Load Balancing Workshop - Mikrotik RB

8/20/2019 Load Balancing Workshop - Mikrotik RB

1/46

MikroTik 2012

MikroTik RouterOS Workshop

Load Balancing

Best Practice

Warsaw

MUM Europe 2012


2/46

MikroTik 2012

2

About Me

Jānis Meģis, MikroTik

Jānis (Tehnical, Trainer, !T "ales#

"upport $ Trainin% En%ineer &or al'ost )ears

"peciali*ation+ o", ---, .irewall, /outin%

Teachin% MikroTik /outer!" classes since 200


3/46

MikroTik 2012

3

oa 3alancin%

oa 3alancin% is a techni4ue to istribute theworkloa across two or 'ore network links inorer to 'a5i'i*e throu%hput, 'ini'iseresponse ti'e, an a6oi o6erloa

Usin% 'ultiple network links with loa balancin%,instea o& sin%le network links, 'a) increase

reliabilit) throu%h reunanc)


4/46

MikroTik 2012

4

T)pes o& oa 3alancin%

"ub7-acket oa 3alancin% (M---#-er -acket oa 3alancin% (3onin%#

-er 8onnection oa 3alancin% (nth#

-er aress7pair oa 3alancin% (E8M-, -88,3onin%#

8usto' oa 3alancin% (-olic) /outin%#

3anwith base oa 3alancin%(M-" /"9-7TE Tunnels#


5/46

MikroTik 2012

5

Multi7ink ---

--- Multi7link -rotocol allows to i6ie packete4uall) an sen each part into 'ultiplechannels

M--- can be create+

o6er sin%le ph)sical link : where 'ultiple channelsrun on the sa'e link (anti7&ra%'entation#

o6er 'ultiple ph)sical links 7 where 'ultiple

channels run on the 'ultiple link (loa balancin%#M--- 'ust be supporte b) both ens

(M--- is le%ac) stu&& &ro' 'oe' era#


6/46

MikroTik 2012

6

M--- con&i%uration

"er6er 'ust ha6eM--- support

All lines 'ustha6e sa'e user

na'e anpasswor

/outer!" has

onl) the M---clienti'ple'entation


7/46

MikroTik 2012

7

3onin%

3onin% is a technolo%) that allows )ou toa%%re%ate 'ultiple Ethernet7like inter&aces intoa sin%le 6irtual link, thus %ettin% hi%her atarates an pro6iin% &ail7o6er

3onin% (loa balancin%# 'oes+

02;


8/46

MikroTik 2012

8

02;


9/46

MikroTik 2012

9

3alance7rr an balance75or

3alance7rr 'oe uses /oun /obin al%orith' 7packets are trans'itte in se4uential orer &ro'the &irst a6ailable sla6e to the last;

When utili*in% 'ultiple senin% an 'ultiplerecei6in% links, packets o&ten are recei6e out o&orer (proble' &or T8-#

3alance75or balances out%oin% tra&&ic across the

acti6e ports base on a hash &ro' speci&icprotocol heaer &iels an accepts inco'in%tra&&ic &ro' an) acti6e port


10/46

MikroTik 2012

10

3alance7tlb

The out%oin% tra&&ic isistribute accorin%to the current loa

=nco'in% tra&&ic is notbalance

This 'oe is aress7pair loa balancin%

o aitionalcon&i%uration isre4uire &or the switch


11/46

MikroTik 2012

11

3alance7alb

=n short alb > tlb ?recei6e loabalancin%

This 'oe re4uires ae6ice ri6ercapabilit) to chan%ethe MA8 aress


12/46

MikroTik 2012

12

E8M- /outes

E8M- (E4ual 8ostMulti -ath# routesha6e 'ore than one%atewa) to the sa'e

re'ote network@atewa)s will beuse in /oun /obinper "/8B"Taress co'bination

"a'e %atewa) can bewritten se6eral ti'esCC


13/46

MikroTik 2012

13

D8heck7%atewa) !ption

Fou can set the router to check %atewa)reachabilit) usin% =8M- (pin%# or A/- protocols

=& the %atewa) is unreachable in a si'ple route : the route will beco'e inacti6e

=& one %atewa) is unreachable in an E8M-route, onl) the reachable %atewa)s will be usein the /oun /obin al%orith'

=& 8heck7%atewa) option is enable on oneroute it will a&&ect all routes with that %atewa);


14/46

MikroTik 2012

14

=nter&ace E8M- /outin%

=n case )ou ha6e 'ore that one --- connection&ro' the sa'e ser6er, but M--- is i'possible(i&&erent user na'es, ser6er support 'issin%# itis possible to use =nter&ace routin%

"i'ple =- aress routin% is i'possible &or all--- connections that ha6e the sa'e %atewa)=- aress

