Board logo

標題: 【RouterOS】——Multi-WAN load balance [打印本頁]
作者: 角色    時間: 2013-1-5 12:36     標題: 【RouterOS】——Multi-WAN load balance

本帖最後由 角色 於 2013-3-9 21:01 編輯

因为MikroTik可以做multi-WAN,但是怎样做load balance,有人找到参考资料:

http://www.hkepc.com/forum/viewt ... age%3D2&page=65
作者: bubblestar    時間: 2013-1-6 12:46

本帖最後由 bubblestar 於 2013-1-6 12:48 編輯

Assuming we have 4 ADSL from ISP, we can make PCC (Per Connection Classifier) Load Balancing as followings.  You may adjust the number of WAN connections to suit your own needs.
  1. /ip firewall mangle
  2. add action=change-mss chain=forward comment="" disabled=no new-mss=1480 protocol=tcp tcp-flags=syn
  3. add action=mark-connection chain=input comment="" disabled=no in-interface=pppoe-out1 new-connection-mark=pppoe-out1_conn passthrough=yes
  4. add action=mark-connection chain=input comment="" disabled=no in-interface=pppoe-out2 new-connection-mark=pppoe-out2_conn passthrough=yes
  5. add action=mark-connection chain=input comment="" disabled=no in-interface=pppoe-out3 new-connection-mark=pppoe-out3_conn passthrough=yes
  6. add action=mark-connection chain=input comment="" disabled=no in-interface=pppoe-out4 new-connection-mark=pppoe-out4_conn passthrough=yes
  7. add action=mark-routing chain=output comment="" connection-mark=pppoe-out1_conn disabled=no new-routing-mark=to_pppoe-out1 passthrough=yes
  8. add action=mark-routing chain=output comment="" connection-mark=pppoe-out2_conn disabled=no new-routing-mark=to_pppoe-out2 passthrough=yes
  9. add action=mark-routing chain=output comment="" connection-mark=pppoe-out3_conn disabled=no new-routing-mark=to_pppoe-out3 passthrough=yes
  10. add action=mark-routing chain=output comment="" connection-mark=pppoe-out4_conn disabled=no new-routing-mark=to_pppoe-out4 passthrough=yes
  11. add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=pppoe-out1_conn passthrough=yes per-connection-classifier=both-addresses:4/0 src-address=192.168.0.0/24
  12. add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=pppoe-out2_conn passthrough=yes per-connection-classifier=both-addresses:4/1 src-address=192.168.0.0/24
  13. add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=pppoe-out3_conn passthrough=yes per-connection-classifier=both-addresses:4/2 src-address=192.168.0.0/24
  14. add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=pppoe-out4_conn passthrough=yes per-connection-classifier=both-addresses:4/3 src-address=192.168.0.0/24
  15. add action=mark-routing chain=prerouting comment="" connection-mark=pppoe-out1_conn disabled=no new-routing-mark=to_pppoe-out1 passthrough=yes src-address=192.168.0.0/24
  16. add action=mark-routing chain=prerouting comment="" connection-mark=pppoe-out2_conn disabled=no new-routing-mark=to_pppoe-out2 passthrough=yes src-address=192.168.0.0/24
  17. add action=mark-routing chain=prerouting comment="" connection-mark=pppoe-out3_conn disabled=no new-routing-mark=to_pppoe-out3 passthrough=yes src-address=192.168.0.0/24
  18. add action=mark-routing chain=prerouting comment="" connection-mark=pppoe-out4_conn disabled=no new-routing-mark=to_pppoe-out4 passthrough=yes src-address=192.168.0.0/24
  19. /ip route
  20. add comment=adsl1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=to_pppoe-out1
  21. add comment=adsl2 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=to_pppoe-out2
  22. add comment=adsl3 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out3 routing-mark=to_pppoe-out3
  23. add comment=adsl4 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out4 routing-mark=to_pppoe-out4
  24. add comment=adsl1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1
  25. add comment=adsl2 disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe-out2
  26. add comment=adsl3 disabled=no distance=3 dst-address=0.0.0.0/0 gateway=pppoe-out3
  27. add comment=adsl4 disabled=no distance=4 dst-address=0.0.0.0/0 gateway=pppoe-out4

  29. add check-gateway=ping comment=adsl1 disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out1
  30. add check-gateway=ping comment=adsl2 disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out2
  31. add check-gateway=ping comment=adsl3 disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out3
  32. add check-gateway=ping comment=adsl4 disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out4
  33. /ip firewall nat
  34. add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe-out1
  35. add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe-out2
  36. add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe-out3
  37. add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe-out4
複製代碼
作者: 雯雯    時間: 2013-1-6 13:26

回復 2# bubblestar

ADSL PCC我以前試過是可以的, 問題係香港fibre是用DHCP, 要人手入wan gateway.
作者: bubblestar    時間: 2013-1-6 13:35

