Mikrotik: Sample Load Balancing di Game Center untuk Speedy

From OnnoWiki
Jump to navigation Jump to search 
modem 1
192.168.1.1
|
|
192.168.1.2
MIkrotik Load Balancing—–192.168.0.254–hub——-Client
192.168.2.1
|
|
modem 2
192.168.2.1

Pc-Router Speknya 

PIII -1Ghz-Memory 256Mhz -Hardisk 40 Gb

Konfigurasi

Interface Konfigurasi

/ interface ethernet
set Modem1 name=”Modem1″ mtu=1500 mac-address=00:10:4B:0D:95:02 arp=enabled \
disable-running-check=yes auto-negotiation=yes full-duplex=yes \
cable-settings=default speed=100Mbps comment=”" disabled=no
set Lan name=”Lan” mtu=1500 mac-address=00:0D:88:B2:7D:50 arp=enabled \
disable-running-check=yes auto-negotiation=yes full-duplex=yes \
cable-settings=default speed=100Mbps comment=”" disabled=no
set Modem2 name=”Modem2″ mtu=1500 mac-address=00:13:46:2CE:13 arp=enabled \
disable-running-check=yes auto-negotiation=yes full-duplex=yes \
cable-settings=default speed=100Mbps comment=”" disabled=no

Ip Address Konfigurasi

/ ip address
add address=192.168.0.254/24 network=192.168.0.0 broadcast=192.168.0.255 \
interface=Lan comment=”" disabled=no
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 \
interface=Modem1 comment=”" disabled=no
add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 \
interface=Modem2 comment=”" disabled=no

Routing IP

/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=255 target-scope=10 \
routing-mark=odd comment=”" disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 \
routing-mark=even comment=”" disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 \
comment=”" disabled=no

4. Mangle Marking Paket 

/ ip firewall mangle

a. Load Balancing 

add chain=prerouting in-interface=Lan connection-state=new nth=1,1,0 \
action=mark-connection new-connection-mark=odd passthrough=yes \
comment=”Load Balancing” disabled=no
add chain=prerouting in-interface=Lan connection-mark=odd action=mark-routing \
new-routing-mark=odd passthrough=no comment=”" disabled=no
add chain=prerouting in-interface=Lan connection-state=new nth=1,1,1 \
action=mark-connection new-connection-mark=even passthrough=yes comment=”" \
disabled=no
add chain=prerouting in-interface=Lan connection-mark=even action=mark-routing \
new-routing-mark=even passthrough=no comment=”" disabled=no

b. Turunin latensy ( ping ke dns ) 

add chain=prerouting src-address=192.168.0.0/24 protocol=icmp \
action=mark-connection new-connection-mark=ICMP-CM passthrough=yes \
comment=”ToS” disabled=no
add chain=prerouting connection-mark=ICMP-CM action=mark-packet \
new-packet-mark=ICMP-PM passthrough=yes comment=”" disabled=no
add chain=prerouting packet-mark=ICMP-PM action=change-tos new-tos=min-delay \
comment=”" disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=tcp dst-port=53 \
action=mark-connection new-connection-mark=DNS-CM passthrough=yes \
comment=”" disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=udp dst-port=53 \
action=mark-connection new-connection-mark=DNS-CM passthrough=yes \
comment=”" disabled=no
add chain=prerouting connection-mark=DNS-CM action=mark-packet \
new-packet-mark=DNS-PM passthrough=yes comment=”" disabled=no
add chain=prerouting packet-mark=DNS-PM action=change-tos new-tos=min-delay \
comment=”" disabled=no

c. Tandain Services Yang mau di prioritykan 

add chain=prerouting protocol=tcp dst-port=80 action=mark-connection \
new-connection-mark=http_conn passthrough=yes comment=”Tandai Service” \
disabled=no
add chain=prerouting connection-mark=http_conn action=mark-packet \
new-packet-mark=http passthrough=no comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=6000-7000 action=mark-connection \
new-connection-mark=irc_conn passthrough=yes comment=”" disabled=no
add chain=prerouting connection-mark=irc_conn action=mark-packet \
new-packet-mark=irc passthrough=no comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=5050-5061 action=mark-connection \
new-connection-mark=ym_conn passthrough=yes comment=”" disabled=no
add chain=prerouting connection-mark=ym_conn action=mark-packet \
new-packet-mark=ym passthrough=no comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=8291 action=mark-connection \
new-connection-mark=mt_conn passthrough=yes comment=”" disabled=no
add chain=prerouting connection-mark=mt_conn action=mark-packet \
new-packet-mark=mt passthrough=no comment=”" disabled=no
add chain=prerouting protocol=tcp dst-port=443 action=mark-connection \
new-connection-mark=http_conn passthrough=yes comment=”" disabled=no

d. Optimasi Proxy pada paket mark 

add chain=prerouting src-address=192.168.0.0/24 action=mark-packet \
new-packet-mark=Naik passthrough=no comment=”Up Traffic” disabled=yes
add chain=forward src-address=192.168.0.0/24 action=mark-connection \
new-connection-mark=Koneksi passthrough=yes comment=”Conn-Mark” \
disabled=yes
add chain=output out-interface=Lan dst-address=192.168.0.0/24 \
action=mark-packet new-packet-mark=Turun passthrough=no comment=”Down-Via \
Proxy” disabled=yes

