Scribd Logo
Upload

Welcome to Scribd!

  • Balanceo Avanzado PCC 3 WAN Con Failover Profesional v6 PDF

    Uploaded by

    Javier Lenis
    24 views3 pages

    Original Title

    Balanceo-Avanzado-PCC-3-WAN-Con-Failover-Profesional-v6.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    24 views3 pages

    Balanceo Avanzado PCC 3 WAN Con Failover Profesional v6 PDF

    Uploaded by

    Javier Lenis

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Bienvenido a este entrenamiento

    Por: Rodrigo Anrrango


    www.ConfigurarMikrotikWireless.com
    ***NOTA***
    1 # Asegúrese de cambiar los nombres de las interfaces y las direcciones IP de acu
    erdo a su red,
    2 # En la sección DNS, utilizar las direcciones IP DNS de tu ISP o DNS google 8.8.
    8.8 y 8.8.4.4
    3 # Puede utilizar diferentes direcciones de host IP para la vigilancia, preferi
    blemente servidores confiables de su ISP primaria como DNS u otro.
    Puede utilizar otros sitios web IPS también.
    Las interfaces deben estar Renombradas en el RB tal Cual en Mayusculas asi:
    WAN1
    WAN2
    WAN3
    LAN
    ***Recuerda Modificar tus IP de tu proveedor.
    /ip address
    add address=192.168.5.2/24 interface=WAN1 network=192.168.5.0
    add address=192.168.6.2/24 interface=WAN2 network=192.168.6.0
    add address=192.168.7.2/24 interface=WAN3 network=192.168.7.0
    add address=192.168.26.1/30 interface=LAN network=192.168.26.0
    /ip firewall nat
    add action=masquerade chain=srcnat out-interface=WAN1
    add action=masquerade chain=srcnat out-interface=WAN2
    add action=masquerade chain=srcnat out-interface=WAN3

    /ip firewall mangle


    add action=mark-connection chain=input in-interface=WAN1 new-connection-mark=WAN
    1_conn
    add action=mark-connection chain=input in-interface=WAN2 new-connection-mark=WAN
    2_conn
    add action=mark-connection chain=input in-interface=WAN3 new-connection-mark=WAN
    3_conn
    add action=mark-routing chain=output connection-mark=WAN1_conn new-routing-mark=
    to_WAN1
    add action=mark-routing chain=output connection-mark=WAN2_conn new-routing-mark=
    to_WAN2
    add action=mark-routing chain=output connection-mark=WAN3_conn new-routing-mark=
    to_WAN3
    add chain=prerouting dst-address=192.168.5.0/24 in-interface=LAN
    add chain=prerouting dst-address=192.168.6.0/24 in-interface=LAN
    add chain=prerouting dst-address=192.168.7.0/24 in-interface=LAN
    add action=mark-connection chain=prerouting dst-address-type=!local in-interface
    =LAN new-connection-mark=WAN1_conn per-connection-classifier=both-addresses:3/0
    add action=mark-connection chain=prerouting dst-address-type=!local in-interface
    =LAN new-connection-mark=WAN2_conn per-connection-classifier=both-addresses:3/1
    add action=mark-connection chain=prerouting dst-address-type=!local in-interface
    =LAN new-connection-mark=WAN3_conn per-connection-classifier=both-addresses:3/2

