3 Speedy + Load Balancer + Mikrotik + IPCOP

Hasil dari kerjaan di warnet & game online “Satelit Internet” Jl. Hayam Wuruk No. 51 Probolinggo.
Load balancing 3 speedy menggunakan load balancer TPLink TL-R480T+ ditambah bandwith management punyanya Mikrotik dan iseng-iseng nyoba IPCOP sebagai squid nya.

IPCOP, Mikrotik, Billing

Yang ditulis kali ini cuma disisi mikrotiknya aja (pake mikrotik v2.9.27). Itung-itung buat arsip juga.

1. Topologi jaringan

IP address
Load balancer = 192.168.8.10
Mikrotik dengan 3 lan card:
—> Eth1 = 192.168.8.1 (ke load balancer)
—> Eth2 = 192.168.15.1 (ke IPCOP)
—> Eth3 = 192.168.1.1 (ke Switch/hub)
IPCOP = 192.168.15.10

Modem di set mode bridge, jadi yang dial PPPoE dari loadbalancer nya

2. Setting Mikrotik

—> Ethernet Card

name=”Speedy” mtu=1500 mac-address=4C:00:10:1B:4E:6F arp=enabled disable-running-check=yes auto-negotiation=yes full-duplex=yes cable-settings=default speed=100Mbps

name=”Lokal” mtu=1500 mac-address=00:02:2A:BF:E2:08 arp=enabled disable-running-check=yes auto-negotiation=yes full-duplex=yes cable-settings=default speed=100Mbps

name=”Squid” mtu=1500 mac-address=00:0E:2E:01:62:24 arp=enabled disable-running-check=yes auto-negotiation=yes full-duplex=yes cable-settings=default speed=100Mbps

—> IP address

[admin@satelit-internet]/ip address
add address=192.168.8.1/24 interface=Speedy
add address=192.168.1.1/24 interface=Lokal
add address=192.168.15.1/24 interface=Squid

—> DNS

[admin@satelit-internet]/ip dns
set primary-dns=192.168.8.10 allow-remote-request=yes

—> Route

[admin@satelit-internet]/ip route
add gateway=192.168.8.10

—> NAT

[admin@satelit-internet]/ip firewall nat
add chain=dstnat src-address=!192.168.8.0/24 protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.8.10 to-ports=818

add chain=srcnat out-interface=Speedy action=masquerade

tujuannya membelokkan semua port 80 dari client ke port 818 (squid IPCOP) yang berfungsi sebagai web proxy

—> Mangle

tujuannya
memisahkan bandwidth internasional dan lokal (OpenIXP dan IIX)
Daftar IP Address yang diadvertise di OpenIXP dan IIX dapat di download di http://www.mikrotik.co.id/getfile.php?nf=nice.rsc
File nice.rsc ini dibuat secara otomatis di server Mikrotik Indonesia setiap pagi sekitar pk 05.30, dan merupakan data yang telah di optimasi untuk menghilangkan duplikat entry dan tumpang tindih subnet.
Untuk tutorial auto import script ke mikrotik bisa diintip disini

[admin@satelit-internet] >/ip firewall mangle

add chain=forward dst-address=192.168.1.0/24 action=change-ttl new-ttl=set:1 comment=”change TTL”

add chain=forward out-interface=internet protocol=tcp tcp-flags=syn action=change-mss new-mss=1300 comment=”change mss”

add chain=forward content=X-Cache: HIT action=mark-connection new-connection-mark=squid_conn passthrough=yes comment=”squid proxy”

chain=forward connection-mark=squid_conn action=mark-packet new-packet-mark=squid_packet passthrough=no

