«

»

Mar 29

Load Balance PCC Mikrotik + Proxy External

Hari ini saya mencoba memberikan settingan load balance PCC Mikrotik yang saya sempurnakan dari berbagai sumber dimana ada beberapa yang mungkin sengaja diberikan sedikit kesalahan sehingga  load balancing nya timpang. Akibat nya terlihat hanya 1 modem saja yang berjalan.
Untuk tidak berlama-lama topologi yang saya gunakan seperti dibawah ini

Topologi Warnet

 

Gambar : Topologi PCC 2 Modem

adapun ip nya adalah :

Modem 1 = 192.168.1.2/24
Modem 2= 192.168.11.2/24
Lokal = 192.168.100.0/24
Proxy = 192.168.88.254/24

Langkah-langkah settingan pada routerboard:

1. Hal yang pertama adalah mensetting ip address dan pppoe-client pada routerboard

Pengaturan IP address

[accordion][acc title=”Pengaturan Ip Address”]/ip address
add address=192.168.88.1/24 comment=Proxy disabled=no interface=ether4-proxy \ network=192.168.88.0
add address=192.168.100.1/24 comment=”IP LAN” disabled=no interface=\ ether3-lokal network=192.168.100.0
add address=192.168.1.2/24 comment=”IP Speedy1″ disabled=no interface=\ ether1-speedy1 network=192.168.1.0
add address=192.168.11.2/24 comment=”IP Speedy2″ disabled=no interface=\ ether2-speedy2 network=192.168.11.0
add address=192.168.0.2/24 disabled=yes interface=ether5-LB network=\ 192.168.0.0[/acc][/accordion]

Pengaturan ppoe-client

[accordion][acc title=”Settingan PPOE-Client”]

/interface pppoe-client add ac-name=”” add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=”DIALUP PPPOE” dial-on-demand=no disabled=no interface=ether2-speedy2 max-mru=1480 max-mtu=1480 mrru=disabled name=pppoe-speedy1 password=\ xxxxxxxxx profile=default service-name=”” use-peer-dns=no user=111501xxxxxx@telkom.net

add ac-name=”” add-default-route=yes allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=ether1-speedy1 max-mru=1480 max-mtu=1480 mrru=disabled name=pppoe-speedy2 password=xxxxxxxxx profile=default service-name=”” use-peer-dns=no user=1115011xxxxxx@telkom.net

[/acc][/accordion]

Sesuaikan username dan password yang anda miliki 

2. Mangle Untuk LoadBalance

Membuat mangle untuk koneksi masuk dari modem sehingga nantinya akan keluar di jalur modem yang sama.

[accordion][acc title=”Mangle koneksi masuk dari modem”]/ip firewall mangle

add action=mark-connection chain=input comment=\ “PCC RULE —- MARK ALL PPPoE CONN” connection-state=new disabled=no \ in-interface=pppoe-speedy1 new-connection-mark=pppoe-speedy1_conn \ passthrough=yes

add action=mark-connection chain=input connection-state=new disabled=no \ in-interface=pppoe-speedy2 new-connection-mark=pppoe-speedy2_conn \ passthrough=yes

add action=mark-connection chain=prerouting connection-state=established \ disabled=no in-interface=pppoe-speedy1 new-connection-mark=\ pppoe-speedy1_conn passthrough=yes

add action=mark-connection chain=prerouting connection-state=established \ disabled=no in-interface=pppoe-speedy2 new-connection-mark=\ pppoe-speedy2_conn passthrough=yes

add action=mark-connection chain=prerouting connection-state=related \ disabled=no in-interface=pppoe-speedy1 new-connection-mark=\ pppoe-speedy1_conn passthrough=yes

add action=mark-connection chain=prerouting connection-state=related \ disabled=no in-interface=pppoe-speedy2 new-connection-mark=\ pppoe-speedy2_conn passthrough=yes

add action=mark-routing chain=output connection-mark=pppoe-speedy1_conn \ disabled=no new-routing-mark=pppoe-speedy1 passthrough=no

add action=mark-routing chain=output connection-mark=pppoe-speedy2_conn \ disabled=no new-routing-mark=pppoe-speedy2 passthrough=no [/acc][/accordion]

setelah itu kemudian kita mangle lagi untuk pembagian beban modem. karena koneksi modem yang dimiliki memiliki bandwidth yang sama besar maka saya buat seperti dibawah ini:

