Configuración Balanceador con MikroTik
# ¡IMPORTANTE!
# Trabaja exclusivamente con 4 ISPs con capacidades iguales o similares
#
/system clock
set date="may/07/2019"
set time="11:36:01"
/interface ethernet
set [ find default-name=ether1 ] comment=WAN1
set [ find default-name=ether2 ] comment=WAN2
set [ find default-name=ether3 ] comment=WAN3
set [ find default-name=ether4 ] comment=WAN4
set [ find default-name=ether5 ] comment=LAN
/ip pool
add name=poolOficina ranges=192.168.77.10-192.168.77.100
/ip dhcp-server
add address-pool=poolOficina disabled=no interface=ether5 name=server1
/ip address
add address=192.168.11.2/24 comment="IPs para puertos WAN" interface=ether1 network=192.168.11.0
add address=192.168.12.2/24 interface=ether2 network=192.168.12.0
add address=192.168.13.2/24 interface=ether3 network=192.168.13.0
add address=192.168.14.2/24 interface=ether4 network=192.168.14.0
add address=192.168.77.1/24 comment="IP para puerto LAN" interface=ether5 network=192.168.77.0
/ip dhcp-server network
add address=192.168.77.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.77.1 netmask=24
/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.11.0/24 in-interface=ether5
add action=accept chain=prerouting dst-address=192.168.12.0/24 in-interface=ether5
add action=accept chain=prerouting dst-address=192.168.13.0/24 in-interface=ether5
add action=accept chain=prerouting dst-address=192.168.14.0/24 in-interface=ether5
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether1 new-connection-mark=ISP1_conn
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether2 new-connection-mark=ISP2_conn
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether3 new-connection-mark=ISP3_conn
add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether4 new-connection-mark=ISP4_conn
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=yes dst-address-type=!local in-interface=ether5 new-connection-mark=ISP1_conn per-connection-classifier=both-addresses:4/0
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=yes dst-address-type=!local in-interface=ether5 new-connection-mark=ISP2_conn per-connection-classifier=both-addresses:4/1
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=yes dst-address-type=!local in-interface=ether5 new-connection-mark=ISP3_conn per-connection-classifier=both-addresses:4/2
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=yes dst-address-type=!local in-interface=ether5 new-connection-mark=ISP4_conn per-connection-classifier=both-addresses:4/3
add action=mark-routing chain=prerouting connection-mark=ISP1_conn in-interface=ether5 new-routing-mark=to_ISP1
add action=mark-routing chain=prerouting connection-mark=ISP2_conn in-interface=ether5 new-routing-mark=to_ISP2
add action=mark-routing chain=prerouting connection-mark=ISP3_conn in-interface=ether5 new-routing-mark=to_ISP3
add action=mark-routing chain=prerouting connection-mark=ISP4_conn in-interface=ether5 new-routing-mark=to_ISP4
add action=mark-routing chain=output connection-mark=ISP1_conn new-routing-mark=to_ISP1
add action=mark-routing chain=output connection-mark=ISP2_conn new-routing-mark=to_ISP2
add action=mark-routing chain=output connection-mark=ISP3_conn new-routing-mark=to_ISP3
add action=mark-routing chain=output connection-mark=ISP4_conn new-routing-mark=to_ISP4
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether2
add action=masquerade chain=srcnat out-interface=ether3
add action=masquerade chain=srcnat out-interface=ether4
/ip route
add distance=1 gateway=192.168.11.1 routing-mark=to_ISP1
add distance=1 gateway=192.168.12.1 routing-mark=to_ISP2
add distance=1 gateway=192.168.13.1 routing-mark=to_ISP3
add distance=1 gateway=192.168.14.1 routing-mark=to_ISP4
#error exporting /system routerboard mode-button
/system scheduler
add interval=30s name=schedule1 on-event=failover policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=nov/01/2017 start-time=00:00:00
/system script
add name=failover owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#:log info \"Inicio failover para router con 4 ISPs\";\r\
