0% found this document useful (0 votes)

333 views22 pages

Load Balance Mikrotik

The document discusses load balancing and policy routing. It presents a sample network topology using two ISPs with policy routing to a VPN server. It then provides configuration examples for getting IP addresses, establishing the VPN connection, using mangle rules to mark traffic for routing, adding routes and NAT rules. Packet flow is illustrated with an example of how a packet and its reply would be processed through the mangle rules and connection tracking.

Uploaded by

dlookung

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

333 views22 pages

Load Balance Mikrotik

Uploaded by

dlookung

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 22

Understanding Load

Balance and Policy

Route
1

andrew zheng!
edcwifi co limited

About Me

Mikrotik Trainer No. 75!

Certificate: MTCNA, MTCWE, MTCRE,
MTCTCE, MTCUME, MTCINE, UBWA,
UEWA

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

About EDCwifi
Mikrotik Distributor with stock point at
Hongkong, Shenzhen and Beijing.!
Mikrotik Authorized Training partner.!
Customizing partner for MfM (made for
Mikrotik) product.!
www.edcwifi.com & www.edcwifi.com.cn
EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

Made for Mikrotik

Face off your device
RB750series

RB450series

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

SOHO customers mostly requires:

Automatic Fail Over!

Reliable Load Balance!
Policy Route

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

Topology

ISP1
192.168.0.1

Policy route to VPN

10.1.1.88
ether1!
192.168.0.1

LAN

VPN!
Server!
ISP

VPN!
Server

Router

local IP 192.168.12.99!
remote IP 192.168.12.165

ISP2

10.2.2.88

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

Sample configuration
Get IP address from ISP

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

Dial VPN connection (optional for

policy route)

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

Mangle Rules!
All packets with gateway router IP as destination
should be accept

0
EDCwifi - Andrew Zheng

Skipping PCC rules for packets with !

router gateway IP as its destination!
to their gateway router.!
(for correcting DNS request and!
other services)

2015, April 17 - Vietnam MUM

Mangle Rules!
Make sure all packets coming from WAN interface
going out from the same WAN interface

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

Mangle Rules and Address list!

VPN policy route
Address list example

6
Add all IP addresses that !
planned to go !
through VPN connection

EDCwifi - Andrew Zheng

mark connection of every packets with !

IP destination address listed in !
VPN address list
11

2015, April 17 - Vietnam MUM

Mangle Rules!
Connection Mark base on PCC

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

Mangle Rules!
Route Mark for PCC

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

Mangle Rules!
Route Mark for Output Chain

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

IP Route Rules!
Add Default Gateway for our Routing Mark

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

IP Route Rules!
Fail Over
By adding default gateway!
that not booked for routing mark!
we already create fail over system.!
Just adjust the distance for !
priority purpose

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

NAT

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

Checking PCC Result

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

Checking Policy routes Result

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

Packet Flow with mangle chain simple explanation

packet A, going into ether1 with src add: 192.168.0.2 and dst add: 222.111.222.111
checking DST-IP!
to local or forward-!
checking DST-NAT!
packet A!
packet
A!
packet A!
output interfacesrc:192.168.0.2!
rules
src:192.168.0.2!
dst: 222.111.222.111!
1-conn!
1-route!
in int: ether1

src:192.168.0.2!
dst: 222.111.222.111!
1-conn!
1-route!
in int: ether1

DSTNAT

checking mangle forward-!

filter forward

dst: 222.111.222.111!
1-conn!
1-route!
in int: ether1!
out int: ISP1

Mangle
forward

Routing
Decision

add mangle 1-conn!

and 1-route

packet A!
src:192.168.0.2!
dst: 222.111.222.111!
in int: ether1!
no mark

Recording !
conn track

packet A!
src:192.168.0.2!
dst: 222.111.222.111!
in int: ether1!
no mark

packet A!
src:192.168.0.2!
dst: 222.111.222.111!
1-conn!
1-route!
in int: ether1!
out int ISP1

