1 Bandwidth-based load-balancing with failover. The easy way. We need more bandwidth.
2 Presenter information Tomas Kirnak Network design Security, wireless Servers, Virtualization Mikrotik Certified Trainer Atris, Slovakia Established 1991 Complete IT solutions Networking, servers Virtualization IP security systems
3 Load-balancing, why? Distributing workload to multiple network links to maximize throughput and minimize latency. Using multiple network links, when properly configured, will also provide redundancy.
4 Bonding Policy routing PCC Bandwidth based Load balancing types
5 Load balancing types Bonding ad LACP
6 + Easy to implement Bonding Automatic redundancy with fail-over - You need to control of both ends of the link
7 Policy routing Load balancing types
8 + Easy to implement Policy routing You have exact control of traffic - Not dynamic Scalability problems
9 Load balancing types PCC per connection classifier
10 PCC + Easy to configure Good scalability - Not aware of link state (bandwidth wise) Not so great with very un-similiar links (4:1)
11 Load balancing types For presentations on these load-balancing methods, please see PL 2010 and PL 2012
12 Load balancing types Bandwidth based If interface ISP1 is over 10 mbit/s; use ISP2
13 Why use bandwidth-based LB + Easily scalable + Takes link status into consideration + You have control over the connections + You decide when the switch to second link happends (on 10mbit link, switch after 50% util.) - Comes with its own problems
14 Implementation considerations There are multiple ways to do bandwidth based load balancing, neither is so easy. MPLS TE Mangle + bit of scripting <-- this presentation PL 2010 and PL 2012
15 Underlying technologies
16 Connections and tracking them
17 What is a connection We can define a connection as a packet flow with the same pair of source and destination IP addresses and ports. In case of UDP, this is would be an UDP stream :49481 <-> :53
18 Mangle Mangle is a facility in ROS which allows us to mark packets or connections, and later use that mark for our purposes. Mangle marks do NOT leave the router.
19 Mangle where to /ip firewall mangle
20 Routing tables A routing table tells the router which next hop to forward packets to, depending on the packets destination IP /0 ->
21 Routing tables part 2 By default all packets are put into the main routing table We can create our own routing tables, and force packets to use them.
29 Topology take 2 In this topology, there are 4 possible traffic flows WAN -> Router Router -> WAN WAN -> LAN LAN -> WAN
30 Taking care of incoming connections When a connection is initiated from the internet through one of the ISPs we need to ensure that this connections is replied through the same ISP (from the same public IP) We need to mark these connections, and then put them in the proper routing table.
31 Router marking WAN -> Router Catch the connection from internet to the router, and mark them. /ip firewall mangle add chain=input connection-mark=no-mark in-interface=isp_1 action=mark-connection new-connection-mark=wan1->ros add chain=input connection-mark=no-mark in-interface=isp_2 action=mark-connection new-connection-mark=wan2->ros
32 Router marking WAN -> Router Then put these connections into the proper routing tables. add chain=output connection-mark=wan1->ros action=mark-routing new-routing-mark=isp1_route add chain=output connection-mark=wan2->ros action=mark-routing new-routing-mark=isp2_route
33 Taking care of the LAN Same principle applies to the LAN. Connections initiated from the internet through one ISP, should be replied to through the same ISP.
35 Incoming connections - done We have ensured that when a connection from the internet to our router, or services inside of our network is established, it works.
36 LAN partially done Connections from the internet to our LAN will now work through both ISPs So what about connections outgoing from our LAN to the internet? These we actually want to load-balance.
37 A sticky connection A sticky connection is a connection, that once established through one interface, will always go out that exact interface. This is required, because when we switch to a second link, we only need to switch new connections. In PCC, this is done automatically. Using our approach however, this has to be done manually.
38 /ip firewall mangle LAN -> WAN mangle add chain=prerouting connection-mark=no-mark src-address-list=lan dst-addresslist=!connected dst-address-type=!local action=mark-connection new-connection-mark=lan->wan add chain=prerouting connection-mark=lan->wan src-address-list=lan action=mark-routing new-routing-mark=isp1_route comment="load-balancing here" Configuring this, we can now manually influence which routing table will our connection from LAN to the internet take.
39 Sticky connections add chain=prerouting connection-mark=lan->wan routing-mark=isp1_route action=mark-connection new-connection-mark=sticky_isp1 add chain=prerouting connection-mark=lan->wan routing-mark=isp2_route action=mark-connection new-connection-mark=sticky_isp2 add chain=prerouting connection-mark=sticky_isp1 src-address-list=lan action=mark-routing new-routing-mark=isp1_route add chain=prerouting connection-mark=sticky_isp2 src-address-list=lan action=mark-routing new-routing-mark=isp2_route This will assure that once a connection is routed through one ISP, it will stay there no matter what.