    **NOTA IMPORTANTE
    ***INICIO: both-addresses-and-ports
    /ip firewall mangle
    add action=mark-connection chain=prerouting dst-address-type=!local in-interface
    =LAN new-connection-mark=WAN1_conn per-connection-classifier=both-addresses-and-
    ports:3/0
    add action=mark-connection chain=prerouting dst-address-type=!local in-interface
    =LAN new-connection-mark=WAN2_conn per-connection-classifier=both-addresses-and-
    ports:3/1
    add action=mark-connection chain=prerouting dst-address-type=!local in-interface
    =LAN new-connection-mark=WAN3_conn per-connection-classifier=both-addresses-and-
    ports:3/2
    ***FIN
    /ip firewall mangle
    add action=mark-routing chain=prerouting connection-mark=WAN1_conn in-interface=
    LAN new-routing-mark=to_WAN1
    add action=mark-routing chain=prerouting connection-mark=WAN2_conn in-interface=
    LAN new-routing-mark=to_WAN2
    add action=mark-routing chain=prerouting connection-mark=WAN3_conn in-interface=
    LAN new-routing-mark=to_WAN3
    ***Importante***
    /ip route
    add check-gateway=ping distance=1 gateway=8.8.8.8 routing-mark=to_WAN1
    add check-gateway=ping distance=2 gateway=8.8.4.4 routing-mark=to_WAN2
    add check-gateway=ping distance=3 gateway=4.2.2.2 routing-mark=to_WAN3
    add distance=1 gateway=10.0.0.1 routing-mark=to_WAN1
    add distance=2 gateway=10.0.0.2 routing-mark=to_WAN2
    add distance=3 gateway=10.0.0.3 routing-mark=to_WAN3
    add distance=1 gateway=10.0.0.1
    add distance=2 gateway=10.0.0.2
    add distance=3 gateway=10.0.0.3
    add distance=1 dst-address=8.8.8.8/32 gateway=192.168.5.1 scope=10
    add distance=1 dst-address=8.8.4.4/32 gateway=192.168.6.1 scope=10
    add distance=1 dst-address=4.2.2.2/32 gateway=192.168.7.1 scope=10
    add check-gateway=ping distance=1 dst-address=10.0.0.1/32 gateway=8.8.8.8 scope=
    10
    add check-gateway=ping distance=1 dst-address=10.0.0.2/32 gateway=8.8.4.4 scope=
    10
    add check-gateway=ping distance=1 dst-address=10.0.0.3/32 gateway=4.2.2.2 scope=
    10

    Fuente para failover: http://wiki.mikrotik.com/wiki/Manual:Using_scope_and_targe


    t-scope_attributes
    Trafico Por Proveedor WAN1
    /ip firewall mangle
    add action=mark-connection chain=prerouting comment="Https port 443 trafico sep
    arado by WAN1" disabled=yes dst-port=443 in-interface=LAN new-connection-mark=Ht
    tps protocol=tcp
    add action=mark-routing chain=prerouting connection-mark=Https disabled=yes in-i
    nterface=LAN new-routing-mark=to_WAN1 passthrough=no
    add action=mark-connection chain=prerouting comment="http port 80 Trafico separa
    do by WAN1" disabled=yes dst-port=80 in-interface=LAN new-connection-mark=http p
    rotocol=tcp
    add action=mark-routing chain=prerouting connection-mark=http disabled=yes in-in
    terface=LAN new-routing-mark=to_WAN1 passthrough=no
    Trafico Por Proveedor WAN2
    /ip firewall mangle
    add action=mark-connection chain=prerouting comment="Https port 443 trafico sep
    arado by WAN2" dst-port=443 in-interface=LAN new-connection-mark=Https protocol=
    tcp
    add action=mark-routing chain=prerouting connection-mark=Https in-interface=LAN
    new-routing-mark=to_WAN2 passthrough=no
    add action=mark-connection chain=prerouting comment="http port 80 Trafico separa
    do by WAN2" dst-port=80 in-interface=LAN new-connection-mark=http protocol=tcp
    add action=mark-routing chain=prerouting connection-mark=http in-interface=LAN n
    ew-routing-mark=to_WAN2 passthrough=no
    ************************
    ##Difinición##
    both-addresses = ambas-direcciones IP
    both-addresses: La petición de origen y destino IP entre el mismo cliente y el ser
    vidor siempre será la misma, por lo que todo el tráfico
    entre un cliente específico y un servidor específico (por ejemplo, su computadora po
    rtátil y servidor 67.89.2.5) siempre que coincida con el
    mismo matcher PCC , y siempre será puesto en el mismo enlace.
    both-addresses = ambas-direcciones IP ,se refiere a src-address y dst-address
    Como el clasificador. Aunque esto va a cambiar aleatoriamente cosas la teoría más y
    le dará la asignación más justa de ancho de banda,
    pero también hay una buena probabilidad de que se rompa ciertas cosas como los sit
    ios web bancarios y algunos foros.
    Esto se debe a las peticiones muchas veces un HTTP generarán varias conexiones, po
    r lo que existe la posibilidad de
    que algunas solicitudes podrán salir una ruta diferente a la inicial, y que se rom
    perán los sitios web seguros.
    Mas información: http://wiki.mikrotik.com/wiki/How_PCC_works_%28beginner%29
    ************************

    You might also like