Troubleshooting

load balancing
o m
Mikrotik User Meeting
b .i c
o
Malaysia, 12 june 2019 o
a h
s
Achmad Mardiansyah
achmad@glcnetworks.com
GLC Networks

www.glcnetworks.com
Agenda

● Introduction
●

o
The basics: packets, connection and routing
m
.i c
● Load Balancing (LB) techniques
● Some issues and recommendations
● Q&A

o b
h o
s a
2
www.glcnetworks.com
What is GLC?

● Garda Lintas Cakrawala (www.glcnetworks.com)

●
●
Based in Bandung, Indonesia
Areas: Training, IT Consulting
o m
.i c
● Certified partner for: Mikrotik, Ubiquity, Linux foundation

b
● Product: GLC radius manager

o
● Regular event: webinar (every 2 weeks, see our schedule on website)

o
●

h
●

s a
3
www.glcnetworks.com
About me
● Name: Achmad Mardiansyah

m
● Base: bandung, Indonesia

o
● Linux user since 1999, mikrotik user since 2007,

.i c
● Mikrotik Certified Trainer
(MTCNA/RE/WE/UME/INE/TCE/IPv6)

b
● Mikrotik Certified Consultant

o
● Teacher at Telkom University (Bandung, Indonesia)

o
● Website contributor: achmadjournal.com,

h
mikrotik.tips, asysadmin.tips

a
● More info:

s
http://au.linkedin.com/in/achmadmardiansyah

4
www.glcnetworks.com
Past experiences
● 2019, Congo (DRC): build a wireless ISP from
ground-up
●
m
2018, Malaysia: network revamp, develop billing

o
solution and integration, setup dynamic routing

.i c
● 2017, Libya (north africa): remote wireless migration

b
for a new Wireless ISP

o
● 2016, United Kingdom: facilitates workshop for a

o
wireless ISP, migrating a bridged to routed network

h
● 2015, West Borneo: supporting wireless

a
infrastructure project

s
● 2014, Senegal (west africa): TAC2 engineer for HLR
migration from NOKIA to ERICSSON

www.glcnetworks.com
About Telkom University

o m
b .i c
●
o
Located in Bandung, Indonesia
o
●
●
7 Faculties, 27 schools

a h
Areas: Engineering, Communications, Computing, Bussiness and

●
●
management, Arts
s
650+ Academic staff, 400+ Administration staff, 20000+ students
An exchange program
● Runs mikrotik academy program

6
www.glcnetworks.com
Mikrotik academy @ TEL-U

● Started in 2013
●
●
Embedded into schools curriculum
100% hands-on
o m
.i c
● Get MTCNA certification

o b
h o
s a
7
www.glcnetworks.com
 o m
About load b i . c
o o balancing

a h
s
8
www.glcnetworks.com
Why should i care?

● Lots of tutorials in internet!!!

● Tons of pages, tutorial, videos

o m
Questions for reader:

b .i c
●

o
Do you really understand that?
o
h
● Did the writer understand that?

a
● Is it really works as expected?

s
9
www.glcnetworks.com
Are those webpages really work on you?

● Information overloaded… which

●
one suits you?
Perhaps their network
o m
.i c
environment is different than

b
yours

o
● You need to understand how it

o
works...

a h
s
10
www.glcnetworks.com
 o m
i . c
o b
The basics: packet, connection, routing

h o
s a
11
www.glcnetworks.com
What is packets?
Packet is a unit of data transmission (layer 3
PDU)

o m
Other units: segment, datagram, frame

.i c
Questions:
● Is there any packet in a frame?

b
● Is there any packet in a segment?
● How to measure mbps of packets

o o
a h
s / datagram

12
www.glcnetworks.com
How do you know packet’s statistics?

Measured in pps (packet per second) -> part of router performance

o m
b .i c
o o
a h
s
13
www.glcnetworks.com
Layer 3 header (which one is IPv4?)

o m
b .i c
o o
a h
s
14
www.glcnetworks.com
Layer 4 header (which one is TCP?)

o m
b .i c
o o
a h
s
15
www.glcnetworks.com
What is connection? webserver

● A Connection is identified by a set of IP addresses

m
(source and destination) and ports (if necessary. ISP3

●
E.g. source and destination port)

.i c
When you access a remote computer, you will o
b
create a connection
ISP1 ISP2

o o
h
ether5 ether6

s a
LAN

16
www.glcnetworks.com
Questions:

● Is packet part of connection?

●
●
Is connection part of packet?
Can 1 connection have more than one packets?
o m
.i c
● Do packets have mechanism between them so that they know their

b
arrangement or connection between them?

o
● Can router identify relation between packet? E.g. keep track the relations

o
between packet?

a h
s
17
www.glcnetworks.com
Mikrotik supports connection tracking

Mikrotik conn-track supports protocol: TCP, UDP, ICMP and others

o m
b .i c
o o
a h
s
18
www.glcnetworks.com
QUESTION

HOW MANY CONNECTION(S)

o m
.i c
YOUR BROWSER CREATE

o
WHEN YOU OPEN A WEBSITE?b
h o
s a
19
www.glcnetworks.com
 Connect
ion 1
Connect
ion 3
Answer: inspect the web elements

● Client can open multiple connections to get

website components

o m
b .i c ISP1
Connect
ion 2

o o
h
ether5

s a
LAN

20
www.glcnetworks.com
Example: Single connection to a
website
Website with single connection:

m
http://test.glcnetworks.com ISP3

.i co
o b ISP1 ISP2

h o ether5 ether6

s a
LAN

21
www.glcnetworks.com
 o m
Routing andb i . c
forwarding
o o
a h
s
22
www.glcnetworks.com
Routing and Forwarding

● A process to forward a packet from input

m
interface to output interface, based on ISP3

●
information on routing table.

