【RouterOS】——Multi-WAN load balance
[i=s] 本帖最後由 角色 於 2013-3-9 21:01 編輯 [/i]因为MikroTik可以做multi-WAN,但是怎样做load balance,有人找到参考资料:
[url]http://www.hkepc.com/forum/viewthread.php?tid=1887469&extra=page%3D2&page=65[/url] [i=s] 本帖最後由 bubblestar 於 2013-1-6 12:48 編輯 [/i]
Assuming we have 4 ADSL from ISP, we can make PCC (Per Connection Classifier) Load Balancing as followings. You may adjust the number of WAN connections to suit your own needs.[code]/ip firewall mangle
add action=change-mss chain=forward comment="" disabled=no new-mss=1480 protocol=tcp tcp-flags=syn
add action=mark-connection chain=input comment="" disabled=no in-interface=pppoe-out1 new-connection-mark=pppoe-out1_conn passthrough=yes
add action=mark-connection chain=input comment="" disabled=no in-interface=pppoe-out2 new-connection-mark=pppoe-out2_conn passthrough=yes
add action=mark-connection chain=input comment="" disabled=no in-interface=pppoe-out3 new-connection-mark=pppoe-out3_conn passthrough=yes
add action=mark-connection chain=input comment="" disabled=no in-interface=pppoe-out4 new-connection-mark=pppoe-out4_conn passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=pppoe-out1_conn disabled=no new-routing-mark=to_pppoe-out1 passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=pppoe-out2_conn disabled=no new-routing-mark=to_pppoe-out2 passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=pppoe-out3_conn disabled=no new-routing-mark=to_pppoe-out3 passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=pppoe-out4_conn disabled=no new-routing-mark=to_pppoe-out4 passthrough=yes
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=pppoe-out1_conn passthrough=yes per-connection-classifier=both-addresses:4/0 src-address=192.168.0.0/24
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=pppoe-out2_conn passthrough=yes per-connection-classifier=both-addresses:4/1 src-address=192.168.0.0/24
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=pppoe-out3_conn passthrough=yes per-connection-classifier=both-addresses:4/2 src-address=192.168.0.0/24
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=pppoe-out4_conn passthrough=yes per-connection-classifier=both-addresses:4/3 src-address=192.168.0.0/24
add action=mark-routing chain=prerouting comment="" connection-mark=pppoe-out1_conn disabled=no new-routing-mark=to_pppoe-out1 passthrough=yes src-address=192.168.0.0/24
add action=mark-routing chain=prerouting comment="" connection-mark=pppoe-out2_conn disabled=no new-routing-mark=to_pppoe-out2 passthrough=yes src-address=192.168.0.0/24
add action=mark-routing chain=prerouting comment="" connection-mark=pppoe-out3_conn disabled=no new-routing-mark=to_pppoe-out3 passthrough=yes src-address=192.168.0.0/24
add action=mark-routing chain=prerouting comment="" connection-mark=pppoe-out4_conn disabled=no new-routing-mark=to_pppoe-out4 passthrough=yes src-address=192.168.0.0/24
/ip route
add comment=adsl1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=to_pppoe-out1
add comment=adsl2 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=to_pppoe-out2
add comment=adsl3 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out3 routing-mark=to_pppoe-out3
add comment=adsl4 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out4 routing-mark=to_pppoe-out4
add comment=adsl1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1
add comment=adsl2 disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe-out2
add comment=adsl3 disabled=no distance=3 dst-address=0.0.0.0/0 gateway=pppoe-out3
add comment=adsl4 disabled=no distance=4 dst-address=0.0.0.0/0 gateway=pppoe-out4
add check-gateway=ping comment=adsl1 disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out1
