1 Bandwidth-based load-balancing with failover. The easy way. We need more bandwidth.
2 Presenter information Tomas Kirnak Network design Security, wireless Servers, Virtualization Mikrotik Certified Trainer Atris, Slovakia Established 1991 Complete IT solutions Networking, servers Virtualization IP security systems
3 Load-balancing, why? Distributing workload to multiple network links to maximize throughput and minimize latency. Using multiple network links, when properly configured, will also provide redundancy.
4 Bonding Policy routing PCC Bandwidth based Load balancing types
5 Load balancing types Bonding ad LACP
6 + Easy to implement Bonding Automatic redundancy with fail-over - You need to control of both ends of the link
7 Policy routing Load balancing types
8 + Easy to implement Policy routing You have exact control of traffic - Not dynamic Scalability problems
9 Load balancing types PCC per connection classifier
10 PCC + Easy to configure Good scalability - Not aware of link state (bandwidth wise) Not so great with very un-similiar links (4:1)
11 Load balancing types For presentations on these load-balancing methods, please see PL 2010 and PL 2012
12 Load balancing types Bandwidth based If interface ISP1 is over 10 mbit/s; use ISP2
13 Why use bandwidth-based LB + Easily scalable + Takes link status into consideration + You have control over the connections + You decide when the switch to second link happends (on 10mbit link, switch after 50% util.) - Comes with its own problems
14 Implementation considerations There are multiple ways to do bandwidth based load balancing, neither is so easy. MPLS TE Mangle + bit of scripting <-- this presentation PL 2010 and PL 2012
15 Underlying technologies
16 Connections and tracking them
17 What is a connection We can define a connection as a packet flow with the same pair of source and destination IP addresses and ports. In case of UDP, this is would be an UDP stream :49481 <-> :53
18 Mangle Mangle is a facility in ROS which allows us to mark packets or connections, and later use that mark for our purposes. Mangle marks do NOT leave the router.
19 Mangle where to /ip firewall mangle
20 Routing tables A routing table tells the router which next hop to forward packets to, depending on the packets destination IP /0 ->
21 Routing tables part 2 By default all packets are put into the main routing table We can create our own routing tables, and force packets to use them.
29 Topology take 2 In this topology, there are 4 possible traffic flows WAN -> Router Router -> WAN WAN -> LAN LAN -> WAN
30 Taking care of incoming connections When a connection is initiated from the internet through one of the ISPs we need to ensure that this connections is replied through the same ISP (from the same public IP) We need to mark these connections, and then put them in the proper routing table.
31 Router marking WAN -> Router Catch the connection from internet to the router, and mark them. /ip firewall mangle add chain=input connection-mark=no-mark in-interface=isp_1 action=mark-connection new-connection-mark=wan1->ros add chain=input connection-mark=no-mark in-interface=isp_2 action=mark-connection new-connection-mark=wan2->ros
32 Router marking WAN -> Router Then put these connections into the proper routing tables. add chain=output connection-mark=wan1->ros action=mark-routing new-routing-mark=isp1_route add chain=output connection-mark=wan2->ros action=mark-routing new-routing-mark=isp2_route
33 Taking care of the LAN Same principle applies to the LAN. Connections initiated from the internet through one ISP, should be replied to through the same ISP.
35 Incoming connections - done We have ensured that when a connection from the internet to our router, or services inside of our network is established, it works.
36 LAN partially done Connections from the internet to our LAN will now work through both ISPs So what about connections outgoing from our LAN to the internet? These we actually want to load-balance.
37 A sticky connection A sticky connection is a connection, that once established through one interface, will always go out that exact interface. This is required, because when we switch to a second link, we only need to switch new connections. In PCC, this is done automatically. Using our approach however, this has to be done manually.