回復 3# 雯雯


   
我自己昨晚是用一條ADSL 及一條DHCP 混合做Dual WAN 設定的,沒有問題。
作者: bubblestar    時間: 2013-1-6 13:36

兩條或以上DHCP 應該可以同一做法。你試試看。
作者: bubblestar    時間: 2013-1-6 13:42

以下是DUAL WAN 做法,唔使咁亂,應該比較易看得明白,成功後可以慢慢加WAN。
  1. /ip firewall mangle
  2. add action=mark-connection chain=input comment="" disabled=no in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes
  3. add action=mark-connection chain=input comment="" disabled=no in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
  4. add action=mark-routing chain=output comment="" connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes
  5. add action=mark-routing chain=output comment="" connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes
  6. add action=mark-connection chain=prerouting comment="Use PCC to mark connections 0 of 2" disabled=no dst-address-type=!local new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses:2/0 src-address=192.168.0.0/24
  7. add action=mark-connection chain=prerouting comment="Use PCC to mark connections 1 of 2" disabled=no dst-address-type=!local new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses:2/1 src-address=192.168.0.0/24
  8. add action=mark-routing chain=prerouting comment="" connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes src-address=192.168.0.0/24
  9. add action=mark-routing chain=prerouting comment="" connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes src-address=192.168.0.0/24
  10. /ip route
  11. add comment=DHCP disabled=no distance=1 dst-address=0.0.0.0/0 gateway=WAN1 routing-mark=to_WAN1
  12. add comment=ADSL disabled=no distance=1 dst-address=0.0.0.0/0 gateway=WAN2 routing-mark=to_WAN2
  13. add comment=DHCP disabled=no distance=1 dst-address=0.0.0.0/0 gateway=WAN1
  14. add comment=ADSL disabled=no distance=2 dst-address=0.0.0.0/0 gateway=WAN2

  16. add check-gateway=ping comment=DHCP disabled=no distance=10 dst-address=0.0.0.0/0 gateway=WAN1
  17. add check-gateway=ping comment=ADSL disabled=no distance=10 dst-address=0.0.0.0/0 gateway=WAN2
複製代碼
作者: bubblestar    時間: 2013-1-6 13:47

第 6 及第 7 項 的 per-connection-classifier=both-addresses:2/0 和 per-connection-classifier=both-addresses:2/1 比較重要,若果是 3 WAN, 就分別是 3/0; 3/1; 3/2, 4WAN 就是 4/0; 4/1; 4/2; 4/3,如始類推。

一切由零開始。
作者: 雯雯    時間: 2013-1-7 14:18

回復 6# bubblestar

用兩部router搭了兩個DHCP enviroment給RB493G做WAN試了唔得, 上唔到網, 晚點再試試.
作者: bubblestar    時間: 2013-1-7 18:23

回復 8# 雯雯

你本身兩條WAN,是否已經可以分別單獨上到網呢?

唔好意思,因為我假設上述所講的上網設定是已經做好了的,所以沒有再列出下面兩條上網必要的Scripts 出來,
如果沒有下面兩行,的確不能上網的,現在請你一併執行,上網應該沒有問題。
  1. /ip firewall nat
  2. add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN1
  3. add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN2
複製代碼
再不行的話,可以用 WINBOX GUI 方法 ,參考這裡。

http://www.itxbo.com/network/808.html

如用Scripts 的方法,你可以把四組WAN 先改為兩組WAN,然後再一次過Copy 到WinBox Terminal 直接執行,立刻見到效果。 但刪改至兩個WAN 時,要小心一些,不要刪走有用的Scripts,建議你放在Notepad++ 內修改觀看,會清楚很多。
作者: 角色    時間: 2013-1-7 20:20

回復 7# bubblestar

那么traffic是怎样走呢?走WAN1,还是WAN2?
作者: 雯雯    時間: 2013-1-7 20:54

回復 9# bubblestar

我確定兩條線單獨可以上網, 但是在RouterOS就ping不到外網, 我是用windbox GUI+CLI設定的.
作者: bubblestar    時間: 2013-1-7 23:21

回復 10# 角色


   
如果是簡單的分流,可以把上面第#6 貼裡的7、8 項的 src-address=192.168.0.0/24 稍作更改便可以了。
  1. /ip firewall mangle
  2. add action=mark-routing chain=prerouting comment="" connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes src-address=192.168.0.2-192.168.0.127
  3. add action=mark-routing chain=prerouting comment="" connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes src-address=192.168.0.128-192.168.0.254
複製代碼
註: 我自己仲未實際作此項測試的。
作者: bubblestar    時間: 2013-1-7 23:25

回復 11# 雯雯


   
其實我也跟你一樣會WinBox + Terminal 雙管齊下的。

那麼,可能你要檢查一下角色兄所提到的 5 條基本Firewall rules 了,是否有設定呢? PING 是其中一條。

http://www.telecom-cafe.com/foru ... &extra=page%3D1
作者: bubblestar    時間: 2013-1-7 23:30

回復 3# 雯雯


   
我最初買機學習時,也以為是的,但我們大多數用Dynamic IP,都感覺徬徨。現在發現是不一定用人手加的。
作者: bubblestar    時間: 2013-1-8 12:41

