0% found this document useful (0 votes)
196 views4 pages

Balanceo Avanzado Con PPPoE Cliente 4 ISP v6

The document describes configuration of a Mikrotik router with multiple ISP connections for load balancing and failover. It configures 4 PPPoE interfaces for the ISP connections, enables NAT, and sets up firewall rules to mark and route traffic through the different interfaces. Traffic is classified and marked based on destination port and address, then routed through the appropriate ISP interface using routing marks. Additional rules are defined to route HTTPS traffic and provide failover routing if an interface fails.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
196 views4 pages

Balanceo Avanzado Con PPPoE Cliente 4 ISP v6

The document describes configuration of a Mikrotik router with multiple ISP connections for load balancing and failover. It configures 4 PPPoE interfaces for the ISP connections, enables NAT, and sets up firewall rules to mark and route traffic through the different interfaces. Traffic is classified and marked based on destination port and address, then routed through the appropriate ISP interface using routing marks. Additional rules are defined to route HTTPS traffic and provide failover routing if an interface fails.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 4

***Configurar PPPoE Cliente

***Activar DNS

** Interfaces Mikrotik
IPS1, ISP2, ISP3, ISP4. LAN

** Interface de PPPoE
pppoe-out1, pppoe-out2, pppoe-out3, pppoe-out4

****Nat All Interfaces

/ip firewall nat


add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out1
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out2
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out3
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out4

*** Anidir pool de IPS del LAN puede ser /24 0r /30

/ip firewall address-list


add address=192.168.26.0/24 disabled=no list=GW01_LAN

****MANGLE and First Https and second ACCEP prerouting with address-
list=GW01_LAN*****

/ip firewall mangle


add action=mark-routing chain=prerouting disabled=no dst-port=443 new-routing-
mark=HTTPS passthrough=no protocol=tcp
add action=accept chain=prerouting disabled=no dst-address-list=GW01_LAN src-
address-list=GW01_LAN
add action=mark-connection chain=forward connection-mark=no-mark disabled=no in-
interface=pppoe-out1 new-connection-mark=ISP1_conn passthrough=no
add action=mark-connection chain=forward connection-mark=no-mark disabled=no in-
interface=pppoe-out2 new-connection-mark=ISP2_conn passthrough=no
add action=mark-connection chain=forward connection-mark=no-mark disabled=no in-
interface=pppoe-out3 new-connection-mark=ISP3_conn passthrough=no
add action=mark-connection chain=forward connection-mark=no-mark disabled=no in-
interface=pppoe-out4 new-connection-mark=ISP4_conn passthrough=no
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no in-
interface=pppoe-out1 new-connection-mark=ISP1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no in-
interface=pppoe-out2 new-connection-mark=ISP2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no in-
interface=pppoe-out3 new-connection-mark=ISP3_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no in-
interface=pppoe-out4 new-connection-mark=ISP4_conn passthrough=yes
add action=jump chain=prerouting connection-mark=no-mark disabled=no in-
interface=LAN jump-target=policy_routing
add action=mark-routing chain=prerouting connection-mark=ISP1_conn disabled=no new-
routing-mark=ISP1_traffic passthrough=yes src-address-list=GW01_LAN
add action=mark-routing chain=prerouting connection-mark=ISP2_conn disabled=no new-
routing-mark=ISP2_traffic passthrough=yes src-address-list=GW01_LAN
add action=mark-routing chain=prerouting connection-mark=ISP3_conn disabled=no new-
routing-mark=ISP3_traffic passthrough=yes src-address-list=GW01_LAN
add action=mark-routing chain=prerouting connection-mark=ISP4_conn disabled=no new-
routing-mark=ISP4_traffic passthrough=yes src-address-list=GW01_LAN
add action=mark-routing chain=output connection-mark=ISP1_conn disabled=no new-
routing-mark=ISP1_traffic passthrough=yes
add action=mark-routing chain=output connection-mark=ISP2_conn disabled=no new-
routing-mark=ISP2_traffic passthrough=yes
add action=mark-routing chain=output connection-mark=ISP3_conn disabled=no new-
routing-mark=ISP3_traffic passthrough=yes
add action=mark-routing chain=output connection-mark=ISP4_conn disabled=no new-
routing-mark=ISP4_traffic passthrough=yes
add action=mark-connection chain=policy_routing dst-address-type=!local new-
connection-mark=ISP1_conn per-connection-classifier=both-addresses-and-ports:4/0
add action=mark-connection chain=policy_routing dst-address-type=!local new-
connection-mark=ISP2_conn per-connection-classifier=both-addresses-and-ports:4/1
add action=mark-connection chain=policy_routing dst-address-type=!local new-
connection-mark=ISP3_conn per-connection-classifier=both-addresses-and-ports:4/2
add action=mark-connection chain=policy_routing dst-address-type=!local new-
connection-mark=ISP4_conn per-connection-classifier=both-addresses-and-ports:4/3

***NOTA Importante***
Opcin: both-addresses
add action=mark-connection chain=policy_routing dst-address-type=!local new-
connection-mark=ISP1_conn per-connection-classifier=both-addresses:4/0
add action=mark-connection chain=policy_routing dst-address-type=!local new-
connection-mark=ISP2_conn per-connection-classifier=both-addresses:4/1
add action=mark-connection chain=policy_routing dst-address-type=!local new-
connection-mark=ISP3_conn per-connection-classifier=both-addresses:4/2
add action=mark-connection chain=policy_routing dst-address-type=!local new-
connection-mark=ISP4_conn per-connection-classifier=both-addresses:4/3

