Topologi
*)IP pada ilustrasi bukanlah IP yang digunakan untuk tutorial berikut Sebagai gambarannya mungkin seperti ini : 3 line spidi, 1 line proxy dan 1 line local yang nancep di colokan RB750G nya Konfigurasi dasar :
05 default service-name="" use-peer-dns=no user=*********@telkom.net 06 add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment=\ 07 08 pppoe_2 dial-on-demand=no disabled=no interface=Public_2 max-mru=1480 \ max-mtu=1480 mrru=disabled name=pppoe_2 password=********* profile=\
09 default service-name="" use-peer-dns=no user=*********@telkom.net 10 add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 comment=\ 11 12 13 pppoe_3 dial-on-demand=no disabled=no interface=Public_3 max-mru=1480 \ max-mtu=1480 mrru=disabled name=pppoe_3 password=********* profile=\ default service-name="" use-peer-dns=no user=*********@telkom.net
23 add check-gateway=ping comment="Default Route pppoe2 - Distance 1" disabled=\ 24 no distance=2 dst-address=0.0.0.0/0 gateway=pppoe_2 scope=30 \ 25 target-scope=10 26 add check-gateway=ping comment="Default Route pppoe3 - Distance 1" disabled=\ 27 28 no distance=3 dst-address=0.0.0.0/0 gateway=pppoe_3 scope=30 \ target-scope=10
7. Kemudian bikin NAT nya untuk masquerade pppoe, trasparent dns dan transparent proxy
01 /ip firewall nat 02 add action=masquerade chain=srcnat comment=MASQUERADE1 disabled=no \ 03 out-interface=pppoe_1 04 add action=masquerade chain=srcnat comment=MASQUERADE2 disabled=no \ 05 out-interface=pppoe_2 06 add action=masquerade chain=srcnat comment=MASQUERADE3 disabled=no \ 07 out-interface=pppoe_3 08 add action=dst-nat chain=dstnat comment="TRANSPARENT DNS" disabled=no \ 09 dst-port=53 in-interface=Local protocol=udp to-ports=53 10 add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \ 11 in-interface=Local protocol=tcp to-ports=53 12 add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \ 13 in-interface=Proxy protocol=udp to-ports=53 14 add action=dst-nat chain=dstnat comment="" disabled=no dst-port=53 \ 15 in-interface=Proxy protocol=tcp to-ports=53 16 add action=dst-nat chain=dstnat comment="TRANSPARENT PROXY" disabled=no \ 17 18 dst-address-list=!ProxyNET dst-port=80,8080,3128 in-interface=Local \ protocol=tcp to-addresses=192.168.10.2 to-ports=3128
Setelah selesai dengan konfigurasi dasar, mulai dengan konfigurasi load balancingnya 8. Seperti biasa, taruh packet-mark proxy-hit pada baris teratas pada mangle
1 /ip firewall mangle 2 add action=mark-packet chain=forward comment="PROXY-HIT-DSCP 12" disabled=no \ 3 dscp=12 new-packet-mark=proxy-hit passthrough=no
9. Karena dalam pemanfaatan LB-PCC ini untuk membalance http traffic serta penggunaan external proxy, maka interface yang digunakan adalah Proxy Interface dengan protocol tcp dan dst-port 80. Langkah pertama adalah
menangkap koneksi baru yang masuk pada masing-masing interface pppoe, hal ini untuk menjamin packet yang masuk akan di reply oleh interface yang sama.
01 add action=mark-connection chain=input comment=\ 02 "-ImeR- PCC RULE ---- MARK ALL PPPoE CONN" connection-state=new \ 03 04 disabled=no in-interface=pppoe_1 new-connection-mark=pppoe1_conn \ passthrough=yes
05 add action=mark-connection chain=input comment="" connection-state=new \ 06 disabled=no in-interface=pppoe_2 new-connection-mark=pppoe2_conn \ 07 passthrough=yes 08 add action=mark-connection chain=input comment="" connection-state=new \ 09 10 disabled=no in-interface=pppoe_3 new-connection-mark=pppoe3_conn \ passthrough=yes
11 add action=mark-connection chain=prerouting comment="" connection-state=\ 12 established disabled=no in-interface=pppoe_1 new-connection-mark=\ 13 pppoe1_conn passthrough=yes 14 add action=mark-connection chain=prerouting comment="" connection-state=\ 15 16 established disabled=no in-interface=pppoe_2 new-connection-mark=\ pppoe2_conn passthrough=yes
17 add action=mark-connection chain=prerouting comment="" connection-state=\ 18 established disabled=no in-interface=pppoe_3 new-connection-mark=\ 19 pppoe3_conn passthrough=yes 20 add action=mark-connection chain=prerouting comment="" connection-state=\ 21 22 related disabled=no in-interface=pppoe_1 new-connection-mark=pppoe1_conn \ passthrough=yes
