mikrotik pcc load balancing dengan external proxy.docx
DESCRIPTION
Loadbalance with PCC MethodeTRANSCRIPT
Mikrotik PCC Load Balancing dengan External Proxy
Topologi
*)IP pada ilustrasi bukanlah IP yang digunakan untuk tutorial berikut
Sebagai gambarannya mungkin seperti ini : 3 line spidi, 1 line proxy dan 1 line local yang nancep di colokan RB750G nya… Konfigurasi dasar :
1. Seting Interface yang digunakan
1 /interface ethernet
2 set 0 comment="Public Interface 1" name=Public_13 set 1 comment="Public Interface 2" name=Public_24 set 2 comment="Public Interface 3" name=Public_35 set 3 comment="Local Interface" name=Local6 set 4 comment="Proxy Interface" name=Proxy
2. Seting pppoe-client nya, 3 line yang digunakan ‘tanpa default route’
01 /interface pppoe-client
02 add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment=\
03 pppoe_1 dial-on-demand=no disabled=no interface=Public_1 max-mru=1480 \
04 max-mtu=1480 mrru=disabled name=pppoe_1 password=********* profile=\
05 default service-name="" use-peer-dns=no user=*********@telkom.net
06 add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment=\
07 pppoe_2 dial-on-demand=no disabled=no interface=Public_2 max-mru=1480 \
08 max-mtu=1480 mrru=disabled name=pppoe_2 password=********* profile=\
09 default service-name="" use-peer-dns=no user=*********@telkom.net
10 add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment=\
11 pppoe_3 dial-on-demand=no disabled=no interface=Public_3 max-mru=1480 \
12 max-mtu=1480 mrru=disabled name=pppoe_3 password=********* profile=\
13 default service-name="" use-peer-dns=no user=*********@telkom.net
3. IP Address yang dipake masing-masing interface pada RB750G nya
01 /ip address
02 add address=192.168.1.12/24 broadcast=192.168.1.255 comment="" disabled=no \
03 interface=Public_1 network=192.168.1.0
04 add address=192.168.2.12/24 broadcast=192.168.2.255 comment="" disabled=no \
05 interface=Public_2 network=192.168.2.0
06 add address=192.168.3.12/24 broadcast=192.168.3.255 comment="" disabled=no \
07 interface=Public_3 network=192.168.3.0
08 add address=10.20.30.200/24 broadcast=10.20.30.255 comment="" disabled=no \
09 interface=Local network=10.20.30.0
10 add address=192.168.10.1/24 broadcast=192.168.10.255 comment="" disabled=no \
11 interface=Proxy network=192.168.10.0
4. DNS yang digunakan
1 /ip dns
2 set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
3 max-udp-packet-size=512 servers=\
4 125.160.4.82,203.130.196.155,203.130.196.5,222.124.204.34,202.134.0.61
5. IP route dan routing-mark nya
01 /ip route
02 add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
03 pppoe_1 routing-mark=pppoe_1 scope=30 target-scope=10
04 add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
05 pppoe_1 routing-mark=pppoe_1 scope=30 target-scope=10
06 add check-gateway=ping disabled=no distance=3 dst-address=0.0.0.0/0 gateway=\
07 pppoe_1 routing-mark=pppoe_1 scope=30 target-scope=10
08 add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
09 pppoe_2 routing-mark=pppoe_2 scope=30 target-scope=10
10 add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
11 pppoe_2 routing-mark=pppoe_2 scope=30 target-scope=10
12 add check-gateway=ping disabled=no distance=3 dst-address=0.0.0.0/0 gateway=\
13 pppoe_2 routing-mark=pppoe_2 scope=30 target-scope=10
14 add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
15 pppoe_3 routing-mark=pppoe_3 scope=30 target-scope=10
16 add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
17 pppoe_3 routing-mark=pppoe_3 scope=30 target-scope=10
18 add check-gateway=ping disabled=no distance=3 dst-address=0.0.0.0/0 gateway=\
19 pppoe_3 routing-mark=pppoe_3 scope=30 target-scope=10
20 add check-gateway=ping comment="Default Route pppoe1 - Distance 1" disabled=\
21 no distance=1 dst-address=0.0.0.0/0 gateway=pppoe_1 scope=30 \
22 target-scope=10
23 add check-gateway=ping comment="Default Route pppoe2 - Distance 1" disabled=\
24 no distance=2 dst-address=0.0.0.0/0 gateway=pppoe_2 scope=30 \
25 target-scope=10
