Load Balancing with Mikrotik 3.x
When we want to make Loadbalancing system used Mikrotik 2.9.x, we can using the rule from here. But there is little different with Mikrotik 3.x
Ok then, let's started, i will use 5 connection here.
IP Address Configuration
/ ip address add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local comment="" disabled=no
/ ip address add address=10.111.0.2/30 network=10.111.0.0 broadcast=10.111.0.3 interface=Uplink1 comment="" disabled=no
/ ip address add address=10.112.0.2/30 network=10.112.0.0 broadcast=10.112.0.3 interface=Uplink2 comment="" disabled=no
/ ip address add address=10.113.0.2/30 network=10.113.0.0 broadcast=10.113.0.3 interface=Uplink3 comment="" disabled=no
/ ip address add address=10.114.0.2/30 network=10.114.0.0 broadcast=10.114.0.3 interface=Uplink4 comment="" disabled=no
/ ip address add address=10.115.0.2/30 network=10.115.0.0 broadcast=10.115.0.3 interface=Uplink5 comment="" disabled=no
Mangle Configuration
/ ip firewall mangle add chain=prerouting in-interface=Local connection-state=new nth=5,1 action=mark-connection new-connection-mark=conn1 passthrough=yes comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=Local connection-mark=conn1 action=mark-routing new-routing-mark=conn1 passthrough=no comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=Local connection-state=new nth=4,1 action=mark-connection new-connection-mark=conn2 passthrough=yes comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=Local connection-mark=conn2 action=mark-routing new-routing-mark=conn2 passthrough=no comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=Local connection-state=new nth=3,1 action=mark-connection new-connection-mark=conn3 passthrough=yes comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=Local connection-mark=conn3 action=mark-routing new-routing-mark=conn3 passthrough=no comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=Local connection-state=new nth=2,1 action=mark-connection new-connection-mark=conn4 passthrough=yes comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=Local connection-mark=conn4 action=mark-routing new-routing-mark=conn4 passthrough=no comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=Local connection-state=new action=mark-connection new-connection-mark=conn5 passthrough=yes comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=Local connection-mark=conn5 action=mark-routing new-routing-mark=conn5 passthrough=no comment="" disabled=no
Masquerade Local Network
/ ip firewall nat add chain=srcnat connection-mark=conn1 action=masquerade out-interface=Uplink1 comment="" disabled=no
/ ip firewall nat add chain=srcnat connection-mark=conn2 action=masquerade out-interface=Uplink2 comment="" disabled=no
/ ip firewall nat add chain=srcnat connection-mark=conn3 action=masquerade out-interface=Uplink3 comment="" disabled=no
/ ip firewall nat add chain=srcnat connection-mark=conn4 action=masquerade out-interface=Uplink4 comment="" disabled=no
/ ip firewall nat add chain=srcnat connection-mark=conn5 action=masquerade out-interface=Uplink5 comment="" disabled=no
Route
/ ip route add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 routing-mark=conn1 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=10.112.0.1 scope=255 target-scope=10 routing-mark=conn2 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=10.113.0.1 scope=255 target-scope=10 routing-mark=conn3 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=10.114.0.1 scope=255 target-scope=10 routing-mark=conn4 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=10.115.0.1 scope=255 target-scope=10 routing-mark=conn5 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=10.111.0.1 scope=255 target-scope=10 comment="" disabled=no
Explanation
First we give a code snippet and then explain what it actually does.
IP Address and Mangle
/ ip address add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local comment="" disabled=no
/ ip address add address=10.111.0.2/30 network=10.111.0.0 broadcast=10.111.0.3 interface=Uplink1 comment="" disabled=no
/ ip address add address=10.112.0.2/30 network=10.112.0.0 broadcast=10.112.0.3 interface=Uplink2 comment="" disabled=no
/ ip address add address=10.113.0.2/30 network=10.113.0.0 broadcast=10.113.0.3 interface=Uplink3 comment="" disabled=no
/ ip address add address=10.114.0.2/30 network=10.114.0.0 broadcast=10.114.0.3 interface=Uplink4 comment="" disabled=no
/ ip address add address=10.115.0.2/30 network=10.115.0.0 broadcast=10.115.0.3 interface=Uplink5 comment="" disabled=no
The router has 5 upstream (WAN) interfaces with the addresses of 10.111.0.2/30; 10.112.0.2/24; 10.113.0.2/30; 10.114.0.2/24 and 10.115.0.2/30. The LAN interface has the name "Local" and IP address of 192.168.0.1/24.
For the ip firewall mangle, 5 uplink connection need 5 connection mark and 5 routing mark.
Mangle 1 : nth : 5,1
Mangle 2 : nth : 4,1
Mangle 3 : nth : 3,1
Mangle 4 : nth : 2,1
Mangle 5 : No nth
Here the explanation :
Mangle 1 : read all traffic and match 1/5 of traffic
Mangle 2 : read 4/5 traffic and match 1/4 of they traffic (1/5 total traffic)
Mangle 3 : read 3/4 from 4/5 traffic above (or 3/5 total traffic) and match 1/2 traffic above (1/5 total traffic)
Mangle 4 : read 2/3 from 3/5 total traffic (or 2/5 total traffic) and match 1/2 traffic above (1/5 total traffic)
Mengle 5 : read the rest of traffic (1/5 total traffic)
Thats it. Now you can try your setting.
