Thursday, June 19, 2008

konfigurasi router mikrotik versi 3.10



konfigurasi load balance dan failover mengacu pada :
http://wiki.mikrotik.com/wiki/ECMP_Failover_Script

karena paling praktis dan masuk akal bahwa selain traffic http sangat riskan jika harus berpindah-pindah gateway.

berikut adalah hasil export dari konfigurasi router mikrotik versi 3.10 yang digunakan

IP Address

# jun/13/2008 23:10:46 by RouterOS 3.10
# software id = A90W-3CT
#
/ip address

add address=10.95.130.133/29 broadcast=10.95.130.135 comment="" disabled=no \
interface=WIRELESS network=10.95.130.128

add address=10.168.2.99/24 broadcast=10.168.2.255 comment="" disabled=no \
interface=ADSL network=10.168.2.0

add address=192.168.1.1/24 broadcast=192.168.1.255 comment="" disabled=no \
interface=LAN network=192.168.1.0

Routing

# jun/13/2008 23:10:02 by RouterOS 3.10
# software id = A90W-3CT
#
/ip route

add comment="SMTP Traffic out" disabled=no distance=1 dst-address=0.0.0.0/0 \
gateway=10.95.130.129 routing-mark=smtp-out scope=30 target-scope=10

add comment="Default Route to Internet Wireless" disabled=no distance=1 \
dst-address=0.0.0.0/0 gateway=10.95.130.129 scope=30 target-scope=10

add comment="ECMP route for HTTP" disabled=no distance=1 dst-address=\
0.0.0.0/0 gateway=10.95.130.129,10.168.2.1,10.168.2.1 routing-mark=\
ecmp-http-route scope=30 target-scope=10

add comment="Default Route to Internet ADSL" disabled=yes distance=1 \
dst-address=0.0.0.0/0 gateway=10.168.2.1 scope=30 target-scope=10

add comment="DNS Wireless" disabled=no distance=1 dst-address=\
202.95.128.60/32 gateway=10.95.130.129 scope=30 target-scope=10

add comment="DNS Speedy" disabled=no distance=1 dst-address=202.134.2.5/32 \
gateway=10.168.2.1 scope=30 target-scope=10

Mangle

# jun/13/2008 23:09:21 by RouterOS 3.10
# software id = A90W-3CT
#
/ip firewall mangle

add action=mark-routing chain=prerouting comment=\
" Route HTTP traffic to ECMP" disabled=no dst-port=80 new-routing-mark=\
ecmp-http-route passthrough=yes protocol=tcp

add action=mark-routing chain=prerouting comment="SMTP Traffic" disabled=no \
dst-port=25 new-routing-mark=smtp-out passthrough=yes protocol=tcp

NAT

# jun/13/2008 23:08:44 by RouterOS 3.10
# software id = A90W-3CT
#
/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no src-address=\
192.168.1.0/24


SCRIPT

# jun/13/2008 23:06:31 by RouterOS 3.10
# software id = A90W-3CT
#
/system script

add name=ecmp-shutdown policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source=":if ([/pin\
g 10.95.130.129 count=1]=0 || [/ping 10.168.2.1 count=1]=0) do={:log inf\
o \"Gateway down\" \r\
\n/ip route disable [/ip route find comment=\"ECMP route for HTTP\"] } els\
e {:log info \"ecmp-shutdown check ok\"}"

add name=ecmp-startup policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source=":if ([/pin\
g 10.95.130.129 count=1]=1 && [/ping 10.168.2.1 count=1]=1 && [/ip route\
get [find comment=\"ECMP route for HTTP\"] disabled]=true ) do={:log info\
\"Both Gateway are up\"\r\
\n/ip route enable [/ip route find comment=\"ECMP route for HTTP\"]} else \
{:log info \"ecmp-startup check ok\"}"

add name=wireless-gateway-check policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff source=":if ([/pin\
g 10.95.130.129 count=1]=1) do={:log info \"Wireless Gateway are up\"\r\
\n/ip route enable [/ip route find comment=\"Default Route to Internet Wir\
eless\"]\r\
\n/ip route disable [/ip route find comment=\"Default Route to Internet AD\
SL\"]\r\
\n} else {:log info \"Wireless Gateway are down\"\r\
\n/ip route disable [/ip route find comment=\"Default Route to Internet Wi\
reless\"]\r\
\n/ip route enable [/ip route find comment=\"Default Route to Internet ADS\
L\"]\r\
\n}"

SCHEDULER

# jun/13/2008 23:08:12 by RouterOS 3.10
# software id = A90W-3CT
#
/system scheduler
add comment="" disabled=no interval=25s name=gateway-check on-event=\
ecmp-shutdown start-date=jun/13/2008 start-time=16:26:27

add comment="" disabled=no interval=30s name=gateway-check on-event=\
ecmp-startup start-date=jun/13/2008 start-time=16:26:27

add comment="" disabled=no interval=20s name=wireless-gateway-check on-event=\
wireless-gateway-check start-date=jun/13/2008 start-time=16:26:27



semoga script-script diatas bisa langsung di import tinggal disesuaikan saja ip-ip nya

kelemahan dari konfigurasi ini adalah ip 10.168.2.1 walaupun ADSL nya down tetap bisa diping karena itu ip dibelakang adsl-router harusnya 10.168.2.1 dibagian script diganti dengan ip statik ADSL , jadi kalau ADSL nya mati mestinya ip tersebut tidak bisa di ping.
Diposting oleh di

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)