************************
##Difinicin##
both-addresses = ambas-direcciones IP
both-addresses: La peticin de origen y destino IP entre el mismo cliente y el
servidor siempre ser la misma, por lo que todo el trfico
entre un cliente especfico y un servidor especfico (por ejemplo, su computadora
porttil y servidor 67.89.2.5) siempre que coincida con el
mismo matcher PCC , y siempre ser puesto en el mismo enlace.

both-addresses = ambas-direcciones IP ,se refiere a src-address y dst-address


Como el clasificador. Aunque esto va a cambiar aleatoriamente cosas la teora ms y
le dar la asignacin ms justa de ancho de banda,
pero tambin hay una buena probabilidad de que se rompa ciertas cosas como los
sitios web bancarios y algunos foros.
Esto se debe a las peticiones muchas veces un HTTP generarn varias conexiones, por
lo que existe la posibilidad de
que algunas solicitudes podrn salir una ruta diferente a la inicial, y que se
rompern los sitios web seguros.

Mas informacin: http://wiki.mikrotik.com/wiki/How_PCC_works_%28beginner%29


************************

***Failover

/ip route
add check-gateway=arp distance=1 gateway=pppoe-out1 routing-mark=ISP1_traffic
add check-gateway=arp distance=1 gateway=pppoe-out2 routing-mark=ISP2_traffic
add check-gateway=arp distance=1 gateway=pppoe-out3 routing-mark=ISP3_traffic
add check-gateway=arp distance=1 gateway=pppoe-out4 routing-mark=ISP4_traffic
add check-gateway=arp distance=1 gateway=pppoe-out1
add check-gateway=arp distance=1 gateway=pppoe-out2
add check-gateway=arp distance=1 gateway=pppoe-out3
add check-gateway=arp distance=1 gateway=pppoe-out4

***For HTTPS...

/ip route
add check-gateway=arp disabled=no distance=2 dst-address=0.0.0.0/0 gateway=pppoe-
out1 routing-mark=HTTPS scope=30 target-scope=10
add check-gateway=arp disabled=no distance=3 dst-address=0.0.0.0/0 gateway=pppoe-
out2 routing-mark=HTTPS scope=30 target-scope=10
add check-gateway=arp disabled=no distance=4 dst-address=0.0.0.0/0 gateway=pppoe-
out3 routing-mark=HTTPS scope=30 target-scope=10
add check-gateway=arp disabled=no distance=5 dst-address=0.0.0.0/0 gateway=pppoe-
out4 routing-mark=HTTPS scope=30 target-scope=10

##Trafico Por Proveedor ISP1


/ip firewall mangle
add action=mark-connection chain=prerouting comment="Https port 443 trafico ISP1
by cmw" disabled=yes dst-port=443 in-interface=LAN new-connection-mark=Https
protocol=tcp
add action=mark-routing chain=prerouting connection-mark=Https disabled=yes in-
interface=LAN new-routing-mark=ISP1_traffic passthrough=no
add action=mark-connection chain=prerouting comment="http port 80 Trafico ISP1 by
cmw" disabled=yes dst-port=80 in-interface=LAN new-connection-mark=http
protocol=tcp
add action=mark-routing chain=prerouting connection-mark=http disabled=yes in-
interface=LAN new-routing-mark=ISP1_traffic passthrough=no

##Trafico Por Proveedor ISP2


/ip firewall mangle
add action=mark-connection chain=prerouting comment="Https port 443 trafico ISP2
by cmw" disabled=yes dst-port=443 in-interface=LAN new-connection-mark=Https
protocol=tcp
add action=mark-routing chain=prerouting connection-mark=Https disabled=yes in-
interface=LAN new-routing-mark=ISP2_traffic passthrough=no
add action=mark-connection chain=prerouting comment="http port 80 Trafico ISP2 by
cmw" disabled=yes dst-port=80 in-interface=LAN new-connection-mark=http
protocol=tcp
add action=mark-routing chain=prerouting connection-mark=http disabled=yes in-
interface=LAN new-routing-mark=ISP2_traffic passthrough=no

##Trafico Por Proveedor ISP3


/ip firewall mangle
add action=mark-connection chain=prerouting comment="Https port 443 trafico ISP3
by cmw " disabled=yes dst-port=443 in-interface=LAN new-connection-mark=Https
protocol=tcp
add action=mark-routing chain=prerouting connection-mark=Https disabled=yes in-
interface=LAN new-routing-mark=ISP3_traffic passthrough=no
add action=mark-connection chain=prerouting comment="http port 80 Trafico ISP3 by
cmw" disabled=yes dst-port=80 in-interface=LAN new-connection-mark=http
protocol=tcp
add action=mark-routing chain=prerouting connection-mark=http disabled=yes in-
interface=LAN new-routing-mark=ISP3_traffic passthrough=no

##Trafico Por Proveedor ISP3


/ip firewall mangle
add action=mark-connection chain=prerouting comment="Https port 443 trafico ISP4
by cmw" disabled=yes dst-port=443 in-interface=LAN new-connection-mark=Https
protocol=tcp
add action=mark-routing chain=prerouting connection-mark=Https disabled=yes in-
interface=LAN new-routing-mark=ISP4_traffic passthrough=no
add action=mark-connection chain=prerouting comment="http port 80 Trafico ISP4 by
cmw" disabled=yes dst-port=80 in-interface=LAN new-connection-mark=http
protocol=tcp
add action=mark-routing chain=prerouting connection-mark=http disabled=yes in-
interface=LAN new-routing-mark=ISP4_traffic passthrough=no

By: Rodrigo Anrrango

You might also like