MikroTik SBB i ADSL

MileInc · 06.05.2013

Imam problem sa SBB internetom preko mikrotika.
Dva interneta , dva glavna racunara i WiFi router su spojeni na miktorik, cilj je da koristim internet u load balancing failover modu. Sam balancing nije preterano bitan posto su oba interneta zadovoljavajuce brzine 10/1 i 16/1.
Pokusavam vec nekoliko dana da namestim bezuspesno.
Sa mikrotika preko SBB linka modu da pngam samo njihov gateway dok recimo 8.8.8.8 nece.
Probao sam da isljucim ADSL i podesim da SBB DHCP Client automatski postavi sve al onda mogu da otvorim samo www.sbb.rs i insta vise. :wall:
Nadam se da ce neko uociti pocetnicku gresku u mojim podesavanjima.
Internet preko ADSL-a lepo radi, ima samo zadrsku dok ne pokupi DNS podatke, dali to moze da se ubrza?
Podesavanja su sledeca:

Kod:

# may/05/2013 18:52:29 by RouterOS 5.25
#
/interface ethernet
set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no full-duplex=yes l2mtu=1598 mac-address=D4::C0 master-port=none mtu=1400 name=SBB speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no full-duplex=yes l2mtu=1598 mac-address=D4::C1 master-port=none mtu=1400 name="wan2 link" speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no full-duplex=yes l2mtu=1598 mac-address=D4::C2 master-port=ether5 mtu=1400 name=ether3 speed=1Gbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no full-duplex=yes l2mtu=1598 mac-address=D4::C3 master-port=ether5 mtu=1400 name=ether4 speed=1Gbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no full-duplex=yes l2mtu=1598 mac-address=D4::C4 master-port=none mtu=1400 name=ether5 speed=1Gbps
/ip pool
add name=pool1 ranges=192.168.1.9-192.168.1.99
/ip dhcp-server
add address-pool=pool1 authoritative=yes bootp-support=static disabled=no interface=ether5 lease-time=3d name=server1
/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 dial-on-demand=no disabled=no interface="wan2 link" max-mru=1400 max-mtu=1400 mrru=disabled name=ADSL password=*** profile=default-encryption  service-name="" use-peer-dns=no user=***@pttnet
/ip address
add address=192.168.1.1/24 disabled=no interface=ether5 network=192.168.1.0
/ip dhcp-client
add add-default-route=no disabled=no interface=SBB use-peer-dns=no use-peer-ntp=yes
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=4096KiB max-udp-packet-size=512 servers=8.8.4.4,8.8.8.8,4.2.2.1,4.2.2.5
/ip firewall mangle
add action=mark-connection chain=input disabled=no in-interface=ADSL new-connection-mark=adsl_conn passthrough=yes
add action=mark-connection chain=input disabled=no in-interface=SBB new-connection-mark=sbb_conn passthrough=yes
add action=mark-routing chain=output connection-mark=adsl_conn disabled=no new-routing-mark=to_ADSL passthrough=yes
add action=mark-routing chain=output connection-mark=sbb_conn disabled=no new-routing-mark=to_SBB passthrough=yes
add action=accept chain=prerouting disabled=no dst-address=192.168.1.0/24 in-interface=ether5
add action=mark-connection chain=prerouting comment=adsl disabled=no dst-address-type=!local in-interface=ether5 new-connection-mark=adsl_conn passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting comment=sbb disabled=no dst-address-type=!local in-interface=ether5 new-connection-mark=sbb_conn passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=adsl_conn disabled=no in-interface=ether5 new-routing-mark=to_ADSL passthrough=yes
add action=mark-routing chain=prerouting connection-mark=sbb_conn disabled=no in-interface=ether5 new-routing-mark=to_SBB passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=SBB
add action=masquerade chain=srcnat disabled=no out-interface=ADSL
/ip route
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=ADSL routing-mark=to_ADSL
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=SBB routing-mark=to_SBB
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=ADSL
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=SBB
/system clock
set time-zone-name=Europe/Belgrade
/system ntp client
set enabled=yes mode=unicast primary-ntp=217.24.24.144 secondary-ntp=0.0.0.0

bandzo87 · 06.05.2013

Probaj da odradis po ovom uputstvu: http://www.youtube.com/watch?v=ThYBtmo_bcs

Ja koliko vidim ti vrsis pppoe na mikrotiku i to moze da ti napravi problem kod promene adrese jer moras da imas staticki gateway. Moja preporuka je da vrsis natovanje sa adsl modema i da ne bude u bridge modu nego da se na njemu vrsi pppoe.

