Upload
anonymous-x9qttjecrq
View
247
Download
0
Embed Size (px)
Citation preview
8/20/2019 Load Balancing Workshop - Mikrotik RB
1/46
MikroTik 2012
MikroTik RouterOS Workshop
Load Balancing
Best Practice
Warsaw
MUM Europe 2012
8/20/2019 Load Balancing Workshop - Mikrotik RB
2/46
MikroTik 2012
2
About Me
Jānis Meģis, MikroTik
Jānis (Tehnical, Trainer, !T "ales#
"upport $ Trainin% En%ineer &or al'ost )ears
"peciali*ation+ o", ---, .irewall, /outin%
Teachin% MikroTik /outer!" classes since 200
8/20/2019 Load Balancing Workshop - Mikrotik RB
3/46
MikroTik 2012
3
oa 3alancin%
oa 3alancin% is a techni4ue to istribute theworkloa across two or 'ore network links inorer to 'a5i'i*e throu%hput, 'ini'iseresponse ti'e, an a6oi o6erloa
Usin% 'ultiple network links with loa balancin%,instea o& sin%le network links, 'a) increase
reliabilit) throu%h reunanc)
8/20/2019 Load Balancing Workshop - Mikrotik RB
4/46
MikroTik 2012
4
T)pes o& oa 3alancin%
"ub7-acket oa 3alancin% (M---#-er -acket oa 3alancin% (3onin%#
-er 8onnection oa 3alancin% (nth#
-er aress7pair oa 3alancin% (E8M-, -88,3onin%#
8usto' oa 3alancin% (-olic) /outin%#
3anwith base oa 3alancin%(M-" /"9-7TE Tunnels#
8/20/2019 Load Balancing Workshop - Mikrotik RB
5/46
MikroTik 2012
5
Multi7ink ---
--- Multi7link -rotocol allows to i6ie packete4uall) an sen each part into 'ultiplechannels
M--- can be create+
o6er sin%le ph)sical link : where 'ultiple channelsrun on the sa'e link (anti7&ra%'entation#
o6er 'ultiple ph)sical links 7 where 'ultiple
channels run on the 'ultiple link (loa balancin%#M--- 'ust be supporte b) both ens
(M--- is le%ac) stu&& &ro' 'oe' era#
8/20/2019 Load Balancing Workshop - Mikrotik RB
6/46
MikroTik 2012
6
M--- con&i%uration
"er6er 'ust ha6eM--- support
All lines 'ustha6e sa'e user
na'e anpasswor
/outer!" has
onl) the M---clienti'ple'entation
8/20/2019 Load Balancing Workshop - Mikrotik RB
7/46
MikroTik 2012
7
3onin%
3onin% is a technolo%) that allows )ou toa%%re%ate 'ultiple Ethernet7like inter&aces intoa sin%le 6irtual link, thus %ettin% hi%her atarates an pro6iin% &ail7o6er
3onin% (loa balancin%# 'oes+
02;
8/20/2019 Load Balancing Workshop - Mikrotik RB
8/46
MikroTik 2012
8
02;
8/20/2019 Load Balancing Workshop - Mikrotik RB
9/46
MikroTik 2012
9
3alance7rr an balance75or
3alance7rr 'oe uses /oun /obin al%orith' 7packets are trans'itte in se4uential orer &ro'the &irst a6ailable sla6e to the last;
When utili*in% 'ultiple senin% an 'ultiplerecei6in% links, packets o&ten are recei6e out o&orer (proble' &or T8-#
3alance75or balances out%oin% tra&&ic across the
acti6e ports base on a hash &ro' speci&icprotocol heaer &iels an accepts inco'in%tra&&ic &ro' an) acti6e port
8/20/2019 Load Balancing Workshop - Mikrotik RB
10/46
MikroTik 2012
10
3alance7tlb
The out%oin% tra&&ic isistribute accorin%to the current loa
=nco'in% tra&&ic is notbalance
This 'oe is aress7pair loa balancin%
o aitionalcon&i%uration isre4uire &or the switch
8/20/2019 Load Balancing Workshop - Mikrotik RB
11/46
MikroTik 2012
11
3alance7alb
=n short alb > tlb ?recei6e loabalancin%
This 'oe re4uires ae6ice ri6ercapabilit) to chan%ethe MA8 aress
8/20/2019 Load Balancing Workshop - Mikrotik RB
12/46
MikroTik 2012
12
E8M- /outes
E8M- (E4ual 8ostMulti -ath# routesha6e 'ore than one%atewa) to the sa'e
re'ote network@atewa)s will beuse in /oun /obinper "/8B"Taress co'bination
"a'e %atewa) can bewritten se6eral ti'esCC
8/20/2019 Load Balancing Workshop - Mikrotik RB
13/46
MikroTik 2012
13
D8heck7%atewa) !ption
