SlideShare a Scribd company logo

Mikrotik load balansing

Кирилл Кекер
Кирилл Кекер
Technology
1 of 46
Download to read offline
© MikroTik 2011 MikroTik RouterOS Workshop Load Balancing Best Practice Las Vegas MUM USA 2011
© MikroTik 2011 2 About Me Jānis Meģis, MikroTik Jānis (Tehnical, Trainer, NOT Sales) Support & Training Engineer for almost 7 years Specialization: QoS, PPP, Firewall, Routing Teaching MikroTik RouterOS classes since 2005
© MikroTik 2011 3 Load Balancing Load Balancing is a technique to distribute the workload across two or more network links in order to maximize throughput, minimise response time, and avoid overload Using multiple network links with load balancing, instead of single network links, may increase reliability through redundancy
© MikroTik 2011 4 Types of Load Balancing Sub-Packet Load Balancing (MLPPP) Per Packet Load Balancing (Bonding) Per Connection Load Balancing (nth) Per address-pair Load Balancing (ECMP, PCC, Bonding) Custom Load Balancing (Policy Routing) Bandwidth based Load Balancing (MPLS RSTV Traffic Engineering Tunnels)
© MikroTik 2011 5 Multi-Link PPP PPP Multi-link Protocol allows to divide packet equally and send each part into multiple channels MLPPP can be created: over single physical link – where multiple channels run on the same link (anti-fragmentation) over multiple physical links - where multiple channels run on the multiple link (load balancing) MLPPP must be supported by both ends (MLPPP is legacy stuff from modem era)
© MikroTik 2011 6 MLPPP configuration Server must have MLPPP support All lines must have same user name and password RouterOS has only the MLPPP client implementation
© MikroTik 2011 7 Bonding Bonding is a technology that allows you to aggregate multiple Ethernet-like interfaces into a single virtual link, thus getting higher data rates and providing fail-over Bonding (load balancing) modes: 802.3ad Balance-rr Balance-xor Balance-tlb Balance-alb
© MikroTik 2011 8 802.3ad ● 802.3ad mode is an IEEE standard also called LACP (Link Aggregation Control Protocol).
© MikroTik 2011 9 Balance-rr and balance-xor Balance-rr mode uses Round Robin algorithm - packets are transmitted in sequential order from the first available slave to the last. When utilizing multiple sending and multiple receiving links, packets often are received out of order (problem for TCP) Balance-xor balances outgoing traffic across the active ports based on a hash from specific protocol header fields and accepts incoming traffic from any active port
© MikroTik 2011 10 Balance-tlb The outgoing traffic is distributed according to the current load Incoming traffic is not balanced This mode is address- pair load balancing No additional configuration is required for the switch
© MikroTik 2011 11 Balance-alb In short alb = tlb + receive load balancing This mode requires a device driver capability to change the MAC address
© MikroTik 2011 12 ECMP Routes ECMP (Equal Cost Multi Path) routes have more than one gateway to the same remote network Gateways will be used in Round Robin per SRC/DST address combination Same gateway can be written several times!!
© MikroTik 2011 13 “Check-gateway” Option You can set the router to check gateway reachability using ICMP (ping) or ARP protocols If the gateway is unreachable in a simple route – the route will become inactive If one gateway is unreachable in an ECMP route, only the reachable gateways will be used in the Round Robin algorithm If Check-gateway option is enabled on one route it will affect all routes with that gateway.
© MikroTik 2011 14 Interface ECMP Routing In case you have more that one PPP connection from the same server, but MLPPP is impossible (different user names, server support missing) it is possible to use Interface routing Simple IP address routing is impossible all PPP connections that have the same gateway IP address To enable interface routing just specify all PPP interfaces as route gateway-interfaces Works only on PPP interfaces.
© MikroTik 2011 15 ECMP and Masquerade As forwarding database is rebuilt every 10min in Linux Kernel, there is a chance that connection will jump to the other gateway In the case of masquerading this jump results in a change of source address and in eventual disconnect More info at: http://www.enyo.de/fw/security/notes/linux-dst-cache-dos.html http://marc.info/?m=105217616607144 http://lkml.indiana.edu/hypermail/linux/net/0305.2/index.html#19
© MikroTik 2011 16 Configuration Setup
© MikroTik 2011 17 Basic Configuration
© MikroTik 2011 18 Policy Routing Policy routing is a method that allows you to create separate routing polices for different traffic by creating custom routing tables In RouterOS these routing tables are created: For every table specified in /ip route rule For every routing-mark in mangle facility Marked traffic is automatically assigned to the proper routing table (no need for lookup rules)
© MikroTik 2011 19 Routing-mark RouterOS attribute assigned to each packet Routing-mark can be changed in firewall mangle facility just before any routing decision: chain Prerouting – for all incoming traffic chain Output – for outgoing traffic from router Every new routing mark has its own routing table with the same name By default all packets have the “main” routing mark
© MikroTik 2011 20 Traffic to Connected Networks As connected routes are available only in “main” routing table, it is necessary that traffic to connected networks stay in “main” routing table This will also allow proper communication between locally and remotely connected clients
