Load Balance Mikrotik 5z1u2x
This document was ed by and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this report form. Report l4457
Overview 6h3y3j
& View Load Balance Mikrotik as PDF for free.
More details h6z72
- Words: 906
- Pages: 22
Understanding Load Balance and Policy Route 1
andrew zheng! edcwifi co limited
About Me
Mikrotik Trainer No. 75! Certificate: MTCNA, MTCWE, MTCRE, MTCTCE, MTCUME, MTCINE, UBWA, UEWA
EDCwifi - Andrew Zheng
2
2015, April 17 - Vietnam MUM
About EDCwifi Mikrotik Distributor with stock point at Hongkong, Shenzhen and Beijing.! Mikrotik Authorized Training partner.! Customizing partner for MfM (made for Mikrotik) product.! www.edcwifi.com & www.edcwifi.com.cn EDCwifi - Andrew Zheng
3
2015, April 17 - Vietnam MUM
Made for Mikrotik Face off your device RB750series
RB450series
EDCwifi - Andrew Zheng
4
2015, April 17 - Vietnam MUM
SOHO customers mostly requires:
Automatic Fail Over! Reliable Load Balance! Policy Route
EDCwifi - Andrew Zheng
5
2015, April 17 - Vietnam MUM
Topology
ISP1 192.168.0.1
Policy route to VPN
10.1.1.88 ether1! 192.168.0.1
LAN
VPN! Server! ISP
VPN! Server
Router
local IP 192.168.12.99! remote IP 192.168.12.165
ISP2
10.2.2.88
EDCwifi - Andrew Zheng
6
2015, April 17 - Vietnam MUM
Sample configuration Get IP address from ISP
EDCwifi - Andrew Zheng
7
2015, April 17 - Vietnam MUM
Dial VPN connection (optional for policy route)
EDCwifi - Andrew Zheng
8
2015, April 17 - Vietnam MUM
Mangle Rules! All packets with gateway router IP as destination should be accept
0 EDCwifi - Andrew Zheng
1
Skipping PCC rules for packets with ! router gateway IP as its destination! to their gateway router.! (for correcting DNS request and! other services)
2
9
2015, April 17 - Vietnam MUM
Mangle Rules! Make sure all packets coming from WAN interface going out from the same WAN interface
3
EDCwifi - Andrew Zheng
4
10
5
2015, April 17 - Vietnam MUM
Mangle Rules and Address list! VPN policy route Address list example
6 Add all IP addresses that ! planned to go ! through VPN connection
EDCwifi - Andrew Zheng
mark connection of every packets with ! IP destination address listed in ! VPN address list 11
2015, April 17 - Vietnam MUM
Mangle Rules! Connection Mark base on PCC
7
EDCwifi - Andrew Zheng
8
12
2015, April 17 - Vietnam MUM
Mangle Rules! Route Mark for PCC
9
EDCwifi - Andrew Zheng
10
13
11
2015, April 17 - Vietnam MUM
Mangle Rules! Route Mark for Output Chain
12
EDCwifi - Andrew Zheng
13
14
14
2015, April 17 - Vietnam MUM
IP Route Rules! Add Default Gateway for our Routing Mark
EDCwifi - Andrew Zheng
15
2015, April 17 - Vietnam MUM
IP Route Rules! Fail Over By adding default gateway! that not booked for routing mark! we already create fail over system.! Just adjust the distance for ! priority purpose
EDCwifi - Andrew Zheng
16
2015, April 17 - Vietnam MUM
NAT
EDCwifi - Andrew Zheng
17
2015, April 17 - Vietnam MUM
Checking PCC Result
EDCwifi - Andrew Zheng
18
2015, April 17 - Vietnam MUM
Checking Policy routes Result
EDCwifi - Andrew Zheng
19
2015, April 17 - Vietnam MUM
Packet Flow with mangle chain simple explanation packet A, going into ether1 with src add: 192.168.0.2 and dst add: 222.111.222.111 checking DST-IP! to local or forward-! checking DST-NAT! packet A! packet A! packet A! output interfacesrc:192.168.0.2! rules src:192.168.0.2! dst: 222.111.222.111! 1-conn! 1-route! in int: ether1
src:192.168.0.2! dst: 222.111.222.111! 1-conn! 1-route! in int: ether1
DSTNAT
checking mangle forward-! filter forward
dst: 222.111.222.111! 1-conn! 1-route! in int: ether1! out int: ISP1
Mangle forward
Routing Decision
add mangle 1-conn! and 1-route
packet A! src:192.168.0.2! dst: 222.111.222.111! in int: ether1! no mark
Recording ! conn track
packet A! src:192.168.0.2! dst: 222.111.222.111! in int: ether1! no mark
packet A! src:192.168.0.2! dst: 222.111.222.111! 1-conn! 1-route! in int: ether1! out int ISP1
Filter! Forward
Routing Adjustment
Mangle postrouting
Mangle prerouting
connection tracking
Input interface! eq: ether1, ether2,ether3, etc
EDCwifi - Andrew Zheng
SRCNAT
Mangle input
Local Process
connection tracking
Mangle output
Output interface! eq: ether1, ether2,ether3, etc
checking mangle ! post routing packet A! src:192.168.0.2! dst: 222.111.222.111! 1-conn! 1-route! out int ISP1
Change SRC IP packet A! src:10.1.1.97! dst: 222.111.222.111! 1-conn! 1-route! out int ISP1
packet A! src:10.1.1.97! dst: 222.111.222.111!
