Load Balance PCC Mikrotik + Proxy External

Hari ini saya mencoba memberikan settingan load balance PCC Mikrotik yang saya sempurnakan dari berbagai sumber dimana ada beberapa yang mungkin sengaja diberikan sedikit kesalahan sehingga  load balancing nya timpang. Akibat nya terlihat hanya 1 modem saja yang berjalan.
Untuk tidak berlama-lama topologi yang saya gunakan seperti dibawah ini

Topologi Warnet

 

Gambar : Topologi PCC 2 Modem

adapun ip nya adalah :

Modem 1 = 192.168.1.2/24
Modem 2= 192.168.11.2/24
Lokal = 192.168.100.0/24
Proxy = 192.168.88.254/24

Langkah-langkah settingan pada routerboard:

1. Hal yang pertama adalah mensetting ip address dan pppoe-client pada routerboard

Pengaturan IP address

[accordion][acc title=”Pengaturan Ip Address”]/ip address
add address=192.168.88.1/24 comment=Proxy disabled=no interface=ether4-proxy \ network=192.168.88.0
add address=192.168.100.1/24 comment=”IP LAN” disabled=no interface=\ ether3-lokal network=192.168.100.0
add address=192.168.1.2/24 comment=”IP Speedy1″ disabled=no interface=\ ether1-speedy1 network=192.168.1.0
add address=192.168.11.2/24 comment=”IP Speedy2″ disabled=no interface=\ ether2-speedy2 network=192.168.11.0
add address=192.168.0.2/24 disabled=yes interface=ether5-LB network=\ 192.168.0.0[/acc][/accordion]

Pengaturan ppoe-client

[accordion][acc title=”Settingan PPOE-Client”]

/interface pppoe-client add ac-name=”” add-default-route=yes allow=pap,chap,mschap1,mschap2 comment=”DIALUP PPPOE” dial-on-demand=no disabled=no interface=ether2-speedy2 max-mru=1480 max-mtu=1480 mrru=disabled name=pppoe-speedy1 password=\ xxxxxxxxx profile=default service-name=”” use-peer-dns=no user=111501xxxxxx@telkom.net

add ac-name=”” add-default-route=yes allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface=ether1-speedy1 max-mru=1480 max-mtu=1480 mrru=disabled name=pppoe-speedy2 password=xxxxxxxxx profile=default service-name=”” use-peer-dns=no user=1115011xxxxxx@telkom.net

[/acc][/accordion]

Sesuaikan username dan password yang anda miliki 

2. Mangle Untuk LoadBalance

Membuat mangle untuk koneksi masuk dari modem sehingga nantinya akan keluar di jalur modem yang sama.

[accordion][acc title=”Mangle koneksi masuk dari modem”]/ip firewall mangle

add action=mark-connection chain=input comment=\ “PCC RULE —- MARK ALL PPPoE CONN” connection-state=new disabled=no \ in-interface=pppoe-speedy1 new-connection-mark=pppoe-speedy1_conn \ passthrough=yes

add action=mark-connection chain=input connection-state=new disabled=no \ in-interface=pppoe-speedy2 new-connection-mark=pppoe-speedy2_conn \ passthrough=yes

add action=mark-connection chain=prerouting connection-state=established \ disabled=no in-interface=pppoe-speedy1 new-connection-mark=\ pppoe-speedy1_conn passthrough=yes

add action=mark-connection chain=prerouting connection-state=established \ disabled=no in-interface=pppoe-speedy2 new-connection-mark=\ pppoe-speedy2_conn passthrough=yes

add action=mark-connection chain=prerouting connection-state=related \ disabled=no in-interface=pppoe-speedy1 new-connection-mark=\ pppoe-speedy1_conn passthrough=yes

add action=mark-connection chain=prerouting connection-state=related \ disabled=no in-interface=pppoe-speedy2 new-connection-mark=\ pppoe-speedy2_conn passthrough=yes

add action=mark-routing chain=output connection-mark=pppoe-speedy1_conn \ disabled=no new-routing-mark=pppoe-speedy1 passthrough=no

add action=mark-routing chain=output connection-mark=pppoe-speedy2_conn \ disabled=no new-routing-mark=pppoe-speedy2 passthrough=no [/acc][/accordion]

setelah itu kemudian kita mangle lagi untuk pembagian beban modem. karena koneksi modem yang dimiliki memiliki bandwidth yang sama besar maka saya buat seperti dibawah ini:

[accordion][acc title=”Mangle pembagian beban loadbalance”]
/ip firewall mangle
add action=mark-connection chain=prerouting comment=”PCC RULE MARK HTTP CONN” \ connection-state=new disabled=no dst-address-type=!local dst-port=80 \ in-interface=ether4-proxy new-connection-mark=http_pppoe-speedy1 \ passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 \ protocol=tcp
add action=mark-connection chain=prerouting connection-state=new disabled=no \ dst-address-type=!local dst-port=80 in-interface=ether4-proxy \ new-connection-mark=http_pppoe-speedy2 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=prerouting connection-state=established \ disabled=no dst-address-type=!local dst-port=80 in-interface=ether4-proxy \ new-connection-mark=http_pppoe-speedy1 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting connection-state=established \ disabled=no dst-address-type=!local dst-port=80 in-interface=ether4-proxy \ new-connection-mark=http_pppoe-speedy2 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=prerouting connection-state=related \ disabled=no dst-address-type=!local dst-port=80 in-interface=ether4-proxy \ new-connection-mark=http_pppoe-speedy1 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting connection-state=related \ disabled=no dst-address-type=!local dst-port=80 in-interface=ether4-proxy \ new-connection-mark=http_pppoe-speedy2 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=prerouting comment=\ “PCC RULE—-MARK-NON-HTTP CONN” connection-state=new disabled=no \ dst-address-type=!local dst-port=!80 in-interface=ether3-lokal \ new-connection-mark=non.http_pppoe-speedy1 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting connection-state=new disabled=no \ dst-address-type=!local dst-port=!80 in-interface=ether3-lokal \ new-connection-mark=non.http_pppoe-speedy2 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=prerouting connection-state=established \ disabled=no dst-address-type=!local dst-port=!80 in-interface=\ ether3-lokal new-connection-mark=non.http_pppoe-speedy1 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting connection-state=established \ disabled=no dst-address-type=!local dst-port=!80 in-interface=\ ether3-lokal new-connection-mark=non.http_pppoe-speedy2 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=prerouting connection-state=related \ disabled=no dst-address-type=!local dst-port=!80 in-interface=\ ether3-lokal new-connection-mark=non.http_pppoe-speedy1 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/0 protocol=tcp
add action=mark-connection chain=prerouting connection-state=related \ disabled=no dst-address-type=!local dst-port=!80 in-interface=\ ether3-lokal new-connection-mark=non.http_pppoe-speedy2 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/1 protocol=tcp
add action=mark-connection chain=prerouting comment=new connection-state=new \ disabled=no dst-address-type=!local in-interface=ether3-lokal \ new-connection-mark=non.http_pppoe-speedy1 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/0 protocol=udp
add action=mark-connection chain=prerouting connection-state=new disabled=no \ dst-address-type=!local in-interface=ether3-lokal new-connection-mark=\ non.http_pppoe-speedy2 passthrough=yes per-connection-classifier=\ both-addresses-and-ports:2/1 protocol=udp
add action=mark-connection chain=prerouting comment=established \ connection-state=established disabled=no dst-address-type=!local \ in-interface=ether3-lokal new-connection-mark=non.http_pppoe-speedy1 \ passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 \ protocol=udp
add action=mark-connection chain=prerouting connection-state=established \ disabled=no dst-address-type=!local in-interface=ether3-lokal \ new-connection-mark=non.http_pppoe-speedy2 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/1 protocol=udp
add action=mark-connection chain=prerouting connection-state=related \ disabled=no dst-address-type=!local in-interface=ether3-lokal \ new-connection-mark=non.http_pppoe-speedy1 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/0 protocol=udp
add action=mark-connection chain=prerouting connection-state=related \ disabled=no dst-address-type=!local in-interface=ether3-lokal \ new-connection-mark=non.http_pppoe-speedy2 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:2/1 protocol=udp
add action=mark-routing chain=prerouting comment=\ “PCC RULE —- MARK – HTTP ROUTE” connection-mark=http_pppoe-speedy1 \ disabled=no new-routing-mark=pppoe-speedy1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=http_pppoe-speedy2 \ disabled=no new-routing-mark=pppoe-speedy2 passthrough=yes
add action=mark-routing chain=prerouting comment=\ “PCC RULE MARK NON HTTP ROUTE” connection-mark=non.http_pppoe-speedy1 \ disabled=no new-routing-mark=pppoe-speedy1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=\ non.http_pppoe-speedy2 disabled=no new-routing-mark=pppoe-speedy2 \ passthrough=yes[/acc][/accordion]

3. Setelah pembagian beban jalur modem maka selanjutnya kita membuat routing keluar berdasarkan connection routing yang telah dibuat sebelumnya. Dimana ditambahkan juga untuk failover nya bila salah satu modem down/terputus.