/* Prioritaskan ping dan DNS */

add chain=prerouting protocol=icmp action=mark-connection new-connection-mark=icmp passthrough=yes comment=”icmp”

add chain=prerouting connection-mark=icmp action=change-tos new-tos=min-delay

add chain=prerouting connection-mark=icmp action=mark-packet new-packet-mark=icmp passthrough=no

add chain=prerouting protocol=udp dst-port=53 action=mark-connection new-connection-mark=DNS passthrough=yes comment=”DNS”

add chain=prerouting connection-mark=DNS action=change-tos new-tos=max-throughput

add chain=prerouting protocol=udp dst-port=53 connection-mark=DNS action=mark-packet new-packet-mark=DNS passthrough=no

add chain=forward protocol=tcp dst-port=6000-7000 action=mark-connection new-connection-mark=IRC passthrough=yes comment=”irc”

add chain=prerouting src-address=192.168.1.0/24 protocol=tcp dst-port=6000-7000 action=mark-packet new-packet-mark=irc passthrough=no

add chain=forward connection-mark=IRC action=mark-packet new-packet-mark=irc passthrough=no

/* Upload Connections */

add chain=prerouting src-address=192.168.1.0/24 dst-address-list=!nice action=mark-packet new-packet-mark=upload comment=”upload” passthrough=no

/* Download Connections hanya untuk bandwidth internasional (OpenIXP) */

add chain=forward dst-address=!192.168.1.0/24 connection-mark=!squid_conn dst-address-list=!nice action=mark-connection new-connection-mark=download passthrough=yes comment=”download”

add chain=forward connection-mark=download action=mark-packet new-packet-mark=download passthrough=no

—> Queue type

[admin@satelit-internet]/queue tree

add name=”pfifo-64″ kind=pfifo pfifo-limit=64

add name=”pcq-down” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000

add name=”pcq-up” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000

—> Queue Tree

[admin@satelit-internet]/queue tree

add name=”download” parent=lan packet-mark=download limit-at=0 queue=pcq-down priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

—> Queue simple

[admin@satelit-internet]/queue simple

add name=”squid” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=squid_packet direction=both priority=8 queue=default-small/ethernet-default limit-at=0/0 max-limit=0/0 total-queue=default-small

add name=”irc” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=irc direction=both priority=8 queue=default-small/default-small limit-at=16000/16000 max-limit=16000/16000 total-queue=default-small

add name=”DNS” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=DNS direction=both priority=8 queue=pfifo-64/pfifo-64 limit-at=8000/8000 max-limit=8000/8000 total-queue=default-small

add name=”icmp” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=icmp direction=both priority=8 queue=pfifo-64/pfifo-64 limit-at=8000/8000 max-limit=8000/8000 total-queue=default-small

add name=”parent” dst-address=0.0.0.0/0 interface=all parent=none packet-marks=download,upload direction=both priority=8 queue=default-small/pcq-down limit-at=0/0 max-limit=0/0 total-queue=default-small

add name=”Satelit-01″ target-addresses=192.168.1.100/32 dst-address=0.0.0.0/0 interface=all parent=parent packet-marks=download,upload direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/0 total-queue=default-small
.
.
.
dst sampe 15 client

selese juga. lumayan seharian gk tidur melototin mikrotik…

This entry was posted on 25/11/2008 at 4:48 AM and is filed under Mikrotik. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.

16 Responses to “3 Speedy + Load Balancer + Mikrotik + IPCOP”

anggara Says:
21/07/2010 at 4:47 PM

salam kenal. bang kalau nggak pake squit gmana ? bisa nggak ?
Kh4de Says:
27/05/2010 at 9:56 AM

Bro…
Pernah juga melototi cara kerja spedy untuk warnet, bisa digambarkan untuk detailnya ?

thx
dotec Says:
18/05/2010 at 1:41 PM

mungkin karena load balancing,
emang ada beberapa mail server yg gk mau nerima load balancing.

coba aja di telusuri lagi fasilitas yang ada di TL-R480T+
atau coba MTU nya diganti 1492

coz selama ini saya masih pake PC router di belakangnya TL-R480T+

maaf klo gk bisa bantu banyak, maklum masih belajaran.
eko Says:
18/05/2010 at 12:45 PM

aku pake TP-LINK Router R480T
dengan konfigurasi :