Filter!
Forward

Routing
Adjustment

Mangle
postrouting

Mangle
prerouting

connection
tracking

Input interface!
eq: ether1,
ether2,ether3, etc

EDCwifi - Andrew Zheng

SRCNAT

Mangle
input

Local Process

connection
tracking

Mangle
output

Output interface!
eq: ether1,
ether2,ether3, etc

checking mangle !
post routing
packet A!
src:192.168.0.2!
dst: 222.111.222.111!
1-conn!
1-route!
out int ISP1

Change SRC IP
packet A!
src:10.1.1.97!
dst: 222.111.222.111!
1-conn!
1-route!
out int ISP1

packet A!
src:10.1.1.97!
dst: 222.111.222.111!

2015, April 17 - Vietnam MUM

Packet Flow with mangle chain simple explanation

replied packet A (A-1), going into ISP1 interface with src add: 222.111.222.111 and dst add: 10.1.1.97
checking DST-IP!
to local or forward-!
checking DST-NAT!
packet A-1!
rules
packet A-1! output interface
packet A-1!
src: 222.111.222.111!
dst: 192.168.0.2!
1-conn!
in int: ISP1

src: 222.111.222.111!
dst: 10.1.1.97!
1-conn!
in int: ISP1

DSTNAT

checking mangle forward-!

filter forward

src: 222.111.222.111!
dst: 192.168.0.2!
1-conn!
in int: ISP1!
goto Ether1

Mangle
forward

Routing
Decision

Check mangle pre-routing,!

adding mark !
1-conn

packet A-1!
src: 222.111.222.111!
dst: 10.1.1.97!
in int: ISP1!
recognize this packet is
one connection with A

check and update!

conn-track

packet A-1!
src: 222.111.222.111!
dst: 10.1.1.97!
in int: ISP1

packet A-1!
src: 222.111.222.111!
dst: 192.168.0.2!
1-conn!
in int: ISP1!
out int ether1

Filter!
Forward

Routing
Adjustment

Mangle
postrouting

Mangle
prerouting

connection
tracking

Input interface!
eq: ether1,
ether2,ether3, etc

checking mangle !
post routing
packet A-1!
src: 222.111.222.111!
dst: 192.168.0.2!
1-conn!
out int ether1

SRCNAT

Mangle
input

Local Process

connection
tracking

Mangle
output

Output interface!
eq: ether1,
ether2,ether3, etc

Change SRC IP
packet A-1!
src: 222.111.222.111!
dst: 192.168.0.2!
1-conn!
out int ether1

packet A-1!
src: 222.111.222.111!
dst: 192.168.0.2!

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

Any Question?
Thank you!
For Goods Inquiry: marketing@edcwifi.com!
For Training Inquiry: training@edcwifi.com!
See you again

