Mikrotik PCC Load Balancing dengan External Proxy

Posted: April 24, 2011 in Mikrotik RB750
http://apistech.wordpress.com/2010/03/27/mikrotik-pcc-load-balancing-dengan-external-proxy/

Mikrotik PCC Load Balancing dengan External Proxy
=================================================

Filed under: Mikrotik — ImeR @ 9:39 pm

Penjelasan ga usah panjang lebar, saya anggap sudah mengerti maksud load balancing itu apa. Terus terang ini pengalaman pertama kali ‘ngelbe’ jaringan PPPOE ‘produk pemerintah’ pake mikrotik… jadi bisa dianggap resiko tanggung malu kalo sampe ga jalan…. hehehe….

Bahan baku :
- Mikrotik RB750G ROS 4.6
- Jaringan PPPOE lebih dari satu*
- Mesin proxy external squid 2.7STABLE9 + zph DSCP 12

*)lha ya namanya ‘ngelbe’ musti lebih dari satu lah…

Topologi jaringan seperti dibawah ini :

*)IP pada ilustrasi bukanlah IP yang digunakan untuk tutorial berikut

Sebagai gambarannya mungkin seperti ini : 3 line spidi, 1 line proxy dan 1 line local yang nancep di colokan RB750G nya…

Konfigurasi dasar :

1. Seting Interface yang digunakan
view source
print?
1	/interface ethernet
2	set 0 comment="Public Interface 1" name=Public_1
3	set 1 comment="Public Interface 2" name=Public_2
4	set 2 comment="Public Interface 3" name=Public_3
5	set 3 comment="Local Interface" name=Local
6	set 4 comment="Proxy Interface" name=Proxy

2. Seting pppoe-client nya, 3 line yang digunakan ‘tanpa default route’
view source
print?
01	/interface pppoe-client
02	add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment=\
03	    pppoe_1 dial-on-demand=no disabled=no interface=Public_1 max-mru=1480 \
04	    max-mtu=1480 mrru=disabled name=pppoe_1 password=********* profile=\
05	    default service-name="" use-peer-dns=no user=*********@telkom.net
06	add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment=\
07	    pppoe_2 dial-on-demand=no disabled=no interface=Public_2 max-mru=1480 \
08	    max-mtu=1480 mrru=disabled name=pppoe_2 password=********* profile=\
09	    default service-name="" use-peer-dns=no user=*********@telkom.net
10	add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment=\
11	    pppoe_3 dial-on-demand=no disabled=no interface=Public_3 max-mru=1480 \
12	    max-mtu=1480 mrru=disabled name=pppoe_3 password=********* profile=\
13	    default service-name="" use-peer-dns=no user=*********@telkom.net

3. IP Address yang dipake masing-masing interface pada RB750G nya
view source
print?
01	/ip address
02	add address=192.168.1.12/24 broadcast=192.168.1.255 comment="" disabled=no \
03	    interface=Public_1 network=192.168.1.0
04	add address=192.168.2.12/24 broadcast=192.168.2.255 comment="" disabled=no \
05	    interface=Public_2 network=192.168.2.0
06	add address=192.168.3.12/24 broadcast=192.168.3.255 comment="" disabled=no \
07	    interface=Public_3 network=192.168.3.0
08	add address=10.20.30.200/24 broadcast=10.20.30.255 comment="" disabled=no \
09	    interface=Local network=10.20.30.0
10	add address=192.168.10.1/24 broadcast=192.168.10.255 comment="" disabled=no \
11	    interface=Proxy network=192.168.10.0

4. DNS yang digunakan
view source
print?
1	/ip dns
2	set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
3	    max-udp-packet-size=512 servers=\
4	    125.160.4.82,203.130.196.155,203.130.196.5,222.124.204.34,202.134.0.61

5. IP route dan routing-mark nya
view source
print?
01	/ip route
02	add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
03	    pppoe_1 routing-mark=pppoe_1 scope=30 target-scope=10
04	add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
05	    pppoe_1 routing-mark=pppoe_1 scope=30 target-scope=10
06	add check-gateway=ping disabled=no distance=3 dst-address=0.0.0.0/0 gateway=\
07	    pppoe_1 routing-mark=pppoe_1 scope=30 target-scope=10
08	add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
09	    pppoe_2 routing-mark=pppoe_2 scope=30 target-scope=10
10	add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
11	    pppoe_2 routing-mark=pppoe_2 scope=30 target-scope=10
12	add check-gateway=ping disabled=no distance=3 dst-address=0.0.0.0/0 gateway=\
13	    pppoe_2 routing-mark=pppoe_2 scope=30 target-scope=10
14	add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
15	    pppoe_3 routing-mark=pppoe_3 scope=30 target-scope=10
16	add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
17	    pppoe_3 routing-mark=pppoe_3 scope=30 target-scope=10
18	add check-gateway=ping disabled=no distance=3 dst-address=0.0.0.0/0 gateway=\
19	    pppoe_3 routing-mark=pppoe_3 scope=30 target-scope=10
20	add check-gateway=ping comment="Default Route pppoe1 - Distance 1" disabled=\
21	    no distance=1 dst-address=0.0.0.0/0 gateway=pppoe_1 scope=30 \
22	    target-scope=10
23	add check-gateway=ping comment="Default Route pppoe2 - Distance 1" disabled=\
24	    no distance=2 dst-address=0.0.0.0/0 gateway=pppoe_2 scope=30 \
25	    target-scope=10
26	add check-gateway=ping comment="Default Route pppoe3 - Distance 1" disabled=\
27	    no distance=3 dst-address=0.0.0.0/0 gateway=pppoe_3 scope=30 \
28	    target-scope=10

