Load balance Mikrotik – JRF

Load balance Mikrotik com fail over avançado

Link_1		Link_2
IP:	192.168.0.150	IP:	192.168.15.150
Gateway:	192.168.0.1	Gateway:	192.168.15.1
Network:	192.168.0.0	Network:	192.168.15.0
Interface:	ether1	Interface:	ether2
Operadora:	Tim	Operadora:	Vivo

Hora e Data

/system ntp client    
set enabled=yes primary-ntp=200.160.0.8 secondary-ntp=\
    200.189.40.8

/system clock set time-zone-name=America/Sao_Paulo

Configurando as interfaces

/interface ethernet
set [ find default-name=ether1 ] comment=":: Link TIM ::"
set [ find default-name=ether2 ] comment=":: Link Vivo ::"
set [ find default-name=ether5 ] comment=":: Rede interna DHCP ::"

Endereçamento IP

/ip address

add address=192.168.0.150/24 interface=ether1 network=192.168.0.0 comment=":: Link TIM ::"

add address=192.168.15.150/24 interface=ether2 network=192.168.15.0 comment=":: Link Vivo ::"

add address=192.168.168.1/24 interface=ether5 network=192.168.168.0 comment=":: Rede interna DHCP ::"

DNS

/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4

NAT

/ip firewall nat
add action=masquerade chain=srcnat comment=":: NAT ::"

Sem balance

/ip firewall address-list
add address=172.16.0.123 comment=":: IP sem balance :: " list=NOBALANCE

/ip firewall mangle
add action=accept chain=prerouting comment=":: Sem balance ::" \
    src-address-list=NOBALANCE

Marcações

add action=mark-connection chain=prerouting comment=\
    ":: Marcacao entrada de link1 ::" connection-mark=no-mark in-interface=\
    ether1 new-connection-mark=WAM1.COMM passthrough=yes

add action=mark-connection chain=prerouting comment=\
    ":: Marcacao entrada de link2 ::" connection-mark=no-mark in-interface=\
    ether2 new-connection-mark=WAM2.COMM passthrough=yes


add action=mark-connection chain=prerouting comment=":: Marcacao de saida Link1 ::" \
    connection-state=new dst-address-type=!local in-interface=ether3 \
    new-connection-mark=WAM1.COMM passthrough=yes per-connection-classifier=\
    both-addresses:2/0

add action=mark-connection chain=prerouting comment=":: Marcacao de saida Link2 ::" \
    connection-state=new dst-address-type=!local in-interface=ether3 \
    new-connection-mark=WAM2.COMM passthrough=yes per-connection-classifier=\
    both-addresses:2/1


add action=mark-routing chain=prerouting comment=\
    ":: Marcacao de rotas por link ::" connection-mark=WAM1.COMM \
    in-interface=ether3 new-routing-mark=TO.WAN1 passthrough=yes

add action=mark-routing chain=prerouting connection-mark=WAM2.COMM \
    in-interface=ether3 new-routing-mark=TO.WAN2 passthrough=yes


add action=mark-routing chain=output comment=\
    ":: Marcacao de rotas de saida ::" connection-mark=WAM1.COMM \
    new-routing-mark=TO.WAN1 passthrough=yes

add action=mark-routing chain=output connection-mark=WAM2.COMM \
    new-routing-mark=TO.WAN2 passthrough=yes

Fail over avançado

/ip route

#Link1
add check-gateway=ping distance=1 gateway=208.67.222.222 routing-mark=TO.WAN1

add check-gateway=ping distance=1 gateway=208.67.222.222

add check-gateway=ping comment=":: Check gateway (ping) link1 ::" distance=1 \
    dst-address=208.67.222.222/32 gateway=192.168.0.1 scope=10


#Link2
add check-gateway=ping distance=1 gateway=208.67.222.220 routing-mark=TO.WAN2

add distance=2 gateway=208.67.222.220

add check-gateway=ping comment=":: Check gateway (ping) link2 ::" distance=1 \
    dst-address=208.67.222.220/32 gateway=192.168.15.1 scope=10

/ip firewall filter

add action=drop chain=forward comment=":: Bloquer tudo que passa pelo Link1 ::" disabled=yes src-address=192.168.0.0/24
add action=drop chain=forward comment=":: Bloquer tudo que passa pelo Link2 ::" disabled=yes src-address=192.168.15.0/24

DHCP

/ip pool

add comment=":: Finalidade do DHCP ::" name=dhcp_finalidade ranges=192.168.168.2-192.168.168.254

/ip dhcp-server add address-pool=dhcp_finalidade disabled=no interface=ether5 lease-time=10m name=dhcp_finalidade

/ip dhcp-server network add address=192.168.168.0/24 comment=":: Finalidade do DHCP ::" dns-server=192.168.168.1,8.8.8.8,8.8.4.4 gateway=192.168.168.1

Liberação de portas

/ip firewall nat

add action=dst-nat chain=dstnat comment=":: Redirecionamento TS (DMZ MODEM)::" dst-port=\
    3389 protocol=tcp to-addresses=172.16.0.123 to-ports=3389
    
add action=dst-nat chain=dstnat comment=\
    ":: Redirecionamento TS (DMZ MODEM)::" dst-port=3389 log=yes log-prefix=\
    RDP protocol=tcp to-addresses=192.168.168.253 to-ports=3389

Back-up

\ export file=Back-up_Balance