Posts Tagged MikroTik

Load Balance PCC Mikrotik dengan 2 WAN + 1 VPN

Per Connection Classifier (PCC) Load Balance ini digunakan untuk load balancing round-robin dengan konfigurasi sebagai berikut:

  1. Internet: Speedy menggunakan PPPOE.
  2. Internet: Wireless kantor menggunakan IP statis.
  3. VPN menggunakan IP statis.
Konfigurasi PPPoE Speedy
/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment="" \
    dial-on-demand=yes disabled=no interface=ether1-speedy max-mru=1480 \
    max-mtu=1480 mrru=disabled name=pppoe-speedy password=********** profile=\
    default service-name="" use-peer-dns=no user=************@telkom.net
Konfigurasi IP Address

Interface-interface yang menggunakan ip statis adalah br-lan yang merupakan interface lokal pada network 10.3.8.0/24, sedangkan WAN kantor (ether2-pde) pada network 192.168.51.0/24, dan VPN (ether3-sapk) pada network 178.199.25.176/28.

/ip address
add address=10.3.8.1/24 broadcast=10.3.8.255 comment=LAN disabled=\
    no interface=br-lan network=10.3.8.0
add address=192.168.51.52/24 broadcast=192.168.51.255 comment=PDE disabled=no \
    interface=ether2-pde network=192.168.51.0
add address=178.199.25.178/28 broadcast=178.199.25.191 comment=SAPK disabled=\
    no interface=ether3-sapk network=178.199.25.176

Untuk interface DMZ Speedy ether1-speedy menggunakan dhcp.

/ip dhcp-client
add comment="" disabled=no interface=ether1-speedy
Konfigurasi Firewall

Konfigurasi firewall mangle untuk menandai koneksi dan routing pada interface pppoe-speedy dan ether2-pde.

/ip firewall mangle
add action=mark-connection chain=input comment="PCC LB" disabled=no \
    in-interface=ether2-pde new-connection-mark=pde passthrough=yes
add action=mark-connection chain=input comment="" disabled=no in-interface=\
    pppoe-speedy new-connection-mark=speedy passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=pde disabled=\
    no new-routing-mark=pde passthrough=no
add action=mark-routing chain=output comment="" connection-mark=speedy \
    disabled=no new-routing-mark=speedy passthrough=no

Mangle berikut berfungsi untuk meloloskan paket dari lan yang menuju router.

/ip firewall mangle
add action=accept chain=prerouting comment="" disabled=no dst-address=\
    192.168.1.0/24 in-interface=br-lan
add action=accept chain=prerouting comment="" disabled=no dst-address=\
    192.168.51.0/24 in-interface=br-lan
add action=accept chain=prerouting comment="" disabled=no dst-address=\
    178.199.25.176/28 in-interface=br-lan

Mangle untuk balancing dengan PCC.

/ip firewall mangle
add action=mark-connection chain=prerouting comment="" disabled=no \
    dst-address-type=!local in-interface=br-lan new-connection-mark=pde \
    passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting comment="" disabled=no \
    dst-address-type=!local in-interface=br-lan new-connection-mark=speedy \
    passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting comment="" connection-mark=pde \
    disabled=no in-interface=br-lan new-routing-mark=pde passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=speedy \
    disabled=no in-interface=br-lan new-routing-mark=speedy passthrough=yes

Konfigurasi masquerade.

/ip firewall nat
add action=masquerade chain=srcnat comment=SPEEDY disabled=no out-interface=\
    pppoe-speedy
add action=masquerade chain=srcnat comment="SPEEDY DMZ" disabled=no \
    out-interface=ether1-speedy
add action=masquerade chain=srcnat comment=PDE disabled=no out-interface=\
    ether2-pde
add action=masquerade chain=srcnat comment=SAPK disabled=no out-interface=\
    ether3-sapk
Konfigurasi Routing
/ip route
add check-gateway=ping comment="" disabled=no distance=1 dst-address=\
    0.0.0.0/0 gateway=192.168.51.1 routing-mark=pde scope=30 target-scope=10
add check-gateway=ping comment="" disabled=no distance=1 dst-address=\
    0.0.0.0/0 gateway=pppoe-speedy routing-mark=speedy scope=30 target-scope=\
    10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    192.168.51.1 scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    pppoe-speedy scope=30 target-scope=10

Route ini merupakan route statis yang digunakan untuk meneruskan traffic ke interface VPN.

/ip route
add comment="" disabled=no distance=1 dst-address=178.200.200.0/24 gateway=\
    178.199.25.177 scope=30 target-scope=10
Konfigurasi DNS Resolver
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
    max-udp-packet-size=512 servers=125.160.4.82,118.97.232.51

, , ,

11 Comments