40 Mangle in GUI
41 What s the final result? We can load balancing manually Connections go out ISP1, then we can switch the mangle rule to ISP2, but connections already using ISP1 will stay there.
42 Automating based on bandwidth
43 Switching back
44 Final result Connections routed through ISP1, until its link is at 5mbit/s. After this limit all new connections will go through ISP2 until the ISP1 link is under its limit. Automated, bandwidth-based load balancing.
45 Easy Failover If the gateway can t be pinged, all routes using this gateway will become invalid.
46 A different approach This approach will not work if the link failure happens after the gateway. Recursive route lookup, netwatch etc.
47 Thanks for listening Tomas Kirnak
48 Find me after the presentation for any questions.
MikroTik RouterOS Workshop Load Balancing Best Practice Warsaw MUM Europe 2012 MikroTik 2012 About Me Jānis Meģis, MikroTik Jānis (Tehnical, Trainer, NOT Sales) Support & Training Engineer for almost 8
Load Balance with Masquerade Network on RouterOS Prepared by: Janis Megis (Mikrotik) Valens Riyadi (Citraweb) Copyrights 2010 About Me Jānis Meģis, MikroTik Jānis (Tehnical, Trainer, NOT Sales) Support
Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions Find your network example: 1. Basic network with and 2 WAN lines - click here 2. Add a web server to the LAN - click here 3. Add a web,
Smart Tips Enabling WAN Load Balancing Overview Many small businesses today use broadband links such as DSL or Cable, favoring them over the traditional link such as T1/E1 or leased lines because of the
Load Balancing Using PCC & RouterOS 1. What is load balancing and why would I want it? 2. Which method should I pick and how does it work? 3. Ok, I want it but how do I set it up? Typical Scenario Requiring
Application Description Firewall in front of LAN Different Servers located behind Firewall Firewall to be accessible from Internet Load Balancer to be installed in a TRANSPARENT MODE between Firewall and
The Use of Mikrotik Router Boards With Radius Server for ISPs. By Zaza Zviadadze, Irakli Nozadze. Intellcom Group, Georgia. RouterOS features for ISP s RouterOS reach features gives possibilities to ISP
Enabling NAT and Routing in DGW v2.0 June 6, 2012 Proprietary 2012 Media5 Corporation Table of Contents Introduction... 3 Starting Services... 4 Distinguishing your WAN and LAN interfaces... 5 Configuring
How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface How To Configure load sharing and redirect mail server traffic over preferred Gateway
1:1 NAT in ZeroShell Requirements The version of ZeroShell used for writing this document is Release 1.0.beta11. This document does not describe installing ZeroShell, it is assumed that the user already
Networking Basics for Automation Engineers Page 1 of 10 mac-solutions.co.uk v1.0 Oct 2014 1. What is Transmission Control Protocol/Internet Protocol (TCP/IP)------------------------------------------------------------
Using VDOMs to host two FortiOS instances on a single FortiGate unit Virtual Domains (VDOMs) can be used to divide a single FortiGate unit into two or more virtual instances of FortiOS that function as
Quality of Service in wireless Point-to-Point Links MikroTik User Meeting, St. Louis, MO, USA, September 19-20 2013 menschen.computer.netzwerke Bottenbacher Str. 78 57223 Kreuztal Tel: +49.2732.55856-0
MULTI WAN TECHNICAL OVERVIEW The Multi WAN feature will allow the service provider to load balanced all client TCP and UDP traffic only. It also provides redundancy for HA. Traffic that is load balanced:
ICS 351: Today's plan IP addresses Network Address Translation Dynamic Host Configuration Protocol Small Office / Home Office configuration IP address exhaustion IPv4 addresses are 32 bits long so there
1-855-MIKRO-TIK Building Effective Firewalls with MikroTik P R E S E N T E D B Y: R I C K F R E Y, N E T W O R K E N G I N E E R I P A R C H I T E C H S O P E R AT I O N S Background Rick Frey 20+ years
» David Bisschoff» Durban, South Africa» Work at Kinsey Computers» Discovered MikroTik in 2011 Kinsey Computers cc » Steve Discher MUM - USA Sep 2012 RouterOS by Example» Greg Sowell http://gregsowell.com»
Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost. Peplink. All Rights Reserved. Unauthorized Reproduction Prohibited Presentation Agenda Peplink Balance Pepwave MAX Features
Introduction Digi Connect Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering The Digi Connect supports five features which provide security and IP traffic forwarding when using incoming
Vocia MS-1 Network Considerations for VoIP Vocia software rev. 1.4 or higher required Vocia MS-1 and Network Port Configuration The Vocia Message Server 1 (MS-1) has a number of roles in a Vocia Paging
SonicOS Configuring WAN Failover & Load-Balancing Introduction This new feature for SonicOS 2.0 Enhanced gives the user the ability to designate one of the user-assigned interfaces as a Secondary or backup
