Connection load balancing with mikrotik [workshop]
-
Upload
achmad-mardiansyah -
Category
Internet
-
view
206 -
download
0
Transcript of Connection load balancing with mikrotik [workshop]
![Page 1: Connection load balancing with mikrotik [workshop]](https://reader031.fdocuments.net/reader031/viewer/2022021506/587e74fc1a28ab38068b6479/html5/thumbnails/1.jpg)
www.glcnetworks.com
Connection load balancing with mikrotik [workshop]
Mikrotik User Meeting Jakarta, 13 october 2016
Achmad [email protected] Networks, Indonesia
![Page 2: Connection load balancing with mikrotik [workshop]](https://reader031.fdocuments.net/reader031/viewer/2022021506/587e74fc1a28ab38068b6479/html5/thumbnails/2.jpg)
www.glcnetworks.com
Agenda
● Introduction● The basics: connection and routing● Load Balancing (LB) techniques (PCC)● Some issues and recommendations● Q & A
2
![Page 3: Connection load balancing with mikrotik [workshop]](https://reader031.fdocuments.net/reader031/viewer/2022021506/587e74fc1a28ab38068b6479/html5/thumbnails/3.jpg)
www.glcnetworks.com
What is GLC?
● Garda Lintas Cakrawala (www.glcnetworks.com)● An Indonesian company● Located in Bandung● Areas: Training, IT Consulting● Mikrotik Certified Training Partner● Mikrotik Certified Consultant● Mikrotik distributor
3
![Page 4: Connection load balancing with mikrotik [workshop]](https://reader031.fdocuments.net/reader031/viewer/2022021506/587e74fc1a28ab38068b6479/html5/thumbnails/4.jpg)
www.glcnetworks.com
Trainer Introduction
● Name: Achmad Mardiansyah● Base: bandung, Indonesia● Linux user since ’99● Certified Trainer (MTCNA/RE/WE/UME/INE/TCE)● Mikrotik Certified Consultant● Work: Telco engineer, Sysadmin, PHP programmer,
and Lecturer● Personal website: http://achmad.glcnetworks.com● More info:
http://au.linkedin.com/in/achmadmardiansyah
4
![Page 5: Connection load balancing with mikrotik [workshop]](https://reader031.fdocuments.net/reader031/viewer/2022021506/587e74fc1a28ab38068b6479/html5/thumbnails/5.jpg)
www.glcnetworks.com
About Telkom University
● Located in Bandung, Indonesia● 7 Faculties, 27 schools● Areas: Engineering, Communications, Computing, Bussiness and
management, Arts● 650+ Academic staff, 400+ Administration staff, 20000+ students● An exchange program● Runs mikrotik academy program
5
![Page 6: Connection load balancing with mikrotik [workshop]](https://reader031.fdocuments.net/reader031/viewer/2022021506/587e74fc1a28ab38068b6479/html5/thumbnails/6.jpg)
www.glcnetworks.com
Mikrotik academy @ TEL-U
● Started in 2013● Embedded into schools curricula● 100% hands-on● Get MTCNA certification
6
![Page 7: Connection load balancing with mikrotik [workshop]](https://reader031.fdocuments.net/reader031/viewer/2022021506/587e74fc1a28ab38068b6479/html5/thumbnails/7.jpg)
www.glcnetworks.com
The basics: Connection and Routing
7
![Page 8: Connection load balancing with mikrotik [workshop]](https://reader031.fdocuments.net/reader031/viewer/2022021506/587e74fc1a28ab38068b6479/html5/thumbnails/8.jpg)
www.glcnetworks.com
Why should i care?
● Lots of tutorials in internet!!!● Tons of pages, tutorial, videos
Questions for reader:
● Do you really understand that?● Did the writer understand that?● Is it really works as expected?
8
![Page 9: Connection load balancing with mikrotik [workshop]](https://reader031.fdocuments.net/reader031/viewer/2022021506/587e74fc1a28ab38068b6479/html5/thumbnails/9.jpg)
www.glcnetworks.com
Are those webpages really works on you?
● Information overloaded… which one suits you?
● Perhaps they have different environment on their network
● You need to understand how it works...
9
![Page 10: Connection load balancing with mikrotik [workshop]](https://reader031.fdocuments.net/reader031/viewer/2022021506/587e74fc1a28ab38068b6479/html5/thumbnails/10.jpg)
www.glcnetworks.com
What is (traffic) load balancing?
● Is a process to forward traffic on several links
● Applied on router● != failover
Benefits:
● Increase utilisation of upstream links
10
ISP1 ISP2
LAN
ether5 ether6
webserver
ISP3
![Page 11: Connection load balancing with mikrotik [workshop]](https://reader031.fdocuments.net/reader031/viewer/2022021506/587e74fc1a28ab38068b6479/html5/thumbnails/11.jpg)
www.glcnetworks.com
What is connection?
● When you access a server you will create a connection
● Connection is identified by a set of IP addresses (source and destination) and ports (source and destination)
● See connection tracking below
11
ISP1 ISP2
LAN
ether5 ether6
webserver
ISP3
![Page 12: Connection load balancing with mikrotik [workshop]](https://reader031.fdocuments.net/reader031/viewer/2022021506/587e74fc1a28ab38068b6479/html5/thumbnails/12.jpg)
www.glcnetworks.com
Single connection to a website
Website with single connection: http://test.glcnetworks.com
1212
ISP1 ISP2
LAN
ether5 ether6
ISP3
![Page 13: Connection load balancing with mikrotik [workshop]](https://reader031.fdocuments.net/reader031/viewer/2022021506/587e74fc1a28ab38068b6479/html5/thumbnails/13.jpg)
www.glcnetworks.com
Website with multiple objects
1313
ISP1 ISP2
LAN
ether5 ether6
ISP3● Client will open multiple connections to get
website components
Connection 1
Connection 2
Connection 3
![Page 14: Connection load balancing with mikrotik [workshop]](https://reader031.fdocuments.net/reader031/viewer/2022021506/587e74fc1a28ab38068b6479/html5/thumbnails/14.jpg)
www.glcnetworks.com
Routing and Forwarding
● A process to forward a packet from input interface to output interface, based on information on routing table.
● As we use private IP address, there will be a NAT process before sending out to exit interface
● To check our public IP address, go to http://test.glcnetworks.com
1414
ISP1 ISP2
LAN
ether5 ether6
ISP3
![Page 15: Connection load balancing with mikrotik [workshop]](https://reader031.fdocuments.net/reader031/viewer/2022021506/587e74fc1a28ab38068b6479/html5/thumbnails/15.jpg)
www.glcnetworks.com
Adjust routing (mangle: mark-routing)
● Process to mark a packet to for routing purpose● Steps:
○ Create firewall mangle with action mark-routing○ Create routing entry with defined-mark○ Create NAT rule if we use private IP address
● To check our public IP address, go to http://test.glcnetworks.com
1515
ISP1 ISP2
LAN
ether5 ether6
ISP3
![Page 16: Connection load balancing with mikrotik [workshop]](https://reader031.fdocuments.net/reader031/viewer/2022021506/587e74fc1a28ab38068b6479/html5/thumbnails/16.jpg)
www.glcnetworks.com
Forward traffic via ISP2 using mangle
16
![Page 17: Connection load balancing with mikrotik [workshop]](https://reader031.fdocuments.net/reader031/viewer/2022021506/587e74fc1a28ab38068b6479/html5/thumbnails/17.jpg)
www.glcnetworks.com
Forward traffic via ISP1 using mangle
17
![Page 18: Connection load balancing with mikrotik [workshop]](https://reader031.fdocuments.net/reader031/viewer/2022021506/587e74fc1a28ab38068b6479/html5/thumbnails/18.jpg)
www.glcnetworks.com
Load Balancing techniques
18
![Page 19: Connection load balancing with mikrotik [workshop]](https://reader031.fdocuments.net/reader031/viewer/2022021506/587e74fc1a28ab38068b6479/html5/thumbnails/19.jpg)
www.glcnetworks.com
Load balancing techniques
19
Method Per-connection per-packet
Firewall marking YES YES
ECMP YES NO
PCC YES NO
Nth YES YES
Bonding NO YES
OSPF YES NO
BGP YES NO
![Page 20: Connection load balancing with mikrotik [workshop]](https://reader031.fdocuments.net/reader031/viewer/2022021506/587e74fc1a28ab38068b6479/html5/thumbnails/20.jpg)
www.glcnetworks.com
How PCC works?
● PCC = Per Connection Classifier● PCC can identify the connection and mark them
for further processing● Example: a client opens a multi-object website via
single ISP. both addresses (src-address and dst-address) are used to identify connection
● PCC can identify each connection made from client
20
ISP1
LAN
ether5
ISP3
Connection 1
Connection 2
Connection 3
![Page 21: Connection load balancing with mikrotik [workshop]](https://reader031.fdocuments.net/reader031/viewer/2022021506/587e74fc1a28ab38068b6479/html5/thumbnails/21.jpg)
www.glcnetworks.com
Applying PCC
● You need to understand the concept of connection● Applied on firewall mangle● Need to define classifier. Can be based on:
○ Source or destination address only○ Both addresses○ Etc
● Define connection number and total connection
21
Total connection
Connection identifier
![Page 22: Connection load balancing with mikrotik [workshop]](https://reader031.fdocuments.net/reader031/viewer/2022021506/587e74fc1a28ab38068b6479/html5/thumbnails/22.jpg)
www.glcnetworks.com
Lets play with PCC classifier...
● Apply different classifier and check the result
22
![Page 23: Connection load balancing with mikrotik [workshop]](https://reader031.fdocuments.net/reader031/viewer/2022021506/587e74fc1a28ab38068b6479/html5/thumbnails/23.jpg)
www.glcnetworks.com
Website with multiple objects, LB with classifier: both address
2323
ISP1 ISP2
LAN
ether5 ether6
ISP3
Connection 1
Connection 2
Connection 3
![Page 24: Connection load balancing with mikrotik [workshop]](https://reader031.fdocuments.net/reader031/viewer/2022021506/587e74fc1a28ab38068b6479/html5/thumbnails/24.jpg)
www.glcnetworks.com
Some issues & recommendations
24
![Page 25: Connection load balancing with mikrotik [workshop]](https://reader031.fdocuments.net/reader031/viewer/2022021506/587e74fc1a28ab38068b6479/html5/thumbnails/25.jpg)
www.glcnetworks.com
Some issues & recommendations
Issues:
● Beware of NATed connection -> webserver will see inbound connection from 2 ip public addresses -> page will not displayed correctly (as it is considered illegal session)
● Beware of NATed connection -> webserver will see inbound connection from 2 ip public addresses -> banking / https pages will not allow you to access their website
Recommendations
● If you use NAT, Better to use classifier based on source IP address only -> will give client consistent path to the destination
● Avoid NAT if possible -> using public IP address end-to-end -> use BGP -> better performance
25
![Page 27: Connection load balancing with mikrotik [workshop]](https://reader031.fdocuments.net/reader031/viewer/2022021506/587e74fc1a28ab38068b6479/html5/thumbnails/27.jpg)
www.glcnetworks.com
Some info
● Hope you are more curious now● These materials are part of Mikrotik Certified Traffic Control Engineer
(MTCTCE) course● If you are interested, you can sign up to our website
27
![Page 28: Connection load balancing with mikrotik [workshop]](https://reader031.fdocuments.net/reader031/viewer/2022021506/587e74fc1a28ab38068b6479/html5/thumbnails/28.jpg)
www.glcnetworks.com
End of slides
● Thank you for your attention ● Please submit your feedback: http://bit.ly/glcfeedback● Like our facebook page: “GLC networks”● Stay tune with our schedule
28