Scribd Logo
Upload

Welcome to Scribd!

  • 1.balanceo de Carga 3lineas

    Uploaded by

    Alex Eduardo Meléndez Villa
    44 views3 pages
    Balanceo de Carga 3lineas

    Original Title

    1.Balanceo de Carga 3lineas

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Balanceo de Carga 3lineas

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    44 views3 pages

    1.balanceo de Carga 3lineas

    Uploaded by

    Alex Eduardo Meléndez Villa
    Balanceo de Carga 3lineas

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Balanceo de carga PCC con lneas dedicadas para diferentes tipos de trfico

    ===========================================================================
    Lo primero, sacar cada cosa por donde entr:
    /ip firewall mangle
    add action=mark-connection chain=prerouting comment="Marcar conexiones que entra
    n por WAN1" connection-state=new disabled=no in-interface=PPPoE1 new-connectionmark=WAN1_IN passthrough=yes
    add action=mark-connection chain=prerouting comment="Marcar conexiones que entra
    n por WAN2" connection-state=new disabled=no in-interface=PPPoE2 new-connectionmark=WAN2_IN passthrough=yes
    add action=mark-connection chain=prerouting comment="Marcar conexiones que entra
    n por WAN3" connection-state=new disabled=no in-interface= PPPoE3 new-connection
    -mark=WAN3_IN passthrough=yes
    add action=mark-routing chain=output comment="Marcar paquetes que entraron por W
    AN1 para salida por la misma WAN" connection-mark=WAN1_IN disabled=no new-routin
    g-mark=TO_WAN1 passthrough=yes
    add action=mark-routing chain=output comment="Marcar paquetes que entraron por W
    AN2 para salida por la misma WAN" connection-mark=WAN2_IN disabled=no new-routin
    g-mark=TO_WAN2 passthrough=yes
    add action=mark-routing chain=output comment="Marcar paquetes que entraron por W
    AN3 para salida por la misma WAN" connection-mark=WAN3_IN disabled=no new-routin
    g-mark=TO_WAN3 passthrough=yes
    ===========================================================================
    Sacar de balanceo a determinados clientes.
    add action=mark-routing chain=prerouting comment="Sacar siempre por WAN1 a los c
    lientes" disabled=no in-interface=LAN new-routing-mark=TO_WAN1 passthrough=no sr
    c-address-list=siempreporlinea1
    add action=mark-routing chain=prerouting comment="Sacar siempre por WAN2 a los c
    lientes" disabled=no in-interface=LAN new-routing-mark=TO_WAN2 passthrough=no sr
    c-address-list=siempreporlinea2
    add action=mark-routing chain=prerouting comment="Sacar siempre por WAN3 a los c
    lientes" disabled=no in-interface=LAN new-routing-mark=TO_WAN3 passthrough=no sr
    c-address-list=siempreporlinea3
    ===========================================================================
    Sacar algunos puertos fuera de balanceo
    add action=mark-connection chain=prerouting comment="Puertos UDP que deben salir
    solo por WAN1" connection-mark=no-mark connection-state=new disabled=no dst-add
    ress-type=!local dst-port=6001,6003,3001,3003,53,8121,27915 in-interface=LAN new
    -connection-mark=WAN1_IN passthrough=yes protocol=udp
    add action=mark-connection chain=prerouting comment="Puertos TCP que deben salir
    solo por WAN1" connection-state=new disabled=no dst-address-type=!local dst-por
    t=6001,6003,3001,3003,53,8121,27915 in-interface=LAN new-connection-mark=WAN1_IN
    passthrough=yes protocol=tcp
    ===========================================================================
    Balanceo de puertos para lneas limpias .
    add action=mark-connection chain=prerouting comment="Marcar la mitad del trfico l
    impio para WAN1" connection-mark=no-mark connection-state=new disabled=no dst-ad
    dress-type=!local dst-port=80,443,110,587,25,3398,21,22,23,143,993,4070,1935,30
    74,10000 in-interface=LAN new-connection-mark=WAN1_IN passthrough=yes per-connec
    tion-classifier=both-addresses:2/0 protocol=tcp
    add action=mark-connection chain=prerouting comment="Marcar la mitad del trfico l
    impio para WAN2" connection-mark=no-mark connection-state=new disabled=no dst-ad
    dress-type=!local dst-port=80,443,110,587,25,3398,21,22,23,143,993,4070,1935,307