[accordion][acc title=”Mangle pembagian beban loadbalance”]
/ip firewall mangle
add action=mark-connection chain=prerouting comment=”PCC RULE MARK HTTP CONN” \ connection-state=new disabled=no dst-address-type=!local dst-port=80 \ in-interface=ether4-proxy new-connection-mark=http_pppoe-speedy1 \ passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 \ protocol=tcp
add action=mark-connection chain=prerouting connection-state=new disabled=no \ dst-address-type=!local dst-port=80 in-interface=ether4-proxy \ new-connection-mark=http_pppoe-speedy2 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=prerouting connection-state=established \ disabled=no dst-address-type=!local dst-port=80 in-interface=ether4-proxy \ new-connection-mark=http_pppoe-speedy1 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting connection-state=established \ disabled=no dst-address-type=!local dst-port=80 in-interface=ether4-proxy \ new-connection-mark=http_pppoe-speedy2 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=prerouting connection-state=related \ disabled=no dst-address-type=!local dst-port=80 in-interface=ether4-proxy \ new-connection-mark=http_pppoe-speedy1 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting connection-state=related \ disabled=no dst-address-type=!local dst-port=80 in-interface=ether4-proxy \ new-connection-mark=http_pppoe-speedy2 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=prerouting comment=\ “PCC RULE—-MARK-NON-HTTP CONN” connection-state=new disabled=no \ dst-address-type=!local dst-port=!80 in-interface=ether3-lokal \ new-connection-mark=non.http_pppoe-speedy1 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting connection-state=new disabled=no \ dst-address-type=!local dst-port=!80 in-interface=ether3-lokal \ new-connection-mark=non.http_pppoe-speedy2 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=prerouting connection-state=established \ disabled=no dst-address-type=!local dst-port=!80 in-interface=\ ether3-lokal new-connection-mark=non.http_pppoe-speedy1 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting connection-state=established \ disabled=no dst-address-type=!local dst-port=!80 in-interface=\ ether3-lokal new-connection-mark=non.http_pppoe-speedy2 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=prerouting connection-state=related \ disabled=no dst-address-type=!local dst-port=!80 in-interface=\ ether3-lokal new-connection-mark=non.http_pppoe-speedy1 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting connection-state=related \ disabled=no dst-address-type=!local dst-port=!80 in-interface=\ ether3-lokal new-connection-mark=non.http_pppoe-speedy2 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=prerouting comment=new connection-state=new \ disabled=no dst-address-type=!local in-interface=ether3-lokal \ new-connection-mark=non.http_pppoe-speedy1 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/0 protocol=udp
add action=mark-connection chain=prerouting connection-state=new disabled=no \ dst-address-type=!local in-interface=ether3-lokal new-connection-mark=\ non.http_pppoe-speedy2 passthrough=yes per-connection-classifier=\ both-addresses-and-ports:2/1 protocol=udp
add action=mark-connection chain=prerouting comment=established \ connection-state=established disabled=no dst-address-type=!local \ in-interface=ether3-lokal new-connection-mark=non.http_pppoe-speedy1 \ passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 \ protocol=udp
add action=mark-connection chain=prerouting connection-state=established \ disabled=no dst-address-type=!local in-interface=ether3-lokal \ new-connection-mark=non.http_pppoe-speedy2 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/1 protocol=udp
add action=mark-connection chain=prerouting connection-state=related \ disabled=no dst-address-type=!local in-interface=ether3-lokal \ new-connection-mark=non.http_pppoe-speedy1 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/0 protocol=udp
add action=mark-connection chain=prerouting connection-state=related \ disabled=no dst-address-type=!local in-interface=ether3-lokal \ new-connection-mark=non.http_pppoe-speedy2 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/1 protocol=udp
add action=mark-routing chain=prerouting comment=\ “PCC RULE —- MARK – HTTP ROUTE” connection-mark=http_pppoe-speedy1 \ disabled=no new-routing-mark=pppoe-speedy1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=http_pppoe-speedy2 \ disabled=no new-routing-mark=pppoe-speedy2 passthrough=yes
add action=mark-routing chain=prerouting comment=\ “PCC RULE MARK NON HTTP ROUTE” connection-mark=non.http_pppoe-speedy1 \ disabled=no new-routing-mark=pppoe-speedy1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=\ non.http_pppoe-speedy2 disabled=no new-routing-mark=pppoe-speedy2 \ passthrough=yes[/acc][/accordion]

3. Setelah pembagian beban jalur modem maka selanjutnya kita membuat routing keluar berdasarkan connection routing yang telah dibuat sebelumnya. Dimana ditambahkan juga untuk failover nya bila salah satu modem down/terputus.

[accordion][acc title=”Routing PCC”]

/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
pppoe-speedy1 routing-mark=pppoe-speedy1 scope=30 target-scope=10
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe-speedy2 \
routing-mark=pppoe-speedy1 scope=30 target-scope=10
add check-gateway=ping disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.1.1 routing-mark=pppoe-speedy1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
pppoe-speedy2 routing-mark=pppoe-speedy2 scope=30 target-scope=10
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe-speedy1 \
routing-mark=pppoe-speedy2 scope=30 target-scope=10
add check-gateway=ping disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.11.1 routing-mark=pppoe-speedy2 scope=30 target-scope=10
add check-gateway=ping comment=”ROUTING DEFAULT SPEEDY1″ disabled=no \
distance=1 dst-address=0.0.0.0/0 gateway=pppoe-speedy1 scope=30 \
target-scope=10
add check-gateway=ping comment=”ROUTING DEFAULT SPEEDY2″ disabled=no \
distance=1 dst-address=0.0.0.0/0 gateway=pppoe-speedy2 scope=30 \
target-scope=10

[/acc][/accordion]

4. Hal terakhir yang dilakukan adalah membuat NAT untuk keluar dan saya tambahkan juga untuk DNS transparent nya yang berfungsi untuk memaksa client yang suka ganti-ganti DNS server agar tetap menggunakan DNS server yang telah di tetapkan pada router.