Fou can set the router to check %atewa)reachabilit) usin% =8M- (pin%# or A/- protocols
=& the %atewa) is unreachable in a si'ple route : the route will beco'e inacti6e
=& one %atewa) is unreachable in an E8M-route, onl) the reachable %atewa)s will be usein the /oun /obin al%orith'
=& 8heck7%atewa) option is enable on oneroute it will a&&ect all routes with that %atewa);
8/20/2019 Load Balancing Workshop - Mikrotik RB
14/46
MikroTik 2012
14
=nter&ace E8M- /outin%
=n case )ou ha6e 'ore that one --- connection&ro' the sa'e ser6er, but M--- is i'possible(i&&erent user na'es, ser6er support 'issin%# itis possible to use =nter&ace routin%
"i'ple =- aress routin% is i'possible &or all--- connections that ha6e the sa'e %atewa)=- aress
To enable inter&ace routin% Gust speci&) all ---inter&aces as route %atewa)7inter&aces
Works onl) on --- inter&aces;
8/20/2019 Load Balancing Workshop - Mikrotik RB
15/46
MikroTik 2012
15
E8M- an Mas4uerae
As &orwarin% atabase is rebuilt e6er) 10'in ininu5 Hernel, there is a chance that connectionwill Gu'p to the other %atewa)
=n the case o& 'as4uerain% this Gu'p results ina chan%e o& source aress an in e6entualisconnect
More in&o at+
http+www;en)o;e&wsecurit)noteslinu57st7cache7os;ht'l
http+'arc;in&oI'>1021K1KK01LL
http+lk'l;iniana;euh)per'aillinu5net0
8/20/2019 Load Balancing Workshop - Mikrotik RB
16/46
MikroTik 2012
16
8on&i%uration "etup
8/20/2019 Load Balancing Workshop - Mikrotik RB
17/46
MikroTik 2012
17
3asic 8on&i%uration
8/20/2019 Load Balancing Workshop - Mikrotik RB
18/46
MikroTik 2012
18
-olic) /outin%
-olic) routin% is a 'etho that allows )ou tocreate separate routin% polices &or i&&erenttra&&ic b) creatin% custo' routin% tables
=n /outer!" these routin% tables are create+
.or e6er) table speci&ie in ip route rule
.or e6er) routin%7'ark in 'an%le &acilit)
Marke tra&&ic is auto'aticall) assi%ne to the
proper routin% table (no nee &or lookup rules#
8/20/2019 Load Balancing Workshop - Mikrotik RB
19/46
MikroTik 2012
19
/outin%7'ark
/outer!" attribute assi%ne to each packet/outin%7'ark can be chan%e in &irewall 'an%le&acilit) Gust be&ore an) routin% ecision+
chain -reroutin% : &or all inco'in% tra&&icchain !utput : &or out%oin% tra&&ic &ro' router
E6er) new routin% 'ark has its own routin%table with the sa'e na'e
3) e&ault all packets ha6e the D'ain routin%'ark
8/20/2019 Load Balancing Workshop - Mikrotik RB
20/46
MikroTik 2012
20
Tra&&ic to 8onnecte etworks
As connecte routes are a6ailable onl) in D'ainroutin% table, it is necessar) that tra&&ic toconnecte networks sta) in D'ain routin% table
This will also allow proper co''unicationbetween locall) an re'otel) connecte clients
8/20/2019 Load Balancing Workshop - Mikrotik RB
21/46
MikroTik 2012
21
/e'ote 8onnections
=n the case when a connection is initiate &ro' apublic inter&ace it is necessar) to ensure thatthese connections will be replie 6ia the sa'einter&ace (&ro' the sa'e public =-#
.irst we nee to capture these connections ()oucan ether use e&ault connection 'ark Dno7'ark or connection state Dnew here#
8/20/2019 Load Balancing Workshop - Mikrotik RB
22/46
MikroTik 2012
22
8usto' -olic) /outin%
etOs create a Gu'p rule to )our custo' polic)routin% here
ow we nee to create a e&ault route &or e6er)routin% table (or else it will be resol6e b) 'ainroutin% table#
8/20/2019 Load Balancing Workshop - Mikrotik RB
23/46
MikroTik 2012
23
Mark /outin%
Mark routin% rules in 'an%le chain Doutput willensure that router itsel& is reachable 6ia bothpublic =- aresses
Mark routin% rules in 'an%le chain Dpreroutin%
will ensure )our esire loa balancin%