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

CloudEngine 8800&7800&6800&5800 V200R002C50SPC800 Upgrade Guide
100% (1)
CloudEngine 8800&7800&6800&5800 V200R002C50SPC800 Upgrade Guide
85 pages
Load Balance With Masquerade Network On Routeros: Janis Megis (Mikrotik) Valens Riyadi (Citraweb)
No ratings yet
Load Balance With Masquerade Network On Routeros: Janis Megis (Mikrotik) Valens Riyadi (Citraweb)
36 pages
Traffic PDF
100% (4)
Traffic PDF
162 pages
BSI Mikrotik Security Presentation
100% (2)
BSI Mikrotik Security Presentation
69 pages
IP Firewall Raw Protect Connection-Tracking
No ratings yet
IP Firewall Raw Protect Connection-Tracking
32 pages
HotSpot Gateway
No ratings yet
HotSpot Gateway
20 pages
Mtcna Training Materials (2013-01)
No ratings yet
Mtcna Training Materials (2013-01)
432 pages
01 MTCWE Wireless Fundamentals
No ratings yet
01 MTCWE Wireless Fundamentals
50 pages
Mtcre HP2018
No ratings yet
Mtcre HP2018
93 pages
Mtcna Modul v3 by Agso
No ratings yet
Mtcna Modul v3 by Agso
321 pages
MikroTik Routers and Wireless - Training
No ratings yet
MikroTik Routers and Wireless - Training
6 pages
Mikrotik Routeros Training Advanced Wireless Mtcwe
No ratings yet
Mikrotik Routeros Training Advanced Wireless Mtcwe
164 pages
Academy MKI
No ratings yet
Academy MKI
412 pages
Mtcna PDF
No ratings yet
Mtcna PDF
683 pages
Mtcna PDF
No ratings yet
Mtcna PDF
271 pages
Example Fully Manual Setting Up Capsman Wi-Fi On Mikrotik Router (Seamless Roaming)
No ratings yet
Example Fully Manual Setting Up Capsman Wi-Fi On Mikrotik Router (Seamless Roaming)
29 pages
Mikrotik Reference Manual v3
83% (6)
Mikrotik Reference Manual v3
491 pages
Monitor MikroTik With Logstail - Com Hosted ELK Stack
No ratings yet
Monitor MikroTik With Logstail - Com Hosted ELK Stack
8 pages
NetworkPro On Quality of Service - MikroTik Wiki
No ratings yet
NetworkPro On Quality of Service - MikroTik Wiki
9 pages
MTCNA Pesentation Material - English
100% (1)
MTCNA Pesentation Material - English
197 pages
Wireless and Bridging With VLAN
No ratings yet
Wireless and Bridging With VLAN
83 pages
Advanced Mikrotik Training: Routing (MTCRE)
No ratings yet
Advanced Mikrotik Training: Routing (MTCRE)
6 pages
Network Simulator: Mikrotik
No ratings yet
Network Simulator: Mikrotik
27 pages
Wireless AP and CAPsMAN Case Study
No ratings yet
Wireless AP and CAPsMAN Case Study
42 pages
Queue Tree - Mutiple Wan Interfaces - What Should Be The Parent - MikroTik
No ratings yet
Queue Tree - Mutiple Wan Interfaces - What Should Be The Parent - MikroTik
25 pages
MikRoTik VPN Configuration
No ratings yet
MikRoTik VPN Configuration
5 pages
Manual - IP - DNS - MikroTik Wiki
No ratings yet
Manual - IP - DNS - MikroTik Wiki
5 pages
01 - MTCNA v5.4 - ALL
No ratings yet
01 - MTCNA v5.4 - ALL
334 pages
Manual - API - MikroTik Wiki
0% (1)
Manual - API - MikroTik Wiki
12 pages
Mtcre
100% (3)
Mtcre
93 pages
MikroTik Wiki - Init Setup
No ratings yet
MikroTik Wiki - Init Setup
5 pages
Ddos Detect Mikrotik
No ratings yet
Ddos Detect Mikrotik
30 pages
Mikrotik Training Schedule: Certified Network Associate
100% (1)
Mikrotik Training Schedule: Certified Network Associate
266 pages
How To - Implement Transparent Subnet Gateway Using Proxy ARP
No ratings yet
How To - Implement Transparent Subnet Gateway Using Proxy ARP
9 pages
Mikrotik
No ratings yet
Mikrotik
30 pages
Basic & Advanced Syllabus of Mikrotik
100% (1)
Basic & Advanced Syllabus of Mikrotik
3 pages
HTB Vs PCQ
No ratings yet
HTB Vs PCQ