[accordion][acc title=”NAT PCC”]

/ip firewall nat
add action=masquerade chain=srcnat comment=”default configuration” disabled=\
no out-interface=pppoe-speedy1 to-addresses=0.0.0.0
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-speedy2 \
to-addresses=0.0.0.0
add action=masquerade chain=srcnat disabled=yes out-interface=ether5-LB \
to-addresses=0.0.0.0
add action=dst-nat chain=dstnat comment=”PROXY REDIRECT” disabled=no \
dst-port=80,8080,3128 protocol=tcp src-address=!192.168.88.254 \
to-addresses=192.168.88.254 to-ports=8888
add action=dst-nat chain=dstnat disabled=no dst-port=22 protocol=tcp \
to-addresses=192.168.88.254 to-ports=22
add action=dst-nat chain=dstnat disabled=no dst-port=8081 protocol=tcp \
to-addresses=192.168.100.10 to-ports=8080
add action=redirect chain=dstnat comment=”TRANSPARENT DNS” disabled=no \
dst-port=53 protocol=tcp to-ports=53
add action=redirect chain=dstnat disabled=no dst-port=53 protocol=udp \
to-ports=53

[/acc][/accordion]

Akhirnya selesai juga settingan loadbalance PCC yang saya buat..Untuk pembagian bandwidth nya anda bisa tambahkan sendiri sesuai dengan keinginan.

Nah berikut dibawah ini penampakannya :

pcc baracuda

Penampakan PING dari proxy ke DNS Google :

ping dari proxy pcc

Thanks :
forummikrotik.com

 

Incoming search terms:

  • mikrotik load balance tproxy
  • mikrotik-pcc-load-balancing-dengan-external-proxy
  • loadbalancing mikrotik proxy
  • load balancing pcc pppoe
  • load balancing pcc failover external proxy
  • load balancing mikrotik external proxy
  • load balancing external proxy
  • load balancing dengan proxy external
  • mikrotikrouterproxy load balancing
  • hubungan proxy dan pcc

7 comments

9 pings

Skip to comment form

  1. Feter Hehanusa

    Queuenya sekalian dong…. posting bgs

    1. Indra Mulia Marpaung

      Tunggu aja postingan berikutnya ttg Queue nya ya..

  2. Indra Mulia Marpaung

    Tunggu aja postingan berikutnya ttg Queuenya..

  3. Chandra Lubis

    emang keren

  4. Indra Mulia Marpaung

    Makasih bang..

  5. Chandra Lubis

    pertahankan bg settingannya bg klu bisa ciptakan lagi settingan setingan yg lebih keren lagi kekekekekekekkekeke

    1. Indra Mulia Marpaung

      hehehe..mudah2an bang..ya liat kondisi dilapangan jg bang settingnya.

  6. Anonymous

    Terima kasih banyak atas informasinya sangat bermanfaat dan keren sekali menurutku, di tunggu yah update selanjutnya .

    .

  7. Ronadi Dwi Putra

    tanya dong, itu cable yg konek dari squid ke rb harus cross yah?

    1. Indra Mulia Marpaung

      Sebaiknya seh yang cross mas.. tp pake yg straight jg bs kok..

  8. ActiveFile

    tanya dong, itu cable yg konek dari squid ke rb harus cross yah?

  9. saiful

    guru saya ini

    1. Indra Mulia Marpaung

      hahaa..bisa aja

  10. Indra Mulia Marpaung

    queue nya bs pake yg lain kok mas..

  11. Angga Te'a

    tanya dong om
    1. ”PROXY REDIRECT” 192.168.88.254 to-ports=8888
    2. add action=dst-nat chain=dstnat disabled=no dst-port=8081 protocol=tcp
    to-addresses=192.168.100.10 to-ports=8080

    kalo untuk pertanyaan no. 1 port 8888 itu port yg di squid bkn?
    no. 2 ip ini buat tester yah192.168.100.10 klo port 8080 ini apa ?

    tks

    1. Indra Mulia Marpaung

      1. Port 8888 memang port squid nya jadi port standarnya 3128 sy ubah ke port 8888
      2. itu cmn redirect port ke client sesuai dengna kebutuhan pelanggan sy kmrn. itu bisa diabaikan dan dianggap tidak ada.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Translate »