.i c
As we use private IP address, there will be a o
b
NAT process before sending out to exit interface
ISP1 ISP2

o
● To check your public IP address, go to

o
http://test.glcnetworks.com

h
ether5 ether6

s a
LAN

23
www.glcnetworks.com
Adjust routing (mangle: mark-routing)

● Process to mark a packet to for routing purpose

m
● Steps: ISP3

o
○ Create firewall mangle with action mark-routing

.i c
○ Create routing entry with defined-mark
○ Create NAT rule if we use private IP address

b
● To check our public IP address, go to ISP1 ISP2

o
http://test.glcnetworks.com

h o ether5 ether6

s a
LAN

24
www.glcnetworks.com
Forward traffic via ISP2 using mangle

o m
b .i c
o o
a h
s
25
www.glcnetworks.com
Forward traffic via ISP1 using mangle

o m
b .i c
o o
a h
s
26
www.glcnetworks.com
 o m
i . c
b
Load Balancing
o
h o
s a
27
www.glcnetworks.com
What is (traffic) load balancing? webserver

● Is a process to forward traffic

m
ISP3
on several links
●
●
Applied on router
!= failover

.i co
b
ISP1 ISP2
Benefits:

● Increase utilisation of

o o
h
upstream links ether5 ether6

s a
LAN

28
www.glcnetworks.com
Load balancing techniques

Method Per-connection

o mper-packet

.i c
Firewall marking YES YES

b
ECMP YES NO

o
PCC YES NO

Nth YES

h o YES

a
Bonding NO YES

s
OSPF YES NO

BGP YES NO

29
www.glcnetworks.com
 Connect
ion 1
Connect
ion 3
How PCC works?

● PCC = Per Connection Classifier

m
● PCC can identify the connection and mark them ISP3

●
for further processing

.i co
Example: a client opens a multi-object website via
Connect

b
single ISP. both addresses (src-address and ion 2
ISP1

o
dst-address) are used to identify connection

o
● PCC can identify each connection made from

h
client
ether5

s a
LAN

30
www.glcnetworks.com
Applying PCC

● You need to understand the concept of connection (conn-track=active)

●
●
Applied on firewall mangle
Need to define classifier. Can be based on:
o m
.i c
Total
○ Source or destination address only connection
○ Both addresses you want to Connection

b
○ Etc create identifier

o
● Define connection number and total connection

h o
s a
31
www.glcnetworks.com
Exercise: Classifier=src-addr

Host 1
How many pcc
o m
.i c
Host 2
connections to servers?

Host 3

o b internet
server 1

h o server 2

a
Host 4

Host 5
s server 3

Each host connects to 3 servers

32
www.glcnetworks.com
Exercise: Classifier=dst-addr

Host 1
How many pcc
o m
.i c
Host 2
connections to servers?

Host 3

o b internet
server 1

h o server 2

a
Host 4

Host 5
s server 3

Each host connects to 3 servers

33
www.glcnetworks.com
Exercise: Classifier=both-address

Host 1
How many pcc
o m
.i c
Host 2
connections to servers?

Host 3

o b internet
server 1

h o server 2

a
Host 4

Host 5
s server 3

Each host connects to 3 servers

34
www.glcnetworks.com
Exercise: Classifier=both-address-and-ports

Host 1
How many pcc
o m
.i c
Host 2
connections to servers?

Host 3

o b internet
server 1

h o server 2

a
Host 4

Host 5
s server 3

Each host connects to 3 servers

35
www.glcnetworks.com
 Connect
ion 1

Example: LB with classifier: both Connect

ion 3
address

m
ISP3

.i co Connect
ion 2

o b ISP1 ISP2

h o ether5 ether6

s a
host1

36
www.glcnetworks.com
 o m
i . c
o b
Some issues & recommendations

h o
s a
37
www.glcnetworks.com
Some issues & recommendations

Issues:

o m
Beware of NATed connection -> webserver will see inbound connection

.i c
from 2 ip public addresses
○ page will not displayed correctly (as it is considered illegal session)

b
○ banking / https pages will not allow you to access their website

Recommendations

o o
h
● If you use NAT, Better to use classifier based on source IP address only ->

●
a
will give client consistent path to the destination

s
Avoid NAT if possible -> using public IP address end-to-end -> use BGP ->
better performance

38
www.glcnetworks.com
 o m
QAbi
. c
o o
ah
s
39
www.glcnetworks.com
Some info

● Hope you are more curious now

●
m
These materials are part of Mikrotik Certified Traffic Control Engineer
(MTCTCE) course
o
.i c
● If you are interested, you can sign up to our website

o b
h o
s a
40
www.glcnetworks.com
End of slides

● Thank you for your attention

●
● Like our facebook page: “GLC networks”
o m
Please submit your feedback: http://bit.ly/glcfeedback

.i c
● Stay tune with our schedule

o b
h o
s a
41
www.glcnetworks.com