8/20/2019 Load Balancing Workshop - Mikrotik RB
24/46
MikroTik 2012
24
Man%le con&i%uration
8/20/2019 Load Balancing Workshop - Mikrotik RB
25/46
MikroTik 2012
25
8usto' -olic) /outin%
There is no best wa) that we can su%%est &orloa balancin%, )ou can either+
3alance base on client =- aress (aress list#
3alance base on tra&&ic t)pe (p2p, la)er7, protocol,
port#
Use auto'atic balancin% (-88#
We o not su%%est to use Dnth &or polic) routin%o& t)pical user tra&⁣
8/20/2019 Load Balancing Workshop - Mikrotik RB
26/46
MikroTik 2012
26
-er7aress7pair oa 3alancin%
=n 'an) situations co''unication between twohosts consist o& 'ore than one si'ultaneousconnection;
=& those connections are takin% i&&erent routin%
paths the) 'i%ht ha6e i&&erent latenc), roprate, &ra%'entation or source aress (AT# :this wa) 'akin% 'ulti7connectionco''unications i'possible;
That is wh) instea o& per7connection loabalancin% we shoul think about per7aress7pair loa balancin%
8/20/2019 Load Balancing Workshop - Mikrotik RB
27/46
MikroTik 2012
27
-er 8onnection 8lassi&ier
-88 is a &irewall 'atcher that allows )ou toi6ie tra&&ic into e4ual strea's with abilit) tokeep packets with speci&ic set o& options in oneparticular strea'
Fou can speci&) set o& options &ro' src7aress,src7port, st7aress, st7port
More in&o at+http+wiki;'ikrotik;co'wiki-88
http://wiki.mikrotik.com/wiki/PCChttp://wiki.mikrotik.com/wiki/PCC
8/20/2019 Load Balancing Workshop - Mikrotik RB
28/46
MikroTik 2012
28
-88 8on&i%uration
We Gust nee to a 2 rules to ourDpolic)Proutin% chain to ensure auto'atic per7aress7pair loa balancin%
8/20/2019 Load Balancing Workshop - Mikrotik RB
29/46
MikroTik 2012
29
Usual -roble's
3e care&ul about usin% Dno7'ark connection'ark i& )ou ha6e other 'an%le con&i%uration in ai&&erent chain
="- speci&ie B" ser6ers 'i%ht block re4uests&ro' non7="- public =-s, so we su%%est )ou usepublic (="- inepenent# B" ser6ers;
=& )ou woul like to ensure &ail7o6er : enableDcheck7%atewa) option in all e&ault routes;
8/20/2019 Load Balancing Workshop - Mikrotik RB
30/46
MikroTik 2012
30
What about banwith baseoa73alancin%I
8/20/2019 Load Balancing Workshop - Mikrotik RB
31/46
MikroTik 2012
31
Tra&&ic En%ineerin%
TE is one o& M-" &eatures that allow toestablish uniirectional label switchin% paths
TE is base on /"9- (/esource /e"er9ation-rotocol# ? /.8
8/20/2019 Load Balancing Workshop - Mikrotik RB
32/46
MikroTik 2012
32
Qow Boes 8onstraints WorkI
8onstraints are set b) user an oes notnecessaril) re&lect actual banwith
8onstraints can be set &or+
banwith o& link participatin% in a /"9- TEnetwork
banwith reser6e &or tunnel
"o, at an) 'o'ent in ti'e, the banwith
a6ailable on TE link is banwith con&i%ure &orlink 'inus su' o& all reser6ations 'ae on thelink (not ph)sicall) a6ailable banwith#
8/20/2019 Load Balancing Workshop - Mikrotik RB
33/46
MikroTik 2012
33
TE Tunnel Establish'ent
TE tunnels can be establishe+alon% the current routin% path (no aitionalcon&i%uration re4uire#
alon% a staticall) con&i%ure e5plicit path (it is
necessar) to 'anuall) input path#8"-. (8onstraine "hortest -ath .irst# 7 Thisoption nees assistance &ro' =@- routin% protocol(such as !"-.# to istribute banwith in&or'ation
throu%hout the network;
8/20/2019 Load Balancing Workshop - Mikrotik RB
34/46
MikroTik 2012
34
etwork a)out
Each router is connecte to a nei%hbourin%router usin%
8/20/2019 Load Balancing Workshop - Mikrotik RB
35/46
MikroTik 2012
35
etwork a)out
8/20/2019 Load Balancing Workshop - Mikrotik RB
36/46
MikroTik 2012
36
oopback an 8"-.
