Load Balance Mikrotik dengan 2 WAN + 1 VPN

IFANET INDONESIA , MIKROTIK ( 19/06/2020 ) – Kali ini kita akan bahas seputar LOADBALANCE WAN + Koneksi VPN. Dengan simulasi koneksi sebagai berikut :

  1. Per Connection Classifier (PCC) Load Balance ini digunakan untuk load balancing round-robin dengan konfigurasi sebagai berikut:
  2. Internet: Provider-01 ( static Private IP ) – 192.168.10.0/24
  3. Internet: Provider-02 ( staic Private IP ) – 192.168.11.0/24
  4. VPN menggunakan IP statis. ( 172.16.12.12/28 )
FIREWALL MANGLE

/ip firewall mangle add action=mark-connection chain=input comment=”PCC LB” disabled=no \ in-interface=ether2 new-connection-mark=isp2 passthrough=yes add action=mark-connection chain=input comment=”” disabled=no in-interface=\ isp1 new-connection-mark=isp1 passthrough=yes add action=mark-routing chain=output comment=”” connection-mark=pde disabled=\ no new-routing-mark=pde passthrough=no add action=mark-routing chain=output comment=”” connection-mark=isp1 \ disabled=no new-routing-mark=speedy passthrough=no

Baca Juga :

MANGLE TO ROUTE

/ip firewall mangle add action=accept chain=prerouting comment=”” disabled=no dst-address=\ 192.168.10.0/24 in-interface=br-lan add action=accept chain=prerouting comment=”” disabled=no dst-address=\ 192.168.11.0/24 in-interface=br-lan add action=accept chain=prerouting comment=”” disabled=no dst-address=\ 172.16.12.12/28 in-interface=br-lan

MANGLE-LB

/ip firewall mangle add action=mark-connection chain=prerouting comment=”” disabled=no \ dst-address-type=!local in-interface=isp1 new-connection-mark=pde \ passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 add action=mark-connection chain=prerouting comment=”” disabled=no \ dst-address-type=!local in-interface=isp1 new-connection-mark=speedy \ passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 add action=mark-routing chain=prerouting comment=”” connection-mark=isp2 \ disabled=no in-interface=br-lan new-routing-mark=isp2 passthrough=yes add action=mark-routing chain=prerouting comment=”” connection-mark=isp1 \ disabled=no in-interface=br-lan new-routing-mark=isp1 passthrough=yes

Konfigurasi MASQUERADE

/ip firewall nat add action=masquerade chain=srcnat comment=ISP1 disabled=no out-interface=\ add action=masquerade chain=srcnat comment=ISP2 disabled=no out-interface=\ ether2-isp2 add action=masquerade chain=srcnat comment=VPN disabled=no out-interface=\ ether3-VPN

Konfigurasi Routing

/ip route add check-gateway=ping comment=”” disabled=no distance=1 dst-address=\ 0.0.0.0/0 gateway=192.168.10.1 routing-mark=pde scope=30 target-scope=10 add check-gateway=ping comment=”” disabled=no distance=1 dst-address=\ 0.0.0.0/0 gateway=isp1 routing-mark=isp1 scope=30 target-scope=\ 10 add comment=”” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\ 192.168.11.1 scope=30 target-scope=10 add comment=”” disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\ isp1 scope=30 target-scope=10

Route ini merupakan route statis yang digunakan untuk meneruskan traffic ke interface VPN.

/ip route add comment=”” disabled=no distance=1 dst-address=172.16.12.0/28 gateway=\ 172.16.12.12 scope=30 target-scope=10

Konfigurasi DNS Resolver

/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \ max-udp-packet-size=512 servers=44.55.66.77,55.66.77.88

Untuk Jasa setting Loadbalance dengan topologi yang berbeda, silahkan hubungi kami di 0812-4298-9993

Semoga Bermanfaat,-

Leave a Reply

Your email address will not be published. Required fields are marked *