Penjelasan ga usah panjang lebar, saya
anggap sudah mengerti maksud load balancing itu apa. Terus terang ini
pengalaman pertama kali ‘ngelbe’ jaringan PPPOE ‘produk pemerintah’ pake
mikrotik… jadi bisa dianggap resiko tanggung malu kalo sampe ga jalan….
hehehe….
Bahan baku :
- Mikrotik RB750G ROS 4.6
- Jaringan PPPOE lebih dari satu*
- Mesin proxy external squid 2.7STABLE9 + zph DSCP 12
*)lha ya namanya ‘ngelbe’ musti lebih dari satu lah…
Topologi jaringan seperti dibawah ini :
*)IP pada ilustrasi bukanlah IP yang digunakan untuk tutorial berikut
Sebagai gambarannya mungkin seperti ini : 3 line spidi, 1 line proxy dan 1 line local yang nancep di colokan RB750G nya…
Konfigurasi dasar :
1. Seting Interface yang digunakan
/interface ethernet
set 0 comment="Public Interface 1" name=Public_1
set 1 comment="Public Interface 2" name=Public_2
set 2 comment="Public Interface 3" name=Public_3
set 3 comment="Local Interface" name=Local
set 4 comment="Proxy Interface" name=Proxy
2. Seting pppoe-client nya, 3 line yang digunakan ‘tanpa default route’
/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment=\
pppoe_1 dial-on-demand=no disabled=no interface=Public_1 max-mru=1480 \
max-mtu=1480 mrru=disabled name=pppoe_1 password=********* profile=\
default service-name="" use-peer-dns=no user=*********@telkom.net
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment=\
pppoe_2 dial-on-demand=no disabled=no interface=Public_2 max-mru=1480 \
max-mtu=1480 mrru=disabled name=pppoe_2 password=********* profile=\
default service-name="" use-peer-dns=no user=*********@telkom.net
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment=\
pppoe_3 dial-on-demand=no disabled=no interface=Public_3 max-mru=1480 \
max-mtu=1480 mrru=disabled name=pppoe_3 password=********* profile=\
default service-name="" use-peer-dns=no user=*********@telkom.net
3. IP Address yang dipake masing-masing interface pada RB750G nya
/ip address
add address=192.168.1.12/24 broadcast=192.168.1.255 comment="" disabled=no \
interface=Public_1 network=192.168.1.0
add address=192.168.2.12/24 broadcast=192.168.2.255 comment="" disabled=no \
interface=Public_2 network=192.168.2.0
add address=192.168.3.12/24 broadcast=192.168.3.255 comment="" disabled=no \
interface=Public_3 network=192.168.3.0
add address=10.20.30.200/24 broadcast=10.20.30.255 comment="" disabled=no \
interface=Local network=10.20.30.0
add address=192.168.10.1/24 broadcast=192.168.10.255 comment="" disabled=no \
interface=Proxy network=192.168.10.0
4. DNS yang digunakan
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 servers=\
125.160.4.82,203.130.196.155,203.130.196.5,222.124.204.34,202.134.0.61
5. IP route dan routing-mark nya
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
pppoe_1 routing-mark=pppoe_1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
pppoe_1 routing-mark=pppoe_1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=3 dst-address=0.0.0.0/0 gateway=\
pppoe_1 routing-mark=pppoe_1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
pppoe_2 routing-mark=pppoe_2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
pppoe_2 routing-mark=pppoe_2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=3 dst-address=0.0.0.0/0 gateway=\
pppoe_2 routing-mark=pppoe_2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
pppoe_3 routing-mark=pppoe_3 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
pppoe_3 routing-mark=pppoe_3 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=3 dst-address=0.0.0.0/0 gateway=\
pppoe_3 routing-mark=pppoe_3 scope=30 target-scope=10
add check-gateway=ping comment="Default Route pppoe1 - Distance 1" disabled=\
no distance=1 dst-address=0.0.0.0/0 gateway=pppoe_1 scope=30 \
target-scope=10
add check-gateway=ping comment="Default Route pppoe2 - Distance 1" disabled=\
no distance=2 dst-address=0.0.0.0/0 gateway=pppoe_2 scope=30 \
target-scope=10
add check-gateway=ping comment="Default Route pppoe3 - Distance 1" disabled=\
no distance=3 dst-address=0.0.0.0/0 gateway=pppoe_3 scope=30 \
target-scope=10
6. Bikin address list dari localnet dan proxynet
/ip firewall address-list
add address=10.20.30.0/24 comment="" disabled=no list=LocalNET
add address=192.168.10.0/24 comment="" disabled=no list=ProxyNET
7. Kemudian bikin NAT nya untuk masquerade pppoe, trasparent dns dan transparent proxy
/ip firewall nat
add action=masquerade chain=srcnat comment=MASQUERADE1 disabled=no \
out-interface=pppoe_1
add action=masquerade chain=srcnat comment=MASQUERADE2 disabled=no \
out-interface=pppoe_2
add action=masquerade chain=srcnat comment=MASQUERADE3 disabled=no \
out-interface=pppoe_3
add action=dst-nat chain=dstnat comment="TRANSPARENT DNS" disabled=no \
dst-port=53 in-interface=Local protocol=udp to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
in-interface=Local protocol=tcp to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
in-interface=Proxy protocol=udp to-ports=53
add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \
in-interface=Proxy protocol=tcp to-ports=53
add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY" disabled=no \
dst-address-list=!ProxyNET dst-port=80,8080,3128 in-interface=Local \
protocol=tcp to-addresses=192.168.10.2 to-ports=3128
Setelah selesai dengan konfigurasi dasar, mulai dengan konfigurasi load balancingnya
8. Seperti biasa, taruh packet-mark proxy-hit pada baris teratas pada mangle
/ip firewall mangle
add action=mark-packet chain=forward comment="PROXY-HIT-DSCP 12" disabled=no \