Happy Surfing with 5 Connection.. :)
=================================================
Update :
Route
In addition to using the route as above, you can also use rules like this:
/ ip route add dst-address=0.0.0.0/0 gateway=Uplink1 scope=255 target-scope=10 routing-mark=conn1 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=Uplink2 scope=255 target-scope=10 routing-mark=conn2 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=Uplink3 scope=255 target-scope=10 routing-mark=conn3 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=Uplink4 scope=255 target-scope=10 routing-mark=conn4 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=Uplink5 scope=255 target-scope=10 routing-mark=conn5 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=Uplink1 scope=255 target-scope=10 comment="" disabled=no
With these rules, you do not need to be worried anymore if your uplink use a dynamic IP address, like ADSL connection.
About You :
38.107.179.244
United StatesBrowser :
UnknownOperating System :
UnknownKeep This Site Alive
Your Comment On Tutorial:
- Blocking Internet Explorer 6 w...
What is your favorite sitcom most? buy zithromax More... - Setting up a basic MikroTik ho...
Hello, I already tried 300x times to configure a M... More... - Load Balancing on MikroTik
aq coba load balancing . jk tak cabut dr provider ... More... - Setting up a basic MikroTik ho...
From the terminal: /ip hotspot reset-html From Win... More... - Setting Up no-password SSH
KOVAL ! why do you only respond to people who thre... More...
Comments
Kalo ga berhasil, bisalah nanti aku bantuin
Gratis (No Fee) yo mas... aku melu
Seharusnya itu tidak error lho, karena itu emang dah ada fasilitasnya di mikrotik 3.x
Hi.
I have 6 ether port like this example and have 6 of public/dynamic IP with 100Mbps per IP.
as you discribe, i want using ether1 for incoming transaction from remote pptp clients and load balancing outgoing traffic for ether2~ether6 for pptp clients.
this is sample configuration for it. please check and fix it. if there are some mitake.
/ interface ethernet
set ether1 name="income"
set ether2 name="out1"
set ether3 name="out2"
set ether4 name="out3"
set ether5 name="out4"
set ether6 name="out5"
/ interface bridge
add name="income" arp=proxy-arp
/ interface bridge port
add interface=income bridge=lan
/ ip address
add address=10.0.0.1/16 interface=lan
/ ip dns
allow-remote-requests=yes
/ ip firewall service-port
set pptp disabled=no
/ ip pool
add name="pptp" ranges=10.0.0.2-10.0.254.254
add name="pptp-in" local-address=10.0.0.1 remote-address=pptp use-encryption=default only-one=default change-tcp-mss=yes dns-server=10.0.0.1
/ interface pptp-server server
set enabled=yes max-mtu=1460 max-mru=1460 authentication=chap,mschap1,mschap2 default-profile=pptp-in
/ ip firewall nat add chain=srcnat src-address=10.0.0.2-10.0.254.254 action=masquerade
/ ip dhcp-client add interface=income user-peer=yes add-default-route=yes disable=no
/ ip dhcp-client add interface=out1 user-peer=yes add-default-route=yes disable=no
/ ip dhcp-client add interface=out2 user-peer=yes add-default-route=yes disable=no
/ ip dhcp-client add interface=out3 user-peer=yes add-default-route=yes disable=no
/ ip dhcp-client add interface=out4 user-peer=yes add-default-route=yes disable=no
/ ip dhcp-client add interface=out5 user-peer=yes add-default-route=yes disable=no
/ ip firewall mangle add chain=prerouting in-interface=lan connection-mark=conn1 action=mark-routing new-routing-mark=conn1 passthrough=no comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=lan connection-state=new nth=4,1 action=mark-connection new-connection-mark=conn2 passthrough=yes comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=lan connection-mark=conn2 action=mark-routing new-routing-mark=conn2 passthrough=no comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=lan connection-state=new nth=3,1 action=mark-connection new-connection-mark=conn3 passthrough=yes comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=lan connection-state=new nth=2,1 action=mark-connection new-connection-mark=conn4 passthrough=yes comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=lan connection-mark=conn4 action=mark-routing new-routing-mark=conn4 passthrough=no comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=lan connection-state=new action=mark-connection new-connection-mark=conn5 passthrough=yes comment="" disabled=no
/ ip firewall mangle add chain=prerouting in-interface=lan connection-mark=conn5 action=mark-routing new-routing-mark=conn5 passthrough=no comment="" disabled=no
/ ip firewall nat add chain=srcnat connection-mark=conn2 action=masquerade out-interface=out2 comment="" disabled=no
/ ip firewall nat add chain=srcnat connection-mark=conn3 action=masquerade out-interface=out3 comment="" disabled=no
/ ip firewall nat add chain=srcnat connection-mark=conn4 action=masquerade out-interface=out4 comment="" disabled=no
/ ip firewall nat add chain=srcnat connection-mark=conn5 action=masquerade out-interface=out5 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=out1 scope=255 target-scope=10 routing-mark=conn1 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=out2 scope=255 target-scope=10 routing-mark=conn2 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=out4 scope=255 target-scope=10 routing-mark=conn4 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=out5 scope=255 target-scope=10 routing-mark=conn5 comment="" disabled=no
/ ip route add dst-address=0.0.0.0/0 gateway=out1 scope=255 target-scope=10 comment="" disabled=no
I don't know What i need to do again... please help..
/ interface bridge
add name="lan" arp=proxy-arp
My goal is simple.
if user1 connect to pptp server interface "income" then assign to user1's pptp client 10.0.254.254 and all of user1's traffic need to goingout to "out1" interface.
and next, user2 connect to pptp server interface "income" again then assign to user2's pptp client 10.0.254.253 and all of user1's traffic need to goingout to "out2" interface.
viagra canada pharmacy
buy zithromax online
RSS feed for comments to this post.