26 add check-gateway=ping comment="Default Route pppoe3 - Distance 1" disabled=\27 no distance=3 dst-address=0.0.0.0/0 gateway=pppoe_3 scope=30 \
28 target-scope=10
6. Bikin address list dari localnet dan proxynet
1 /ip firewall address-list
2 add address=10.20.30.0/24 comment="" disabled=no list=LocalNET
3 add address=192.168.10.0/24 comment="" disabled=no list=ProxyNET
7. Kemudian bikin NAT nya untuk masquerade pppoe, trasparent dns dan transparent proxy
01 /ip firewall nat
02 add action=masquerade chain=srcnat comment=MASQUERADE1 disabled=no \
03 out-interface=pppoe_1
04 add action=masquerade chain=srcnat comment=MASQUERADE2 disabled=no \
05 out-interface=pppoe_2
06 add action=masquerade chain=srcnat comment=MASQUERADE3 disabled=no \
07 out-interface=pppoe_3
08 add action=dst-nat chain=dstnat comment="TRANSPARENT DNS" disabled=no \
09 dst-port=53 in-interface=Local protocol=udp to-ports=53
10 add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
11 in-interface=Local protocol=tcp to-ports=53
12 add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
13 in-interface=Proxy protocol=udp to-ports=53
14 add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
15 in-interface=Proxy protocol=tcp to-ports=53
16 add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY" disabled=no \17 dst-address-list=!ProxyNET dst-port=80,8080,3128 in-interface=Local \
18 protocol=tcp to-addresses=192.168.10.2 to-ports=3128
Setelah selesai dengan konfigurasi dasar, mulai dengan konfigurasi load balancingnya
8. Seperti biasa, taruh packet-mark proxy-hit pada baris teratas pada mangle
1 /ip firewall mangle
2 add action=mark-packet chain=forward comment="PROXY-HIT-DSCP 12" disabled=no \3 dscp=12 new-packet-mark=proxy-hit passthrough=no
9. Karena dalam pemanfaatan LB-PCC ini untuk mem’balance’ http traffic serta penggunaan external proxy,
maka interface yang digunakan adalah Proxy Interface dengan protocol tcp dan dst-port 80. Langkah pertama adalah ‘menangkap’ koneksi baru yang masuk pada masing-masing interface pppoe, hal ini untuk menjamin packet yang masuk akan di reply oleh interface yang sama.
01 add action=mark-connection chain=input comment=\
02 "-ImeR- PCC RULE ---- MARK ALL PPPoE CONN" connection-state=new \03 disabled=no in-interface=pppoe_1 new-connection-mark=pppoe1_conn \
04 passthrough=yes
05 add action=mark-connection chain=input comment="" connection-state=new \
06 disabled=no in-interface=pppoe_2 new-connection-mark=pppoe2_conn \
07 passthrough=yes
08 add action=mark-connection chain=input comment="" connection-state=new \09 disabled=no in-interface=pppoe_3 new-connection-mark=pppoe3_conn \
10 passthrough=yes
11 add action=mark-connection chain=prerouting comment="" connection-state=\
12 established disabled=no in-interface=pppoe_1 new-connection-mark=\
13 pppoe1_conn passthrough=yes
14 add action=mark-connection chain=prerouting comment="" connection-state=\15 established disabled=no in-interface=pppoe_2 new-connection-mark=\
16 pppoe2_conn passthrough=yes
17 add action=mark-connection chain=prerouting comment="" connection-state=\
18 established disabled=no in-interface=pppoe_3 new-connection-mark=\
19 pppoe3_conn passthrough=yes
20 add action=mark-connection chain=prerouting comment="" connection-state=\21 related disabled=no in-interface=pppoe_1 new-connection-mark=pppoe1_conn \
22 passthrough=yes
23 add action=mark-connection chain=prerouting comment="" connection-state=\
24 related disabled=no in-interface=pppoe_2 new-connection-mark=pppoe2_conn \
25 passthrough=yes
26 add action=mark-connection chain=prerouting comment="" connection-state=\27 related disabled=no in-interface=pppoe_3 new-connection-mark=pppoe3_conn \
28 passthrough=yes
29 add action=mark-routing chain=output comment="" connection-mark=pppoe1_conn \
30 disabled=no new-routing-mark=pppoe_1 passthrough=no
31 add action=mark-routing chain=output comment="" connection-mark=pppoe2_conn \
32 disabled=no new-routing-mark=pppoe_2 passthrough=no
33 add action=mark-routing chain=output comment="" connection-mark=pppoe3_conn \