To enable inter&ace routin% Gust speci&) all ---inter&aces as route %atewa)7inter&aces

Works onl) on --- inter&aces;


15/46

MikroTik 2012

15

E8M- an Mas4uerae

As &orwarin% atabase is rebuilt e6er) 10'in ininu5 Hernel, there is a chance that connectionwill Gu'p to the other %atewa)

=n the case o& 'as4uerain% this Gu'p results ina chan%e o& source aress an in e6entualisconnect

More in&o at+

http+www;en)o;e&wsecurit)noteslinu57st7cache7os;ht'l

http+'arc;in&oI'>1021K1KK01LL

http+lk'l;iniana;euh)per'aillinu5net0


16/46

MikroTik 2012

16

8on&i%uration "etup


17/46

MikroTik 2012

17

3asic 8on&i%uration


18/46

MikroTik 2012

18

-olic) /outin%

-olic) routin% is a 'etho that allows )ou tocreate separate routin% polices &or i&&erenttra&&ic b) creatin% custo' routin% tables

=n /outer!" these routin% tables are create+

.or e6er) table speci&ie in ip route rule

.or e6er) routin%7'ark in 'an%le &acilit)

Marke tra&&ic is auto'aticall) assi%ne to the

proper routin% table (no nee &or lookup rules#


19/46

MikroTik 2012

19

/outin%7'ark

/outer!" attribute assi%ne to each packet/outin%7'ark can be chan%e in &irewall 'an%le&acilit) Gust be&ore an) routin% ecision+

chain -reroutin% : &or all inco'in% tra&&icchain !utput : &or out%oin% tra&&ic &ro' router

E6er) new routin% 'ark has its own routin%table with the sa'e na'e

3) e&ault all packets ha6e the D'ain routin%'ark


20/46

MikroTik 2012

20

Tra&&ic to 8onnecte etworks

As connecte routes are a6ailable onl) in D'ainroutin% table, it is necessar) that tra&&ic toconnecte networks sta) in D'ain routin% table

This will also allow proper co''unicationbetween locall) an re'otel) connecte clients


21/46

MikroTik 2012

21

/e'ote 8onnections

=n the case when a connection is initiate &ro' apublic inter&ace it is necessar) to ensure thatthese connections will be replie 6ia the sa'einter&ace (&ro' the sa'e public =-#

.irst we nee to capture these connections ()oucan ether use e&ault connection 'ark Dno7'ark or connection state Dnew here#


22/46

MikroTik 2012

22

8usto' -olic) /outin%

etOs create a Gu'p rule to )our custo' polic)routin% here

ow we nee to create a e&ault route &or e6er)routin% table (or else it will be resol6e b) 'ainroutin% table#


23/46

MikroTik 2012

23

Mark /outin%

Mark routin% rules in 'an%le chain Doutput willensure that router itsel& is reachable 6ia bothpublic =- aresses

Mark routin% rules in 'an%le chain Dpreroutin%

will ensure )our esire loa balancin%


24/46

MikroTik 2012

24

Man%le con&i%uration


25/46

MikroTik 2012

25

8usto' -olic) /outin%

There is no best wa) that we can su%%est &orloa balancin%, )ou can either+

3alance base on client =- aress (aress list#

3alance base on tra&&ic t)pe (p2p, la)er7, protocol,

port#

Use auto'atic balancin% (-88#

We o not su%%est to use Dnth &or polic) routin%o& t)pical user tra&⁣


26/46

MikroTik 2012

26

-er7aress7pair oa 3alancin%

=n 'an) situations co''unication between twohosts consist o& 'ore than one si'ultaneousconnection;

=& those connections are takin% i&&erent routin%

paths the) 'i%ht ha6e i&&erent latenc), roprate, &ra%'entation or source aress (AT# :this wa) 'akin% 'ulti7connectionco''unications i'possible;

That is wh) instea o& per7connection loabalancin% we shoul think about per7aress7pair loa balancin%


27/46

MikroTik 2012

27

-er 8onnection 8lassi&ier

-88 is a &irewall 'atcher that allows )ou toi6ie tra&&ic into e4ual strea's with abilit) tokeep packets with speci&ic set o& options in oneparticular strea'

Fou can speci&) set o& options &ro' src7aress,src7port, st7aress, st7port

More in&o at+http+wiki;'ikrotik;co'wiki-88

http://wiki.mikrotik.com/wiki/PCChttp://wiki.mikrotik.com/wiki/PCC


28/46

MikroTik 2012

28

-88 8on&i%uration

We Gust nee to a 2 rules to ourDpolic)Proutin% chain to ensure auto'atic per7aress7pair loa balancin%