23 add action=mark-connection chain=prerouting comment="" connection-state=\ 24 related disabled=no in-interface=pppoe_2 new-connection-mark=pppoe2_conn \ 25 passthrough=yes 26 add action=mark-connection chain=prerouting comment="" connection-state=\ 27 28 related disabled=no in-interface=pppoe_3 new-connection-mark=pppoe3_conn \ passthrough=yes
29 add action=mark-routing chain=output comment="" connection-mark=pppoe1_conn \ 30 disabled=no new-routing-mark=pppoe_1 passthrough=no 31 add action=mark-routing chain=output comment="" connection-mark=pppoe2_conn \ 32 disabled=no new-routing-mark=pppoe_2 passthrough=no 33 add action=mark-routing chain=output comment="" connection-mark=pppoe3_conn \ 34 disabled=no new-routing-mark=pppoe_3 passthrough=no
10. Kemudian acara ngelbe koneksi yang masuk dari interface proxy dengan metode PCC, inget yang di routing adalah protocol tcp dengan dst-port 80
01 add action=mark-connection chain=prerouting comment=\ 02 "-ImeR- PCC RULE ---- MARK ALL PROXY CONN" \ 03 04 connection-state=new disabled=no dst-address-type=!local dst-port=80 \ in-interface=Proxy new-connection-mark=pr_pppoe_1 passthrough=yes \
05 per-connection-classifier=both-addresses-and-ports:3/0 protocol=tcp 06 add action=mark-connection chain=prerouting comment="" connection-state=new \ 07 08 disabled=no dst-address-type=!local dst-port=80 in-interface=Proxy \ new-connection-mark=pr_pppoe_2 passthrough=yes per-connection-classifier=\
09 both-addresses-and-ports:3/1 protocol=tcp 10 add action=mark-connection chain=prerouting comment="" connection-state=new \ 11 12 disabled=no dst-address-type=!local dst-port=80 in-interface=Proxy \ new-connection-mark=pr_pppoe_3 passthrough=yes per-connection-classifier=\
13 both-addresses-and-ports:3/2 protocol=tcp 14 add action=mark-connection chain=prerouting comment="" connection-state=\ 15 16 established disabled=no dst-address-type=!local dst-port=80 in-interface=\ Proxy new-connection-mark=pr_pppoe_1 passthrough=yes \
17 per-connection-classifier=both-addresses-and-ports:3/0 protocol=tcp 18 add action=mark-connection chain=prerouting comment="" connection-state=\ 19 20 established disabled=no dst-address-type=!local dst-port=80 in-interface=\ Proxy new-connection-mark=pr_pppoe_2 passthrough=yes \
21 per-connection-classifier=both-addresses-and-ports:3/1 protocol=tcp 22 add action=mark-connection chain=prerouting comment="" connection-state=\ 23 24 established disabled=no dst-address-type=!local dst-port=80 in-interface=\ Proxy new-connection-mark=pr_pppoe_3 passthrough=yes \
25 per-connection-classifier=both-addresses-and-ports:3/2 protocol=tcp 26 add action=mark-connection chain=prerouting comment="" connection-state=\ 27 28 related disabled=no dst-address-type=!local dst-port=80 in-interface=\ Proxy new-connection-mark=pr_pppoe_1 passthrough=yes \
29 per-connection-classifier=both-addresses-and-ports:3/0 protocol=tcp 30 add action=mark-connection chain=prerouting comment="" connection-state=\ 31 32 related disabled=no dst-address-type=!local dst-port=80 in-interface=\ Proxy new-connection-mark=pr_pppoe_2 passthrough=yes \
33 per-connection-classifier=both-addresses-and-ports:3/1 protocol=tcp 34 add action=mark-connection chain=prerouting comment="" connection-state=\ 35 36 37 related disabled=no dst-address-type=!local dst-port=80 in-interface=\ Proxy new-connection-mark=pr_pppoe_3 passthrough=yes \ per-connection-classifier=both-addresses-and-ports:3/2 protocol=tcp
11. Jangan lupa tandai packetnya, fungsinya untuk memberikan batasan limit pada queue tree nantinya
1 add action=mark-packet chain=forward comment=\ 2 "-ImeR- PCC RULE ---- MARK HTTP" connection-mark=pr_pppoe_1 disabled=\ 3 no new-packet-mark=http_pppoe1_pkt passthrough=no 4 add action=mark-packet chain=forward comment="" connection-mark=pr_pppoe_2 \ 5 disabled=no new-packet-mark=http_pppoe2_pkt passthrough=no 6 add action=mark-packet chain=forward comment="" connection-mark=pr_pppoe_3 \ 7 disabled=no new-packet-mark=http_pppoe3_pkt passthrough=no
Selesai deh. semua http-traffic dari proxy interface akan terbagi merata keluar masuk pada masing-masing interface pppoe. Selanjutnya tinggal markconn dari interface lokal aja untuk limit download dan upload nya. Hasil akhir kira-kira seperti ini :