add check-gateway=ping comment=adsl2 disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out2
add check-gateway=ping comment=adsl3 disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out3
add check-gateway=ping comment=adsl4 disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out4
/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe-out1
add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe-out2
add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe-out3
add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe-out4[/code] [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=29629&ptid=5158]2#[/url] [i]bubblestar[/i] [/b]
ADSL PCC我以前試過是可以的, 問題係香港fibre是用DHCP, 要人手入wan gateway. [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=29636&ptid=5158]3#[/url] [i]雯雯[/i] [/b]
我自己昨晚是用一條ADSL 及一條DHCP 混合做Dual WAN 設定的,沒有問題。 兩條或以上DHCP 應該可以同一做法。你試試看。 以下是DUAL WAN 做法,唔使咁亂,應該比較易看得明白,成功後可以慢慢加WAN。[code]/ip firewall mangle
add action=mark-connection chain=input comment="" disabled=no in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=input comment="" disabled=no in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes
add action=mark-connection chain=prerouting comment="Use PCC to mark connections 0 of 2" disabled=no dst-address-type=!local new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses:2/0 src-address=192.168.0.0/24
add action=mark-connection chain=prerouting comment="Use PCC to mark connections 1 of 2" disabled=no dst-address-type=!local new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses:2/1 src-address=192.168.0.0/24
add action=mark-routing chain=prerouting comment="" connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes src-address=192.168.0.0/24
add action=mark-routing chain=prerouting comment="" connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes src-address=192.168.0.0/24
/ip route
add comment=DHCP disabled=no distance=1 dst-address=0.0.0.0/0 gateway=WAN1 routing-mark=to_WAN1
add comment=ADSL disabled=no distance=1 dst-address=0.0.0.0/0 gateway=WAN2 routing-mark=to_WAN2
add comment=DHCP disabled=no distance=1 dst-address=0.0.0.0/0 gateway=WAN1
add comment=ADSL disabled=no distance=2 dst-address=0.0.0.0/0 gateway=WAN2
add check-gateway=ping comment=DHCP disabled=no distance=10 dst-address=0.0.0.0/0 gateway=WAN1
add check-gateway=ping comment=ADSL disabled=no distance=10 dst-address=0.0.0.0/0 gateway=WAN2
[/code] 第 6 及第 7 項 的 per-connection-classifier=both-addresses:2/0 和 per-connection-classifier=both-addresses:2/1 比較重要,若果是 3 WAN, 就分別是 3/0; 3/1; 3/2, 4WAN 就是 4/0; 4/1; 4/2; 4/3,如始類推。
一切由零開始。;P [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=29643&ptid=5158]6#[/url] [i]bubblestar[/i] [/b]
用兩部router搭了兩個DHCP enviroment給RB493G做WAN試了唔得, 上唔到網, 晚點再試試. [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=29691&ptid=5158]8#[/url] [i]雯雯[/i] [/b]
你本身兩條WAN,是否已經可以分別單獨上到網呢?
唔好意思,因為我假設上述所講的上網設定是已經做好了的,所以沒有再列出下面兩條上網必要的Scripts 出來,
如果沒有下面兩行,的確不能上網的,現在請你一併執行,上網應該沒有問題。[code]
/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN1
add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN2
[/code]再不行的話,可以用 WINBOX GUI 方法 ,參考這裡。
[url]http://www.itxbo.com/network/808.html[/url]
如用Scripts 的方法,你可以把四組WAN 先改為兩組WAN,然後再一次過Copy 到WinBox Terminal 直接執行,立刻見到效果。 但刪改至兩個WAN 時,要小心一些,不要刪走有用的Scripts,建議你放在Notepad++ 內修改觀看,會清楚很多。 [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=29644&ptid=5158]7#[/url] [i]bubblestar[/i] [/b]
那么traffic是怎样走呢?走WAN1,还是WAN2? [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=29695&ptid=5158]9#[/url] [i]bubblestar[/i] [/b]
我確定兩條線單獨可以上網, 但是在RouterOS就ping不到外網, 我是用windbox GUI+CLI設定的. [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=29696&ptid=5158]10#[/url] [i]角色[/i] [/b]
如果是簡單的分流,可以把上面第#6 貼裡的7、8 項的 src-address=192.168.0.0/24 稍作更改便可以了。[code]