oopback aresses nee to be reachable &ro'whole network : we will use !"-. to istributethat in&or'ation
Also !"-. can help us to istribute TE
reser6ations &or 8"-.
8/20/2019 Load Balancing Workshop - Mikrotik RB
37/46
MikroTik 2012
37
/esource /eser6ation
ets set up TE resource &or e6er) inter&ace onwhich we 'i%ht want to run TE tunnel;
8on&i%uration on all the routers are the sa'e+
ote that at this point this oes not representhow 'uch banwith will actuall) &low throu%hthe inter&ace
8/20/2019 Load Balancing Workshop - Mikrotik RB
38/46
MikroTik 2012
38
.irst Task
8/20/2019 Load Balancing Workshop - Mikrotik RB
39/46
MikroTik 2012
39
TE tunnel setup
We will use static path con&i%uration aspri'ar), an )na'ic (8"-.# as seconar)path i& pri'ar) &ails
8/20/2019 Load Balancing Workshop - Mikrotik RB
40/46
MikroTik 2012
40
TE Tunnel Monitorin%
TE T l M it i
8/20/2019 Load Balancing Workshop - Mikrotik RB
41/46
MikroTik 2012
41
TE Tunnel Monitorin%
=& 'ultiple tunnels are create an all thebanwith on that particular inter&ace is use,then the tunnel will tr) to look &or i&&erent path;
/ t t &&i TE
8/20/2019 Load Balancing Workshop - Mikrotik RB
42/46
MikroTik 2012
42
/oute tra&&ic o6er TE
To route A tra&&ic o6er a TE tunnel we willassi%n aress 10;NN;NN;1
8/20/2019 Load Balancing Workshop - Mikrotik RB
43/46
MikroTik 2012
43
Auto'atic .ailo6er
3) e&ault the tunnel will tr) to switch back tothe pri'ar) path e6er) 'inute; This settin% canbe chan%e with primary-retry-interval para'eter;
Aiti l T l
8/20/2019 Load Balancing Workshop - Mikrotik RB
44/46
MikroTik 2012
44
Aitional Tunnels
Aiti l T l
8/20/2019 Load Balancing Workshop - Mikrotik RB
45/46
MikroTik 2012
45
Aitional Tunnels
8/20/2019 Load Balancing Workshop - Mikrotik RB
46/46
MikroTik 2012
46
@oo luckC
http+wiki;'ikrotik;co'wikiManual+"i'plePTE
http+wiki;'ikrotik;co'wikiManual+TEPTunnelshttp+wiki;'ikrotik;co'wikiManual+M-"Tra&&ic7en%
http+wiki;'ikrotik;co'wikiManual+M-"!6er6iew
http://wiki.mikrotik.com/wiki/Manual:Simple_TEhttp://wiki.mikrotik.com/wiki/Manual:TE_Tunnelshttp://wiki.mikrotik.com/wiki/Manual:MPLS/Traffic-enghttp://wiki.mikrotik.com/wiki/Manual:MPLS/Overviewhttp://wiki.mikrotik.com/wiki/Manual:MPLS/Overviewhttp://wiki.mikrotik.com/wiki/Manual:MPLS/Traffic-enghttp://wiki.mikrotik.com/wiki/Manual:TE_Tunnelshttp://wiki.mikrotik.com/wiki/Manual:Simple_TE