© MikroTik 2011 21 Remote Connections In the case when a connection is initiated from a public interface it is necessary to ensure that these connections will be replied via the same interface (from the same public IP) First we need to capture these connections (you can ether use default connection mark “no- mark” or connection state “new” here)
© MikroTik 2011 22 Custom Policy Routing Let's create a jump rule to your custom policy routing here Now we need to create a default route for every routing table (or else it will be resolved by main routing table)
© MikroTik 2011 23 Mark Routing Mark routing rules in mangle chain “output” will ensure that router itself is reachable via both public IP addresses Mark routing rules in mangle chain “prerouting” will ensure your desired load balancing
© MikroTik 2011 24 Mangle configuration
© MikroTik 2011 25 Custom Policy Routing There īs no best way that we can suggest for load balancing, you can either: Balance based on client IP address (address list) Balance based on traffic type (p2p, layer-7, protocol, port) Use automatic balancing (PCC) We do not suggest to use “nth” for policy routing of typical user traffic.
© MikroTik 2011 26 Per-address-pair Load Balancing In many situations communication between two hosts consist of more than one simultaneous connection. If those connections are taking different routing paths they might have different latency, drop rate, fragmentation or source address (NAT) – this way making multi-connection communications impossible. That is why instead of per-connection load balancing we should think about per-address- pair load balancing
© MikroTik 2011 27 Per Connection Classifier PCC is a firewall matcher that allows you to divide traffic into equal streams with ability to keep packets with specific set of options in one particular stream You can specify set of options from src-address, src-port, dst-address, dst-port More info at: http://wiki.mikrotik.com/wiki/PCC
© MikroTik 2011 28 PCC Configuration We just need to add 2 rules to our “policy_routing” chain to ensure automatic per- address-pair load balancing
© MikroTik 2011 29 Usual Problems Be careful about using “no-mark” connection mark if you have other mangle configuration in a different chain ISP specified DNS servers might block requests from non-ISP public IPs, so we suggest you use public (ISP independent) DNS servers. If you would like to ensure fail-over – enable “check-gateway” option in all default routes.
© MikroTik 2011 30 What about bandwidth based Load-Balancing?
© MikroTik 2011 31 Transport Engineering TE is one of MPLS features that allow to establish unidirectional label switching paths TE is based on RSVP (Resource ReSerVation Protocol) + RFC 3209 that adds support for explicit route and label exchange TE tunnels are similar to LDP, but with additional features: Usage of either full or partial explicit routes Constraint (such as bandwidth and link properties) based LSP (Label Switched Path) establishment
© MikroTik 2011 32 How Does Constraints Work? Constraints are set by user and does not necessarily reflect actual bandwidth Constraints can be set for: bandwidth of link participating in a RSVP TE network bandwidth reserved for tunnel So, at any moment in time, the bandwidth available on TE link is bandwidth configured for link minus sum of all reservations made on the link (not physically available bandwidth)
© MikroTik 2011 33 TE Tunnel Establishment TE tunnels can be established: along the path that data from the head-end of a tunnel is routed to the tail-end (no additional configuration required) along a statically configured explicit path (it is necessary to manually input path) CSPF (Constrained Shortest Path First) - This option needs assistance from IGP routing protocol (such as OSPF) to distribute bandwidth information throughout the network.
© MikroTik 2011 34 Network Layout Each router is connected to a neighbouring router using /30 network and each of them have unique Loopback address form 10.255.0.x network. Loopback addresses will be used as tunnel source and destination.
© MikroTik 2011 35 Network Layout
© MikroTik 2011 36 Loopback and CSPF Loopback addresses need to be reachable from whole network – we will use OSPF to distribute that information Also OSPF can help us to distribute TE reservations for CSPF
© MikroTik 2011 37 Resource Reservation Lets set up TE resource for every interface on which we might want to run TE tunnel. Configuration on all the routers are the same: Note that at this point this does not represent how much bandwidth will actually flow through the interface
© MikroTik 2011 38 First Task
© MikroTik 2011 39 TE tunnel setup We will use static path configuration as primary, and dynamic (CSPF) as secondary path if primary fails
© MikroTik 2011 40 TE Tunnel Monitoring
© MikroTik 2011 41 TE Tunnel Monitoring If multiple tunnels are created and all the bandwidth on that particular interface is used, then the tunnel will try to look for different path.
© MikroTik 2011 42 Route traffic over TE To route LAN traffic over a TE tunnel we will assign address 10.99.99.1/30 and 10.99.99.2/30 to each tunnel end.
© MikroTik 2011 43 Automatic Failover By default the tunnel will try to switch back to the primary path every minute. This setting can be changed with primary-retry-interval parameter.
© MikroTik 2011 44 Additional Tunnels
© MikroTik 2011 45 Additional Tunnels
© MikroTik 2011 46 Good luck! http://wiki.mikrotik.com/wiki/Manual:Simple_TE http://wiki.mikrotik.com/wiki/Manual:TE_Tunnels http://wiki.mikrotik.com/wiki/Manual:MPLS/Traffic-eng http://wiki.mikrotik.com/wiki/Manual:MPLS/Overview

