Postado originalmente por
_AGM_
Pessoal,
Estou usando aqui o LoadBalance que está no wiki do Mikrotik, com 7 Links... Além desses 7, uso 1 como o gateway padrão do Mikrotik, para os sites que não permitem a mudança de IP (bancos, sites seguros com autenticação, etc...). E para que esses sites usem sempre o mesmo link, criei em IP / Firewall / Address Lists uma lista com várias redes de IP´s, para que estes não sejam incluídos no balanceamento.
O que está acontecendo é que quando eu deixo a lista de IP´s ativada, os primeiros Links recebem muito mais conexões do que os últimos links, gradativamente... Eu deduzo que deve estar acontecendo o seguinte: a cada nova conexão estabelecida, e a rede de destino está na lista dos marcados para não sofrer balanceamento, o contador retorna ao primeiro link, ao invés de passar simplesmente para a próxima conexão usando o mesmo link...
Se alguém percebeu isso no seu servidor e quiser trocar uma idéia, entre em contato...
Segue meus scripts de balanceamento:
/ ip firewall mangle
add chain=prerouting in-interface=Clientes connection-state=new nth=6,1,0 \
dst-address-list=!NoMark action=mark-connection \
new-connection-mark=Rota1 passthrough=yes comment="" disabled=no
add chain=prerouting in-interface=Clientes connection-mark=Rota1 \
action=mark-routing new-routing-mark=Rota1 passthrough=no comment="" \
disabled=no
add chain=prerouting in-interface=Clientes connection-state=new nth=6,1,1 \
dst-address-list=!NoMark action=mark-connection \
new-connection-mark=Rota2 passthrough=yes comment="" disabled=no
add chain=prerouting in-interface=Clientes connection-mark=Rota2 \
action=mark-routing new-routing-mark=Rota2 passthrough=no comment="" \
disabled=no
add chain=prerouting in-interface=Clientes connection-state=new nth=6,1,2 \
dst-address-list=!NoMark action=mark-connection \
new-connection-mark=Rota3 passthrough=yes comment="" disabled=no
add chain=prerouting in-interface=Clientes connection-mark=Rota3 \
action=mark-routing new-routing-mark=Rota3 passthrough=no comment="" \
disabled=no
add chain=prerouting in-interface=Clientes connection-state=new nth=6,1,3 \
dst-address-list=!NoMark action=mark-connection \
new-connection-mark=Rota4 passthrough=yes comment="" disabled=no
add chain=prerouting in-interface=Clientes connection-mark=Rota4 \
action=mark-routing new-routing-mark=Rota4 passthrough=no comment="" \
disabled=no
add chain=prerouting in-interface=Clientes connection-state=new nth=6,1,4 \
dst-address-list=!NoMark action=mark-connection \
new-connection-mark=Rota5 passthrough=yes comment="" disabled=no
add chain=prerouting in-interface=Clientes connection-mark=Rota5 \
action=mark-routing new-routing-mark=Rota5 passthrough=no comment="" \
disabled=no
add chain=prerouting in-interface=Clientes connection-state=new nth=6,1,5 \
dst-address-list=!NoMark action=mark-connection \
new-connection-mark=Rota6 passthrough=yes comment="" disabled=no
add chain=prerouting in-interface=Clientes connection-mark=Rota6 \
action=mark-routing new-routing-mark=Rota6 passthrough=no comment="" \
disabled=no
add chain=prerouting in-interface=Clientes connection-state=new nth=6,1,6 \
dst-address-list=!NoMark action=mark-connection \
new-connection-mark=Rota7 passthrough=yes comment="" disabled=no
add chain=prerouting in-interface=Clientes connection-mark=Rota7 \
action=mark-routing new-routing-mark=Rota7 passthrough=no comment="" \
disabled=no
/ ip firewall nat
add chain=srcnat src-address=192.168.99.0/30 action=masquerade comment="" \ disabled=no
add chain=srcnat connection-mark=Rota1 action=src-nat \
to-addresses=10.2.2.2 to-ports=0-65535 comment="" disabled=no
add chain=srcnat connection-mark=Rota2 action=src-nat \
to-addresses=10.3.3.2 to-ports=0-65535 comment="" disabled=no
add chain=srcnat connection-mark=Rota3 action=src-nat \
to-addresses=10.4.4.2 to-ports=0-65535 comment="" disabled=no
add chain=srcnat connection-mark=Rota4 action=src-nat \
to-addresses=10.5.5.2 to-ports=0-65535 comment="" disabled=no
add chain=srcnat connection-mark=Rota5 action=src-nat \
to-addresses=10.6.6.2 to-ports=0-65535 comment="" disabled=no
add chain=srcnat connection-mark=Rota6 action=src-nat \
to-addresses=10.7.7.2 to-ports=0-65535 comment="" disabled=no
add chain=srcnat connection-mark=Rota7 action=src-nat \
to-addresses=10.8.8.2 to-ports=0-65535 comment="" disabled=no
Estes são apenas algumas das redes que não entram no balanceamento:
/ ip firewall address-list
add list=NoMark address=200.212.0.0/16 comment="Bradesco" disabled=no
add list=NoMark address=200.221.0.0/16 comment="Zipmail" disabled=no
add list=NoMark address=200.252.60.0/24 comment="Correios" disabled=no
add list=NoMark address=209.9.0.0/16 comment="Oreys" disabled=no
add list=NoMark address=200.208.15.0/24 comment="Banco Real" disabled=no
add list=NoMark address=200.152.32.0/24 comment="Dataprev" disabled=no
/ ip route
add dst-address=0.0.0.0/0 gateway=10.2.2.1 scope=255 target-scope=10 \
routing-mark=Rota1 comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=10.3.3.1 scope=255 target-scope=10 \
routing-mark=Rota2 comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=10.4.4.1 scope=255 target-scope=10 \
routing-mark=Rota3 comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=10.5.5.1 scope=255 target-scope=10 \
routing-mark=Rota4 comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=10.6.6.1 scope=255 target-scope=10 \
routing-mark=Rota5 comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=10.7.7.1 scope=255 target-scope=10 \
routing-mark=Rota6 comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=10.8.8.1 scope=255 target-scope=10 \
routing-mark=Rota7 comment="" disabled=no
Segue em anexo tbem um PrintScreen da tela de conexões do mangle: