Load balance on the proxy is a technique to distribute the traffic load on two or more lines in a balanced connection, so that traffic can run optimally, maximize throughput, minimize response time and avoid overload on one connection path.
During this time many of us who think wrong, that by using loadbalance two connection lines, the large bandwidth that we'll get double the bandwidth before using loadbalance (accumulation of both the bandwidth). This needs to be clear first, that loadbalance will not add much bandwidth we get, but only served to divide the traffic from both the bandwidth so they can be used in a balanced manner.
With this article, we will prove that the use of load balancing does not like math formulas 512 + 256 = 768, but 512 + 256 = 512 + 256, or 512 + 256 = 256 + 256 + 256.
In this article we use RB433UAH with conditions as follows:
1.Ether1 and ether2 connected to different ISPs with large bandwdith different. ISP1 and ISP2 at 512kbps at 256kbps.
2.Kita will use an internal web-proxy and use OpenDNS.
3.Mikrotik RouterOS you are using version 4.5 because the PCC has become a popular feature at the 3:24 version.
If the above condition is different from the network conditions at your house, then the configuration that we describe here will have to match you with the configuration for the network at your house
Basic ConfigurationHere is a network topology and the IP address that we will use
/ Ip addressadd address = 192.168.101.2/30 interface = ether1add address = 192.168.102.2/30 interface = ether2add address = 10.10.10.1/24 interface = wlan2/ Ip dnsset allow-remote-requests = yes primary-dns = 208.67.222.222 secondary-dns = 208.67.220.220
For client connections, we use a wireless connection at wlan2 by client IP range 10.10.10.2 s / d 10.10.10.254 netmask 255.255.255.0, which matched the IP 10.10.10.1 on wlan2 serves as a gateway and dns server from the client. If you use DNS from one of your isp, then there will be additional mangle shall we give sign of thickness
After pengkonfigurasian IP and DNS are correct, we must pair the default route to each of our ISP gateway IP for the router to forward all traffic that does not connect him to the gateway. Here we use feature check-gateway and gateway is useful if one of us dropped out, then the connection will be diverted to other gateways.
/ Ip routeadd dst-address = 0.0.0.0 / 0 gateway = 192.168.101.1 distance = 1 check-gateway = pingadd dst-address = 0.0.0.0 / 0 gateway = 192.168.102.1 distance = 2 check-gateway = ping
For Access Point settings so the PC can connect to the wireless client, we use the command
/ Interface wirelesswlan2 set mode = ap-bridge band = 2.4GHz-b / g ssid = MikroTik disabled = no
In order for the client pc can connect to the internet, we also have to change the private IP to public IP client that is in our public interface that is ether1 and ether2.
/ Ip firewall natadd action = masquerade chain = srcnat out-interface = ether1add action = masquerade chain = srcnat out-interface = ether2
Until this step, the router and pc clients are able to do an internet connection. Ping the router or pc both from the client to the Internet. If not successful, check your configuration again.
Internal Webproxy
In particular RouterBoard, like RB450G, RB433AH, RB433UAH, RB800 and RB1100 has an expansion slot (USB, MicroSD, CompactFlash) for additional storage. In the next example, we will use the usb flash is attached to a USB slot. For the first time installation, this additional storage will be read status invalid in the / system store. To be used as storage media cache, then the storage must be formatted in advance and activated Later we live webproxy activate and set the cache-on-disk = yes to use our storage media. Do not forget to redirect HTTP traffic (tcp port 80) into our webproxy.
/ Store disk-drive format usb1
/ Storeadd disk = usb1 usb name = cache-type = web-proxyactivate cache-usb
/ Ip proxyset cache-on-disk = yes enabled = yes max-cache-size = 200000KiB port = 8080
/ Ip firewall natdstnat add chain = tcp protocol = dst-port = 80 in-interface = wlan2 action = redirect to-ports = 8080
Setting Mangle
In loadbalancing this time we will use a feature called PCC (Per Connection Classifier). With the PCC we can categorize traffic or outgoing connection through a router entry into several groups. These groupings can be distinguished on the basis of src-address, dst-address, src or dst-port and-port. The router will remember the beginning of the path through which the traffic gateway connections, so that the subsequent packets that are still associated with the connection initially will be passed on the same gateway route. The advantages of this PCC is to answer many complaints often break the connection on the other loadbalancing techniques prior to the PCC because of the displacement gateway ..
Before making mangle loadbalance, to prevent routing loops in the traffic, then all client traffic to the networks that connect directly to the router, should we bypass the loadbalancing. We can make a list of IP that are still in a network router and install the first time following mangle
/ Ip firewall address-listadd address = 192.168.101.0/30 local list =add address = 192.168.102.0/30 local list =add address = 10.10.10.0/24 local list =
/ Ip firewall mangleadd action = accept chain = prerouting dst-address-list = local in-interface = wlan2 comment = "local traffic"add action = accept chain = output dst-address-list = local
In certain cases, the first traffic can come from the Internet, such as the use of remote Winbox or telnet from the internet and so, therefore we also need to mark the mark-connection traffic so that traffic can pass through it also the interface where the incoming traffic
/ Ip firewall mangleadd action = mark-connection chain = prerouting connection-mark = no-mark in-interface = ether1 new-connection-mark = con-from-isp1 passthrough = yes comment = "traffic from isp1"add action = mark-connection chain = prerouting connection-mark = no-mark in-interface = ether2 new-connection-mark = con-from-isp2 passthrough = yes comment = "traffic from isp2"
Generally, an ISP will restrict access to DNS server of the IP which is only known for, so if you use the DNS from one ISP, you must add mangle for traffic control through the respective ISP gateway rather than through any other ISP gateway. Here we provide mangle DNS ISP1 through ISP1 gateway. If you are using a public DNS independent, such as OpenDNS, you do not need a mangle below.
/ Ip firewall mangleadd action = mark-connection chain = output comment = dns dst-address = 202.65.112.21 dst-port = 53 new-connection-mark = dns passthrough = yes protocol = tcp comment = "traffic control citra.net.id"add action = mark-connection chain = output dst-address = 202.65.112.21 dst-port = 53 new-connection-mark = dns passthrough = yes protocol = udpadd action = mark-routing chain = output connection-mark = dns new-routing-mark = route-to-isp1 passthrough = no
Because we use webproxy on the router, then the traffic that we need loadbalance there are 2 types. The first is the traffic from client to the Internet (non-HTTP), and traffic from webproxy to the internet. To be more structured and easier in the reading, we will use custom-chain as follows:
/ Ip firewall mangleadd action = jump chain = prerouting comment = "jump to a client-lb" connection-mark = no-mark in-interface = wlan2 jump-target = client-lbadd action = jump chain = output comment = "jump to the lb-proxy" connection-mark = no-mark out-interface =! wlan2 jump-target = lb-proxy
In the mangle above, to make sure the client loadbalance traffic parameters in-interface is the interface that is connected with the client, and for traffic loadbalance webproxy, we use the output chain with out-interface parameters which are not connected to the interface client. After a custom chain for loadbalancing made, we can create custom mangle in the following chain
/ Ip firewall mangleadd action = mark-connection chain = client-lb dst-address-type =! local new-connection-mark = to-isp1 passthrough = yes-per-connection-classifier = both-addresses: 3 / 0 comment = "initial client loadbalancing "add action = mark-connection chain = client-lb dst-address-type =! local new-connection-mark = to-isp1 passthrough = yes-per-connection-classifier = both-addresses: 3 / 1add action = mark-connection chain = client-lb dst-address-type =! local new-connection-mark = to-isp2 passthrough = yes-per-connection-classifier = both-addresses: 3 / 2add action = return chain = client-lb comment = "end of loadbalancing"
/ Ip firewall mangleadd action = mark-connection chain = lb-proxy dst-address-type =! local new-connection-mark = con-from-isp1 passthrough = yes-per-connection-classifier = both-addresses: 3 / 0 comment = "initial load balancing proxy "add action = mark-connection chain = lb-proxy dst-address-type =! local new-connection-mark = con-from-isp1 passthrough = yes-per-connection-classifier = both-addresses: 3 / 1add action = mark-connection chain = lb-proxy dst-address-type =! local new-connection-mark = con-from-isp2 passthrough = yes-per-connection-classifier = both-addresses: 3 / 2add action = return = lb-proxy chain comment = "end of loadbalancing"
For the example above, the client and webproxy loadbalancing using PCC traffic separation parameters the same, namely both-address, so the router will keep in mind based on the src-address and dst-address of a connection. Because we are a different ISP traffic (512kbps and 256kbps), we divide the traffic load into 3 parts. 2 parts will first pass through ISP1 gateway, and a final section will pass through the gateway ISP2. If the traffic of each client and proxy is selected, the next step we need to create mangle mark-route to be used in the routing process will
/ Ip firewall mangleadd action = jump chain = prerouting comment = "route marking client" connection-mark =! no-mark in-interface = wlan2 jump-target = route-clientadd action = mark-routing chain = route-client connection-mark = to-isp1 new-routing-mark = route-to-isp1 passthrough = noadd action = mark-routing chain = route-client connection-mark = to-isp2 new-routing-mark = route-to-isp2 passthrough = noadd action = mark-routing chain = route-client connection-mark = con-from-isp1 new-routing-mark = route-to-isp1 passthrough = noadd action = mark-routing chain = route-client connection-mark = con-from-isp2 new-routing-mark = route-to-isp2 passthrough = noadd action = return chain = route-client disabled = no
/ Ip firewall mangleadd action = mark-routing chain = output comment = "proxy route marking" connection-mark = con-from-isp1 new-routing-mark = route-to-isp1 out-interface =! wlan2 passthrough = noadd action = mark-routing chain = output connection-mark = con-from-isp2 new-routing-mark = route-to-isp2 out-interface =! wlan2 passthrough = no
Routing settings
Mangle settings above will not be useful if you have not made a mark-based routing route we've created. Here we will also make a backup routing, so that if a gateway is lost, then all connections will go through gateways that connect each
/ Ip routeadd check-gateway = ping dst-address = 0.0.0.0 / 0 gateway = 192.168.101.1 routing-mark = route-to-isp1 distance = 1add check-gateway = ping dst-address = 0.0.0.0 / 0 gateway = 192.168.102.1 routing-mark = route-to-isp1 distance = 2add check-gateway = ping dst-address = 0.0.0.0 / 0 gateway = 192.168.102.1 routing-mark = route-to-isp2 distance = 1add check-gateway = ping dst-address = 0.0.0.0 / 0 gateway = 192.168.101.1 routing-mark = route-to-isp2 distance = 2
Examination
From our test results, obtained as follows
From the picture shown, that only by doing a file download (1 connection), we only get 56kbps speed (448kbps) because at that time through ISP1 gateway, whereas if we download a file (open a new connection) again on another website, will get 30kBps (240kbps). From this test looks can be concluded that
≠ + 256kbps 512kbps 768kbps
Note:
• Loadbalancing use this PCC technique will be effective and balanced approach when more and more connections (from clients) that occurred.• Use an ISP that has a bandwidth of FIX not Share to obtain more optimal results.• Load Balance using the PCC is not forever and entirely a solution that would work well in all types of networks, because the process of balancing the traffic is based on the logic of probability.
During this time many of us who think wrong, that by using loadbalance two connection lines, the large bandwidth that we'll get double the bandwidth before using loadbalance (accumulation of both the bandwidth). This needs to be clear first, that loadbalance will not add much bandwidth we get, but only served to divide the traffic from both the bandwidth so they can be used in a balanced manner.
With this article, we will prove that the use of load balancing does not like math formulas 512 + 256 = 768, but 512 + 256 = 512 + 256, or 512 + 256 = 256 + 256 + 256.
In this article we use RB433UAH with conditions as follows:
1.Ether1 and ether2 connected to different ISPs with large bandwdith different. ISP1 and ISP2 at 512kbps at 256kbps.
2.Kita will use an internal web-proxy and use OpenDNS.
3.Mikrotik RouterOS you are using version 4.5 because the PCC has become a popular feature at the 3:24 version.
If the above condition is different from the network conditions at your house, then the configuration that we describe here will have to match you with the configuration for the network at your house
Basic ConfigurationHere is a network topology and the IP address that we will use
/ Ip addressadd address = 192.168.101.2/30 interface = ether1add address = 192.168.102.2/30 interface = ether2add address = 10.10.10.1/24 interface = wlan2/ Ip dnsset allow-remote-requests = yes primary-dns = 208.67.222.222 secondary-dns = 208.67.220.220
For client connections, we use a wireless connection at wlan2 by client IP range 10.10.10.2 s / d 10.10.10.254 netmask 255.255.255.0, which matched the IP 10.10.10.1 on wlan2 serves as a gateway and dns server from the client. If you use DNS from one of your isp, then there will be additional mangle shall we give sign of thickness
After pengkonfigurasian IP and DNS are correct, we must pair the default route to each of our ISP gateway IP for the router to forward all traffic that does not connect him to the gateway. Here we use feature check-gateway and gateway is useful if one of us dropped out, then the connection will be diverted to other gateways.
/ Ip routeadd dst-address = 0.0.0.0 / 0 gateway = 192.168.101.1 distance = 1 check-gateway = pingadd dst-address = 0.0.0.0 / 0 gateway = 192.168.102.1 distance = 2 check-gateway = ping
For Access Point settings so the PC can connect to the wireless client, we use the command
/ Interface wirelesswlan2 set mode = ap-bridge band = 2.4GHz-b / g ssid = MikroTik disabled = no
In order for the client pc can connect to the internet, we also have to change the private IP to public IP client that is in our public interface that is ether1 and ether2.
/ Ip firewall natadd action = masquerade chain = srcnat out-interface = ether1add action = masquerade chain = srcnat out-interface = ether2
Until this step, the router and pc clients are able to do an internet connection. Ping the router or pc both from the client to the Internet. If not successful, check your configuration again.
Internal Webproxy
In particular RouterBoard, like RB450G, RB433AH, RB433UAH, RB800 and RB1100 has an expansion slot (USB, MicroSD, CompactFlash) for additional storage. In the next example, we will use the usb flash is attached to a USB slot. For the first time installation, this additional storage will be read status invalid in the / system store. To be used as storage media cache, then the storage must be formatted in advance and activated Later we live webproxy activate and set the cache-on-disk = yes to use our storage media. Do not forget to redirect HTTP traffic (tcp port 80) into our webproxy.
/ Store disk-drive format usb1
/ Storeadd disk = usb1 usb name = cache-type = web-proxyactivate cache-usb
/ Ip proxyset cache-on-disk = yes enabled = yes max-cache-size = 200000KiB port = 8080
/ Ip firewall natdstnat add chain = tcp protocol = dst-port = 80 in-interface = wlan2 action = redirect to-ports = 8080
Setting Mangle
In loadbalancing this time we will use a feature called PCC (Per Connection Classifier). With the PCC we can categorize traffic or outgoing connection through a router entry into several groups. These groupings can be distinguished on the basis of src-address, dst-address, src or dst-port and-port. The router will remember the beginning of the path through which the traffic gateway connections, so that the subsequent packets that are still associated with the connection initially will be passed on the same gateway route. The advantages of this PCC is to answer many complaints often break the connection on the other loadbalancing techniques prior to the PCC because of the displacement gateway ..
Before making mangle loadbalance, to prevent routing loops in the traffic, then all client traffic to the networks that connect directly to the router, should we bypass the loadbalancing. We can make a list of IP that are still in a network router and install the first time following mangle
/ Ip firewall address-listadd address = 192.168.101.0/30 local list =add address = 192.168.102.0/30 local list =add address = 10.10.10.0/24 local list =
/ Ip firewall mangleadd action = accept chain = prerouting dst-address-list = local in-interface = wlan2 comment = "local traffic"add action = accept chain = output dst-address-list = local
In certain cases, the first traffic can come from the Internet, such as the use of remote Winbox or telnet from the internet and so, therefore we also need to mark the mark-connection traffic so that traffic can pass through it also the interface where the incoming traffic
/ Ip firewall mangleadd action = mark-connection chain = prerouting connection-mark = no-mark in-interface = ether1 new-connection-mark = con-from-isp1 passthrough = yes comment = "traffic from isp1"add action = mark-connection chain = prerouting connection-mark = no-mark in-interface = ether2 new-connection-mark = con-from-isp2 passthrough = yes comment = "traffic from isp2"
Generally, an ISP will restrict access to DNS server of the IP which is only known for, so if you use the DNS from one ISP, you must add mangle for traffic control through the respective ISP gateway rather than through any other ISP gateway. Here we provide mangle DNS ISP1 through ISP1 gateway. If you are using a public DNS independent, such as OpenDNS, you do not need a mangle below.
/ Ip firewall mangleadd action = mark-connection chain = output comment = dns dst-address = 202.65.112.21 dst-port = 53 new-connection-mark = dns passthrough = yes protocol = tcp comment = "traffic control citra.net.id"add action = mark-connection chain = output dst-address = 202.65.112.21 dst-port = 53 new-connection-mark = dns passthrough = yes protocol = udpadd action = mark-routing chain = output connection-mark = dns new-routing-mark = route-to-isp1 passthrough = no
Because we use webproxy on the router, then the traffic that we need loadbalance there are 2 types. The first is the traffic from client to the Internet (non-HTTP), and traffic from webproxy to the internet. To be more structured and easier in the reading, we will use custom-chain as follows:
/ Ip firewall mangleadd action = jump chain = prerouting comment = "jump to a client-lb" connection-mark = no-mark in-interface = wlan2 jump-target = client-lbadd action = jump chain = output comment = "jump to the lb-proxy" connection-mark = no-mark out-interface =! wlan2 jump-target = lb-proxy
In the mangle above, to make sure the client loadbalance traffic parameters in-interface is the interface that is connected with the client, and for traffic loadbalance webproxy, we use the output chain with out-interface parameters which are not connected to the interface client. After a custom chain for loadbalancing made, we can create custom mangle in the following chain
/ Ip firewall mangleadd action = mark-connection chain = client-lb dst-address-type =! local new-connection-mark = to-isp1 passthrough = yes-per-connection-classifier = both-addresses: 3 / 0 comment = "initial client loadbalancing "add action = mark-connection chain = client-lb dst-address-type =! local new-connection-mark = to-isp1 passthrough = yes-per-connection-classifier = both-addresses: 3 / 1add action = mark-connection chain = client-lb dst-address-type =! local new-connection-mark = to-isp2 passthrough = yes-per-connection-classifier = both-addresses: 3 / 2add action = return chain = client-lb comment = "end of loadbalancing"
/ Ip firewall mangleadd action = mark-connection chain = lb-proxy dst-address-type =! local new-connection-mark = con-from-isp1 passthrough = yes-per-connection-classifier = both-addresses: 3 / 0 comment = "initial load balancing proxy "add action = mark-connection chain = lb-proxy dst-address-type =! local new-connection-mark = con-from-isp1 passthrough = yes-per-connection-classifier = both-addresses: 3 / 1add action = mark-connection chain = lb-proxy dst-address-type =! local new-connection-mark = con-from-isp2 passthrough = yes-per-connection-classifier = both-addresses: 3 / 2add action = return = lb-proxy chain comment = "end of loadbalancing"
For the example above, the client and webproxy loadbalancing using PCC traffic separation parameters the same, namely both-address, so the router will keep in mind based on the src-address and dst-address of a connection. Because we are a different ISP traffic (512kbps and 256kbps), we divide the traffic load into 3 parts. 2 parts will first pass through ISP1 gateway, and a final section will pass through the gateway ISP2. If the traffic of each client and proxy is selected, the next step we need to create mangle mark-route to be used in the routing process will
/ Ip firewall mangleadd action = jump chain = prerouting comment = "route marking client" connection-mark =! no-mark in-interface = wlan2 jump-target = route-clientadd action = mark-routing chain = route-client connection-mark = to-isp1 new-routing-mark = route-to-isp1 passthrough = noadd action = mark-routing chain = route-client connection-mark = to-isp2 new-routing-mark = route-to-isp2 passthrough = noadd action = mark-routing chain = route-client connection-mark = con-from-isp1 new-routing-mark = route-to-isp1 passthrough = noadd action = mark-routing chain = route-client connection-mark = con-from-isp2 new-routing-mark = route-to-isp2 passthrough = noadd action = return chain = route-client disabled = no
/ Ip firewall mangleadd action = mark-routing chain = output comment = "proxy route marking" connection-mark = con-from-isp1 new-routing-mark = route-to-isp1 out-interface =! wlan2 passthrough = noadd action = mark-routing chain = output connection-mark = con-from-isp2 new-routing-mark = route-to-isp2 out-interface =! wlan2 passthrough = no
Routing settings
Mangle settings above will not be useful if you have not made a mark-based routing route we've created. Here we will also make a backup routing, so that if a gateway is lost, then all connections will go through gateways that connect each
/ Ip routeadd check-gateway = ping dst-address = 0.0.0.0 / 0 gateway = 192.168.101.1 routing-mark = route-to-isp1 distance = 1add check-gateway = ping dst-address = 0.0.0.0 / 0 gateway = 192.168.102.1 routing-mark = route-to-isp1 distance = 2add check-gateway = ping dst-address = 0.0.0.0 / 0 gateway = 192.168.102.1 routing-mark = route-to-isp2 distance = 1add check-gateway = ping dst-address = 0.0.0.0 / 0 gateway = 192.168.101.1 routing-mark = route-to-isp2 distance = 2
Examination
From our test results, obtained as follows
From the picture shown, that only by doing a file download (1 connection), we only get 56kbps speed (448kbps) because at that time through ISP1 gateway, whereas if we download a file (open a new connection) again on another website, will get 30kBps (240kbps). From this test looks can be concluded that
≠ + 256kbps 512kbps 768kbps
Note:
• Loadbalancing use this PCC technique will be effective and balanced approach when more and more connections (from clients) that occurred.• Use an ISP that has a bandwidth of FIX not Share to obtain more optimal results.• Load Balance using the PCC is not forever and entirely a solution that would work well in all types of networks, because the process of balancing the traffic is based on the logic of probability.