Balanceamento travando mikrotik?
Bom dia tenho um balanceamento rodando no meu servidor, mais notei que agora ele trava constantimente, será por calsa das regras? Segue regras, fico agradecido se derem um feedback sobre elas.
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="NAT do HotSpot" disabled=no src-address=10.50.0.0/24
add action=masquerade chain=srcnat comment="NAT range 70" disabled=no src-address=10.70.0.0/24
add action=masquerade chain=srcnat comment="" disabled=no out-interface=Link1
add action=masquerade chain=srcnat comment="" disabled=no out-interface=Link2
/ip firewall mangle
add action=mark-connection chain=input comment="" disabled=no in-interface=Link1 new-connection-mark=wan1_conn passthrough=yes
add action=mark-connection chain=input comment="" disabled=no in-interface=Link2 new-connection-mark=wan2_conn passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=wan1_conn disabled=no new-routing-mark=to_wan1 passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=wan2_conn disabled=no new-routing-mark=to_wan2 passthrough=yes
/ip route
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_wan1 scope=30 target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_wan2 scope=30 target-scope=10
add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.1,192.168.2.1.1,192.168.1.1 scope=30 target-scope=10
OBS: Está rodando intel 2.4 + 512 + 40gb
Re: Balanceamento travando mikrotik?
Cabra tem algo errado que não esta certo ai (gostou???), se nesse balance vc usa uma maquina ta gastando energia, se quiser usar uma rb750 no lugar te mando o script ja configurado pra ela.
De preferencia que não seja a 750G e sim a comum ok.
Re: Balanceamento travando mikrotik?
Vamos la, configurando um load balance com PCC, forçando alguns sites saindo por alguns links.
Estrutura, RB 750G. 5 ETHER Mikrotik versão 4.10
4 Modem ADSL. Em modo pppoe
1 Ether Cliente “Link-Gerenciado”
1 Ether Cliente “Modem adsl 1”
1 Ether Cliente “Modem adsl 2”
1 Ether Cliente “Modem adsl 3”
1 Ether Cliente “Modem adsl 4”
PPPOE
1 “Internet1” discando pelo interface Modem adsl 1
2 “Internet2” discando pelo interface Modem adsl 2
3 “Internet3” discando pelo interface Modem adsl 3
4 “Internet4” discando pelo interface Modem adsl 4
Nas configurações deixe desmarcado Dial On Demand e add defauld Router e User Peer DNS.
Somente numa interface escolhida por vc deixe marcado User Peer DNS.
1 Primeira
/system ntp client
set enabled=yes mode=unicast primary-ntp=200.192.232.8 secondary-ntp=200.160.0.8
2 Segunda
Deixe seu Clock do mk sempre com horario certo.
3 Terceira Route.
/ip route
add check-gateway=ping comment=link1 disabled=no distance=1 dst-address=\
0.0.0.0/0 gateway=Internet1 routing-mark=to_ether1 scope=30 target-scope=\
10
add check-gateway=ping comment=link2 disabled=no distance=1 dst-address=\
0.0.0.0/0 gateway=Internet2 routing-mark=to_ether2 scope=30 target-scope=\
10
add check-gateway=ping comment=link3 disabled=no distance=1 dst-address=\
0.0.0.0/0 gateway=Internet3 routing-mark=to_ether3 scope=30 target-scope=\
10
add check-gateway=ping comment=link4 disabled=no distance=1 dst-address=\
0.0.0.0/0 gateway=Internet4 routing-mark=to_ether4 scope=30 target-scope=\
10
add check-gateway=ping comment=link1 disabled=no distance=1 dst-address=\
0.0.0.0/0 gateway=Internet1 scope=30 target-scope=10
add check-gateway=ping comment=link2 disabled=no distance=2 dst-address=\
0.0.0.0/0 gateway=Internet2 scope=30 target-scope=10
add check-gateway=ping comment=link3 disabled=no distance=3 dst-address=\
0.0.0.0/0 gateway=Internet3 scope=30 target-scope=10
add check-gateway=ping comment=link4 disabled=no distance=4 dst-address=\
0.0.0.0/0 gateway=Internet4 scope=30 target-scope=10
Re: Balanceamento travando mikrotik?