6. Bikin address list dari localnet dan proxynet
view source
print?
1	/ip firewall address-list
2	add address=10.20.30.0/24 comment="" disabled=no list=LocalNET
3	add address=192.168.10.0/24 comment="" disabled=no list=ProxyNET

7. Kemudian bikin NAT nya untuk masquerade pppoe, trasparent dns dan transparent proxy
view source
print?
01	/ip firewall nat
02	add action=masquerade chain=srcnat comment=MASQUERADE1 disabled=no \
03	    out-interface=pppoe_1
04	add action=masquerade chain=srcnat comment=MASQUERADE2 disabled=no \
05	    out-interface=pppoe_2
06	add action=masquerade chain=srcnat comment=MASQUERADE3 disabled=no \
07	    out-interface=pppoe_3
08	add action=dst-nat chain=dstnat comment="TRANSPARENT DNS" disabled=no \
09	    dst-port=53 in-interface=Local protocol=udp to-ports=53
10	add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
11	    in-interface=Local protocol=tcp to-ports=53
12	add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
13	    in-interface=Proxy protocol=udp to-ports=53
14	add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
15	    in-interface=Proxy protocol=tcp to-ports=53
16	add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY" disabled=no \
17	    dst-address-list=!ProxyNET dst-port=80,8080,3128 in-interface=Local \
18	    protocol=tcp to-addresses=192.168.10.2 to-ports=3128

Setelah selesai dengan konfigurasi dasar, mulai dengan konfigurasi load balancingnya

8. Seperti biasa, taruh packet-mark proxy-hit pada baris teratas pada mangle
view source
print?
1	/ip firewall mangle
2	add action=mark-packet chain=forward comment="PROXY-HIT-DSCP 12" disabled=no \
3	    dscp=12 new-packet-mark=proxy-hit passthrough=no

9. Karena dalam pemanfaatan LB-PCC ini untuk mem’balance’ http traffic serta penggunaan external proxy, maka interface yang digunakan adalah Proxy Interface dengan protocol tcp dan dst-port 80. Langkah pertama adalah ‘menangkap’ koneksi baru yang masuk pada masing-masing interface pppoe, hal ini untuk menjamin packet yang masuk akan di reply oleh interface yang sama
view source
print?
01	add action=mark-connection chain=input comment=\
02	    "-ImeR- PCC RULE ---- MARK ALL PPPoE CONN" connection-state=new \
03	    disabled=no in-interface=pppoe_1 new-connection-mark=pppoe1_conn \
04	    passthrough=yes
05	add action=mark-connection chain=input comment="" connection-state=new \
06	    disabled=no in-interface=pppoe_2 new-connection-mark=pppoe2_conn \
07	    passthrough=yes
08	add action=mark-connection chain=input comment="" connection-state=new \
09	    disabled=no in-interface=pppoe_3 new-connection-mark=pppoe3_conn \
10	    passthrough=yes
11	add action=mark-connection chain=prerouting comment="" connection-state=\
12	    established disabled=no in-interface=pppoe_1 new-connection-mark=\
13	    pppoe1_conn passthrough=yes
14	add action=mark-connection chain=prerouting comment="" connection-state=\
15	    established disabled=no in-interface=pppoe_2 new-connection-mark=\
16	    pppoe2_conn passthrough=yes
17	add action=mark-connection chain=prerouting comment="" connection-state=\
18	    established disabled=no in-interface=pppoe_3 new-connection-mark=\
19	    pppoe3_conn passthrough=yes
20	add action=mark-connection chain=prerouting comment="" connection-state=\
21	    related disabled=no in-interface=pppoe_1 new-connection-mark=pppoe1_conn \
22	    passthrough=yes
23	add action=mark-connection chain=prerouting comment="" connection-state=\
24	    related disabled=no in-interface=pppoe_2 new-connection-mark=pppoe2_conn \
25	    passthrough=yes
26	add action=mark-connection chain=prerouting comment="" connection-state=\
27	    related disabled=no in-interface=pppoe_3 new-connection-mark=pppoe3_conn \
28	    passthrough=yes
29	add action=mark-routing chain=output comment="" connection-mark=pppoe1_conn \
30	    disabled=no new-routing-mark=pppoe_1 passthrough=no
31	add action=mark-routing chain=output comment="" connection-mark=pppoe2_conn \
32	    disabled=no new-routing-mark=pppoe_2 passthrough=no
33	add action=mark-routing chain=output comment="" connection-mark=pppoe3_conn \
34	    disabled=no new-routing-mark=pppoe_3 passthrough=no