dscp=12 new-packet-mark=proxy-hit passthrough=no
9. Karena dalam pemanfaatan LB-PCC ini untuk mem’balance’ http traffic serta penggunaan external proxy, maka interface yang digunakan adalah Proxy Interface dengan protocol tcp dan dst-port 80. Langkah pertama adalah ‘menangkap’ koneksi baru yang masuk pada masing-masing interface pppoe, hal ini untuk menjamin packet yang masuk akan di reply oleh interface yang sama
add action=mark-connection chain=input comment=\
"-ImeR- PCC RULE ---- MARK ALL PPPoE CONN" connection-state=new \
disabled=no in-interface=pppoe_1 new-connection-mark=pppoe1_conn \
passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new \
disabled=no in-interface=pppoe_2 new-connection-mark=pppoe2_conn \
passthrough=yes
add action=mark-connection chain=input comment="" connection-state=new \
disabled=no in-interface=pppoe_3 new-connection-mark=pppoe3_conn \
passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-state=\
established disabled=no in-interface=pppoe_1 new-connection-mark=\
pppoe1_conn passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-state=\
established disabled=no in-interface=pppoe_2 new-connection-mark=\
pppoe2_conn passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-state=\
established disabled=no in-interface=pppoe_3 new-connection-mark=\
pppoe3_conn passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-state=\
related disabled=no in-interface=pppoe_1 new-connection-mark=pppoe1_conn \
passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-state=\
related disabled=no in-interface=pppoe_2 new-connection-mark=pppoe2_conn \
passthrough=yes
add action=mark-connection chain=prerouting comment="" connection-state=\
related disabled=no in-interface=pppoe_3 new-connection-mark=pppoe3_conn \
passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=pppoe1_conn \
disabled=no new-routing-mark=pppoe_1 passthrough=no
add action=mark-routing chain=output comment="" connection-mark=pppoe2_conn \
disabled=no new-routing-mark=pppoe_2 passthrough=no
add action=mark-routing chain=output comment="" connection-mark=pppoe3_conn \
disabled=no new-routing-mark=pppoe_3 passthrough=no
10. Kemudian acara ‘ngelbe’ koneksi yang masuk dari interface proxy dengan metode PCC, inget yang di routing adalah protocol tcp dengan dst-port 80
add action=mark-connection chain=prerouting comment=\
"-ImeR- PCC RULE ---- MARK ALL PROXY CONN" \
connection-state=new disabled=no dst-address-type=!local dst-port=80 \
in-interface=Proxy new-connection-mark=pr_pppoe_1 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:3/0 protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=new \
disabled=no dst-address-type=!local dst-port=80 in-interface=Proxy \
new-connection-mark=pr_pppoe_2 passthrough=yes per-connection-classifier=\
both-addresses-and-ports:3/1 protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=new \
disabled=no dst-address-type=!local dst-port=80 in-interface=Proxy \
new-connection-mark=pr_pppoe_3 passthrough=yes per-connection-classifier=\
both-addresses-and-ports:3/2 protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=\
established disabled=no dst-address-type=!local dst-port=80 in-interface=\
Proxy new-connection-mark=pr_pppoe_1 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:3/0 protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=\
established disabled=no dst-address-type=!local dst-port=80 in-interface=\
Proxy new-connection-mark=pr_pppoe_2 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:3/1 protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=\
established disabled=no dst-address-type=!local dst-port=80 in-interface=\
Proxy new-connection-mark=pr_pppoe_3 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:3/2 protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=\
related disabled=no dst-address-type=!local dst-port=80 in-interface=\
Proxy new-connection-mark=pr_pppoe_1 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:3/0 protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=\
related disabled=no dst-address-type=!local dst-port=80 in-interface=\
Proxy new-connection-mark=pr_pppoe_2 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:3/1 protocol=tcp
add action=mark-connection chain=prerouting comment="" connection-state=\
related disabled=no dst-address-type=!local dst-port=80 in-interface=\
Proxy new-connection-mark=pr_pppoe_3 passthrough=yes \
per-connection-classifier=both-addresses-and-ports:3/2 protocol=tcp
11. Jangan lupa tandai packetnya, fungsinya untuk memberikan batasan limit pada queue tree nantinya
add action=mark-packet chain=forward comment=\
"-ImeR- PCC RULE ---- MARK HTTP" connection-mark=pr_pppoe_1 disabled=\
no new-packet-mark=http_pppoe1_pkt passthrough=no
add action=mark-packet chain=forward comment="" connection-mark=pr_pppoe_2 \
disabled=no new-packet-mark=http_pppoe2_pkt passthrough=no
add action=mark-packet chain=forward comment="" connection-mark=pr_pppoe_3 \
disabled=no new-packet-mark=http_pppoe3_pkt passthrough=no
12. Setelah itu mengarahkan routing-marknya
add action=mark-routing chain=prerouting comment=\
"-ImeR- PCC RULE ---- MARK ROUTE" connection-mark=pr_pppoe_1 \
disabled=no new-routing-mark=pppoe_1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=\
pr_pppoe_2 disabled=no new-routing-mark=pppoe_2 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=\
pr_pppoe_3 disabled=no new-routing-mark=pppoe_3 passthrough=yes
Hasil akhir kira-kira seperti ini :
No comments:
Post a Comment