Filter Firewall

/ ip firewall filter

a. penentuan proteksi router 

add chain=input connection-state=invalid action=drop comment=”Drop invalid \
connections” disabled=no
add chain=input connection-state=established action=accept comment=”Allow \
esatblished connections” disabled=no
add chain=input connection-state=related action=accept comment=”Allow related \
connections” disabled=no
add chain=input protocol=udp action=accept comment=”Allow UDP” disabled=no
add chain=input protocol=icmp action=accept comment=”Allow ICMP” disabled=no
add chain=input in-interface=!Modem1 action=accept comment=”Allow connection \
to router from local network” disabled=no
add chain=input in-interface=!Modem2 action=accept comment=”" disabled=no
add chain=input action=accept comment=”" disabled=no
add chain=forward in-interface=Lan protocol=tcp dst-port=6112 \
connection-limit=100,32 action=reject reject-with=icmp-network-unreachable \
comment=”" disabled=no

b. penentuan proteksi dari akses gain ke router 

add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list \
address-list=”port scanners” address-list-timeout=2w comment=”Port \
scanners to list ” disabled=no

add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg \
action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w comment=”NMAP FIN Stealth scan” disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list \
address-list=”port scanners” address-list-timeout=2w comment=”SYN/FIN \
scan” disabled=no
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list \
address-list=”port scanners” address-list-timeout=2w comment=”SYN/RST \
scan” disabled=no
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack \
action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w comment=”FIN/PSH/URG scan” disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg \
action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w comment=”ALL/ALL scan” disabled=no
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg \
action=add-src-to-address-list address-list=”port scanners” \
address-list-timeout=2w comment=”NMAP NULL scan” disabled=no
add chain=input src-address-list=”port scanners” action=drop comment=”dropping \ port scanners” disabled=no

c. Drop Port Aneh2 

add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop \
Blaster Worm” disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop \
Messenger Worm” disabled=no
add chain=virus protocol=tcp dst-port=445-3000 action=drop comment=”Drop \
Blaster Worm” disabled=no
add chain=virus protocol=udp dst-port=445-3000 action=drop comment=”Drop \
Blaster Worm” disabled=no
add chain=virus protocol=tcp dst-port=593 action=drop comment=”________” \
disabled=no
add chain=virus protocol=udp dst-port=7000 action=drop comment=”Setan1″ \
disabled=no
add chain=virus protocol=tcp dst-port=100-1000 action=drop comment=”Setan1″ \
disabled=no
add chain=virus protocol=udp dst-port=100-1000 action=drop comment=”Drop \
Messenger Worm” disabled=no
add chain=virus protocol=tcp dst-port=1000-3000 action=drop comment=”Setan1″ \
disabled=no
add chain=virus protocol=udp dst-port=1000-3000 action=drop comment=”Drop \
Messenger Worm” disabled=no
add chain=virus protocol=tcp dst-port=40000-50000 action=drop comment=”Setan1″ \
disabled=no
add chain=virus protocol=udp dst-port=40000-50000 action=drop comment=”Drop \
Messenger Worm” disabled=no
add chain=virus protocol=tcp dst-port=7000 action=drop comment=”Setan1″ \
disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop \
Messenger Worm” disabled=no
add chain=virus protocol=tcp dst-port=7000 action=drop comment=”Setan1″ \
disabled=no
add chain=virus protocol=tcp dst-port=25 action=drop comment=”Drop Blaster \
Worm” disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop \
Messenger Worm” disabled=no
add chain=virus action=return comment=”" disabled=no
add chain=virus protocol=tcp dst-port=110 action=drop comment=”Drop Blaster \
Worm” disabled=no