38 /ip firewall mangle LAN -> WAN mangle add chain=prerouting connection-mark=no-mark src-address-list=lan dst-addresslist=!connected dst-address-type=!local action=mark-connection new-connection-mark=lan->wan add chain=prerouting connection-mark=lan->wan src-address-list=lan action=mark-routing new-routing-mark=isp1_route comment="load-balancing here" Configuring this, we can now manually influence which routing table will our connection from LAN to the internet take.
39 Sticky connections add chain=prerouting connection-mark=lan->wan routing-mark=isp1_route action=mark-connection new-connection-mark=sticky_isp1 add chain=prerouting connection-mark=lan->wan routing-mark=isp2_route action=mark-connection new-connection-mark=sticky_isp2 add chain=prerouting connection-mark=sticky_isp1 src-address-list=lan action=mark-routing new-routing-mark=isp1_route add chain=prerouting connection-mark=sticky_isp2 src-address-list=lan action=mark-routing new-routing-mark=isp2_route This will assure that once a connection is routed through one ISP, it will stay there no matter what.
40 Mangle in GUI
41 What s the final result? We can load balancing manually Connections go out ISP1, then we can switch the mangle rule to ISP2, but connections already using ISP1 will stay there.
42 Automating based on bandwidth
43 Switching back
44 Final result Connections routed through ISP1, until its link is at 5mbit/s. After this limit all new connections will go through ISP2 until the ISP1 link is under its limit. Automated, bandwidth-based load balancing.
45 Easy Failover If the gateway can t be pinged, all routes using this gateway will become invalid.
46 A different approach This approach will not work if the link failure happens after the gateway. Recursive route lookup, netwatch etc.
47 Thanks for listening Tomas Kirnak
48 Find me after the presentation for any questions.
MikroTik RouterOS Workshop Load Balancing Best Practice Warsaw MUM Europe 2012 MikroTik 2012 About Me Jānis Meģis, MikroTik Jānis (Tehnical, Trainer, NOT Sales) Support & Training Engineer for almost 8
Load Balance with Masquerade Network on RouterOS Prepared by: Janis Megis (Mikrotik) Valens Riyadi (Citraweb) Copyrights 2010 About Me Jānis Meģis, MikroTik Jānis (Tehnical, Trainer, NOT Sales) Support
Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions Find your network example: 1. Basic network with and 2 WAN lines - click here 2. Add a web server to the LAN - click here 3. Add a web,
Load Balancing Using PCC & RouterOS 1. What is load balancing and why would I want it? 2. Which method should I pick and how does it work? 3. Ok, I want it but how do I set it up? Typical Scenario Requiring
Smart Tips Enabling WAN Load Balancing Overview Many small businesses today use broadband links such as DSL or Cable, favoring them over the traditional link such as T1/E1 or leased lines because of the
Application Description Firewall in front of LAN Different Servers located behind Firewall Firewall to be accessible from Internet Load Balancer to be installed in a TRANSPARENT MODE between Firewall and
How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface How To Configure load sharing and redirect mail server traffic over preferred Gateway
The Use of Mikrotik Router Boards With Radius Server for ISPs. By Zaza Zviadadze, Irakli Nozadze. Intellcom Group, Georgia. RouterOS features for ISP s RouterOS reach features gives possibilities to ISP
1:1 NAT in ZeroShell Requirements The version of ZeroShell used for writing this document is Release 1.0.beta11. This document does not describe installing ZeroShell, it is assumed that the user already
Enabling NAT and Routing in DGW v2.0 June 6, 2012 Proprietary 2012 Media5 Corporation Table of Contents Introduction... 3 Starting Services... 4 Distinguishing your WAN and LAN interfaces... 5 Configuring
Using VDOMs to host two FortiOS instances on a single FortiGate unit Virtual Domains (VDOMs) can be used to divide a single FortiGate unit into two or more virtual instances of FortiOS that function as