    4,10000 in-interface=LAN new-connection-mark=WAN2_IN passthrough=yes per-connect


    ion-classifier=both-addresses:2/1 protocol=tcp

    ===========================================================================
    A continuacin, un ejemplo que enva por las lneas buenas el trfico de telefona SIP marc
    do por Layer7
    add action=mark-connection chain=forward comment="Marcar la mitad de las conexio
    nes SIP para WAN1" connection-state=new disabled=no dst-address-type=!local ininterface=LAN layer7-protocol=SIP new-connection-mark=WAN1_IN passthrough=yes pe
    r-connection-classifier=both-addresses:2/0
    add action=mark-connection chain=forward comment="Marcar la mitad de las conexio
    nes SIP para WAN2" connection-state=new disabled=no dst-address-type=!local ininterface=LAN layer7-protocol=SIP new-connection-mark=WAN2_IN passthrough=yes pe
    r-connection-classifier=both-addresses:2/1
    ===========================================================================
    A continuacin un ejemplo de uso de otro atributo (protocolo) para sacar ICMP (com
    o el ping) por las lneas limpias.
    add action=mark-connection chain=prerouting comment="Marcar la mitad de ICMP par
    a WAN1" connection-state=new disabled=no dst-address-type=!local in-interface=LA
    N new-connection-mark=WAN1_IN passthrough=yes per-connection-classifier=both-add
    resses:2/0 protocol=icmp
    add action=mark-connection chain=prerouting comment="Marcar la mitad de ICMP par
    a WAN2" connection-state=new disabled=no dst-address-type=!local in-interface=LA
    N new-connection-mark=WAN2_IN passthrough=yes per-connection-classifier=both-add
    resses:2/1 protocol=icmp
    ===========================================================================
    Resto de conexiones
    add action=mark-connection chain=prerouting comment="Marcar RESTO para WAN3" con
    nection-mark=no-mark connection-state=new disabled=no dst-address-type=!local in
    -interface=LAN new-connection-mark=WAN3_IN passthrough=yes
    ===========================================================================
    Marcado de paquetes para rutar
    add action=mark-routing chain=prerouting comment="Marcar para ruteo
    ida (TO_WAN1)" connection-mark=WAN1_IN disabled=no in-interface=LAN
    mark=TO_WAN1 passthrough=yes
    add action=mark-routing chain=prerouting comment="Marcar para ruteo
    ida (TO_WAN2)" connection-mark=WAN2_IN disabled=no in-interface=LAN
    mark=TO_WAN2 passthrough=yes
    add action=mark-routing chain=prerouting comment="Marcar para ruteo
    ida (TO_WAN3)" connection-mark=WAN3_IN disabled=no in-interface=LAN
    mark=TO_WAN3 passthrough=yes

    por cada sal


    new-routingpor cada sal
    new-routingpor cada sal
    new-routing-

    ===========================================================================
    Si hay algn paquete que se escap sin marcar para rutar, lo podemos hacer, si quere
    mos, ahora:
    add action=mark-routing chain=prerouting comment="Paquetes sin marca de ruteo pa
    ra WAN3" disabled=no in-interface=LAN new-routing-mark=TO_WAN3 passthrough=yes r
    outing-mark=main
    ===========================================================================
    Aqu acaba Mangle.

    Rutas
    Ahora con nuestras marcas de ruteo hechas, creamos las rutas. Aqu no hay nada dif
    erente a un balanceo PCC habitual:
    /ip route
    add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0
    e-out1 routing-mark=TO_WAN1 scope=30 target-scope=10
    add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0
    e-out2 routing-mark=TO_WAN2 scope=30 target-scope=10
    add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0
    e-out3 routing-mark=TO_WAN3 scope=30 target-scope=10
    add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0
    e-out1 scope=30 target-scope=10
    add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0
    e-out2 scope=30 target-scope=10
    add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0
    e-out3 scope=30 target-scope=10

    gateway=pppo
    gateway=pppo
    gateway=pppo
    gateway=pppo
    gateway=pppo
    gateway=pppo

    ===========================================================================
    Masquerade
    Enmascaramos nuestra red interna para navegar:
    /ip
    add
    add
    add

    firewall nat
    action=masquerade chain=srcnat disabled=no out-interface=pppoe-out1
    action=masquerade chain=srcnat disabled=no out-interface=pppoe-out2
    action=masquerade chain=srcnat disabled=no out-interface=pppoe-out3

    You might also like