Contoh Topologi Yang Akan di Konfigurasi
Pada kesempatan ini kita akan melakukan konfigurasi loadbalance di mikrotik dengan metode ECMP, dengan menambahan rule untuk server sehingga server dapat diakses dari luar jaringan (internet), dimana kita ketahui dengan penerapan metode ECMP dengan Multiple Gateway pada mikrotik itu menggunakan algoritma round robin, sehingga respone / replay yang diterima dari ISP 1 bisa saja keluar di ISP 2 sehingga jika ada server menggunakan IP Publik ISP 1 ini akan tidak dapat diakses sehingga disini diperlukan sebuah panambahan rule sehingga packet yang diterima dari ISP 1 dapat di keluar juga di ISP 1. berikut langkah-langkah konfigurasinnya :
Dimana Ip Public ISP 1 yaitu ( 114.6.20.64/28 )
1. Konfigurasi IP Address
/ip address
add address=114.6.30.146/30 interface=ether1-ISP 1 network=114.6.31.144
add address=110.100.12.2/30 interface=ether2-ISP 2 network=110.100.12.0
add address=10.10.10.1/30 interface=ether3-LAN network=10.10.10.0
add address=114.6.20.70 comment=Server 1 interface=ether1-ISP 1 network=\
114.6.20.70
add address=114.6.20.71 comment=Server 2 interface=ether1-ISP 1 network=\
114.6.20.71
add address=114.6.30.146/30 interface=ether1-ISP 1 network=114.6.31.144
add address=110.100.12.2/30 interface=ether2-ISP 2 network=110.100.12.0
add address=10.10.10.1/30 interface=ether3-LAN network=10.10.10.0
add address=114.6.20.70 comment=Server 1 interface=ether1-ISP 1 network=\
114.6.20.70
add address=114.6.20.71 comment=Server 2 interface=ether1-ISP 1 network=\
114.6.20.71
3. Firewall Nat
/ip firewall nat
add action=src-nat chain=srcnat out-interface=\
ether1-ISP 1 src-address=!114.6.20.64/28 to-addresses=114.6.30.145
add action=masquerade chain=srcnat out-interface=ether2-ISP 2 \
add action=src-nat chain=srcnat src-address=10.110.10.10 to-addresses=\
114.6.20.70
add action=src-nat chain=srcnat src-address=10.110.10.20 to-addresses=\
114.6.25.71
add action=dst-nat chain=dstnat dst-address=114.6.20.70 to-addresses=\
10.110.10.10
add action=dst-nat chain=dstnat dst-address=114.6.20.71 to-addresses=\
10.110.10.20
add action=src-nat chain=srcnat out-interface=\
ether1-ISP 1 src-address=!114.6.20.64/28 to-addresses=114.6.30.145
add action=masquerade chain=srcnat out-interface=ether2-ISP 2 \
add action=src-nat chain=srcnat src-address=10.110.10.10 to-addresses=\
114.6.20.70
add action=src-nat chain=srcnat src-address=10.110.10.20 to-addresses=\
114.6.25.71
add action=dst-nat chain=dstnat dst-address=114.6.20.70 to-addresses=\
10.110.10.10
add action=dst-nat chain=dstnat dst-address=114.6.20.71 to-addresses=\
10.110.10.20
4. Konfigurasi Firewall Mangle
/ip firewall mangle
add action=mark-connection chain=input comment="Remote MikroTik" \
connection-state=new in-interface=ether1-ISP 1 new-connection-mark=\
ke-isp-1
add action=mark-routing chain=output connection-mark=ke-isp-1 \
new-routing-mark=to-isp-1
add action=mark-connection chain=forward comment=Server in-interface=\
ether1-ISP 1 new-connection-mark=fw-isp-1
add action=mark-routing chain=prerouting connection-mark=fw-isp-1 \
in-interface=ether3-LAN new-routing-mark=fw-to-indosat src-address=\
10.110.10.0/24
add action=mark-connection chain=input comment="Remote MikroTik" \
connection-state=new in-interface=ether1-ISP 1 new-connection-mark=\
ke-isp-1
add action=mark-routing chain=output connection-mark=ke-isp-1 \
new-routing-mark=to-isp-1
add action=mark-connection chain=forward comment=Server in-interface=\
ether1-ISP 1 new-connection-mark=fw-isp-1
add action=mark-routing chain=prerouting connection-mark=fw-isp-1 \
in-interface=ether3-LAN new-routing-mark=fw-to-indosat src-address=\
10.110.10.0/24
2. Konfigurasi Route
/ip route
add dst-address=0.0.0.0/0 check-gateway=ping distance=1 gateway=\
114.6.30.145,110.100.12.1,110.100.12.1,110.100.12.1,110.100.12.1,110.100.12.1
add dst-address=0.0.0.0/0 check-gateway=ping distance=1 gateway=\
114.6.30.145,110.100.12.1,110.100.12.1,110.100.12.1,110.100.12.1,110.100.12.1
add distance=1 gateway=114.6.31.145 routing-mark=to-isp-1
add distance=1 gateway=114.6.31.145 routing-mark=fw-to-isp-1
add distance=1 gateway=114.6.31.145 routing-mark=fw-to-isp-1
.jpg)
0 komentar:
Posting Komentar