Beberapa hari ini banyak pengalaman mengenai
LoadBalancing misalnya seperti :
Saat setting load balancing di salah satu PT
yang berada di Alam Sutera, Untuk NAT DMZ tidak mau berjalan jika menggunakan
rule di bawah ini:
1.
Mangle;;;;
/add chain=prerouting
action=mark-connection new-connection-mark=conn-lb-dnet passthrough=yes
connection-state=new protocol=tcp src-address=192.168.88.0/24
in-interface=Eth1-Lan dst-port=80
per-connection-classifier=both-/addresses-and-ports:2/0
/add chain=prerouting
action=mark-connection new-connection-mark=conn-lb-fiber passthrough=yes
connection-state=new protocol=tcp
src-address=192.168.88.0/24 in-interface=Eth1-Lan dst-port=80
per-connection-classifier=both-addresses-and-ports:2/1
/add chain=prerouting
action=mark-routing new-routing-mark=route-to-dnet passthrough=no
src-address=192.168.88.0/24 in-interface=Eth1-Lan connection-mark=conn-lb-dnet
/add chain=prerouting
action=mark-routing new-routing-mark=route-to-fiber passthrough=no src-address=192.168.88.0/24
in-interface=Eth1-Lan connection-mark=conn-lb-fiber
2.
Route;;;;;
/add check-gateway=ping
dst-address=0.0.0.0/0 gateway=punya-dnet routing-mark=route-to-dnet distance=1
/add check-gateway=ping
dst-address=0.0.0.0/0 gateway=punya-fiber routing-mark=route-to-dnet distance=2
/add check-gateway=ping
dst-address=0.0.0.0/0 gateway=punya-fiber routing-mark=route-to-fiber
distance=1
/add check-gateway=ping
dst-address=0.0.0.0/0 gateway=punya-dnet routing-mark=route-to-fiber distance=2
Tapi setelah di rubah untuk rule mangle dan
route seperti dibawah ini DMZ bisa berjalan dengan normal:
1.
Mangle;;;;;;
/add chain=prerouting
dst-address=202.148.22.106/29 action=accept in-interface=Eth1-Lan
/add chain=prerouting
dst-address=27.123.222.34/29 action=accept in-interface=Eth1-Lan
/add chain=prerouting
in-interface=Eth2-Wan-Dnet connection-mark=no-mark action=mark-connection
new-connection-mark=conn-lb-Dnet
/add chain=prerouting
in-interface=Eth3-Wan-Fiber connection-mark=no-mark action=mark-connection
new-connection-mark=conn-lb-Fiber
/add chain=prerouting in-interface=Eth1-Lan connection-mark=no-mark
dst-address-type=!local per-connection-classifier=both-addresses:2/0
action=mark-connection new-connection-mark=conn-lb-Dnet
/add chain=prerouting in-interface=Eth1-Lan connection-mark=no-mark
dst-address-type=!local per-connection-classifier=both-addresses:2/1
action=mark-connection new-connection-mark=conn-lb-Fiber
/add chain=prerouting
connection-mark=conn-lb-Dnet in-interface=Eth1-Lan action=mark-routing
new-routing-mark=route-lb-dnet
/add chain=prerouting
connection-mark=conn-lb-Fiber in-interface=Eth1-Lan action=mark-routing
new-routing-mark=route-lb-fiber
/add chain=output
connection-mark=conn-lb-Dnet action=mark-routing
new-routing-mark=route-lb-dnet
/add chain=output
connection-mark=conn-lb-Fiber action=mark-routing
new-routing-mark=route-lb-fiber
2.
Route;;;;;;
/add dst-address=0.0.0.0/0
gateway=202.148.22.105 routing-mark=route-lb-dnet check-gateway=ping
/add dst-address=0.0.0.0/0
gateway=27.123.222.33 routing-mark=route-lb-fiber check-gateway=ping
/add dst-address=0.0.0.0/0
gateway=202.148.22.105 distance=1 check-gateway=ping
/add dst-address=0.0.0.0/0
gateway=27.123.222.33 distance=2 check-gateway=ping
silakan Anda amati apa berbedaaan diantara
kedua rule tersebut, dan bisa anda tebak kenapa NAT DMZ tidak berjalan.
1 comments:
kalau pakai metode LB Nth gimana mas??
fb:afajarw@gmail.com
Post a Comment