Recommended

Layer 7 Firewall on Mikrotik
Layer 7 Firewall on MikrotikLayer 7 Firewall on Mikrotik
Layer 7 Firewall on MikrotikGLC Networks
 
Using Mikrotik Switch Features to Improve Your Network
Using Mikrotik Switch Features to Improve Your Network Using Mikrotik Switch Features to Improve Your Network
Using Mikrotik Switch Features to Improve Your Network GLC Networks
 
Detecting network virus using mikrotik
Detecting network virus using mikrotikDetecting network virus using mikrotik
Detecting network virus using mikrotikAchmad Mardiansyah
 
Using mikrotik with radius
Using mikrotik with radiusUsing mikrotik with radius
Using mikrotik with radiusAchmad Mardiansyah
 
Mikrotik router os qos best practice
Mikrotik router os qos best practiceMikrotik router os qos best practice
Mikrotik router os qos best practiceBassel Kablawi
 
Mikro tik advanced training
Mikro tik advanced trainingMikro tik advanced training
Mikro tik advanced trainingJignesh H. Bhalsod
 
MikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port KnockingMikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port KnockingAkbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP
 
Routing Information Protocol (RIP) on Mikrotik
Routing Information Protocol (RIP) on MikrotikRouting Information Protocol (RIP) on Mikrotik
Routing Information Protocol (RIP) on MikrotikAchmad Mardiansyah
 

Recommended

Layer 7 Firewall on Mikrotik
Layer 7 Firewall on MikrotikLayer 7 Firewall on Mikrotik
Layer 7 Firewall on MikrotikGLC Networks
 
Using Mikrotik Switch Features to Improve Your Network
Using Mikrotik Switch Features to Improve Your Network Using Mikrotik Switch Features to Improve Your Network
Using Mikrotik Switch Features to Improve Your Network GLC Networks
 
Detecting network virus using mikrotik
Detecting network virus using mikrotikDetecting network virus using mikrotik
Detecting network virus using mikrotikAchmad Mardiansyah
 
Using mikrotik with radius
Using mikrotik with radiusUsing mikrotik with radius
Using mikrotik with radiusAchmad Mardiansyah
 
Mikrotik router os qos best practice
Mikrotik router os qos best practiceMikrotik router os qos best practice
Mikrotik router os qos best practiceBassel Kablawi
 
Mikro tik advanced training
Mikro tik advanced trainingMikro tik advanced training
Mikro tik advanced trainingJignesh H. Bhalsod
 
MikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port KnockingMikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port KnockingAkbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP
 
Routing Information Protocol (RIP) on Mikrotik
Routing Information Protocol (RIP) on MikrotikRouting Information Protocol (RIP) on Mikrotik
Routing Information Protocol (RIP) on MikrotikAchmad Mardiansyah
 
Mikrotik firewall mangle
Mikrotik firewall mangleMikrotik firewall mangle
Mikrotik firewall mangleAchmad Mardiansyah
 
Routing fundamentals with mikrotik
Routing fundamentals with mikrotikRouting fundamentals with mikrotik
Routing fundamentals with mikrotikAchmad Mardiansyah
 
PPPoE With Mikrotik and Radius
PPPoE With Mikrotik and RadiusPPPoE With Mikrotik and Radius
PPPoE With Mikrotik and RadiusDashamir Hoxha
 
BGP tuning: Peer with loopback
BGP tuning: Peer with loopbackBGP tuning: Peer with loopback
BGP tuning: Peer with loopbackGLC Networks
 
MikroTik & RouterOS
MikroTik & RouterOSMikroTik & RouterOS
MikroTik & RouterOSFaelix Ltd
 
Choosing Mikrotik Platform x86 vs chr
Choosing Mikrotik Platform x86 vs chrChoosing Mikrotik Platform x86 vs chr
Choosing Mikrotik Platform x86 vs chrGLC Networks
 
Cisco router basic
Cisco router basicCisco router basic
Cisco router basicTapan Khilar
 
Mikrotik firewall filter
Mikrotik firewall filterMikrotik firewall filter
Mikrotik firewall filterAchmad Mardiansyah
 
Juniper Trouble Shooting
Juniper Trouble ShootingJuniper Trouble Shooting
Juniper Trouble ShootingMike(Haobin) Zheng
 
Junos routing overview from Juniper
Junos routing overview from JuniperJunos routing overview from Juniper
Junos routing overview from JuniperNam Nguyen
 
Mikrotik Hotspot User Manager
Mikrotik Hotspot User ManagerMikrotik Hotspot User Manager
Mikrotik Hotspot User ManagerKHNOG
 
Network Monitoring with The Dude and Whatsapp
Network Monitoring with The Dude and WhatsappNetwork Monitoring with The Dude and Whatsapp
Network Monitoring with The Dude and WhatsappGLC Networks
 
BGP on mikrotik
BGP on mikrotikBGP on mikrotik
BGP on mikrotikAchmad Mardiansyah
 
Mikrotik Hotspot With Queue Tree BW Management
Mikrotik Hotspot With Queue Tree BW ManagementMikrotik Hotspot With Queue Tree BW Management
Mikrotik Hotspot With Queue Tree BW Managementgopartheredbuff
 
OpeVPN on Mikrotik
OpeVPN on MikrotikOpeVPN on Mikrotik
OpeVPN on MikrotikGLC Networks
 
Nat pat
Nat patNat pat
Nat patCYBERINTELLIGENTS
 
Mikrotik IP Settings For Performance and Security
Mikrotik IP Settings For Performance and SecurityMikrotik IP Settings For Performance and Security
Mikrotik IP Settings For Performance and SecurityGLC Networks
 