[accordion][acc title=”Routing PCC”]

/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
pppoe-speedy1 routing-mark=pppoe-speedy1 scope=30 target-scope=10
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe-speedy2 \
routing-mark=pppoe-speedy1 scope=30 target-scope=10
add check-gateway=ping disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.1.1 routing-mark=pppoe-speedy1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
pppoe-speedy2 routing-mark=pppoe-speedy2 scope=30 target-scope=10
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe-speedy1 \
routing-mark=pppoe-speedy2 scope=30 target-scope=10
add check-gateway=ping disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=\
192.168.11.1 routing-mark=pppoe-speedy2 scope=30 target-scope=10
add check-gateway=ping comment=”ROUTING DEFAULT SPEEDY1″ disabled=no \
distance=1 dst-address=0.0.0.0/0 gateway=pppoe-speedy1 scope=30 \
target-scope=10
add check-gateway=ping comment=”ROUTING DEFAULT SPEEDY2″ disabled=no \
distance=1 dst-address=0.0.0.0/0 gateway=pppoe-speedy2 scope=30 \
target-scope=10

[/acc][/accordion]

4. Hal terakhir yang dilakukan adalah membuat NAT untuk keluar dan saya tambahkan juga untuk DNS transparent nya yang berfungsi untuk memaksa client yang suka ganti-ganti DNS server agar tetap menggunakan DNS server yang telah di tetapkan pada router.

[accordion][acc title=”NAT PCC”]

/ip firewall nat
add action=masquerade chain=srcnat comment=”default configuration” disabled=\
no out-interface=pppoe-speedy1 to-addresses=0.0.0.0
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-speedy2 \
to-addresses=0.0.0.0
add action=masquerade chain=srcnat disabled=yes out-interface=ether5-LB \
to-addresses=0.0.0.0
add action=dst-nat chain=dstnat comment=”PROXY REDIRECT” disabled=no \
dst-port=80,8080,3128 protocol=tcp src-address=!192.168.88.254 \
to-addresses=192.168.88.254 to-ports=8888
add action=dst-nat chain=dstnat disabled=no dst-port=22 protocol=tcp \
to-addresses=192.168.88.254 to-ports=22
add action=dst-nat chain=dstnat disabled=no dst-port=8081 protocol=tcp \
to-addresses=192.168.100.10 to-ports=8080
add action=redirect chain=dstnat comment=”TRANSPARENT DNS” disabled=no \
dst-port=53 protocol=tcp to-ports=53
add action=redirect chain=dstnat disabled=no dst-port=53 protocol=udp \
to-ports=53

[/acc][/accordion]

Akhirnya selesai juga settingan loadbalance PCC yang saya buat..Untuk pembagian bandwidth nya anda bisa tambahkan sendiri sesuai dengan keinginan.

Nah berikut dibawah ini penampakannya :

pcc baracuda

Penampakan PING dari proxy ke DNS Google :

ping dari proxy pcc

Thanks :
forummikrotik.com

 

Incoming search terms:

  • mikrotik load balance tproxy
  • mikrotik-pcc-load-balancing-dengan-external-proxy
  • load balancing pcc failover external proxy
  • load balancing mikrotik external proxy
  • load balancing external proxy
  • load balancing dengan proxy external
  • load balancing dan proxy external
  • hubungan proxy dan pcc
  • topologi load balancing mikrotik
  • https://yandex ru/clck/jsredir?from=yandex ru;search;web;;&text=&etext=1822 HkoJCNO2oPg-C2Ta2tGljTfWKzMSmem06OKiPY2qVftRnNID70uBMtwyN9X50gyC c9ca367addcd33bbfd6d3a9d0586f6ab35713871&uuid=&state=_BLhILn4SxNIvvL0W45KSic66uCIg23qh8iRG98qeIXme
Translate »