\n\r\
\n:global ispsCaidosAnt;\r\
\n\r\
\n# PARA TRABAJAR CON MULTIPLES ISPS DE VELOCIDADES DIFERENTES\r\
\n# es necesario usar el sistema SGCM de Livaur, ya que genera reglas adicionales,\r\
\n# se encuentra en el link: https://www.livaur.com/sgcm \r\
\n# \r\
\n# {{ID:nPasos}; {ID:nPasos}};\r\
\n#\r\
\n#\r\
\n:local isps {{1;1}; {2;1}; {3;1}; {4;1} };\r\
\n:local pasos 0;\r\
\n:local ispsCaidos;\r\
\n\r\
\n# Cantidad de pruebas ping que se lanzaran a la IP externa para determinar si\r\
\n# el ISP est\E1 caido\r\
\n:local nPruebasPing 5;\r\
\n\r\
\n# IP de DNS a donde se lanzan las pruebas de ping\r\
\n# En este caso se usa una IP de OpenDNS\r\
\n:local ipExterna \"208.67.222.222\";\r\
\n\r\
\n# Inicializaci\F3n de los ISP caidos anteriormente\r\
\n:if ([:typeof \$ispsCaidosAnt]=\"nothing\") do={ :set ispsCaidosAnt {nil}; }\r\
\n\r\
\n\r\
\n# Inicializaci\F3n de los ISPs caidos\r\
\n:if ([:typeof \$ispsCaidos]=\"nothing\") do={ :set ispsCaidos {nil}; }\r\
\n\r\
\n# Proceso de pruebas de conexi\F3n a internet por los distintos ISPs\r\
\n:foreach isp in=[\$isps] do={\r\
\n #:log info (\$isp->1);\r\
\n :local indiceIsp (\$isp->0);\r\
\n\r\
\n :local rping [/ping \$ipExterna routing-table=\"to_ISP\$indiceIsp\" count=\$nPruebasPing];\r\
\n\r\
\n # Si la respuesta de ping fue 0, entonces el ISP est\E1 caido y se agrega a la lista de ispsCaidos\r\
\n :if (\$rping=0) do={\r\
\n :set (\$ispsCaidos->\"\$indiceIsp\") \$indiceIsp;\r\
\n :log info \"ISP\$indiceIsp caido\";\r\
\n }\r\
\n}\r\
\n\r\
\n\r\
\n# Compara los ISPs caidos actualmente contra los ISPs caidos previamente\r\
\n# Si son iguales evita ejecutar por completo el script\r\
\n:if ( \$ispsCaidos = \$ispsCaidosAnt) do={\r\
\n :exit;\r\
\n}\r\
\n# Si son diferentes, se actualizan los ispsCaidosAnt\r\
\n:if ( \$ispsCaidos != \$ispsCaidosAnt ) do={\r\
\n :set ispsCaidosAnt (\$ispsCaidos);\r\
\n}\r\
\n\r\
\n\r\
\n# C\E1lculo de los pasos totales\r\
\n:foreach isp in=[\$isps] do={\r\
\n :local estaCaido false;\r\
\n\r\
\n :foreach ispCaido in=[\$ispsCaidos] do={\r\
\n :if (\$isp->0=\$ispCaido) do={\r\
\n :set estaCaido true;\r\
\n }\r\
\n }\r\
\n\r\
\n :if (\$estaCaido=false) do={\r\
\n :set pasos (\$pasos + (\$isp->1));\r\
\n }\r\
\n}\r\
\n#:log info \$pasos;\r\
\n\r\
\n\r\
\n# Desactivacion de las mark_connection de ISPs caidos\r\
\n:foreach isp in=[\$ispsCaidos] do={\r\
\n /ip firewall mangle disable [find new-connection-mark=\"ISP\$isp_conn\" and per-connection-classifier~\"both-addresses\"];\r\
\n}\r\
\n\r\
\n\r\
\n# Actualizaci\F3n de los pasos en funci\F3n de los ISPs activos\r\
\n:local pasosTmp 0;\r\
\n:foreach isp in=[\$isps] do={\r\
\n :local estaCaido false;\r\
\n :local idIsp (\$isp->0);\r\
\n\r\
\n :foreach ispCaido in=[\$ispsCaidos] do={\r\
\n :if ((\$isp->0)=\$ispCaido) do={\r\
\n :set estaCaido true;\r\
\n }\r\
\n }\r\
\n\r\
\n # Si el ISP no est\E1 caido se procede a actualizar las reglas con los \"pasos\" correctos\r\
\n :if (\$estaCaido=false) do={\r\
\n # Desactivar las reglas del ISP activo para hacer la actualizacion\r\
\n /ip firewall mangle disable [find new-connection-mark=\"ISP\$idIsp_conn\" and per-connection-classifier~\"both-addresses\"];\r\
\n\r\
\n # Obtenci\F3n de los IDs de las reglas del ISP con new-connection-mark\r\
\n :local idsReglas [/ip firewall mangle find new-connection-mark=\"ISP\$idIsp_conn\" and per-connection-classifier~\"both-addresses\"];\r\
\n\r\
\n # Por cada ID de la regla se procede a asignar el total de pasos y el n\FAmero de paso correspondiente\r\
\n :foreach idRegla in=[\$idsReglas] do={\r\
\n /ip firewall mangle set [find .id=\$idRegla] per-connection-classifier=\"both-addresses:\$pasos/\$pasosTmp\"\r\
\n\r\
\n #Incremento del contador de pasosTmp\r\
\n :set pasosTmp (\$pasosTmp + 1);\r\
\n }\r\
\n\r\
\n # Activaci\F3n de las reglas del ISP activo\r\
\n /ip firewall mangle enable [find new-connection-mark=\"ISP\$idIsp_conn\" and per-connection-classifier~\"both-addresses\"];\r\
\n }\r\
\n}\r\
\n\r\
\n\r\
\n#:log info \"Fin failover-script\";\r\
\n"
/
No hay comentarios:
Publicar un comentario