Modem –> TP-LINK Router R480T | –> Email Server
|
| –> Other PC On LAN

1. Modem Mode Bridge
2. Port Forward di TP-LINK Router R480T
25, 110 –> Email Server

Kendala : gak bisa nerima email dari beberapa domain
seperti facebook (yahoo & gmail masih bisa masuk)

Keterangan :
Dengan PC Router (pfsense dll) semua berjalan lancar,
hanya jika pakai TP-LINK Router R480T kendala tersebut muncul.
pernah tanya ke support@tp-link.com dan disuruh mengganti MTU nya
tapi gak ngefek tuh.
untuk forward port lain lancar cuman yg port untuk email ini kok bermasalah ya?

kira-kira apanya yang trobel ya?
Firmware sudah diupgrade pake yg paling baru
husni Says:
06/04/2010 at 10:52 AM

mas tolong scrinya dong mas mulai dari load balancing mikrtoik. ipcop…, terimakasih sebelumnya mas. kirim ke email ku aja
dotec Says:
07/03/2010 at 11:14 AM

@harry
iya mas keliru, seharusnya di nat ke ip nya IPCOP 192.168.15.10 maklum waktu nulis ini udh payah banget. jadi banyak yang keliru

@obi

IPCOP nya pakai 2 lan card (RED+GREEN) tapi yang RED gk dipake
obi Says:
01/03/2010 at 10:47 PM

di ipcop pakai lan card berapa buah, kalau saya lihat dari gambar diatas hanya 1 kabel ke mikrotik aja.
harry Says:
30/01/2010 at 6:26 AM

kayaknya g jalan ipcopnya mas kan di mikrotik diredirect ke 192.168.8.10 sedangkan ipcop di 192.168.15.10….

add chain=dstnat src-address=!192.168.8.0/24 protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.8.10 to-ports=818
dotec Says:
26/12/2009 at 12:32 PM

i can’t understand what your problem. but first read a manual of TL-R480T+ and also check what log say
Win Oo Says:
25/12/2009 at 4:42 AM

hi all fri,

Pls explain my problem … becoze I\’m using TL-R480T+ load-balancing router …. but I can log in 1 WAN not another WAN … Which fault ??? I\’m using at Myanmar … Our ISP is dynamic IP … pls explain my problem …
ASAP …

Thanks & B.regards,

Win Oo
LOAD BALANCING FAILOVER 3 SPEEDY MENGGUNAKAN PFSENSE « Dotec Blog Says:
14/07/2009 at 4:56 PM

[…] tulisan yang sebelumnya tentang 3 speedy+ Load Balancer + IPCOP, dimana load balancingnya menggunakan router pabrikan TPLink TL-R488T. Yang ujung-ujungnya load […]
azthree Says:
23/02/2009 at 10:11 AM

ooiiiiiiii orang jleggg kok blgoya burung muluuuuuu

kagak ngartii acchhhh

ga burung tentang computer …ihhhhh lon ksanaa..

btw kangeenn euyyy
liat mukaya yg cakepp ky takeshi kaneshiroo

huhahahahahaha
dotec Says:
05/02/2009 at 2:39 AM

sory mas yg bener itu pake TL-R488T yang 4 port WAN, klo TL-R480T+ cuma 2 port WAN. hehehehe…
indra Says:
03/02/2009 at 6:08 PM

mo tanya neh mas kan TL-R480T+ itu 2 wan, satu speedy lg dicolokin kemana ya??
aisyah Says:
19/01/2009 at 12:41 PM

itu warnet wonorejo ! masuk sini deh 🙂 wahaha 🙂 dilarang baca cam lho waktu ituu !
Zahra Says:
25/11/2008 at 5:45 AM

ga ngerti 😀