26 pages
Transparently Bridge Two Networks Using MPLS - MikroTik Wiki
No ratings yet
Transparently Bridge Two Networks Using MPLS - MikroTik Wiki
3 pages
Mikrotik Capsman: Haydar Fadel May - 25 - 2014
No ratings yet
Mikrotik Capsman: Haydar Fadel May - 25 - 2014
34 pages
Mastering The XMPP Framework: Develop XMPP Chat Applications for iOS
From Everand
Mastering The XMPP Framework: Develop XMPP Chat Applications for iOS
Peter van de Put
4.5/5 (2)
Microtik OS
No ratings yet
Microtik OS
8 pages
MIKROTIK - FIREWALL - Firewall Marking
No ratings yet
MIKROTIK - FIREWALL - Firewall Marking
4 pages
Mikrotik Load Balancing 5
100% (1)
Mikrotik Load Balancing 5
10 pages
Balanceo PCC
No ratings yet
Balanceo PCC
3 pages
Bandwidth Management Config Mnaufalazkia
No ratings yet
Bandwidth Management Config Mnaufalazkia
26 pages
Tomas PDF
No ratings yet
Tomas PDF
48 pages
Bandwidth Based Load Balancing
No ratings yet
Bandwidth Based Load Balancing
48 pages
Multi-WAN W/ Auto Notification For WAN's Status Updates: by Mar Aeschyllus Flordeliza
No ratings yet
Multi-WAN W/ Auto Notification For WAN's Status Updates: by Mar Aeschyllus Flordeliza
20 pages
C7. Networking and Remote Access
No ratings yet
C7. Networking and Remote Access
35 pages
1 Network Fundamentals
No ratings yet
1 Network Fundamentals
15 pages
Network Engineer Master Class
No ratings yet
Network Engineer Master Class
4 pages
Balanceo de Carga Usando PCC (Per Connection Classifier) : (ISP1) (ISP2)
No ratings yet
Balanceo de Carga Usando PCC (Per Connection Classifier) : (ISP1) (ISP2)
3 pages
Balanceo 3 Adsl Pppoe
No ratings yet
Balanceo 3 Adsl Pppoe
2 pages
Huawei Cli Output Modifiers PDF
No ratings yet
Huawei Cli Output Modifiers PDF
4 pages
Cnunit 5
No ratings yet
Cnunit 5
40 pages
Load Balance On Mikrotik
No ratings yet
Load Balance On Mikrotik
15 pages
DCCN All Labs 2nd Year 1st Semester
No ratings yet
DCCN All Labs 2nd Year 1st Semester
9 pages
Interview Notes Rs & Security 2
No ratings yet
Interview Notes Rs & Security 2
104 pages
17.8.1 Lab - Design and Build A Small Network
No ratings yet
17.8.1 Lab - Design and Build A Small Network
6 pages
Plantilla OC - ten.RA01
No ratings yet
Plantilla OC - ten.RA01
7 pages
Simple Netwrok Setup
No ratings yet
Simple Netwrok Setup
28 pages
Log 56
No ratings yet
Log 56
3 pages
Balance Africano
No ratings yet
Balance Africano
52 pages
DS 2DF1 611 PDF
No ratings yet
DS 2DF1 611 PDF
2 pages
DS-2CD8153F-E (W) : 2MP Network Cube Camera
No ratings yet
DS-2CD8153F-E (W) : 2MP Network Cube Camera
1 page
SNMP Informant How-To - OpenNMS - The OpenNMS Project
No ratings yet
SNMP Informant How-To - OpenNMS - The OpenNMS Project
8 pages
CCNA 1 Final Exam Answers 2019 (v5.1+v6.0) Introduction To Networks
No ratings yet
CCNA 1 Final Exam Answers 2019 (v5.1+v6.0) Introduction To Networks
67 pages
Switchboard Wise Feeder List: Board
No ratings yet
Switchboard Wise Feeder List: Board
1 page
2 Memoire Meftah2018
No ratings yet
2 Memoire Meftah2018
106 pages
Datasheet M1200S
No ratings yet
Datasheet M1200S
6 pages
Lecture 16
No ratings yet
Lecture 16
23 pages
Network Security VAPT Checklist
No ratings yet
Network Security VAPT Checklist
7 pages
User Guide: 300Mbps High Power Wireless N Router MW330HP
No ratings yet
User Guide: 300Mbps High Power Wireless N Router MW330HP
62 pages
Computer Networks ns2
No ratings yet
Computer Networks ns2
20 pages
IPQ806x Hardware Acceleration - v2 PDF
100% (1)
IPQ806x Hardware Acceleration - v2 PDF
8 pages
VoLTE One Pager Accessibility DriveBased
