12
返回列表 發帖
角色

Rank: 2
1# 跳轉到 » 倒序看帖
打印
tT
發表於 2013-1-5 12:36 | 只看該作者

【RouterOS】——Multi-WAN load balance

本帖最後由 角色 於 2013-3-9 21:01 編輯

因为MikroTik可以做multi-WAN,但是怎样做load balance,有人找到参考资料:

http://www.hkepc.com/forum/viewt ... age%3D2&page=65
收藏 分享

bubblestar

Rank: 1
2#
發表於 2013-1-6 12:46 | 只看該作者
本帖最後由 bubblestar 於 2013-1-6 12:48 編輯

Assuming we have 4 ADSL from ISP, we can make PCC (Per Connection Classifier) Load Balancing as followings.  You may adjust the number of WAN connections to suit your own needs.
  1. /ip firewall mangle
  2. add action=change-mss chain=forward comment="" disabled=no new-mss=1480 protocol=tcp tcp-flags=syn
  3. add action=mark-connection chain=input comment="" disabled=no in-interface=pppoe-out1 new-connection-mark=pppoe-out1_conn passthrough=yes
  4. add action=mark-connection chain=input comment="" disabled=no in-interface=pppoe-out2 new-connection-mark=pppoe-out2_conn passthrough=yes
  5. add action=mark-connection chain=input comment="" disabled=no in-interface=pppoe-out3 new-connection-mark=pppoe-out3_conn passthrough=yes
  6. add action=mark-connection chain=input comment="" disabled=no in-interface=pppoe-out4 new-connection-mark=pppoe-out4_conn passthrough=yes
  7. add action=mark-routing chain=output comment="" connection-mark=pppoe-out1_conn disabled=no new-routing-mark=to_pppoe-out1 passthrough=yes
  8. add action=mark-routing chain=output comment="" connection-mark=pppoe-out2_conn disabled=no new-routing-mark=to_pppoe-out2 passthrough=yes
  9. add action=mark-routing chain=output comment="" connection-mark=pppoe-out3_conn disabled=no new-routing-mark=to_pppoe-out3 passthrough=yes
  10. add action=mark-routing chain=output comment="" connection-mark=pppoe-out4_conn disabled=no new-routing-mark=to_pppoe-out4 passthrough=yes
  11. add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=pppoe-out1_conn passthrough=yes per-connection-classifier=both-addresses:4/0 src-address=192.168.0.0/24
  12. add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=pppoe-out2_conn passthrough=yes per-connection-classifier=both-addresses:4/1 src-address=192.168.0.0/24
  13. add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=pppoe-out3_conn passthrough=yes per-connection-classifier=both-addresses:4/2 src-address=192.168.0.0/24
  14. add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=pppoe-out4_conn passthrough=yes per-connection-classifier=both-addresses:4/3 src-address=192.168.0.0/24
  15. add action=mark-routing chain=prerouting comment="" connection-mark=pppoe-out1_conn disabled=no new-routing-mark=to_pppoe-out1 passthrough=yes src-address=192.168.0.0/24
  16. add action=mark-routing chain=prerouting comment="" connection-mark=pppoe-out2_conn disabled=no new-routing-mark=to_pppoe-out2 passthrough=yes src-address=192.168.0.0/24
  17. add action=mark-routing chain=prerouting comment="" connection-mark=pppoe-out3_conn disabled=no new-routing-mark=to_pppoe-out3 passthrough=yes src-address=192.168.0.0/24
  18. add action=mark-routing chain=prerouting comment="" connection-mark=pppoe-out4_conn disabled=no new-routing-mark=to_pppoe-out4 passthrough=yes src-address=192.168.0.0/24
  19. /ip route
  20. add comment=adsl1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=to_pppoe-out1
  21. add comment=adsl2 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=to_pppoe-out2
  22. add comment=adsl3 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out3 routing-mark=to_pppoe-out3
  23. add comment=adsl4 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out4 routing-mark=to_pppoe-out4
  24. add comment=adsl1 disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1
  25. add comment=adsl2 disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe-out2
  26. add comment=adsl3 disabled=no distance=3 dst-address=0.0.0.0/0 gateway=pppoe-out3
  27. add comment=adsl4 disabled=no distance=4 dst-address=0.0.0.0/0 gateway=pppoe-out4