Treba nesto ovako da odradis:

Kod:

ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn

add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2

add chain=prerouting dst-address=192.168.5.0/24 action=accept in-interface=wlan2
add chain=prerouting dst-address=192.168.10.0/24 action=accept in-interface=wlan2

add chain=prerouting dst-address-type=!local in-interface=wlan2 per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=wlan2 per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes

add chain=prerouting connection-mark=WAN1_conn in-interface=wlan2 action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=wlan2 action=mark-routing new-routing-mark=to_WAN2

/ip route
add dst-address=0.0.0.0/0 gateway=192.168.5.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.10.1 routing-mark=to_WAN2 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=192.168.5.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.10.1 distance=2 check-gateway=ping

/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade

A da bi radio rutiranje kroz dinamicki gateway (pppoe adsl) moraces pisati skriptu i podesavati netwatch da proverava gateway.

Nesto ovako:

Kod:

:local currentGateway [ /ip address get [/ip address find interface=wan1 ] network]

  :local existingGateway [/ip route get [/ip route find comment="wan1"] gateway]


  :if ($currentGateway != $existingGateway) do={

    :log info ("Setting default gateway for our pppoe interface " )
    :local a [ /ip route find comment="wan1"]

  :if ([ :typeof $a ] = nil ) do={
      :log info "adding route..."
      /ip route add dst-address=0.0.0.0/0 gateway=$currentGateway routing-mark=to_wan1 comment="wan1K"
     } else={
      :log info "changing route..."
      /ip route set $a gateway=$currentGateway
     }
  } else={
    :log info "No route changes needed."
  }


Pa zatim u netwatchu dodaj ovo:

/tool netwatch set 0 host=$currentGateway

MileInc · 06.05.2013

propustio sam SBB kroz ruter tako da sad
umesto
add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=SBB routing-mark=to_SBB
imam add check-gateway=ping disabled=no dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_SBB
i sad radi.
Ali sada fail over nece raditi kako treba posto je taj ruter uvek dostupan.

offline71 · 06.05.2013

Ako si uradio po bandzo-vom uputstvu radiće ti sigurno,pošto i kod mene radi,i failover.Samo u ovu tvoju rutu dodaj check-gateway=ping,da ruter zna kada taj gateway nije dostupan.Što se tiče skripte kod mene radi,tako da će i kod tebe sigurno.Ali,koliko sam ja primetio kada tik radi pppoe na adsl-u,te promene ip adrese su jako retke.
Ne kapiram šta si mislio ovim da kažeš

Ali sada fail over nece raditi kako treba posto je taj ruter uvek dostupan.

c h e · 06.05.2013

MileInc je napisao(la):
Ali sada fail over nece raditi kako treba posto je taj ruter uvek dostupan.

Ja sam to rešio rekurzivnom rutom.

Kod:

/ip route
add comment="google dns" disabled=no distance=1 dst-address=8.8.8.8/32 gateway=X.X.X.X scope=10 target-scope=10
add check-gateway=ping comment="ISP1 gw" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=8.8.8.8 scope=30 target-scope=10

gde ti je X.X.X.X lokalna adresa ADSL rutera ka MikroTik-u. Na ovaj način MikroTik proverava celu putanju van provajdera do Google-ovog DNS-a, i ako ti je ADSL konekcija živa ali postoji problem u samom provajderu oboriće rutu i preći na bekap.

MileInc je napisao(la):
Internet preko ADSL-a lepo radi, ima samo zadrsku dok ne pokupi DNS podatke, dali to moze da se ubrza?
Podesavanja su sledeca:

Kod:

/ip dns set allow-remote-requests=no cache-max-ttl=1w cache-size=4096KiB max-udp-packet-size=512 servers=8.8.4.4,8.8.8.8,4.2.2.1,4.2.2.5

Savetujem ti da koristiš DNS-ove svojih provajdera, ili neke druge DNS servere iz Srbije koji imaju dobar odziv. Pored toga Google DNS-ovi nekada imaju zadršku u odgovoru koja se meri u sekundama, i ništa povodom toga se ne može uraditi. Takođe, probaj ovako da podesiš MikroTik ako ti on služi kao DNS za lokalne mašine, povećaj vrednosti za veličinu keša i paketa:

Kod:

/ip dns
set allow-remote-requests=yes cache-max-ttl=1d cache-size=8096KiB max-udp-packet-size=4096 servers=X.X.X.X,X.X.X.X

Zbog allow-remote-requests=yes zabrani u firewallu UDP port 53 na WAN interfejsima. Još jedna napomena se odnosi na DNS 8.8.8.8, ako prihvatiš moje predloge nemoj ovaj DNS da koristiš jer bi ti radio samo preko ADSL-a (ova rekurzivna ruta gore).

offline71 · 06.05.2013

re

Što se dns-a tiče,skini DNS benchmark,pusti da ti odradi full benchmark,ne mogu da se setim kako se zove opcija u samom programu,pa njega koristi.Meni je zaista pomogao.

Pretraga

Pretraga

MikroTik SBB i ADSL

MileInc

Cenjen

bandzo87

Slavan

MileInc

Cenjen

offline71

Slavan

c h e

Čuven

offline71

Slavan