Mikrotik VRRP
Mikrotik VRRPMikrotik VRRP
Mikrotik VRRPAchmad Mardiansyah
 
MikroTik Multicast Routing [www.imxpert.co]
MikroTik Multicast Routing [www.imxpert.co]MikroTik Multicast Routing [www.imxpert.co]
MikroTik Multicast Routing [www.imxpert.co]Faisal Reza
 
ISP Load Balancing with Mikrotik ECMP
ISP Load Balancing with Mikrotik ECMPISP Load Balancing with Mikrotik ECMP
ISP Load Balancing with Mikrotik ECMPGLC Networks
 
MikroTik BGP Security - MUM 2014 (rofiq fauzi)
MikroTik BGP Security - MUM 2014 (rofiq fauzi)MikroTik BGP Security - MUM 2014 (rofiq fauzi)
MikroTik BGP Security - MUM 2014 (rofiq fauzi)Rofiq Fauzi
 
Netscreen Policy Based Routing
Netscreen Policy Based RoutingNetscreen Policy Based Routing
Netscreen Policy Based RoutingBart Jansens
 

More Related Content

What's hot

Routing fundamentals with mikrotik
Routing fundamentals with mikrotikRouting fundamentals with mikrotik
Routing fundamentals with mikrotikAchmad Mardiansyah
 
PPPoE With Mikrotik and Radius
PPPoE With Mikrotik and RadiusPPPoE With Mikrotik and Radius
PPPoE With Mikrotik and RadiusDashamir Hoxha
 
BGP tuning: Peer with loopback
BGP tuning: Peer with loopbackBGP tuning: Peer with loopback
BGP tuning: Peer with loopbackGLC Networks
 
MikroTik & RouterOS
MikroTik & RouterOSMikroTik & RouterOS
MikroTik & RouterOSFaelix Ltd
 
Choosing Mikrotik Platform x86 vs chr
Choosing Mikrotik Platform x86 vs chrChoosing Mikrotik Platform x86 vs chr
Choosing Mikrotik Platform x86 vs chrGLC Networks
 
Cisco router basic
Cisco router basicCisco router basic
Cisco router basicTapan Khilar
 
Junos routing overview from Juniper
Junos routing overview from JuniperJunos routing overview from Juniper
Junos routing overview from JuniperNam Nguyen
 
Mikrotik Hotspot User Manager
Mikrotik Hotspot User ManagerMikrotik Hotspot User Manager
Mikrotik Hotspot User ManagerKHNOG
 
Network Monitoring with The Dude and Whatsapp
Network Monitoring with The Dude and WhatsappNetwork Monitoring with The Dude and Whatsapp
Network Monitoring with The Dude and WhatsappGLC Networks
 
Mikrotik Hotspot With Queue Tree BW Management
Mikrotik Hotspot With Queue Tree BW ManagementMikrotik Hotspot With Queue Tree BW Management
Mikrotik Hotspot With Queue Tree BW Managementgopartheredbuff
 
OpeVPN on Mikrotik
OpeVPN on MikrotikOpeVPN on Mikrotik
OpeVPN on MikrotikGLC Networks
 
Mikrotik IP Settings For Performance and Security
Mikrotik IP Settings For Performance and SecurityMikrotik IP Settings For Performance and Security
Mikrotik IP Settings For Performance and SecurityGLC Networks
 
MikroTik Multicast Routing [www.imxpert.co]
MikroTik Multicast Routing [www.imxpert.co]MikroTik Multicast Routing [www.imxpert.co]
MikroTik Multicast Routing [www.imxpert.co]Faisal Reza
 
ISP Load Balancing with Mikrotik ECMP
ISP Load Balancing with Mikrotik ECMPISP Load Balancing with Mikrotik ECMP
ISP Load Balancing with Mikrotik ECMPGLC Networks
 

What's hot (20)

Mikrotik firewall mangle
Mikrotik firewall mangleMikrotik firewall mangle
Mikrotik firewall mangle
 
Routing fundamentals with mikrotik
Routing fundamentals with mikrotikRouting fundamentals with mikrotik
Routing fundamentals with mikrotik
 
PPPoE With Mikrotik and Radius
PPPoE With Mikrotik and RadiusPPPoE With Mikrotik and Radius
PPPoE With Mikrotik and Radius
 
BGP tuning: Peer with loopback
BGP tuning: Peer with loopbackBGP tuning: Peer with loopback
BGP tuning: Peer with loopback
 
MikroTik & RouterOS
MikroTik & RouterOSMikroTik & RouterOS
MikroTik & RouterOS
 
Choosing Mikrotik Platform x86 vs chr
Choosing Mikrotik Platform x86 vs chrChoosing Mikrotik Platform x86 vs chr
Choosing Mikrotik Platform x86 vs chr
 
Cisco router basic
Cisco router basicCisco router basic
Cisco router basic
 
Mikrotik firewall filter
Mikrotik firewall filterMikrotik firewall filter
Mikrotik firewall filter
 
Juniper Trouble Shooting
Juniper Trouble ShootingJuniper Trouble Shooting
Juniper Trouble Shooting
 
Junos routing overview from Juniper
Junos routing overview from JuniperJunos routing overview from Juniper
Junos routing overview from Juniper
 
Mikrotik Hotspot User Manager
Mikrotik Hotspot User ManagerMikrotik Hotspot User Manager
Mikrotik Hotspot User Manager
 