Agora as configurações de Firewall
/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no out-interface=Internet1
add action=masquerade chain=srcnat comment="" disabled=no out-interface=Internet2
add action=masquerade chain=srcnat comment="" disabled=no out-interface=Internet3
add action=masquerade chain=srcnat comment="" disabled=no out-interface=Internet4
add action=masquerade chain=srcnat comment="" disabled=no
add action=masquerade chain=srcnat comment=Remoto disabled=no
Dica Redirecionamento para o MK controle.
/ip firewall nat
add action=dst-nat chain=dstnat comment="MK Controle" disabled=yes dst-port=8282 protocol=tcp to-addresses=192.168.110.58 to-ports=8291
o IP 192.168.110.58 e o ip de Saida para o MK Controle, na Interface “Link-Gerenciado”
Agora vamos a marcação dos links
/ip firewall mangle
add action=mark-connection chain=input comment=ether1_conn disabled=no \
in-interface=Internet1 new-connection-mark=ether1_conn passthrough=yes
add action=mark-connection chain=input comment=ether2_conn disabled=no \
in-interface=Internet2 new-connection-mark=ether2_conn passthrough=yes
add action=mark-connection chain=input comment=ether3_conn disabled=no \
in-interface=Internet3 new-connection-mark=ether3_conn passthrough=yes
add action=mark-connection chain=input comment=ether4_conn disabled=no \
in-interface=Internet4 new-connection-mark=ether4_conn passthrough=yes
add action=mark-routing chain=output comment=to_ether1 connection-mark=\
ether1_conn disabled=no new-routing-mark=to_ether1 passthrough=no
add action=mark-routing chain=output comment=to_ether2 connection-mark=\
ether2_conn disabled=no new-routing-mark=to_ether2 passthrough=no
add action=mark-routing chain=output comment=to_ether3 connection-mark=\
ether3_conn disabled=no new-routing-mark=to_ether3 passthrough=no
add action=mark-routing chain=output comment=to_ether4 connection-mark=\
ether4_conn disabled=no new-routing-mark=to_ether4 passthrough=no
add action=accept chain=prerouting comment="fora load DST" disabled=no \
dst-address-list=loopback in-interface=Link-Gerenciado
add action=mark-connection chain=prerouting comment=ether1_conn disabled=no \
dst-address-type=!local in-interface=Link-Gerenciado new-connection-mark=\
ether1_conn passthrough=yes per-connection-classifier=both-addresses:4/0
add action=mark-connection chain=prerouting comment=ether2_conn disabled=no \
dst-address-type=!local in-interface=Link-Gerenciado new-connection-mark=\
ether2_conn passthrough=yes per-connection-classifier=both-addresses:4/1
add action=mark-connection chain=prerouting comment=ether3_conn disabled=no \
dst-address-type=!local in-interface=Link-Gerenciado new-connection-mark=\
ether3_conn passthrough=yes per-connection-classifier=both-addresses:4/2
add action=mark-connection chain=prerouting comment=ether4_conn disabled=no \
dst-address-type=!local in-interface=Link-Gerenciado new-connection-mark=\
ether4_conn passthrough=yes per-connection-classifier=both-addresses:4/3
add action=mark-routing chain=prerouting comment=to_ether1 connection-mark=\
ether1_conn disabled=no in-interface=Link-Gerenciado new-routing-mark=\
to_ether1 passthrough=no
add action=mark-routing chain=prerouting comment=to_ether2 connection-mark=\
ether2_conn disabled=no in-interface=Link-Gerenciado new-routing-mark=\
to_ether2 passthrough=no
add action=mark-routing chain=prerouting comment=to_ether3 connection-mark=\
ether3_conn disabled=no in-interface=Link-Gerenciado new-routing-mark=\
to_ether3 passthrough=no
add action=mark-routing chain=prerouting comment=to_ether4 connection-mark=\
ether4_conn disabled=no in-interface=Link-Gerenciado new-routing-mark=\
to_ether4 passthrough=no
Só Lembrando que os links são simétricos, caso não seja ajuste as configurações em Per Connection Classifier, dividindo a carga.
