http-route\] \
    disabled=no}" policy=ftp,reboot,read,write,policy,test,winbox,password
    add name="ecmp-shutdown" source=":if \(\[/ping 1.1.1.12 count=1\]=1 && \
    \[/ping 1.1.1.13 count=1\]=0\) do={ :log info \"Gateway down"\
    \n/ip route set \[find routing-mark=ecmp-http-route\] \
    disabled=yes}" policy=ftp,reboot,read,write,policy,test,winbox,password

    Hi I found this error while trying to use this script, what worked for me was
    ecmp start/shut script. Looks like in the start and shut script (") are missing
    from the find, well other the script works wonders for me. Thanks a lot savagedavid

    ecmp starthp script
    :if ([/ping 1.1.1.13 count=1]=1 && [/ping 1.1.1.12 count=1]=1 && [/ip route get \
    [find routing-mark="ecmp-http-route"] disabled]=true) do={:log info "Both Gateways are up" \
    /n/ip route set [find routing-mark="ecmp-http-route"] disable=no}

    ecmp shutdown script
    :if ([/ping 1.1.1.13 count=1]=0 || [/ping 1.1.1.12 count=1]=0) do={:log info \
    "Gateway down" /ip route set [find routing-mark="ecmp-http-route"] disabled=yes}


    Notice that it first checks to see if the route is enable before trying to re-enable it. Otherwise it will reset the route and users will be dropped momentarily.

    Then finally schedule the scripts to check every 30 seconds:

    / system scheduler
    add name="gateway-check" on-event="/system script run ecmp-shutdown
    script run ecmp-startup" start-date=jan/01/1970 start-time=00:00:00 \
    interval=30s comment="" disabled=no



  3. Citação Postado originalmente por andrefalcao Ver Post
    Valeu...
    Era isso mesmo que eu estava precisando...
    Problema resolvido!
    e como ta a navegação em sites ssl e msn?

  4. Citação Postado originalmente por marcelomg Ver Post
    e como ta a navegação em sites ssl e msn?
    Ola marcelomg.

    O que ele estava querendo na verdade é apenas um FailOver, e n fazer balanceamnto entre os link, ele queria apenas se o link principal dele cair o outro de 512k assumir, apenas isso, entâo na verdade n tem o pq dar problemas de MSN ou SSL.
    Pelo menos foi o que eu entendi o que ele queria era isso.

    Abraços






Tópicos Similares

  1. Roteador wifi 1 Wan - Lan e Portas VoIP
    Por robertojr2k no fórum Redes
    Respostas: 4
    Último Post: 06-11-2015, 09:47
  2. Solução para 2 ou 3 Wan em um link Lan
    Por cunhajr no fórum Servidores de Rede
    Respostas: 15
    Último Post: 25-08-2007, 20:43
  3. 4 WANs e 1 LAN
    Por nataniel no fórum Servidores de Rede
    Respostas: 0
    Último Post: 20-01-2006, 22:45
  4. ovislink wan eth0 lan eth0:1
    Por hanaga no fórum Redes
    Respostas: 5
    Último Post: 10-10-2005, 10:21
  5. 2 Wan <==> 1 Lan usando ADSL
    Por jrtoledo no fórum Servidores de Rede
    Respostas: 5
    Último Post: 01-12-2004, 02:17

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L