QoS (Quality of Service) QoS function helps you to control your network traffic for each application from LAN (Ethernet and/or Wireless) to WAN (Internet). It facilitates you to control the different quality
Burning Bridges - Routing Your Bridged WISP Network With MikroTik Introduce Yourself Name Company & position there About Me Steve Discher 1987 graduate of Texas A&M University, in IT for more than 20 years
AlliedWare TM OS How To Configure WAN Load Balancing Introduction With the increasing use of the Internet to service core business functions comes the need for reliable WAN connectivity. A specific aspect
Application Note Stateful Firewall, IPS or IDS Load- Balancing Document version: v1.0 Last update: 8th November 2013 Purpose Improve scallability of the security layer Limitations when Load-Balancing firewalls
Multi-Homing Security Gateway MH-5000 Quick Installation Guide 1 Before You Begin It s best to use a computer with an Ethernet adapter for configuring the MH-5000. The default IP address for the MH-5000
Sample Configuration Using the ip nat outside source static Table of Contents Sample Configuration Using the ip nat outside source static Command...1 Introduction...1 Before You Begin...1 Conventions...1
VPN Only Connection Information and Sign up Revision 4/16/2013 CU*Answers supports a variety of VPN network configurations for credit unions that desire to use VPN for primary connectivity. These options
VPN : what is it? A virtual private network (VPN) is a private communications network usually used within a company, or by several different companies or organizations, to communicate over a public network
Instreamer to Exstreamer connection Project Name: Document Type: Document Revision: Instreamer to Exstreamer connection 1.11 Date: 06.03.2013 2013 Barix AG, all rights reserved. All information is subject
Network performance in virtual infrastructures A closer look at Amazon EC2 Alexandru-Dorin GIURGIU University of Amsterdam System and Network Engineering Master 03 February 2010 Coordinators: Paola Grosso
1 Basic Configuration of Cisco 2600 Router Basic Configuration Cisco 2600 Router I decided to incorporate the Cisco 2600 into my previously designed network. This would give me two seperate broadcast domains
DG Forwarding Algorithm Host or Router first check if destination on same Network Router multiple interfaces Match found deliver to that Network If not found default router for every router a default router
Amcom Internet Services This Support and Troubleshooting Guide provides information about your internet service; including setting specifications, testing instructions and common service issues. For further
Session Title: Exploring Packet Tracer v5.3 IP Telephony & CME Scenario With the scheduled release of Packet Tracer v5.3 in the near future, this case study is designed to provide you with an insight into
Firewall Defaults, Public Server Rule, and Secondary WAN IP Address This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSafe Wireless-N
SonicWALL NAT Load Balancing Overview This feature module will detail how to configure the Network Address Translation (NAT) & Load Balancing (LB) features in SonicOS Enhanced 4.0 and newer, to balance
Hosted Voice Best Practice Recommendations for VoIP Deployments Thank you for choosing EarthLink! EarthLinks best in class Hosted Voice phone service allows you to deploy phones anywhere with a Broadband
RingCentral Office Optimize your network for voice. To contact RingCentral, please visit www.ringcentral.com RingCentral or call 1-800-574-5290. Office 1 Complete Business Phone System Design your network
Firewall Defaults and Some Basic Rules ProSecure UTM Quick Start Guide This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSecure Unified
Fireware XTM Training Instructor Guide Fireware XTM Multi-WAN Methods Exploring Multi-WAN Through Hands-On Training This training is for: Devices WatchGuard XTM 2 Series /WatchGuard XTM 5 Series / WatchGuard
VPN Trunk Load-Balance between Vigor3200 and Other Vigor Router This section will discuss how to build VPN Trunk with load-balance between Vigor3200 and other router (e.g., Vigor3300). Scenario 1: One-pair
White paper: Redundant IP-VPN networks Introduction IP VPN solutions based on the IPsec protocol are already available since a number of years. The main driver for these kinds of solutions is of course
How To configure WAN load balancing Introduction With the increasing use of the Internet to service core business functions comes the need for reliable WAN connectivity. A specific aspect of this requirement
Mikrotik Security IP -> Services Disable unused services Set Available From for appropriate hosts Secure protocols are preferred (Winbox/SSH) IP -> Neighbors Disable Discovery Interfaces where not necessary.