Network Monitoring with The Dude and Whatsapp
Network Monitoring with The Dude and WhatsappNetwork Monitoring with The Dude and Whatsapp
Network Monitoring with The Dude and Whatsapp
 
BGP on mikrotik
BGP on mikrotikBGP on mikrotik
BGP on mikrotik
 
Mikrotik Hotspot With Queue Tree BW Management
Mikrotik Hotspot With Queue Tree BW ManagementMikrotik Hotspot With Queue Tree BW Management
Mikrotik Hotspot With Queue Tree BW Management
 
OpeVPN on Mikrotik
OpeVPN on MikrotikOpeVPN on Mikrotik
OpeVPN on Mikrotik
 
Nat pat
Nat patNat pat
Nat pat
 
Mikrotik IP Settings For Performance and Security
Mikrotik IP Settings For Performance and SecurityMikrotik IP Settings For Performance and Security
Mikrotik IP Settings For Performance and Security
 
Mikrotik VRRP
Mikrotik VRRPMikrotik VRRP
Mikrotik VRRP
 
MikroTik Multicast Routing [www.imxpert.co]
MikroTik Multicast Routing [www.imxpert.co]MikroTik Multicast Routing [www.imxpert.co]
MikroTik Multicast Routing [www.imxpert.co]
 
ISP Load Balancing with Mikrotik ECMP
ISP Load Balancing with Mikrotik ECMPISP Load Balancing with Mikrotik ECMP
ISP Load Balancing with Mikrotik ECMP
 

Viewers also liked

MikroTik BGP Security - MUM 2014 (rofiq fauzi)
MikroTik BGP Security - MUM 2014 (rofiq fauzi)MikroTik BGP Security - MUM 2014 (rofiq fauzi)
MikroTik BGP Security - MUM 2014 (rofiq fauzi)Rofiq Fauzi
 
Netscreen Policy Based Routing
Netscreen Policy Based RoutingNetscreen Policy Based Routing
Netscreen Policy Based RoutingBart Jansens
 
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014Leonardo Nve Egea
 
Linux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic ControlLinux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic Controlsandy_vasan
 
DNS rehabilitation Concept
DNS rehabilitation ConceptDNS rehabilitation Concept
DNS rehabilitation ConceptAlenamudr
 
Presentation on Domain Name System
Presentation on Domain Name SystemPresentation on Domain Name System
Presentation on Domain Name SystemChinmay Joshi
 

Viewers also liked (8)

MikroTik BGP Security - MUM 2014 (rofiq fauzi)
MikroTik BGP Security - MUM 2014 (rofiq fauzi)MikroTik BGP Security - MUM 2014 (rofiq fauzi)
MikroTik BGP Security - MUM 2014 (rofiq fauzi)
 
Netscreen Policy Based Routing
Netscreen Policy Based RoutingNetscreen Policy Based Routing
Netscreen Policy Based Routing
 
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
 
Linux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic ControlLinux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic Control
 
Tunnel & vpn1
Tunnel & vpn1Tunnel & vpn1
Tunnel & vpn1
 
IP Routing Tutorial
IP Routing TutorialIP Routing Tutorial
IP Routing Tutorial
 
DNS rehabilitation Concept
DNS rehabilitation ConceptDNS rehabilitation Concept
DNS rehabilitation Concept
 
Presentation on Domain Name System
Presentation on Domain Name SystemPresentation on Domain Name System
Presentation on Domain Name System
 

Similar to Mikrotik load balansing

Lets talk about QoS by Megis.pdf
Lets talk about QoS by Megis.pdfLets talk about QoS by Megis.pdf
Lets talk about QoS by Megis.pdfssusere31f1c
 
VPN Using MPLS Technique
VPN Using MPLS TechniqueVPN Using MPLS Technique
VPN Using MPLS TechniqueAhmad Atta
 
Application Engineered Routing Enables Applications and Network Infrastructur...
Application Engineered Routing Enables Applications and Network Infrastructur...Application Engineered Routing Enables Applications and Network Infrastructur...
Application Engineered Routing Enables Applications and Network Infrastructur...Cisco Service Provider
 
MPLS (Multi-Protocol Label Switching)
MPLS (Multi-Protocol Label Switching)MPLS (Multi-Protocol Label Switching)
MPLS (Multi-Protocol Label Switching)Vipin Sahu
 
PLNOG 5: Rafał Szarecki - SEAMLESS MPLS
PLNOG 5: Rafał Szarecki - SEAMLESS MPLSPLNOG 5: Rafał Szarecki - SEAMLESS MPLS
PLNOG 5: Rafał Szarecki - SEAMLESS MPLSPROIDEA
 
Research paper ( MPLS as a Software-Defined Network )
Research paper ( MPLS as a Software-Defined Network )Research paper ( MPLS as a Software-Defined Network )
Research paper ( MPLS as a Software-Defined Network )Chinmay Upasani
 
Cross Layer- Performance Enhancement Architecture (CL-PEA) for MANET
Cross Layer- Performance Enhancement Architecture (CL-PEA) for MANETCross Layer- Performance Enhancement Architecture (CL-PEA) for MANET
Cross Layer- Performance Enhancement Architecture (CL-PEA) for MANETijcncs
 
