Networking

Mikrotik PCC Loadbalance

March 1, 2019

Melanjutkan tulisan sebelumnya mengenai loadbalance, apabila sebelumnya sudah sempat diulas mengenai loadbalance dengan metode ECMP, saat ini kita akan bahas loadbalance dengan meteode PCC.

Setup loadbalance di Mikrotik dengan metode PCC cukup mudah dilakukan, berikut ini merupakan salah satu contoh konfigurasi PCC yang sudah diimplementasikan dan berjalan dengan normal.

/ip address
add address=192.168.10.1/24 network=192.168.10.0 broadcast=192.168.10.255 interface=LAN
add address=111.111.111.2/30 network=111.111.111.0 broadcast=111.111.111.3 interface=ISP1
add address=222.222.222.2/30 network=222.222.222.0 broadcast=222.222.222.3 interface=ISP2

/ip firewall mangle
add action=accept chain=prerouting dst-address=111.111.111.2/30 in-interface=LAN
add action=accept chain=prerouting dst-address=222.222.222.2/30 in-interface=LAN
add action=mark-connection chain=prerouting comment=PCC connection-mark=no-mark in-interface=ISP1 new-connection-mark=ISP1-Conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ISP2 new-connection-mark=ISP2-Conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=LAN new-connection-mark=ISP1-Conn passthrough=yes per-connection-classifier=src-address:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=LAN new-connection-mark=ISP2-Conn passthrough=yes per-connection-classifier=src-address:2/1
add action=mark-routing chain=prerouting comment=Route connection-mark=ISP1-Conn in-interface=LAN new-routing-mark=to-ISP1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=ISP2-Conn in-interface=LAN new-routing-mark=to-ISP2 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP1-Conn new-routing-mark=to-ISP1 passthrough=yes
add action=mark-routing chain=output connection-mark=ISP2-Conn new-routing-mark=to-ISP2 passthrough=yes

/ip firewall nat
add action=masquerade chain=srcnat comment="nat via ISP1" out-interface=ISP1 src-address-list=LAN
add action=masquerade chain=srcnat comment="nat via ISP2" out-interface=ISP2 src-address-list=LAN
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address-list=IP-IP-Hairpin out-interface=LAN src-address=192.168.10.0/24

/ip route
dst-address=0.0.0.0/0 gateway=111.111.111.1 check-gateway=ping distance=1 scope=30 target-scope=10 routing-mark=to-ISP1
dst-address=0.0.0.0/0 gateway=222.222.222.1 check-gateway=ping distance=1 scope=30 target-scope=10 routing-mark=to-ISP2
dst-address=0.0.0.0/0 gateway=111.111.111.1 check-gateway=ping distance=1 scope=30 target-scope=10
dst-address=0.0.0.0/0 gateway=222.222.222.1 check-gateway=ping distance=2 scope=30 target-scope=10

Note :
– Pada konfigurasi di atas sudah terdapat tambahan konfigurasi hairpin nat, dan terdapat address list dari IP LAN
– Untuk DNS, gunakan kedua ip DNS dari masing-masing ISP.

Leave a Reply

Your email address will not be published. Required fields are marked *