No ratings yet
VoLTE One Pager Accessibility DriveBased
1 page
Lift Control Solution
No ratings yet
Lift Control Solution
1 page
Lecture 55 SVI
No ratings yet
Lecture 55 SVI
5 pages
CCIE Security - VPN Study Guide - Dynamic VTI - Local Authentication
No ratings yet
CCIE Security - VPN Study Guide - Dynamic VTI - Local Authentication
10 pages
Fast Lane - Ci-Dcnx
No ratings yet
Fast Lane - Ci-Dcnx
2 pages
DHCP Presentation
No ratings yet
DHCP Presentation
25 pages
List
No ratings yet
List
184 pages
Implementing Cisco Network Security Exam (210-260) : Security Concepts Common Security Principles
No ratings yet
Implementing Cisco Network Security Exam (210-260) : Security Concepts Common Security Principles
4 pages
5 2 3 3 Lab Troubleshooting Basic Single Area OSPFv2 and OSPFv3 ILM PDF
No ratings yet
5 2 3 3 Lab Troubleshooting Basic Single Area OSPFv2 and OSPFv3 ILM PDF
31 pages
List Harga
No ratings yet
List Harga
4 pages
Cisco - WLC Configuration Guide
No ratings yet
Cisco - WLC Configuration Guide
670 pages
ED6008
No ratings yet
ED6008
4 pages
Virtual Network Design Guide
No ratings yet
Virtual Network Design Guide
25 pages
TCP Operational Overview and The TCP Finite State Machine (FSM)
No ratings yet
TCP Operational Overview and The TCP Finite State Machine (FSM)
4 pages
Npoint 2000H User Guide
No ratings yet
Npoint 2000H User Guide
3 pages
Thunderbolt™ Networking Bridging and Routing Instructional White Paper
No ratings yet
Thunderbolt™ Networking Bridging and Routing Instructional White Paper
16 pages
Network Security Topics and Sub-Topics As Per Chapterwise
No ratings yet
Network Security Topics and Sub-Topics As Per Chapterwise
12 pages
B0700az V
No ratings yet
B0700az V
124 pages
Catalyst
No ratings yet
Catalyst
100 pages
Performance of Voip Services Over 3Gpp Wcdma Networks: Ozcan Ozturk Qualcomm
No ratings yet
Performance of Voip Services Over 3Gpp Wcdma Networks: Ozcan Ozturk Qualcomm
13 pages

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Load Balance Mikrotik

Uploaded by

Load Balance Mikrotik

Uploaded by

Understanding Load

Balance and Policy

Mikrotik Trainer No. 75!

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

2015, April 17 - Vietnam MUM

Made for Mikrotik

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

SOHO customers mostly requires:

Automatic Fail Over!

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

Policy route to VPN

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

Dial VPN connection (optional for

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

Skipping PCC rules for packets with !

2015, April 17 - Vietnam MUM

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

Mangle Rules and Address list!

EDCwifi - Andrew Zheng

mark connection of every packets with !

2015, April 17 - Vietnam MUM

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

Checking PCC Result

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

Checking Policy routes Result

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

Packet Flow with mangle chain simple explanation

checking mangle forward-!

add mangle 1-conn!

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

Packet Flow with mangle chain simple explanation

checking mangle forward-!

Check mangle pre-routing,!

check and update!

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

EDCwifi - Andrew Zheng

2015, April 17 - Vietnam MUM

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.