34 disabled=no new-routing-mark=pppoe_3 passthrough=no
10. Kemudian acara ‘ngelbe’ koneksi yang masuk dari interface proxy dengan metode PCC, inget yang di routing adalah protocol tcp dengan dst-port 80
01 add action=mark-connection chain=prerouting comment=\
02 "-ImeR- PCC RULE ---- MARK ALL PROXY CONN" \
03 connection-state=new disabled=no dst-address-type=!local dst-port=80 \
04 in-interface=Proxy new-connection-mark=pr_pppoe_1 passthrough=yes \
05 per-connection-classifier=both-addresses-and-ports:3/0 protocol=tcp
06 add action=mark-connection chain=prerouting comment="" connection-state=new \
07 disabled=no dst-address-type=!local dst-port=80 in-interface=Proxy \
08 new-connection-mark=pr_pppoe_2 passthrough=yes per-connection-classifier=\
09 both-addresses-and-ports:3/1 protocol=tcp
10 add action=mark-connection chain=prerouting comment="" connection-state=new \
11 disabled=no dst-address-type=!local dst-port=80 in-interface=Proxy \
12 new-connection-mark=pr_pppoe_3 passthrough=yes per-connection-classifier=\
13 both-addresses-and-ports:3/2 protocol=tcp
14 add action=mark-connection chain=prerouting comment="" connection-state=\15 established disabled=no dst-address-type=!local dst-port=80 in-interface=\
16 Proxy new-connection-mark=pr_pppoe_1 passthrough=yes \
17 per-connection-classifier=both-addresses-and-ports:3/0 protocol=tcp
18 add action=mark-connection chain=prerouting comment="" connection-state=\19 established disabled=no dst-address-type=!local dst-port=80 in-interface=\
20 Proxy new-connection-mark=pr_pppoe_2 passthrough=yes \
21 per-connection-classifier=both-addresses-and-ports:3/1 protocol=tcp
22 add action=mark-connection chain=prerouting comment="" connection-state=\23 established disabled=no dst-address-type=!local dst-port=80 in-interface=\
24 Proxy new-connection-mark=pr_pppoe_3 passthrough=yes \
25 per-connection-classifier=both-addresses-and-ports:3/2 protocol=tcp
26 add action=mark-connection chain=prerouting comment="" connection-state=\27 related disabled=no dst-address-type=!local dst-port=80 in-interface=\
28 Proxy new-connection-mark=pr_pppoe_1 passthrough=yes \
29 per-connection-classifier=both-addresses-and-ports:3/0 protocol=tcp
30 add action=mark-connection chain=prerouting comment="" connection-state=\31 related disabled=no dst-address-type=!local dst-port=80 in-interface=\
32 Proxy new-connection-mark=pr_pppoe_2 passthrough=yes \
33 per-connection-classifier=both-addresses-and-ports:3/1 protocol=tcp
34 add action=mark-connection chain=prerouting comment="" connection-state=\35 related disabled=no dst-address-type=!local dst-port=80 in-interface=\
36 Proxy new-connection-mark=pr_pppoe_3 passthrough=yes \
37 per-connection-classifier=both-addresses-and-ports:3/2 protocol=tcp
11. Jangan lupa tandai packetnya, fungsinya untuk memberikan batasan limit pada queue tree nantinya
1 add action=mark-packet chain=forward comment=\
2 "-ImeR- PCC RULE ---- MARK HTTP" connection-mark=pr_pppoe_1 disabled=\
3 no new-packet-mark=http_pppoe1_pkt passthrough=no
4 add action=mark-packet chain=forward comment="" connection-mark=pr_pppoe_2 \
5 disabled=no new-packet-mark=http_pppoe2_pkt passthrough=no
6 add action=mark-packet chain=forward comment="" connection-mark=pr_pppoe_3 \7 disabled=no new-packet-mark=http_pppoe3_pkt passthrough=no
12. Setelah itu mengarahkan routing-marknya
1 add action=mark-routing chain=prerouting comment=\
2 "-ImeR- PCC RULE ---- MARK ROUTE" connection-mark=pr_pppoe_1 \
3 disabled=no new-routing-mark=pppoe_1 passthrough=yes
4 add action=mark-routing chain=prerouting comment="" connection-mark=\
5 pr_pppoe_2 disabled=no new-routing-mark=pppoe_2 passthrough=yes
6 add action=mark-routing chain=prerouting comment="" connection-mark=\7 pr_pppoe_3 disabled=no new-routing-mark=pppoe_3 passthrough=yes
Selesai deh…. semua http-traffic dari proxy interface akan terbagi merata keluar masuk pada
masing-masing interface pppoe. Selanjutnya tinggal markconn dari interface lokal aja untuk limit download dan upload nya. Hasil akhir kira-kira seperti ini :