/ip firewall mangle
add action=mark-routing chain=prerouting comment="" connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes src-address=192.168.0.2-192.168.0.127
add action=mark-routing chain=prerouting comment="" connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes src-address=192.168.0.128-192.168.0.254
[/code]註: 我自己仲未實際作此項測試的。 [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=29697&ptid=5158]11#[/url] [i]雯雯[/i] [/b]
其實我也跟你一樣會WinBox + Terminal 雙管齊下的。
那麼,可能你要檢查一下角色兄所提到的 5 條基本Firewall rules 了,是否有設定呢? PING 是其中一條。
[url]http://www.telecom-cafe.com/forum/viewthread.php?tid=5166&extra=page%3D1[/url] [b]回復 [url=http://www.telecom-cafe.com/forum/redirect.php?goto=findpost&pid=29636&ptid=5158]3#[/url] [i]雯雯[/i] [/b]
我最初買機學習時,也以為是的,但我們大多數用Dynamic IP,都感覺徬徨。現在發現是不一定用人手加的。 [i=s] 本帖最後由 bubblestar 於 2013-1-8 12:45 編輯 [/i]
指定某一個別網內電腦IP 使用WAN1 或 WAN2 的不同ISP 上網。例如HKBN或PCCW,可以用這樣的簡單做法。
在 WinBox IP Routes 按下Rules頁籤,然後按 "+"
把192.168.11.25 (例子) 打在Src. Address,記得附上遮罩
然後Action 選 lookup
Table選to_PCCW (我的例子叫法,你的可能是 to_HKBN)
測試下面第一次tracert 是否經PCCW 走之後,把上面Table 的 to_PCCW 改為 to_HKBN,再行第二次tracert測試,大家會看到同一部電腦已經可以分別經指定的ISP 走了。當然你可以做兩條Routing Rules,那麼,就咁Disable 其中一條作轉換,然後使用也可以,也會方便一些。
[attach]2149[/attach]
用 tracert [url]www.google.com.tw[/url] 分別測試PCCW 及 HKBN,成功地應用。
[attach]2150[/attach] 這樣設定的話,大家可以把VoIP Gateway / Asterisk Server / OBi110 以指定使用某條WAN 的方式進行溝通,跟其他DATA / BT / Multimedia stream 分開,防止擠塞。
另外,也可用作自己的特定網絡管理通道,跟其他一般User 分開。
其他用法,可以各自各精彩。 More examples on Multiple WANs.
[url]http://www.minitw.com/archives/409[/url] More information on Dual WANs
[url]http://home.swkls.org/mikrotik-dual-wan-routing-packet-flow/[/url] 剛才聽ckleea兄說bubblestar兄好像差不多完成了RouterOS DHCP Multi WAN, 請賜教! [url]http://forum.mikrotik.com/viewtopic.php?f=2&t=70715[/url] [i=s] 本帖最後由 fems 於 2015-2-4 04:41 編輯 [/i]
PCC不指定内网in interface的方法,把in interface条件,换成内部网络地址段(本例中的net_local),适合内部多网段的用户。
PS:增加PCC backup路由的设置。[code]/ip firewall address-list
add address=192.168.0.0/24 list=net_local
add address=192.168.1.0/24 list=net_local
add address=192.168.2.0/24 list=net_local
#
/ip firewall mangle
add action=accept chain=prerouting dst-address-list=net_local src-address-list=net_local
#
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=pppoe-wan1-out1 new-connection-mark=conn-pcc1
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=pppoe-wan1-out2 new-connection-mark=conn-pcc2
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local new-connection-mark=conn-pcc1 \
per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local new-connection-mark=conn-pcc2 \
per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=conn-pcc1 \
dst-address-list=!net_local new-routing-mark=route-pcc1 src-address-list=net_local
add action=mark-routing chain=prerouting connection-mark=conn-pcc2 \
dst-address-list=!net_local new-routing-mark=route-pcc2 src-address-list=net_local
add action=mark-routing chain=output connection-mark=conn-pcc1 \
new-routing-mark=route-pcc1
add action=mark-routing chain=output connection-mark=conn-pcc2 \
new-routing-mark=route-pcc2
#
/ip route
add check-gateway=ping comment=router-pcc1 distance=1 gateway=pppoe-wan1-out1 \
routing-mark=route-pcc1
add check-gateway=ping comment=router-pcc2 distance=1 gateway=pppoe-wan1-out2 \
routing-mark=route-pcc2
add check-gateway=ping comment=router-pcc1_backup distance=2 gateway=wan1-out2 \
routing-mark=pcc1-route
add check-gateway=ping comment=router-pcc2_backup distance=2 gateway=wan1-out1 \
routing-mark=pcc2-route
add check-gateway=ping distance=1 gateway=pppoe-wan1-out1
add check-gateway=ping distance=2 gateway=pppoe-wan1-out2
#
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-wan1-out1
add action=masquerade chain=srcnat out-interface=pppoe-wan1-out2[/code]
頁:
[1]