20
2015, April 17 - Vietnam MUM
Packet Flow with mangle chain simple explanation replied packet A (A-1), going into ISP1 interface with src add: 222.111.222.111 and dst add: 10.1.1.97 checking DST-IP! to local or forward-! checking DST-NAT! packet A-1! rules packet A-1! output interface packet A-1! src: 222.111.222.111! dst: 192.168.0.2! 1-conn! in int: ISP1
src: 222.111.222.111! dst: 10.1.1.97! 1-conn! in int: ISP1
DSTNAT
checking mangle forward-! filter forward
src: 222.111.222.111! dst: 192.168.0.2! 1-conn! in int: ISP1! goto Ether1
Mangle forward
Routing Decision
Check mangle pre-routing,! adding mark ! 1-conn
packet A-1! src: 222.111.222.111! dst: 10.1.1.97! in int: ISP1! recognize this packet is one connection with A
check and update! conn-track
packet A-1! src: 222.111.222.111! dst: 10.1.1.97! in int: ISP1
packet A-1! src: 222.111.222.111! dst: 192.168.0.2! 1-conn! in int: ISP1! out int ether1
Filter! Forward
Routing Adjustment
Mangle postrouting
Mangle prerouting
connection tracking
Input interface! eq: ether1, ether2,ether3, etc
checking mangle ! post routing packet A-1! src: 222.111.222.111! dst: 192.168.0.2! 1-conn! out int ether1
SRCNAT
Mangle input
Local Process
connection tracking
Mangle output
Output interface! eq: ether1, ether2,ether3, etc
Change SRC IP packet A-1! src: 222.111.222.111! dst: 192.168.0.2! 1-conn! out int ether1
packet A-1! src: 222.111.222.111! dst: 192.168.0.2!
EDCwifi - Andrew Zheng
21
2015, April 17 - Vietnam MUM
Any Question? Thank you! For Goods Inquiry: [email protected]! See you again
EDCwifi - Andrew Zheng
22
2015, April 17 - Vietnam MUM
andrew zheng! edcwifi co limited
About Me
Mikrotik Trainer No. 75! Certificate: MTCNA, MTCWE, MTCRE, MTCTCE, MTCUME, MTCINE, UBWA, UEWA
EDCwifi - Andrew Zheng
2
2015, April 17 - Vietnam MUM
About EDCwifi Mikrotik Distributor with stock point at Hongkong, Shenzhen and Beijing.! Mikrotik Authorized Training partner.! Customizing partner for MfM (made for Mikrotik) product.! www.edcwifi.com & www.edcwifi.com.cn EDCwifi - Andrew Zheng
3
2015, April 17 - Vietnam MUM
Made for Mikrotik Face off your device RB750series
RB450series
EDCwifi - Andrew Zheng
4
2015, April 17 - Vietnam MUM
SOHO customers mostly requires:
Automatic Fail Over! Reliable Load Balance! Policy Route
EDCwifi - Andrew Zheng
5
2015, April 17 - Vietnam MUM
Topology
ISP1 192.168.0.1
Policy route to VPN
10.1.1.88 ether1! 192.168.0.1
LAN
VPN! Server! ISP
VPN! Server
Router
local IP 192.168.12.99! remote IP 192.168.12.165
ISP2
10.2.2.88
EDCwifi - Andrew Zheng
6
2015, April 17 - Vietnam MUM
Sample configuration Get IP address from ISP
EDCwifi - Andrew Zheng
7
2015, April 17 - Vietnam MUM
Dial VPN connection (optional for policy route)
EDCwifi - Andrew Zheng
8
2015, April 17 - Vietnam MUM
Mangle Rules! All packets with gateway router IP as destination should be accept
0 EDCwifi - Andrew Zheng
1
Skipping PCC rules for packets with ! router gateway IP as its destination! to their gateway router.! (for correcting DNS request and! other services)
2
9
2015, April 17 - Vietnam MUM
Mangle Rules! Make sure all packets coming from WAN interface going out from the same WAN interface
3
EDCwifi - Andrew Zheng
4
10
5
2015, April 17 - Vietnam MUM
Mangle Rules and Address list! VPN policy route Address list example
6 Add all IP addresses that ! planned to go ! through VPN connection
EDCwifi - Andrew Zheng
mark connection of every packets with ! IP destination address listed in ! VPN address list 11
2015, April 17 - Vietnam MUM
Mangle Rules! Connection Mark base on PCC
7
EDCwifi - Andrew Zheng
8
12
2015, April 17 - Vietnam MUM
Mangle Rules! Route Mark for PCC
9
EDCwifi - Andrew Zheng
10
13
11
2015, April 17 - Vietnam MUM
Mangle Rules! Route Mark for Output Chain
12
EDCwifi - Andrew Zheng
13
14
14
2015, April 17 - Vietnam MUM