29/46

MikroTik 2012

29

Usual -roble's

3e care&ul about usin% Dno7'ark connection'ark i& )ou ha6e other 'an%le con&i%uration in ai&&erent chain

="- speci&ie B" ser6ers 'i%ht block re4uests&ro' non7="- public =-s, so we su%%est )ou usepublic (="- inepenent# B" ser6ers;

=& )ou woul like to ensure &ail7o6er : enableDcheck7%atewa) option in all e&ault routes;


30/46

MikroTik 2012

30

What about banwith baseoa73alancin%I


31/46

MikroTik 2012

31

Tra&&ic En%ineerin%

TE is one o& M-" &eatures that allow toestablish uniirectional label switchin% paths

TE is base on /"9- (/esource /e"er9ation-rotocol# ? /.8


32/46

MikroTik 2012

32

Qow Boes 8onstraints WorkI

8onstraints are set b) user an oes notnecessaril) re&lect actual banwith

8onstraints can be set &or+

banwith o& link participatin% in a /"9- TEnetwork

banwith reser6e &or tunnel

"o, at an) 'o'ent in ti'e, the banwith

a6ailable on TE link is banwith con&i%ure &orlink 'inus su' o& all reser6ations 'ae on thelink (not ph)sicall) a6ailable banwith#


33/46

MikroTik 2012

33

TE Tunnel Establish'ent

TE tunnels can be establishe+alon% the current routin% path (no aitionalcon&i%uration re4uire#

alon% a staticall) con&i%ure e5plicit path (it is

necessar) to 'anuall) input path#8"-. (8onstraine "hortest -ath .irst# 7 Thisoption nees assistance &ro' =@- routin% protocol(such as !"-.# to istribute banwith in&or'ation

throu%hout the network;


34/46

MikroTik 2012

34

etwork a)out

Each router is connecte to a nei%hbourin%router usin%


35/46

MikroTik 2012

35

etwork a)out


36/46

MikroTik 2012

36

oopback an 8"-.

oopback aresses nee to be reachable &ro'whole network : we will use !"-. to istributethat in&or'ation

Also !"-. can help us to istribute TE

reser6ations &or 8"-.


37/46

MikroTik 2012

37

/esource /eser6ation

ets set up TE resource &or e6er) inter&ace onwhich we 'i%ht want to run TE tunnel;

8on&i%uration on all the routers are the sa'e+

ote that at this point this oes not representhow 'uch banwith will actuall) &low throu%hthe inter&ace


38/46

MikroTik 2012

38

.irst Task


39/46

MikroTik 2012

39

TE tunnel setup

We will use static path con&i%uration aspri'ar), an )na'ic (8"-.# as seconar)path i& pri'ar) &ails


40/46

MikroTik 2012

40

TE Tunnel Monitorin%

TE T l M it i


41/46

MikroTik 2012

41

TE Tunnel Monitorin%

=& 'ultiple tunnels are create an all thebanwith on that particular inter&ace is use,then the tunnel will tr) to look &or i&&erent path;

/ t t &&i TE


42/46

MikroTik 2012

42

/oute tra&&ic o6er TE

To route A tra&&ic o6er a TE tunnel we willassi%n aress 10;NN;NN;1


43/46

MikroTik 2012

43

Auto'atic .ailo6er

3) e&ault the tunnel will tr) to switch back tothe pri'ar) path e6er) 'inute; This settin% canbe chan%e with primary-retry-interval para'eter;

Aiti l T l


44/46

MikroTik 2012

44

Aitional Tunnels

Aiti l T l


45/46

MikroTik 2012

45

Aitional Tunnels


46/46

MikroTik 2012

46

@oo luckC

http+wiki;'ikrotik;co'wikiManual+"i'plePTE

http+wiki;'ikrotik;co'wikiManual+TEPTunnelshttp+wiki;'ikrotik;co'wikiManual+M-"Tra&&ic7en%

http+wiki;'ikrotik;co'wikiManual+M-"!6er6iew
http://wiki.mikrotik.com/wiki/Manual:Simple_TEhttp://wiki.mikrotik.com/wiki/Manual:TE_Tunnelshttp://wiki.mikrotik.com/wiki/Manual:MPLS/Traffic-enghttp://wiki.mikrotik.com/wiki/Manual:MPLS/Overviewhttp://wiki.mikrotik.com/wiki/Manual:MPLS/Overviewhttp://wiki.mikrotik.com/wiki/Manual:MPLS/Traffic-enghttp://wiki.mikrotik.com/wiki/Manual:TE_Tunnelshttp://wiki.mikrotik.com/wiki/Manual:Simple_TE

Date post:	07-Aug-2018
Category:	Documents
Upload:	anonymous-x9qttjecrq
View:	244 times
Download:	0 times

Load Balancing Workshop - Mikrotik RB

Documents