routerOS 5.2 - problema con balance pcc - no anda nada

Publicado por diego10, 16 de Enero de 2014, 10:40:41 AM

Tema anterior - Siguiente tema

0 Miembros y 1 Visitante están viendo este tema.

diego10

si alguien puede tirarme un cable les cuento mi problema...

virtualbox1 -- rtl8187B en Ubuntu --
habilito internet connection sharing1 x internal network1

virtualbox2 -- rtl8187L en Ubuntu --
habilito internet connection sharing2 x internal network2

virtualbox3 -- routerOS
WAN1 -- dhcp client 1 (toma 10.42.44.x desde internal network1)
WAN2 -- dhcp client 2 (toma 10.42.43.x desde internal network2)
Local -- el ip local es 192.168.88.1 (estatico)

con un link anda bien pero arme varias reglas que estan dando vueltas para dual wan y no me anda.. un bajon


PD: aprovecho para contar que estoy armando la belgrain 3.0 con rotor. todo nuevo rediseñado

D3M0N

Hay varias formas de Load Balance, PCC es la mas viejita y básica que se encuentra en cualquier lado, tengo gran variedad de script como este que es básico:

Ether1-WAN = 192.168.1.1/24
Ether2-WAN = 192.168.2.1/24
Ether5-Lan = 192.168.10.254/24 (Local)

# 08/08/08 21:50 by RouterOS 5.25
# software id = 1PDH-1R8N
#

/ip address
add address=192.168.10.254/24 network=192.168.10.0 broadcast=192.168.10.255 interface=Ether5-Lan
add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 interface=Ether1-WAN
add address=192.168.2.1/24 network=192.168.2.0 broadcast=192.168.2.255 interface=Ether2-WAN

/ip firewall mangle
add chain=input in-interface=Ether1-WAN action=mark-connection new-connection-mark=Ether1-WAN_conn
add chain=input in-interface=Ether2-WAN action=mark-connection new-connection-mark=Ether2-WAN_conn
add chain=output connection-mark=Ether1-WAN_conn action=mark-routing new-routing-mark=to_Ether1-WAN
add chain=output connection-mark=Ether2-WAN_conn action=mark-routing new-routing-mark=to_Ether2-WAN
add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Ether5-Lan
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Ether5-Lan
add chain=prerouting dst-address-type=!local in-interface=Ether5-Lan per-connection-classifier=both-addresses:4/0 \ action=mark-connection new-connection-mark=Ether1-WAN_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Ether5-Lan per-connection-classifier=both-addresses:4/1 \ action=mark-connection new-connection-mark=Ether2-WAN_conn passthrough=yes
add chain=prerouting connection-mark=Ether1-WAN_conn in-interface=Ether5-Lan action=mark-routing new-routing-mark=to_Ether1-WAN
add chain=prerouting connection-mark=Ether2-WAN_conn in-interface=Ether5-Lan action=mark-routing new-routing-mark=to_Ether2-WAN

/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.254 routing-mark=to_Ether1-WAN check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.254 routing-mark=to_Ether2-WAN check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.1.254 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.254 distance=2 check-gateway=ping

/ip firewall nat
add chain=srcnat out-interface=Ether1-WAN action=masquerade
add chain=srcnat out-interface=Ether2-WAN action=masquerade


Ahora, pequeño problema, lo mas recomendado siempre para un balaceo de carga es tener la IP Publica directa, para así saber cuando se cae la misma, si tenemos un router de por medio el mismo siempre nos dará IP por DHCP Server, a no ser que el mismo este Bridge dando la publica directo. Con esto realmente sabemos cuando se cae o no una WAN y se continua con la otra. De lo contrario no se podría saber a no ser que se haga un script para determinar cuando se cae la misma es muy simple solo hay que pensarlo.

Otra forma:

# jan/02/1970 00:16:36 by RouterOS 5.25
# software id = ADDC-MQI4
############################################################################
# Ether1 = name=ether1-Wan1												   #
# Ether2 = name=ether2-Wan2												   #
# Ether3 = name=Lan												           #
############################################################################
############################### NO TESTEADO ################################
############################################################################
/ip firewall mangle
add action=mark-connection chain=input comment="Mark new inbound connection wan1" connection-state=new disabled=no in-interface=ether1-Wan1 new-connection-mark=wan1 passthrough=yes
add action=mark-connection chain=input comment="Mark new inbound connection wan2" connection-state=new disabled=no in-interface=ether2-Wan2 new-connection-mark=wan2 passthrough=yes
add action=mark-connection chain=prerouting comment="Mark new established connection wan1" connection-state=established disabled=no in-interface=ether1-Wan1 new-connection-mark=wan1 passthrough=yes
add action=mark-connection chain=prerouting comment="Mark new established connection wan2" connection-state=established disabled=no in-interface=ether2-Wan2 new-connection-mark=wan2 passthrough=yes
add action=mark-routing chain=output comment="Mark new established route wan1" connection-mark=wan1 connection-state= established disabled=no new-routing-mark=wan1 passthrough=no
add action=mark-routing chain=output comment="Mark new established route wan2" connection-mark=wan2 connection-state= established disabled=no new-routing-mark=wan2 passthrough=no
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=Lan new-connection-mark=wan1_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local in-interface=Lan new-connection-mark=wan2_pcc_conn passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting comment="" connection-mark=wan1_pcc_conn disabled=no in-interface=Lan new-routing-mark=wan1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=wan2_pcc_conn disabled=no in-interface=Lan new-routing-mark=wan2 passthrough=yes

/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ether1-Wan1 routing-mark=wan1
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=ether2-Wan2 routing-mark=wan2

diego10

#2
bueno gracias por los scripts en unos dias los pruebo. es que a esta altura del año y todavia sin vacaciones ya queme la neurona y quedo con poca fuerza. quiero mis vacaciones ya!

y como soy nuevo con esto del routeros me puse a leer y dicen que con el balanceo pcc no se suma las velocidades de descarga que para ello esta el balanceo nth es asi?

pero igual como a mi no me funca ninguno de los dos...  ??? despues veo como sigo...
por ahora vengo navegando usando el routeros como un simple router (versiones 2.9.2.7  y 5.2)

mi pobre config sigue siendo esta

[admin@MikroTik] > ip addr pr
Flags: X - disabled, I - invalid, D - dynamic
#   ADDRESS            NETWORK         BROADCAST       INTERFACE
0   ;;; added by setup
     192.168.88.1/24    192.168.88.0    192.168.88.255  local   
1 D 10.42.44.86/24     10.42.44.0      10.42.44.255    wan1

y por ahora no tengo nada mas..  :'(

GSN

en realidad en ningún balanceo de suman las lineas, lo que se hace es utilizar la redirección para salir por una u otra linea según el protocolo marcado, por eso se refleja en la interfaz de salida como si fuera una suma ya que en realidad es simplemente el trafico que esta pasando y que luego sale por una o por otra linea.

diego10

si, pero la redireccion a la que haces referencia a fines practicos no es equivalente a la suma de las cargas?

pregunto porque segun dicen usando nth 4+2=6


GSN

Un ejemplo con 4 con IP Privada. (PCC load balancing for equal WANs)

/ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 interface=WAN1
add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN2
add address=192.168.3.2/24 network=192.168.3.0 broadcast=192.168.3.255 interface=WAN3
add address=192.168.4.2/24 network=192.168.4.0 broadcast=192.168.4.255 interface=WAN4

/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
add chain=input in-interface=WAN3 action=mark-connection new-connection-mark=WAN3_conn
add chain=input in-interface=WAN4 action=mark-connection new-connection-mark=WAN4_conn

add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
add chain=output connection-mark=WAN3_conn action=mark-routing new-routing-mark=to_WAN3
add chain=output connection-mark=WAN4_conn action=mark-routing new-routing-mark=to_WAN4

add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.3.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.4.0/24 action=accept in-interface=Local

add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/3 action=mark-connection new-connection-mark=WAN4_conn passthrough=yes
add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting connection-mark=WAN3_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN3
add chain=prerouting connection-mark=WAN4_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN4

/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_WAN3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.4.1 routing-mark=to_WAN4 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.3.1 distance=3 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.4.1 distance=4 check-gateway=ping

/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade
add chain=srcnat out-interface=WAN3 action=masquerade
add chain=srcnat out-interface=WAN4 action=masquerade

/ip firewall mangle
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:4/3 action=mark-connection new-connection-mark=WAN4_conn passthrough=yes

/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=221.132.112.8,8.8.8.8

diego10

buenisimo pregunto entonces: si mi dual wan conecta por DHCP entonces no hace falta que configure manualmente WAN1 y WAN2 al principio de todo donde dice /ip address?


D3M0N

You are not allowed to view links. Register or Login
buenisimo pregunto entonces: si mi dual wan conecta por DHCP entonces no hace falta que configure manualmente WAN1 y WAN2 al principio de todo donde dice /ip address?

En realidad no, lo único que tienes que hacer si son WAN's es agregarla en IP > DHCP Client, las dos Interfaces, en teoría te tendría que aparecer ya una vez realizado esto las IP's correspondientes en IP > Address.