  29. add check-gateway=ping comment=adsl1 disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out1
  30. add check-gateway=ping comment=adsl2 disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out2
  31. add check-gateway=ping comment=adsl3 disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out3
  32. add check-gateway=ping comment=adsl4 disabled=no distance=10 dst-address=0.0.0.0/0 gateway=pppoe-out4
  33. /ip firewall nat
  34. add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe-out1
  35. add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe-out2
  36. add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe-out3
  37. add action=masquerade chain=srcnat comment="" disabled=no out-interface=pppoe-out4
複製代碼

TOP

雯雯

Rank: 1
3#
發表於 2013-1-6 13:26 | 只看該作者
回復 2# bubblestar

ADSL PCC我以前試過是可以的, 問題係香港fibre是用DHCP, 要人手入wan gateway.
Welcome to my TaoBao shop: http://mandymak520.taobao.com/

TOP

bubblestar

Rank: 1
4#
發表於 2013-1-6 13:35 | 只看該作者
回復 3# 雯雯


   
我自己昨晚是用一條ADSL 及一條DHCP 混合做Dual WAN 設定的,沒有問題。

TOP

bubblestar

Rank: 1
5#
發表於 2013-1-6 13:36 | 只看該作者
兩條或以上DHCP 應該可以同一做法。你試試看。

TOP

bubblestar

Rank: 1
6#
發表於 2013-1-6 13:42 | 只看該作者
以下是DUAL WAN 做法,唔使咁亂,應該比較易看得明白,成功後可以慢慢加WAN。
  1. /ip firewall mangle
  2. add action=mark-connection chain=input comment="" disabled=no in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes
  3. add action=mark-connection chain=input comment="" disabled=no in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
  4. add action=mark-routing chain=output comment="" connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes
  5. add action=mark-routing chain=output comment="" connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes
  6. add action=mark-connection chain=prerouting comment="Use PCC to mark connections 0 of 2" disabled=no dst-address-type=!local new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses:2/0 src-address=192.168.0.0/24
  7. add action=mark-connection chain=prerouting comment="Use PCC to mark connections 1 of 2" disabled=no dst-address-type=!local new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses:2/1 src-address=192.168.0.0/24
  8. add action=mark-routing chain=prerouting comment="" connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes src-address=192.168.0.0/24
  9. add action=mark-routing chain=prerouting comment="" connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes src-address=192.168.0.0/24
  10. /ip route
  11. add comment=DHCP disabled=no distance=1 dst-address=0.0.0.0/0 gateway=WAN1 routing-mark=to_WAN1
  12. add comment=ADSL disabled=no distance=1 dst-address=0.0.0.0/0 gateway=WAN2 routing-mark=to_WAN2
  13. add comment=DHCP disabled=no distance=1 dst-address=0.0.0.0/0 gateway=WAN1
  14. add comment=ADSL disabled=no distance=2 dst-address=0.0.0.0/0 gateway=WAN2

  16. add check-gateway=ping comment=DHCP disabled=no distance=10 dst-address=0.0.0.0/0 gateway=WAN1
  17. add check-gateway=ping comment=ADSL disabled=no distance=10 dst-address=0.0.0.0/0 gateway=WAN2
複製代碼

TOP

bubblestar

Rank: 1
7#
發表於 2013-1-6 13:47 | 只看該作者
第 6 及第 7 項 的 per-connection-classifier=both-addresses:2/0 和 per-connection-classifier=both-addresses:2/1 比較重要,若果是 3 WAN, 就分別是 3/0; 3/1; 3/2, 4WAN 就是 4/0; 4/1; 4/2; 4/3,如始類推。

一切由零開始。

TOP

雯雯

Rank: 1
8#
發表於 2013-1-7 14:18 | 只看該作者
回復 6# bubblestar

用兩部router搭了兩個DHCP enviroment給RB493G做WAN試了唔得, 上唔到網, 晚點再試試.
Welcome to my TaoBao shop: http://mandymak520.taobao.com/

TOP

bubblestar

Rank: 1
9#
發表於 2013-1-7 18:23 | 只看該作者
回復 8# 雯雯

你本身兩條WAN,是否已經可以分別單獨上到網呢?

