Thursday, 3 April 2014

PCC Load Balancing + Failover - RB-750 -


/ip address
add address=192.168.3.2/24 disabled=no interface=WAN1 network=192.168.3.0
add address=192.168.4.2/24 disabled=no interface=WAN2 network=192.168.4.0
add address=192.168.5.2/24 disabled=no interface=WAN3 network=192.168.5.0
add address=192.168.0.1/24 disabled=no interface=LAN1 network=192.168.0.0
add address=192.168.1.1/24 disabled=no interface=LAN2 network=192.168.1.0

/ip dhcp-server
add address-pool=pool1 authoritative=after-2sec-delay bootp-support=static disabled=no interface=LAN1 lease-time=3d name=server1
add address-pool=pool1 authoritative=after-2sec-delay bootp-support=static disabled=no interface=LAN2 lease-time=3d name=server2

/ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.1 netmask=24
add address=192.168.1.0/24 gateway=192.168.1.1 netmask=24

/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
add chain=input in-interface=WAN3 action=mark-connection new-connection-mark=WAN3_conn
add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
add chain=output connection-mark=WAN3_conn action=mark-routing new-routing-mark=to_WAN3

add chain=prerouting dst-address=!192.168.0.0/24 in-interface=LAN1 per-connection-classifier=src-address-and-port:3/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address=!192.168.0.0/24 in-interface=LAN1 per-connection-classifier=src-address-and-port:3/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address=!192.168.0.0/24 in-interface=LAN1 per-connection-classifier=src-address-and-port:3/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes
add chain=prerouting dst-address=!192.168.1.0/24 in-interface=LAN2 per-connection-classifier=src-address-and-port:3/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address=!192.168.1.0/24 in-interface=LAN2 per-connection-classifier=src-address-and-port:3/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting dst-address=!192.168.1.0/24 in-interface=LAN2 per-connection-classifier=src-address-and-port:3/2 action=mark-connection new-connection-mark=WAN3_conn passthrough=yes

add chain=prerouting connection-mark=WAN1_conn in-interface=LAN1 action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=LAN1 action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting connection-mark=WAN3_conn in-interface=LAN1 action=mark-routing new-routing-mark=to_WAN3
add chain=prerouting connection-mark=WAN1_conn in-interface=LAN2 action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=LAN2 action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting connection-mark=WAN3_conn in-interface=LAN2 action=mark-routing new-routing-mark=to_WAN3

Rutas por default
/ip route
add dst-address=0.0.0.0/0 gateway=WAN1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=WAN2 routing-mark=to_WAN2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=WAN3 routing-mark=to_WAN3 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=WAN1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=WAN2 distance=2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=WAN3 distance=3 check-gateway=ping


NatRoll simple
/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade
add chain=srcnat out-interface=WAN3 action=masquerade





/tool netwatch
add comment="Host alcanzable por WAN1" disabled=no down-script=":local i 0; {:do {:set i (\$i + 1)} while ((\$i < 5) && ([/ping 192.168.3.1 interval=3 count=1]=0))};\r\
    \n        :if (\$i=5 && [/ip route get [find comment=\"Ruta_WAN1\"] disabled]=false) do={:log info \"WAN1 Gateway down\"; \r\
    \n         /ip route set [find comment=\"Ruta_WAN1\"] disabled=yes}" host=192.168.3.1 interval=30s timeout=100ms up-script=":local i 0; {:do {:set i (\$i + 1)} while (\
    (\$i < 5) && ([/ping 192.168.3.1 interval=3 count=1]=1))}; \r\
    \n       :if (\$i=5 && [/ip route get [find comment=\"Ruta_WAN1\"] disabled]=true) do={:log info \"WAN1 Gateway up\"; \r\
    \n       /ip route set [find comment=\"Ruta_WAN1\"] disabled=no}"
add comment="Host alcanzable por WAN2" disabled=no down-script=":local i 0; {:do {:set i (\$i + 1)} while ((\$i < 5) && ([/ping 192.168.4.1 interval=3 count=1]=0))};\r\
    \n        :if (\$i=5 && [/ip route get [find comment=\"Ruta_WAN2\"] disabled]=false) do={:log info \"WAN2 Gateway down\"; \r\
    \n         /ip route set [find comment=\"Ruta_WAN2\"] disabled=yes}" host=192.168.4.1 interval=30s timeout=100ms up-script=":local i 0; {:do {:set i (\$i + 1)} while (\
    (\$i < 5) && ([/ping 192.168.4.1 interval=3 count=1]=1))}; \r\
    \n       :if (\$i=5 && [/ip route get [find comment=\"Ruta_WAN2\"] disabled]=true) do={:log info \"WAN2 Gateway up\"; \r\
    \n       /ip route set [find comment=\"Ruta_WAN2\"] disabled=no}"

add comment="Host alcanzable por WAN3" disabled=no down-script=":local i 0; {:do {:set i (\$i + 1)} while ((\$i < 5) && ([/ping 192.168.5.1 interval=3 count=1]=0))};\r\
    \n        :if (\$i=5 && [/ip route get [find comment=\"Ruta_WAN3\"] disabled]=false) do={:log info \"WAN3 Gateway down\"; \r\
    \n         /ip route set [find comment=\"Ruta_WAN3\"] disabled=yes}" host=192.168.5.1 interval=30s timeout=100ms up-script=":local i 0; {:do {:set i (\$i + 1)} while (\
    (\$i < 5) && ([/ping 192.168.5.1 interval=3 count=1]=1))}; \r\
    \n       :if (\$i=5 && [/ip route get [find comment=\"Ruta_WAN1\"] disabled]=true) do={:log info \"WAN3 Gateway up\"; \r\
    \n       /ip route set [find comment=\"Ruta_WAN3\"] disabled=no}"



1 comment: