.::Blog Tentang Ku dan Untuk Para Pencinta Design Grafis::.

Minggu, 27 Mei 2012

ECMP Failover Script Mikrotik ver 3.10

Hai sobat-sobat semuanya...
Terbaru lagi ni di hari ini,
            Barusan ada teman yang minta tolong untuk seting mikrotik menjadi router load balance dan failover ternyata contoh-contoh script yang ada di Internet sebagian besar untuk mikrotik versi 2.9.x sehingga contoh-contoh script tersebut tidak dapat langsung digunakan.

Adapun network diagramnya kurang lebih sbb:
[topologi.jpg]

konfigurasi load balance dan failover mengacu pada :

karena paling praktis dan masuk akal bahwa selain traffic http sangat riskan jika harus berpindah-pindah gateway.

berikut adalah hasil export dari konfigurasi router mikrotik versi 3.10 yang digunakan

IP Address

# jun/13/2008 23:10:46 by RouterOS 3.10
# software id = A90W-3CT
#
/ip address

add address=10.95.130.133/29 broadcast=10.95.130.135 comment="" disabled=no \
 interface=WIRELESS network=10.95.130.128

add address=10.168.2.99/24 broadcast=10.168.2.255 comment="" disabled=no \
interface=ADSL network=10.168.2.0

add address=192.168.1.1/24 broadcast=192.168.1.255 comment="" disabled=no \
interface=LAN network=192.168.1.0

Routing

# jun/13/2008 23:10:02 by RouterOS 3.10
# software id = A90W-3CT
#
/ip route

add comment="SMTP Traffic out" disabled=no distance=1 dst-address=0.0.0.0/0 \
gateway=10.95.130.129 routing-mark=smtp-out scope=30 target-scope=10

add comment="Default Route to Internet Wireless" disabled=no distance=1 \
dst-address=0.0.0.0/0 gateway=10.95.130.129 scope=30 target-scope=10

add comment="ECMP route for HTTP" disabled=no distance=1 dst-address=\
0.0.0.0/0 gateway=10.95.130.129,10.168.2.1,10.168.2.1 routing-mark=\
ecmp-http-route scope=30 target-scope=10

add comment="Default Route to Internet ADSL" disabled=yes distance=1 \
dst-address=0.0.0.0/0 gateway=10.168.2.1 scope=30 target-scope=10

add comment="DNS Wireless" disabled=no distance=1 dst-address=\
202.95.128.60/32 gateway=10.95.130.129 scope=30 target-scope=10

add comment="DNS Speedy" disabled=no distance=1 dst-address=202.134.2.5/32 \
gateway=10.168.2.1 scope=30 target-scope=10


Mangle

# jun/13/2008 23:09:21 by RouterOS 3.10
# software id = A90W-3CT
#
/ip firewall mangle

add action=mark-routing chain=prerouting comment=\
" Route HTTP traffic to ECMP" disabled=no dst-port=80 new-routing-mark=\
ecmp-http-route passthrough=yes protocol=tcp

add action=mark-routing chain=prerouting comment="SMTP Traffic" disabled=no \
dst-port=25 new-routing-mark=smtp-out passthrough=yes protocol=tcp

NAT

# jun/13/2008 23:08:44 by RouterOS 3.10
# software id = A90W-3CT
#
/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no src-address=\
192.168.1.0/24


SCRIPT

# jun/13/2008 23:06:31 by RouterOS 3.10
# software id = A90W-3CT
#
/system script

add name=ecmp-shutdown policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source=":if ([/pin\
g 10.95.130.129 count=1]=0 || [/ping 10.168.2.1 count=1]=0) do={:log inf\
o \"Gateway down\" \r\
\n/ip route disable [/ip route find comment=\"ECMP route for HTTP\"] } els\
e {:log info \"ecmp-shutdown check ok\"}"

add name=ecmp-startup policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source=":if ([/pin\
g 10.95.130.129 count=1]=1 && [/ping 10.168.2.1 count=1]=1 && [/ip route\
get [find comment=\"ECMP route for HTTP\"] disabled]=true ) do={:log info\
\"Both Gateway are up\"\r\
\n/ip route enable [/ip route find comment=\"ECMP route for HTTP\"]} else \
{:log info \"ecmp-startup check ok\"}"

add name=wireless-gateway-check policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source=":if ([/pin\
g 10.95.130.129 count=1]=1) do={:log info \"Wireless Gateway are up\"\r\
\n/ip route enable [/ip route find comment=\"Default Route to Internet Wir\
eless\"]\r\
\n/ip route disable [/ip route find comment=\"Default Route to Internet AD\
SL\"]\r\
\n} else {:log info \"Wireless Gateway are down\"\r\
\n/ip route disable [/ip route find comment=\"Default Route to Internet Wi\
reless\"]\r\
\n/ip route enable [/ip route find comment=\"Default Route to Internet ADS\
L\"]\r\
\n}"

SCHEDULER

# jun/13/2008 23:08:12 by RouterOS 3.10
# software id = A90W-3CT
#
/system scheduler
add comment="" disabled=no interval=25s name=gateway-check1 on-event=\
ecmp-shutdown start-date=jun/13/2008 start-time=16:26:27

add comment="" disabled=no interval=30s name=gateway-check2 on-event=\
ecmp-startup start-date=jun/13/2008 start-time=16:26:27

add comment="" disabled=no interval=20s name=wireless-gateway-check on-event=\
wireless-gateway-check start-date=jun/13/2008 start-time=16:26:27

SUPAYA pengecekkan ke gateway WIRELESS tidak bisa lewat interface ADSL

Karena pengecekkan dilakukan menggunakan mekanisme ping = icmp maka agar pengecekkan gateway WIRELESS tidak bisa lewat interface ADSL diperlukan skrip berikut:

/ip firewall filter
add action=drop chain=output comment=\
"supaya ke gateway wireless tidak bisa lewat interface adsl" disabled=no \
dst-address=10.95.130.129 out-interface=ADSL protocol=icmp

Dengan script ini maka jika wireless down maka IP gateway WIRELESS tidak akan bisa diping melalui link ADSL tujuannya agar tidak terjadi kesalahan pengecekkan karena bisa saja ip gateway WIRELESS masih bisa diping melalui jaringan ADSL sehingga script menjadi tidak efektif.

semoga script-script diatas bisa langsung di import tinggal disesuaikan saja ip-ip nya

Kelemahan dari konfigurasi ini adalah ip 10.168.2.1 walaupun ADSL nya down tetap bisa diping karena itu ip dibelakang adsl-router harusnya 10.168.2.1 dibagian script diganti dengan ip statik ADSL , jadi kalau ADSL nya mati mestinya ip tersebut tidak bisa di ping.

Tidak ada komentar:

Posting Komentar

About