Networking Basics for Automation Engineers Page 1 of 10 mac-solutions.co.uk v1.0 Oct 2014 1. What is Transmission Control Protocol/Internet Protocol (TCP/IP)------------------------------------------------------------
Quality of Service in wireless Point-to-Point Links MikroTik User Meeting, St. Louis, MO, USA, September 19-20 2013 menschen.computer.netzwerke Bottenbacher Str. 78 57223 Kreuztal Tel: +49.2732.55856-0
Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost. Peplink. All Rights Reserved. Unauthorized Reproduction Prohibited Presentation Agenda Peplink Balance Pepwave MAX Features
SonicOS Configuring WAN Failover & Load-Balancing Introduction This new feature for SonicOS 2.0 Enhanced gives the user the ability to designate one of the user-assigned interfaces as a Secondary or backup
MULTI WAN TECHNICAL OVERVIEW The Multi WAN feature will allow the service provider to load balanced all client TCP and UDP traffic only. It also provides redundancy for HA. Traffic that is load balanced:
Application Note Stateful Firewall, IPS or IDS Load- Balancing Document version: v1.0 Last update: 8th November 2013 Purpose Improve scallability of the security layer Limitations when Load-Balancing firewalls
1-855-MIKRO-TIK Building Effective Firewalls with MikroTik P R E S E N T E D B Y: R I C K F R E Y, N E T W O R K E N G I N E E R I P A R C H I T E C H S O P E R AT I O N S Background Rick Frey 20+ years
ICS 351: Today's plan IP addresses Network Address Translation Dynamic Host Configuration Protocol Small Office / Home Office configuration IP address exhaustion IPv4 addresses are 32 bits long so there
» David Bisschoff» Durban, South Africa» Work at Kinsey Computers» Discovered MikroTik in 2011 Kinsey Computers cc » Steve Discher MUM - USA Sep 2012 RouterOS by Example» Greg Sowell http://gregsowell.com»
Multi-Homing Security Gateway MH-5000 Quick Installation Guide 1 Before You Begin It s best to use a computer with an Ethernet adapter for configuring the MH-5000. The default IP address for the MH-5000
VPN Only Connection Information and Sign up Revision 4/16/2013 CU*Answers supports a variety of VPN network configurations for credit unions that desire to use VPN for primary connectivity. These options
SonicWALL NAT Load Balancing Overview This feature module will detail how to configure the Network Address Translation (NAT) & Load Balancing (LB) features in SonicOS Enhanced 4.0 and newer, to balance
Network performance in virtual infrastructures A closer look at Amazon EC2 Alexandru-Dorin GIURGIU University of Amsterdam System and Network Engineering Master 03 February 2010 Coordinators: Paola Grosso
Introduction Digi Connect Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering The Digi Connect supports five features which provide security and IP traffic forwarding when using incoming
Vocia MS-1 Network Considerations for VoIP Vocia software rev. 1.4 or higher required Vocia MS-1 and Network Port Configuration The Vocia Message Server 1 (MS-1) has a number of roles in a Vocia Paging
VPN : what is it? A virtual private network (VPN) is a private communications network usually used within a company, or by several different companies or organizations, to communicate over a public network
Sample Configuration Using the ip nat outside source static Table of Contents Sample Configuration Using the ip nat outside source static Command...1 Introduction...1 Before You Begin...1 Conventions...1
QoS (Quality of Service) QoS function helps you to control your network traffic for each application from LAN (Ethernet and/or Wireless) to WAN (Internet). It facilitates you to control the different quality
Burning Bridges - Routing Your Bridged WISP Network With MikroTik Introduce Yourself Name Company & position there About Me Steve Discher 1987 graduate of Texas A&M University, in IT for more than 20 years
Instreamer to Exstreamer connection Project Name: Document Type: Document Revision: Instreamer to Exstreamer connection 1.11 Date: 06.03.2013 2013 Barix AG, all rights reserved. All information is subject