Segment Routing: Prepare Your Network For New Business Models
Segment Routing: Prepare Your Network For New Business ModelsSegment Routing: Prepare Your Network For New Business Models
Segment Routing: Prepare Your Network For New Business ModelsCisco Service Provider
 
Concurrent Multi - Path Real Time Communication Control Protocol (Cmprtcp)
Concurrent Multi - Path Real Time Communication Control Protocol (Cmprtcp)Concurrent Multi - Path Real Time Communication Control Protocol (Cmprtcp)
Concurrent Multi - Path Real Time Communication Control Protocol (Cmprtcp)IRJET Journal
 
Application of N jobs M machine Job Sequencing Technique for MPLS Traffic Eng...
Application of N jobs M machine Job Sequencing Technique for MPLS Traffic Eng...Application of N jobs M machine Job Sequencing Technique for MPLS Traffic Eng...
Application of N jobs M machine Job Sequencing Technique for MPLS Traffic Eng...CSCJournals
 
ETE405-lec9.ppt
ETE405-lec9.pptETE405-lec9.ppt
ETE405-lec9.pptmashiur
 
Brkmpl 2333
Brkmpl 2333Brkmpl 2333
Brkmpl 2333ronsito
 
Mpls Traffic Engineering ppt
Mpls Traffic Engineering pptMpls Traffic Engineering ppt
Mpls Traffic Engineering pptNitin Gehlot
 
GMPLS (generalized mpls)
GMPLS (generalized mpls)GMPLS (generalized mpls)
GMPLS (generalized mpls)Netwax Lab
 

Similar to Mikrotik load balansing (20)

Lets talk about QoS by Megis.pdf
Lets talk about QoS by Megis.pdfLets talk about QoS by Megis.pdf
Lets talk about QoS by Megis.pdf
 
Qo s of service with winbox
Qo s of service with winboxQo s of service with winbox
Qo s of service with winbox
 
VPN Using MPLS Technique
VPN Using MPLS TechniqueVPN Using MPLS Technique
VPN Using MPLS Technique
 
Application Engineered Routing Enables Applications and Network Infrastructur...
Application Engineered Routing Enables Applications and Network Infrastructur...Application Engineered Routing Enables Applications and Network Infrastructur...
Application Engineered Routing Enables Applications and Network Infrastructur...
 
MPLS (Multi-Protocol Label Switching)
MPLS (Multi-Protocol Label Switching)MPLS (Multi-Protocol Label Switching)
MPLS (Multi-Protocol Label Switching)
 
Mpls
MplsMpls
Mpls
 
PLNOG 5: Rafał Szarecki - SEAMLESS MPLS
PLNOG 5: Rafał Szarecki - SEAMLESS MPLSPLNOG 5: Rafał Szarecki - SEAMLESS MPLS
PLNOG 5: Rafał Szarecki - SEAMLESS MPLS
 
Research paper ( MPLS as a Software-Defined Network )
Research paper ( MPLS as a Software-Defined Network )Research paper ( MPLS as a Software-Defined Network )
Research paper ( MPLS as a Software-Defined Network )
 
MPLS-jpl.ppt
MPLS-jpl.pptMPLS-jpl.ppt
MPLS-jpl.ppt
 
Cross Layer- Performance Enhancement Architecture (CL-PEA) for MANET
Cross Layer- Performance Enhancement Architecture (CL-PEA) for MANETCross Layer- Performance Enhancement Architecture (CL-PEA) for MANET
Cross Layer- Performance Enhancement Architecture (CL-PEA) for MANET
 
Segment Routing: Prepare Your Network For New Business Models
Segment Routing: Prepare Your Network For New Business ModelsSegment Routing: Prepare Your Network For New Business Models
Segment Routing: Prepare Your Network For New Business Models
 
Concurrent Multi - Path Real Time Communication Control Protocol (Cmprtcp)
Concurrent Multi - Path Real Time Communication Control Protocol (Cmprtcp)Concurrent Multi - Path Real Time Communication Control Protocol (Cmprtcp)
Concurrent Multi - Path Real Time Communication Control Protocol (Cmprtcp)
 
MPLS.pptx
MPLS.pptxMPLS.pptx
MPLS.pptx
 
Vp ns
Vp nsVp ns
Vp ns
 
CCNA 1
CCNA 1CCNA 1
CCNA 1
 
Application of N jobs M machine Job Sequencing Technique for MPLS Traffic Eng...
Application of N jobs M machine Job Sequencing Technique for MPLS Traffic Eng...Application of N jobs M machine Job Sequencing Technique for MPLS Traffic Eng...
Application of N jobs M machine Job Sequencing Technique for MPLS Traffic Eng...
 