10. Kemudian acara ‘ngelbe’ koneksi yang masuk dari interface proxy dengan metode PCC, inget yang di routing adalah protocol tcp dengan dst-port 80
view source
print?
01	add action=mark-connection chain=prerouting comment=\
02	    "-ImeR- PCC RULE ---- MARK ALL PROXY CONN" \
03	    connection-state=new disabled=no dst-address-type=!local dst-port=80 \
04	    in-interface=Proxy new-connection-mark=pr_pppoe_1 passthrough=yes \
05	    per-connection-classifier=both-addresses-and-ports:3/0 protocol=tcp
06	add action=mark-connection chain=prerouting comment="" connection-state=new \
07	    disabled=no dst-address-type=!local dst-port=80 in-interface=Proxy \
08	    new-connection-mark=pr_pppoe_2 passthrough=yes per-connection-classifier=\
09	    both-addresses-and-ports:3/1 protocol=tcp
10	add action=mark-connection chain=prerouting comment="" connection-state=new \
11	    disabled=no dst-address-type=!local dst-port=80 in-interface=Proxy \
12	    new-connection-mark=pr_pppoe_3 passthrough=yes per-connection-classifier=\
13	    both-addresses-and-ports:3/2 protocol=tcp
14	add action=mark-connection chain=prerouting comment="" connection-state=\
15	    established disabled=no dst-address-type=!local dst-port=80 in-interface=\
16	    Proxy new-connection-mark=pr_pppoe_1 passthrough=yes \
17	    per-connection-classifier=both-addresses-and-ports:3/0 protocol=tcp
18	add action=mark-connection chain=prerouting comment="" connection-state=\
19	    established disabled=no dst-address-type=!local dst-port=80 in-interface=\
20	    Proxy new-connection-mark=pr_pppoe_2 passthrough=yes \
21	    per-connection-classifier=both-addresses-and-ports:3/1 protocol=tcp
22	add action=mark-connection chain=prerouting comment="" connection-state=\
23	    established disabled=no dst-address-type=!local dst-port=80 in-interface=\
24	    Proxy new-connection-mark=pr_pppoe_3 passthrough=yes \
25	    per-connection-classifier=both-addresses-and-ports:3/2 protocol=tcp
26	add action=mark-connection chain=prerouting comment="" connection-state=\
27	    related disabled=no dst-address-type=!local dst-port=80 in-interface=\
28	    Proxy new-connection-mark=pr_pppoe_1 passthrough=yes \
29	    per-connection-classifier=both-addresses-and-ports:3/0 protocol=tcp
30	add action=mark-connection chain=prerouting comment="" connection-state=\
31	    related disabled=no dst-address-type=!local dst-port=80 in-interface=\
32	    Proxy new-connection-mark=pr_pppoe_2 passthrough=yes \
33	    per-connection-classifier=both-addresses-and-ports:3/1 protocol=tcp
34	add action=mark-connection chain=prerouting comment="" connection-state=\
35	    related disabled=no dst-address-type=!local dst-port=80 in-interface=\
36	    Proxy new-connection-mark=pr_pppoe_3 passthrough=yes \
37	    per-connection-classifier=both-addresses-and-ports:3/2 protocol=tcp

11. Jangan lupa tandai packetnya, fungsinya untuk memberikan batasan limit pada queue tree nantinya
view source
print?
1	add action=mark-packet chain=forward comment=\
2	    "-ImeR- PCC RULE ---- MARK HTTP" connection-mark=pr_pppoe_1 disabled=\
3	    no new-packet-mark=http_pppoe1_pkt passthrough=no
4	add action=mark-packet chain=forward comment="" connection-mark=pr_pppoe_2 \
5	    disabled=no new-packet-mark=http_pppoe2_pkt passthrough=no
6	add action=mark-packet chain=forward comment="" connection-mark=pr_pppoe_3 \
7	    disabled=no new-packet-mark=http_pppoe3_pkt passthrough=no

12. Setelah itu mengarahkan routing-marknya
view source
print?
1	add action=mark-routing chain=prerouting comment=\
2	    "-ImeR- PCC RULE ---- MARK ROUTE" connection-mark=pr_pppoe_1 \
3	    disabled=no new-routing-mark=pppoe_1 passthrough=yes
4	add action=mark-routing chain=prerouting comment="" connection-mark=\
5	    pr_pppoe_2 disabled=no new-routing-mark=pppoe_2 passthrough=yes
6	add action=mark-routing chain=prerouting comment="" connection-mark=\
7	    pr_pppoe_3 disabled=no new-routing-mark=pppoe_3 passthrough=yes

Selesai deh…. semua http-traffic dari proxy interface akan terbagi merata keluar masuk pada masing-masing interface pppoe. Selanjutnya tinggal markconn dari interface lokal aja untuk limit download dan upload nya.
About these ads

Berikan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Logout / Ubah )

Twitter picture

You are commenting using your Twitter account. Logout / Ubah )

Facebook photo

You are commenting using your Facebook account. Logout / Ubah )

Google+ photo

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s