唔好意思,因為我假設上述所講的上網設定是已經做好了的,所以沒有再列出下面兩條上網必要的Scripts 出來,
如果沒有下面兩行,的確不能上網的,現在請你一併執行,上網應該沒有問題。
  1. /ip firewall nat
  2. add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN1
  3. add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN2
複製代碼
再不行的話,可以用 WINBOX GUI 方法 ,參考這裡。

http://www.itxbo.com/network/808.html

如用Scripts 的方法,你可以把四組WAN 先改為兩組WAN,然後再一次過Copy 到WinBox Terminal 直接執行,立刻見到效果。 但刪改至兩個WAN 時,要小心一些,不要刪走有用的Scripts,建議你放在Notepad++ 內修改觀看,會清楚很多。

TOP

角色

Rank: 2
10#
發表於 2013-1-7 20:20 | 只看該作者
回復 7# bubblestar

那么traffic是怎样走呢?走WAN1,还是WAN2?

TOP

雯雯

Rank: 1
11#
發表於 2013-1-7 20:54 | 只看該作者
回復 9# bubblestar

我確定兩條線單獨可以上網, 但是在RouterOS就ping不到外網, 我是用windbox GUI+CLI設定的.
Welcome to my TaoBao shop: http://mandymak520.taobao.com/

TOP

bubblestar

Rank: 1
12#
發表於 2013-1-7 23:21 | 只看該作者
回復 10# 角色


   
如果是簡單的分流,可以把上面第#6 貼裡的7、8 項的 src-address=192.168.0.0/24 稍作更改便可以了。
  1. /ip firewall mangle
  2. add action=mark-routing chain=prerouting comment="" connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes src-address=192.168.0.2-192.168.0.127
  3. add action=mark-routing chain=prerouting comment="" connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes src-address=192.168.0.128-192.168.0.254
複製代碼
註: 我自己仲未實際作此項測試的。

TOP

bubblestar

Rank: 1
13#
發表於 2013-1-7 23:25 | 只看該作者
回復 11# 雯雯


   
其實我也跟你一樣會WinBox + Terminal 雙管齊下的。

那麼,可能你要檢查一下角色兄所提到的 5 條基本Firewall rules 了,是否有設定呢? PING 是其中一條。

http://www.telecom-cafe.com/foru ... &extra=page%3D1

TOP

bubblestar

Rank: 1
14#
發表於 2013-1-7 23:30 | 只看該作者
回復 3# 雯雯


   
我最初買機學習時,也以為是的,但我們大多數用Dynamic IP,都感覺徬徨。現在發現是不一定用人手加的。

TOP

bubblestar

Rank: 1
15#
發表於 2013-1-8 12:41 | 只看該作者
本帖最後由 bubblestar 於 2013-1-8 12:45 編輯

指定某一個別網內電腦IP 使用WAN1 或 WAN2 的不同ISP 上網。例如HKBN或PCCW,可以用這樣的簡單做法。

在 WinBox IP Routes 按下Rules頁籤,然後按 "+"
把192.168.11.25 (例子) 打在Src. Address,記得附上遮罩
然後Action 選 lookup
Table選to_PCCW (我的例子叫法,你的可能是 to_HKBN)

測試下面第一次tracert 是否經PCCW 走之後,把上面Table 的 to_PCCW 改為 to_HKBN,再行第二次tracert測試,大家會看到同一部電腦已經可以分別經指定的ISP 走了。當然你可以做兩條Routing Rules,那麼,就咁Disable 其中一條作轉換,然後使用也可以,也會方便一些。






用 tracert www.google.com.tw 分別測試PCCW 及 HKBN,成功地應用。

附件: 您需要登錄才可以下載或查看附件。沒有帳號?註冊

TOP

12
返回列表