ETE405-lec9.ppt
ETE405-lec9.pptETE405-lec9.ppt
ETE405-lec9.ppt
 
Brkmpl 2333
Brkmpl 2333Brkmpl 2333
Brkmpl 2333
 
Mpls Traffic Engineering ppt
Mpls Traffic Engineering pptMpls Traffic Engineering ppt
Mpls Traffic Engineering ppt
 
GMPLS (generalized mpls)
GMPLS (generalized mpls)GMPLS (generalized mpls)
GMPLS (generalized mpls)
 

Recently uploaded

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Recently uploaded (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Mikrotik load balansing

  • 1. © MikroTik 2011 MikroTik RouterOS Workshop Load Balancing Best Practice Las Vegas MUM USA 2011
  • 2. © MikroTik 2011 2 About Me Jānis Meģis, MikroTik Jānis (Tehnical, Trainer, NOT Sales) Support & Training Engineer for almost 7 years Specialization: QoS, PPP, Firewall, Routing Teaching MikroTik RouterOS classes since 2005
  • 3. © MikroTik 2011 3 Load Balancing Load Balancing is a technique to distribute the workload across two or more network links in order to maximize throughput, minimise response time, and avoid overload Using multiple network links with load balancing, instead of single network links, may increase reliability through redundancy
  • 4. © MikroTik 2011 4 Types of Load Balancing Sub-Packet Load Balancing (MLPPP) Per Packet Load Balancing (Bonding) Per Connection Load Balancing (nth) Per address-pair Load Balancing (ECMP, PCC, Bonding) Custom Load Balancing (Policy Routing) Bandwidth based Load Balancing (MPLS RSTV Traffic Engineering Tunnels)
  • 5. © MikroTik 2011 5 Multi-Link PPP PPP Multi-link Protocol allows to divide packet equally and send each part into multiple channels MLPPP can be created: over single physical link – where multiple channels run on the same link (anti-fragmentation) over multiple physical links - where multiple channels run on the multiple link (load balancing) MLPPP must be supported by both ends (MLPPP is legacy stuff from modem era)
  • 6. © MikroTik 2011 6 MLPPP configuration Server must have MLPPP support All lines must have same user name and password RouterOS has only the MLPPP client implementation
  • 7. © MikroTik 2011 7 Bonding Bonding is a technology that allows you to aggregate multiple Ethernet-like interfaces into a single virtual link, thus getting higher data rates and providing fail-over Bonding (load balancing) modes: 802.3ad Balance-rr Balance-xor Balance-tlb Balance-alb
  • 8. © MikroTik 2011 8 802.3ad ● 802.3ad mode is an IEEE standard also called LACP (Link Aggregation Control Protocol).
  • 9. © MikroTik 2011 9 Balance-rr and balance-xor Balance-rr mode uses Round Robin algorithm - packets are transmitted in sequential order from the first available slave to the last. When utilizing multiple sending and multiple receiving links, packets often are received out of order (problem for TCP) Balance-xor balances outgoing traffic across the active ports based on a hash from specific protocol header fields and accepts incoming traffic from any active port
  • 10. © MikroTik 2011 10 Balance-tlb The outgoing traffic is distributed according to the current load Incoming traffic is not balanced This mode is address- pair load balancing No additional configuration is required for the switch
  • 11. © MikroTik 2011 11 Balance-alb In short alb = tlb + receive load balancing This mode requires a device driver capability to change the MAC address
  • 12. © MikroTik 2011 12 ECMP Routes ECMP (Equal Cost Multi Path) routes have more than one gateway to the same remote network Gateways will be used in Round Robin per SRC/DST address combination Same gateway can be written several times!!
  • 13. © MikroTik 2011 13 “Check-gateway” Option You can set the router to check gateway reachability using ICMP (ping) or ARP protocols If the gateway is unreachable in a simple route – the route will become inactive If one gateway is unreachable in an ECMP route, only the reachable gateways will be used in the Round Robin algorithm If Check-gateway option is enabled on one route it will affect all routes with that gateway.
  • 14. © MikroTik 2011 14 Interface ECMP Routing In case you have more that one PPP connection from the same server, but MLPPP is impossible (different user names, server support missing) it is possible to use Interface routing Simple IP address routing is impossible all PPP connections that have the same gateway IP address To enable interface routing just specify all PPP interfaces as route gateway-interfaces Works only on PPP interfaces.
  • 15. © MikroTik 2011 15 ECMP and Masquerade As forwarding database is rebuilt every 10min in Linux Kernel, there is a chance that connection will jump to the other gateway In the case of masquerading this jump results in a change of source address and in eventual disconnect More info at: http://www.enyo.de/fw/security/notes/linux-dst-cache-dos.html http://marc.info/?m=105217616607144 http://lkml.indiana.edu/hypermail/linux/net/0305.2/index.html#19
  • 16. © MikroTik 2011 16 Configuration Setup
  • 17. © MikroTik 2011 17 Basic Configuration
  • 18. © MikroTik 2011 18 Policy Routing Policy routing is a method that allows you to create separate routing polices for different traffic by creating custom routing tables In RouterOS these routing tables are created: For every table specified in /ip route rule For every routing-mark in mangle facility Marked traffic is automatically assigned to the proper routing table (no need for lookup rules)
  • 19. © MikroTik 2011 19 Routing-mark RouterOS attribute assigned to each packet Routing-mark can be changed in firewall mangle facility just before any routing decision: chain Prerouting – for all incoming traffic chain Output – for outgoing traffic from router Every new routing mark has its own routing table with the same name By default all packets have the “main” routing mark
  • 20. © MikroTik 2011 20 Traffic to Connected Networks As connected routes are available only in “main” routing table, it is necessary that traffic to connected networks stay in “main” routing table This will also allow proper communication between locally and remotely connected clients