(Instructor Version) Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only. Optional activities are designed to enhance understanding and/or to provide
Document No. FO1101 Issue Date: Work Group: FibreOP Technical Team October 31, 2013 FINAL: Title: FibreOP Business Internet 5 Static IP Customer Configuration Version 1.1 Summary: This document provides
LinkProof DNS Quick Start Guide TABLE OF CONTENTS 1 INTRODUCTION...3 2 SIMPLE SCENARIO SINGLE LINKPROOF WITH EXTERNAL SOA...3 3 MODIFYING DNS ON THE EXTERNAL SOA...4 3.1 REFERRING THE A RECORD RESOLUTION
How To Configure Virtual Host with Load How To Configure Virtual Host with Load Balancing and Health Checking Balancing and Health Checking Applicable Version: 10.02.0 Build 473 onwards Overview This article
How Subnets Work in Practice Fred Marshall Coastal Computers & Networks Background There's lots of literature available on how the bit structure of an address can be split up using the subnet mask. Generally,
DEPLOYMENT GUIDE Version 1.1 DNS Traffic Management using the BIG-IP Local Traffic Manager Table of Contents Table of Contents Introducing DNS server traffic management with the BIG-IP LTM Prerequisites
Connect With Confidence Astaro Deployment Guide Clustering and Hot Standby Table of Contents Introduction... 2 Active/Passive HA (Hot Standby)... 2 Active/Active HA (Cluster)... 2 Astaro s HA Act as One...
Configuring IP Load Sharing in AOS Quick Configuration Guide ADTRAN Operating System (AOS) includes IP Load Sharing for balancing outbound IP traffic across multiple interfaces. This feature can be used
Reference Architecture Cisco Hybrid Cloud Solution: Deploy an E-Business Application with Cisco Intercloud Fabric for Business Reference Architecture 2015 Cisco and/or its affiliates. All rights reserved.
HOSTED VOICE Bring Your Own Bandwidth & Remote Worker Install and Best Practices Guide 2 Thank you for choosing EarthLink! EarthLinks' best in class Hosted Voice phone service allows you to deploy phones
Document No. FO1004 Issue Date: Draft: Work Group: FibreOP Technical Team July 23, 2013 Final: Title: Single Static IP Customer Owned LAN Router Support Version 1.0 Summary: Use the following method to
THE WHAT AND WHY ABOUT A Proud Vendor Member of the 1 What Is this about? 2 What is Mikrotik? What DOES it DO for ME! What is it s Purpose! What is the BIG DEAL? Why should I care? Does it help my bottom
esafe Gateway/Mail v. 3.x Load Balancing for esafe Gateway 3.x with Cisco Web NS and CSS Switches Design and implementation guide esafe Gateway provides fast and transparent real-time inspection of Internet
Contents 1. 2. Network Services Customer Responsibilities 3. Network Services General 4. Service Management Boundary 5. Defined Terms Network Services Where the Customer selects as detailed in the Order
Chapter 3: IP Addressing and VLSM QUESTION 54 What is the principle reason to use a private IP address on an internal network? A. Subnet strategy for private companies. B. Manage and scale the growth of
A Link Load Balancing Solution for Multi-Homed Networks Overview An increasing number of enterprises are using the Internet for delivering mission-critical content and applications. By maintaining only
Whitepaper WAN Traffic Management with PowerLink Pro100 Overview In today s Internet marketplace, optimizing online presence is crucial for business success. Wan/ISP link failover and traffic management
Knowledgebase Solution Goal Enable coexistence of a 3 rd -party VPN / Firewall with an EdgeMarc appliance. Describe characteristics and tradeoffs of different topologies. Provide configuration information
Virtual Private LAN Service (VPLS) Conformance and Performance Testing Sample Test Plans Contents Overview...3 1. VPLS Traffic CoS Test...3 2. VPLS VSI Isolation Test...5 3. VPLS MAC Address Purge Test...7
1 PC to WX64 direction connection with crossover cable or hub/switch If a network is not available, or if it is desired to keep the WX64 and PC(s) completely separated from other computers, a simple network
CEN 007C Computer Networks Fundamentals Instructor: Prof. A. Helmy Homework : Network Layer Assigned: Nov. 28 th, 2011. Due Date: Dec 8 th, 2011 (to the TA) 1. ( points) What are the 2 most important network-layer
MikroTik Certified Network Associate (MTCNA) Training outline Suggested duration: Objectives: Target Audience: Course prerequisites: 5 days of 6.5 hours each. By the end of this training session, the student
Common VoIP problems, How to detect, correct and avoid them. Penny Tone LLC 1 Who am I? David Attias Installing VoIP systems for over 7 years Mikrotik user for 5 years Mikrotik certifications MTCNA, MTCRE