AlliedWare TM OS How To Configure WAN Load Balancing Introduction With the increasing use of the Internet to service core business functions comes the need for reliable WAN connectivity. A specific aspect
Hosted Voice Best Practice Recommendations for VoIP Deployments Thank you for choosing EarthLink! EarthLinks best in class Hosted Voice phone service allows you to deploy phones anywhere with a Broadband
DG Forwarding Algorithm Host or Router first check if destination on same Network Router multiple interfaces Match found deliver to that Network If not found default router for every router a default router
1 Basic Configuration of Cisco 2600 Router Basic Configuration Cisco 2600 Router I decided to incorporate the Cisco 2600 into my previously designed network. This would give me two seperate broadcast domains
How To Configure Virtual Host with Load How To Configure Virtual Host with Load Balancing and Health Checking Balancing and Health Checking Applicable Version: 10.02.0 Build 473 onwards Overview This article
LinkProof DNS Quick Start Guide TABLE OF CONTENTS 1 INTRODUCTION...3 2 SIMPLE SCENARIO SINGLE LINKPROOF WITH EXTERNAL SOA...3 3 MODIFYING DNS ON THE EXTERNAL SOA...4 3.1 REFERRING THE A RECORD RESOLUTION
Hosting more than one FortiOS instance on a single FortiGate unit using VDOMs and VLANs 1. Network topology Use Virtual domains (VDOMs) to divide the FortiGate unit into two or more virtual instances of
Amcom Internet Services This Support and Troubleshooting Guide provides information about your internet service; including setting specifications, testing instructions and common service issues. For further
Firewall Defaults, Public Server Rule, and Secondary WAN IP Address This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSafe Wireless-N
Whitepaper WAN Traffic Management with PowerLink Pro100 Overview In today s Internet marketplace, optimizing online presence is crucial for business success. Wan/ISP link failover and traffic management
Session Title: Exploring Packet Tracer v5.3 IP Telephony & CME Scenario With the scheduled release of Packet Tracer v5.3 in the near future, this case study is designed to provide you with an insight into
Virtual Server in SP883 1 Introduction: 1.1 Micronet SP883 is a hard QoS broadband router, means its guaranteed service can provide absolute reservation of resource (bandwidth) for specific traffic;not
Firewall Defaults and Some Basic Rules ProSecure UTM Quick Start Guide This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSecure Unified
DEPLOYMENT GUIDE Version 1.1 DNS Traffic Management using the BIG-IP Local Traffic Manager Table of Contents Table of Contents Introducing DNS server traffic management with the BIG-IP LTM Prerequisites
Connect With Confidence Astaro Deployment Guide Clustering and Hot Standby Table of Contents Introduction... 2 Active/Passive HA (Hot Standby)... 2 Active/Active HA (Cluster)... 2 Astaro s HA Act as One...
VPN Trunk Load-Balance between Vigor3200 and Other Vigor Router This section will discuss how to build VPN Trunk with load-balance between Vigor3200 and other router (e.g., Vigor3300). Scenario 1: One-pair
White paper: Redundant IP-VPN networks Introduction IP VPN solutions based on the IPsec protocol are already available since a number of years. The main driver for these kinds of solutions is of course
This video looks at how multiple network cards can be combined together to form one virtual network card. The examples used in this video are for Windows Server 2012 R2, however the principles apply to
esafe Gateway/Mail v. 3.x Load Balancing for esafe Gateway 3.x with Cisco Web NS and CSS Switches Design and implementation guide esafe Gateway provides fast and transparent real-time inspection of Internet
Reference Architecture Cisco Hybrid Cloud Solution: Deploy an E-Business Application with Cisco Intercloud Fabric for Business Reference Architecture 2015 Cisco and/or its affiliates. All rights reserved.