  • 21. © MikroTik 2011 21 Remote Connections In the case when a connection is initiated from a public interface it is necessary to ensure that these connections will be replied via the same interface (from the same public IP) First we need to capture these connections (you can ether use default connection mark “no- mark” or connection state “new” here)
  • 22. © MikroTik 2011 22 Custom Policy Routing Let's create a jump rule to your custom policy routing here Now we need to create a default route for every routing table (or else it will be resolved by main routing table)
  • 23. © MikroTik 2011 23 Mark Routing Mark routing rules in mangle chain “output” will ensure that router itself is reachable via both public IP addresses Mark routing rules in mangle chain “prerouting” will ensure your desired load balancing
  • 24. © MikroTik 2011 24 Mangle configuration
  • 25. © MikroTik 2011 25 Custom Policy Routing There īs no best way that we can suggest for load balancing, you can either: Balance based on client IP address (address list) Balance based on traffic type (p2p, layer-7, protocol, port) Use automatic balancing (PCC) We do not suggest to use “nth” for policy routing of typical user traffic.
  • 26. © MikroTik 2011 26 Per-address-pair Load Balancing In many situations communication between two hosts consist of more than one simultaneous connection. If those connections are taking different routing paths they might have different latency, drop rate, fragmentation or source address (NAT) – this way making multi-connection communications impossible. That is why instead of per-connection load balancing we should think about per-address- pair load balancing
  • 27. © MikroTik 2011 27 Per Connection Classifier PCC is a firewall matcher that allows you to divide traffic into equal streams with ability to keep packets with specific set of options in one particular stream You can specify set of options from src-address, src-port, dst-address, dst-port More info at: http://wiki.mikrotik.com/wiki/PCC
  • 28. © MikroTik 2011 28 PCC Configuration We just need to add 2 rules to our “policy_routing” chain to ensure automatic per- address-pair load balancing
  • 29. © MikroTik 2011 29 Usual Problems Be careful about using “no-mark” connection mark if you have other mangle configuration in a different chain ISP specified DNS servers might block requests from non-ISP public IPs, so we suggest you use public (ISP independent) DNS servers. If you would like to ensure fail-over – enable “check-gateway” option in all default routes.
  • 30. © MikroTik 2011 30 What about bandwidth based Load-Balancing?
  • 31. © MikroTik 2011 31 Transport Engineering TE is one of MPLS features that allow to establish unidirectional label switching paths TE is based on RSVP (Resource ReSerVation Protocol) + RFC 3209 that adds support for explicit route and label exchange TE tunnels are similar to LDP, but with additional features: Usage of either full or partial explicit routes Constraint (such as bandwidth and link properties) based LSP (Label Switched Path) establishment
  • 32. © MikroTik 2011 32 How Does Constraints Work? Constraints are set by user and does not necessarily reflect actual bandwidth Constraints can be set for: bandwidth of link participating in a RSVP TE network bandwidth reserved for tunnel So, at any moment in time, the bandwidth available on TE link is bandwidth configured for link minus sum of all reservations made on the link (not physically available bandwidth)
  • 33. © MikroTik 2011 33 TE Tunnel Establishment TE tunnels can be established: along the path that data from the head-end of a tunnel is routed to the tail-end (no additional configuration required) along a statically configured explicit path (it is necessary to manually input path) CSPF (Constrained Shortest Path First) - This option needs assistance from IGP routing protocol (such as OSPF) to distribute bandwidth information throughout the network.
  • 34. © MikroTik 2011 34 Network Layout Each router is connected to a neighbouring router using /30 network and each of them have unique Loopback address form 10.255.0.x network. Loopback addresses will be used as tunnel source and destination.
  • 35. © MikroTik 2011 35 Network Layout
  • 36. © MikroTik 2011 36 Loopback and CSPF Loopback addresses need to be reachable from whole network – we will use OSPF to distribute that information Also OSPF can help us to distribute TE reservations for CSPF
  • 37. © MikroTik 2011 37 Resource Reservation Lets set up TE resource for every interface on which we might want to run TE tunnel. Configuration on all the routers are the same: Note that at this point this does not represent how much bandwidth will actually flow through the interface
  • 38. © MikroTik 2011 38 First Task
  • 39. © MikroTik 2011 39 TE tunnel setup We will use static path configuration as primary, and dynamic (CSPF) as secondary path if primary fails
  • 40. © MikroTik 2011 40 TE Tunnel Monitoring
  • 41. © MikroTik 2011 41 TE Tunnel Monitoring If multiple tunnels are created and all the bandwidth on that particular interface is used, then the tunnel will try to look for different path.
  • 42. © MikroTik 2011 42 Route traffic over TE To route LAN traffic over a TE tunnel we will assign address 10.99.99.1/30 and 10.99.99.2/30 to each tunnel end.
  • 43. © MikroTik 2011 43 Automatic Failover By default the tunnel will try to switch back to the primary path every minute. This setting can be changed with primary-retry-interval parameter.
  • 44. © MikroTik 2011 44 Additional Tunnels
  • 45. © MikroTik 2011 45 Additional Tunnels
  • 46. © MikroTik 2011 46 Good luck! http://wiki.mikrotik.com/wiki/Manual:Simple_TE http://wiki.mikrotik.com/wiki/Manual:TE_Tunnels http://wiki.mikrotik.com/wiki/Manual:MPLS/Traffic-eng http://wiki.mikrotik.com/wiki/Manual:MPLS/Overview