IP Route Rules! Add Default Gateway for our Routing Mark
EDCwifi - Andrew Zheng
15
2015, April 17 - Vietnam MUM
IP Route Rules! Fail Over By adding default gateway! that not booked for routing mark! we already create fail over system.! Just adjust the distance for ! priority purpose
EDCwifi - Andrew Zheng
16
2015, April 17 - Vietnam MUM
NAT
EDCwifi - Andrew Zheng
17
2015, April 17 - Vietnam MUM
Checking PCC Result
EDCwifi - Andrew Zheng
18
2015, April 17 - Vietnam MUM
Checking Policy routes Result
EDCwifi - Andrew Zheng
19
2015, April 17 - Vietnam MUM
Packet Flow with mangle chain simple explanation packet A, going into ether1 with src add: 192.168.0.2 and dst add: 222.111.222.111 checking DST-IP! to local or forward-! checking DST-NAT! packet A! packet A! packet A! output interfacesrc:192.168.0.2! rules src:192.168.0.2! dst: 222.111.222.111! 1-conn! 1-route! in int: ether1
src:192.168.0.2! dst: 222.111.222.111! 1-conn! 1-route! in int: ether1
DSTNAT
checking mangle forward-! filter forward
dst: 222.111.222.111! 1-conn! 1-route! in int: ether1! out int: ISP1
Mangle forward
Routing Decision
add mangle 1-conn! and 1-route
packet A! src:192.168.0.2! dst: 222.111.222.111! in int: ether1! no mark
Recording ! conn track
packet A! src:192.168.0.2! dst: 222.111.222.111! in int: ether1! no mark
packet A! src:192.168.0.2! dst: 222.111.222.111! 1-conn! 1-route! in int: ether1! out int ISP1
Filter! Forward
Routing Adjustment
Mangle postrouting
Mangle prerouting
connection tracking
Input interface! eq: ether1, ether2,ether3, etc
EDCwifi - Andrew Zheng
SRCNAT
Mangle input
Local Process
connection tracking
Mangle output
Output interface! eq: ether1, ether2,ether3, etc
checking mangle ! post routing packet A! src:192.168.0.2! dst: 222.111.222.111! 1-conn! 1-route! out int ISP1
Change SRC IP packet A! src:10.1.1.97! dst: 222.111.222.111! 1-conn! 1-route! out int ISP1
packet A! src:10.1.1.97! dst: 222.111.222.111!
20
2015, April 17 - Vietnam MUM
Packet Flow with mangle chain simple explanation replied packet A (A-1), going into ISP1 interface with src add: 222.111.222.111 and dst add: 10.1.1.97 checking DST-IP! to local or forward-! checking DST-NAT! packet A-1! rules packet A-1! output interface packet A-1! src: 222.111.222.111! dst: 192.168.0.2! 1-conn! in int: ISP1
src: 222.111.222.111! dst: 10.1.1.97! 1-conn! in int: ISP1
DSTNAT
checking mangle forward-! filter forward
src: 222.111.222.111! dst: 192.168.0.2! 1-conn! in int: ISP1! goto Ether1
Mangle forward
Routing Decision
Check mangle pre-routing,! adding mark ! 1-conn
packet A-1! src: 222.111.222.111! dst: 10.1.1.97! in int: ISP1! recognize this packet is one connection with A
check and update! conn-track
packet A-1! src: 222.111.222.111! dst: 10.1.1.97! in int: ISP1
packet A-1! src: 222.111.222.111! dst: 192.168.0.2! 1-conn! in int: ISP1! out int ether1
Filter! Forward
Routing Adjustment
Mangle postrouting
Mangle prerouting
connection tracking
Input interface! eq: ether1, ether2,ether3, etc
checking mangle ! post routing packet A-1! src: 222.111.222.111! dst: 192.168.0.2! 1-conn! out int ether1
SRCNAT
Mangle input
Local Process
connection tracking
Mangle output
Output interface! eq: ether1, ether2,ether3, etc
Change SRC IP packet A-1! src: 222.111.222.111! dst: 192.168.0.2! 1-conn! out int ether1
packet A-1! src: 222.111.222.111! dst: 192.168.0.2!
EDCwifi - Andrew Zheng
21
2015, April 17 - Vietnam MUM
Any Question? Thank you! For Goods Inquiry: [email protected]! See you again
EDCwifi - Andrew Zheng
22
2015, April 17 - Vietnam MUM
Related Documents 543cg
Load Balance Mikrotik 5z1u2x
May 2020 5
Mikrotik 4 Wan Load Balance 3nl44
December 2019 178
Fortigate Load Balance 521 4q4v2y
November 2019 42
Mikrotik Vrrp And Load Sharing 4k1w2y
February 2022 0
Load Balancing Persistent Spanish - Mikrotik Wiki 6d5hr
March 2023 0