Re: Balanceamento travando mikrotik?
Agora vamos ao site que fica fora do balance.
/ip firewall address-list
add address=66.96.239.0/24 comment="Minha Conexao " disabled=no list=loopback
add address=200.196.144.0/20 comment="BANCO - ITAU" disabled=no list=loopback
add address=200.220.176.0/20 comment="BANCO - SANTANDER / REAL / BANESPA" disabled=no list=loopback
add address=200.201.160.0/20 comment="BANCO - CAIXA" disabled=no list=loopback
add address=201.33.144.0/20 comment="BANCO - BB" disabled=no list=loopback
add address=170.66.0.0/16 comment="BANCO - BB" disabled=no list=loopback
add address=200.252.0.0/16 comment="BANCO - SICOOB" disabled=no list=loopback
add address=200.251.0.0/16 comment="BANCO - MERCANTIL DO BRASIL" disabled=no list=loopback
add address=161.113.0.0/16 comment="BANCO - HSBC" disabled=no list=loopback
add address=200.155.107.0/24 comment="BANCO - UNIBANCO" disabled=no list=loopback
add address=69.17.117.207 comment=SPEED_TEST disabled=no list=loopback
add address=200.159.128.189 comment=RJNET disabled=no list=loopback
add address=200.195.144.42 comment=COPEL disabled=no list=loopback
add address=189.45.12.3 comment="SPEED TEST - RJ" disabled=no list=loopback
add address=209.85.153.85 comment=ORKUT disabled=no list=loopback
add address=64.4.20.169 comment="" disabled=no list=loopback
add address=62.212.84.0/24 comment="YAP TUBE" disabled=no list=loopback
add address=85.17.79.0/24 comment="" disabled=no list=loopback
add address=67.195.0.0/24 comment=YAHOO disabled=no list=loopback
add address=200.220.186.0/24 comment=BRADESCO disabled=no list=loopback
add address=200.220.178.0/24 comment=BRADESCO disabled=no list=loopback
add address=64.38.29.0/24 comment=RapidShare disabled=no list=loopback
add address=208.69.32.0/24 comment="" disabled=no list=loopback
add address=208.67.217.0/24 comment="" disabled=no list=loopback
add address=208.84.247.0/24 comment="Vdeos - terratv" disabled=no list=loopback
add address=200.201.166.0/24 comment="" disabled=no list=loopback
add address=200.201.173.0/24 comment="" disabled=no list=loopback
add address=200.201.174.0/24 comment="" disabled=no list=loopback
add address=200.141.207.3 comment=Detran disabled=no list=loopback
add address=69.5.88.0/24 comment=Megaupload disabled=no list=loopback
add address=200.220.190.0/24 comment="" disabled=no list=loopback
add address=187.60.39.98 comment="Servidor SKY" disabled=no list=loopback
add address=200.154.56.0/24 comment=terra disabled=no list=loopback
add address=201.7.178.0/24 comment=globo disabled=no list=loopback
add address=200.155.80.0-200.155.255.255 comment=bradesco disabled=no list=loopback
add address=201.7.180.0/24 comment=globo disabled=no list=loopback
add address=201.7.176.0/24 comment=globo disabled=no list=loopback
add address=200.155.80.0-200.155.255.255 comment=BRADESCO disabled=no list=loopback
add address=186.192.80.0/24 comment="globo fash" disabled=no list=loopback
Ate aqui o load esta pronto para ser operado.