HOSTED VOICE Bring Your Own Bandwidth & Remote Worker Install and Best Practices Guide 2 Thank you for choosing EarthLink! EarthLinks' best in class Hosted Voice phone service allows you to deploy phones
How To configure WAN load balancing Introduction With the increasing use of the Internet to service core business functions comes the need for reliable WAN connectivity. A specific aspect of this requirement
Virtual Private LAN Service (VPLS) Conformance and Performance Testing Sample Test Plans Contents Overview...3 1. VPLS Traffic CoS Test...3 2. VPLS VSI Isolation Test...5 3. VPLS MAC Address Purge Test...7
Fireware XTM Training Instructor Guide Fireware XTM Multi-WAN Methods Exploring Multi-WAN Through Hands-On Training This training is for: Devices WatchGuard XTM 2 Series /WatchGuard XTM 5 Series / WatchGuard
Rick Frey Consulting www.rickfreyconsulting.com PPTP & L2TP PPTP 2 www.rickfreyconsulting.com PPTP as Client VPN 3 www.rickfreyconsulting.com PPTP as Site to Site VPN 4 www.rickfreyconsulting.com Point
RingCentral Office Optimize your network for voice. To contact RingCentral, please visit www.ringcentral.com RingCentral or call 1-800-574-5290. Office 1 Complete Business Phone System Design your network
A Link Load Balancing Solution for Multi-Homed Networks Overview An increasing number of enterprises are using the Internet for delivering mission-critical content and applications. By maintaining only
White Paper Application Centric Infrastructure Overview: Implement a Robust Transport Network for Dynamic Workloads What You Will Learn Application centric infrastructure (ACI) provides a robust transport
Mikrotik Security IP -> Services Disable unused services Set Available From for appropriate hosts Secure protocols are preferred (Winbox/SSH) IP -> Neighbors Disable Discovery Interfaces where not necessary.
Document No. FO1101 Issue Date: Work Group: FibreOP Technical Team October 31, 2013 FINAL: Title: FibreOP Business Internet 5 Static IP Customer Configuration Version 1.1 Summary: This document provides
(Instructor Version) Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only. Optional activities are designed to enhance understanding and/or to provide
Networking Topology For Your System End user experience with Cisco WebEx Meetings Server is of a web site, that users access to schedule and join meetings. A special aspect of this web site is real-time
Configuring IP Load Sharing in AOS Quick Configuration Guide ADTRAN Operating System (AOS) includes IP Load Sharing for balancing outbound IP traffic across multiple interfaces. This feature can be used
Cisco IOS SLB and Exchange Director Server Load Balancing for Cisco Mobile SEF The Cisco IOS SLB and Exchange Director software features provide a rich set of server load balancing (SLB) functions supporting
Malaysia State Government Data Center Construction 1 Project Background Malaysia state government plans to construct new data center in 2013 to carry more government internal data communication and provide
MikroTik RouterOS Introduction to MPLS Prague MUM Czech Republic 2009 Q : W h y h a v e n 't y o u h e a r d a b o u t M P LS b e fo re? A: Probably because of the availability and/or price range Q : W
Truffle Broadband Bonding Network Appliance Reliable high throughput data connections with low-cost & diverse transport technologies PART I Truffle in standalone installation for a single office. Executive
Open Informatics a An Information Technology Company Visit us on the web at www.openinformatics.net Tutorial Author: Zlatan Klebic Send Feedback: email@example.com Configuring a Vyatta 4.0 release
THE WHAT AND WHY ABOUT A Proud Vendor Member of the 1 What Is this about? 2 What is Mikrotik? What DOES it DO for ME! What is it s Purpose! What is the BIG DEAL? Why should I care? Does it help my bottom
SIP Trunking with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper By Farrukh Noman Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY
DATA CENTER Best Practices for High Availability Deployment for the Brocade ADX Switch CONTENTS Contents... 2 Executive Summary... 3 Introduction... 3 Brocade ADX HA Overview... 3 Hot-Standby HA... 4 Active-Standby
How Subnets Work in Practice Fred Marshall Coastal Computers & Networks Background There's lots of literature available on how the bit structure of an address can be split up using the subnet mask. Generally,