本帖最後由 bubblestar 於 2013-1-8 12:45 編輯

指定某一個別網內電腦IP 使用WAN1 或 WAN2 的不同ISP 上網。例如HKBN或PCCW,可以用這樣的簡單做法。

在 WinBox IP Routes 按下Rules頁籤,然後按 "+"
把192.168.11.25 (例子) 打在Src. Address,記得附上遮罩
然後Action 選 lookup
Table選to_PCCW (我的例子叫法,你的可能是 to_HKBN)

測試下面第一次tracert 是否經PCCW 走之後,把上面Table 的 to_PCCW 改為 to_HKBN,再行第二次tracert測試,大家會看到同一部電腦已經可以分別經指定的ISP 走了。當然你可以做兩條Routing Rules,那麼,就咁Disable 其中一條作轉換,然後使用也可以,也會方便一些。



[attach]2149[/attach]


用 tracert www.google.com.tw 分別測試PCCW 及 HKBN,成功地應用。

[attach]2150[/attach]
作者: bubblestar    時間: 2013-1-8 13:05

這樣設定的話,大家可以把VoIP Gateway / Asterisk Server / OBi110 以指定使用某條WAN 的方式進行溝通,跟其他DATA / BT / Multimedia stream 分開,防止擠塞。

另外,也可用作自己的特定網絡管理通道,跟其他一般User 分開。

其他用法,可以各自各精彩。
作者: 角色    時間: 2013-1-31 01:56

More examples on Multiple WANs.

http://www.minitw.com/archives/409
作者: 角色    時間: 2013-3-14 17:45

More information on Dual WANs

http://home.swkls.org/mikrotik-dual-wan-routing-packet-flow/
作者: 雯雯    時間: 2013-3-14 19:32

剛才聽ckleea兄說bubblestar兄好像差不多完成了RouterOS DHCP Multi WAN, 請賜教!
作者: 角色    時間: 2013-3-15 10:05

http://forum.mikrotik.com/viewtopic.php?f=2&t=70715
作者: fems    時間: 2015-1-19 16:04

本帖最後由 fems 於 2015-2-4 04:41 編輯

PCC不指定内网in interface的方法,把in interface条件,换成内部网络地址段(本例中的net_local),适合内部多网段的用户。
PS:增加PCC backup路由的设置。
  1. /ip firewall address-list
  2. add address=192.168.0.0/24 list=net_local
  3. add address=192.168.1.0/24 list=net_local
  4. add address=192.168.2.0/24 list=net_local
  5. #
  6. /ip firewall mangle
  7. add  action=accept chain=prerouting dst-address-list=net_local src-address-list=net_local
  8. #
  9. /ip firewall mangle
  10. add action=mark-connection chain=prerouting connection-mark=no-mark \
  11.     in-interface=pppoe-wan1-out1 new-connection-mark=conn-pcc1
  12. add action=mark-connection chain=prerouting connection-mark=no-mark \
  13.     in-interface=pppoe-wan1-out2 new-connection-mark=conn-pcc2
  14. add action=mark-connection chain=prerouting connection-mark=no-mark \
  15.     dst-address-type=!local new-connection-mark=conn-pcc1 \
  16.     per-connection-classifier=both-addresses:2/0
  17. add action=mark-connection chain=prerouting connection-mark=no-mark \
  18.     dst-address-type=!local new-connection-mark=conn-pcc2 \
  19.     per-connection-classifier=both-addresses:2/1
  20. add action=mark-routing chain=prerouting connection-mark=conn-pcc1 \
  21.     dst-address-list=!net_local new-routing-mark=route-pcc1 src-address-list=net_local
  22. add action=mark-routing chain=prerouting connection-mark=conn-pcc2 \
  23.     dst-address-list=!net_local new-routing-mark=route-pcc2 src-address-list=net_local
  24. add action=mark-routing chain=output connection-mark=conn-pcc1 \
  25.     new-routing-mark=route-pcc1
  26. add action=mark-routing chain=output connection-mark=conn-pcc2 \
  27.     new-routing-mark=route-pcc2
  28. #
  29. /ip route
  30. add check-gateway=ping comment=router-pcc1 distance=1 gateway=pppoe-wan1-out1 \
  31.     routing-mark=route-pcc1
  32. add check-gateway=ping comment=router-pcc2 distance=1 gateway=pppoe-wan1-out2 \
  33.     routing-mark=route-pcc2
  34. add check-gateway=ping comment=router-pcc1_backup distance=2 gateway=wan1-out2 \
  35.     routing-mark=pcc1-route
  36. add check-gateway=ping comment=router-pcc2_backup distance=2 gateway=wan1-out1 \
  37.     routing-mark=pcc2-route
  38. add check-gateway=ping distance=1 gateway=pppoe-wan1-out1
  39. add check-gateway=ping distance=2 gateway=pppoe-wan1-out2
  40. #
  41. /ip firewall nat
  42. add action=masquerade chain=srcnat out-interface=pppoe-wan1-out1
  43. add action=masquerade chain=srcnat out-interface=pppoe-wan1-out2
複製代碼




歡迎光臨 電訊茶室 (http://telecom-cafe.com/forum/) Powered by Discuz! 7.2