Proxy

a. Aktivasi proxy di ip web proxy 

/ ip web-proxy
set enabled=yes src-address=0.0.0.0 port=8080 hostname=”proxy.phonix.net” \
transparent-proxy=yes parent-proxy=0.0.0.0:0 \
cache-administrator=”webmaster@phonix.net” max-object-size=4096KiB \
cache-drive=system max-cache-size=unlimited max-ram-cache-size=unlimited

max-cache-size=unlimited max-ram-cache-size=unlimited –>> tegantung besar hardisk

b. memblok web disini 

/ ip web-proxy access
add dst-port=23-25 action=deny comment=”block telnet & spam e-mail relaying” \
disabled=no

c. optimasi cache isi web 

/ ip web-proxy cache
add action=allow comment=”" disabled=no
add url=”http*youtube*get_video*” action=allow comment=”YouTube” disabled=no
add url=”http*friendster.com” action=allow comment=”Friendster” disabled=no
add url=”http*pu.go.id” action=allow comment=”PU” disabled=no
add url=”http*detik*com” action=allow comment=”Detik” disabled=no
add url=”http*domai.com” action=allow comment=”Domai” disabled=no
add url=”http*nigmae.net” action=allow comment=”Nigmae” disabled=no
add url=”http*kompas.com” action=allow comment=”Kompas” disabled=no
add url=”http*lalatx.com” action=allow comment=”Lalatx” disabled=no
add url=”http*yahoo.com” action=allow comment=”Yahoo” disabled=no
add url=”http*kapanlagi.com” action=allow comment=”Kapanlagi” disabled=no
add url=”http*plasa.com” action=allow comment=”Plasa” disabled=no
add url=”http*kaskus.us” action=allow comment=”Kaskus” disabled=no
add url=”http*avaxhome*org” action=allow comment=”Avaxhome” disabled=no
add url=”www.worth1000.com” action=allow comment=”Worth1000″ disabled=no
add action=allow comment=”Allow sado alahe” disabled=no
add url=”:cgi-bin \\?” action=deny comment=”don’t cache dynamic http pages” \
disabled=no

Queue type

/ queue type
set default name=”default” kind=pfifo pfifo-limit=50
set ethernet-default name=”ethernet-default” kind=pfifo pfifo-limit=50
set wireless-default name=”wireless-default” kind=sfq sfq-perturb=5 \
sfq-allot=1514
set synchronous-default name=”synchronous-default” kind=red red-limit=60 \
red-min-threshold=10 red-max-threshold=50 red-burst=20 red-avg-packet=1000
set hotspot-default name=”hotspot-default” kind=sfq sfq-perturb=5 \
sfq-allot=1514

a. pcq konsep 

add name=”pcq-download” kind=pcq pcq-rate=0 pcq-limit=50 \
pcq-classifier=dst-address pcq-total-limit=2000
add name=”pcq-upload” kind=pcq pcq-rate=0 pcq-limit=50 \
pcq-classifier=src-address pcq-total-limit=2000

b. limit bw untuk icmp 

add name=”PFIFO-64″ kind=pfifo pfifo-limit=64
add name=”default-small” kind=pfifo pfifo-limit=10

queue simple untuk bagi bw /pc

/ queue simple
add name=”Phonix.Net” dst-address=192.168.0.0/24 interface=Lan parent=none \
priority=1 queue=ethernet-default/ethernet-default limit-at=0/768000 \
max-limit=0/768000 total-queue=default disabled=no
add name=”01″ target-addresses=192.168.0.1/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Phonix.Net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 max-limit=0/96000 \
total-queue=default disabled=no
add name=”02″ target-addresses=192.168.0.2/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Phonix.Net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 max-limit=0/96000 \
total-queue=default disabled=no
add name=”03″ target-addresses=192.168.0.3/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Phonix.Net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 max-limit=0/96000 \
total-queue=default disabled=no
add name=”04″ target-addresses=192.168.0.4/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Phonix.Net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 max-limit=0/96000 \
total-queue=default disabled=no
add name=”05″ target-addresses=192.168.0.5/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Phonix.Net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 max-limit=0/96000 \
total-queue=default disabled=no
add name=”06″ target-addresses=192.168.0.6/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Phonix.Net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 max-limit=0/96000 \
total-queue=default disabled=no
add name=”07″ target-addresses=192.168.0.7/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Phonix.Net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 max-limit=0/96000 \
total-queue=default disabled=no
add name=”08″ target-addresses=192.168.0.8/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Phonix.Net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 max-limit=0/96000 \
total-queue=default disabled=no
add name=”09″ target-addresses=192.168.0.9/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Phonix.Net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 max-limit=0/96000 \
total-queue=default disabled=no
add name=”10″ target-addresses=192.168.0.10/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Phonix.Net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 max-limit=0/96000 \
total-queue=default disabled=no
add name=”11″ target-addresses=192.168.0.11/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Phonix.Net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 max-limit=0/96000 \
total-queue=default disabled=no
add name=”12″ target-addresses=192.168.0.12/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Phonix.Net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 max-limit=0/96000 \
total-queue=default disabled=no
add name=”13″ target-addresses=192.168.0.13/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Phonix.Net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 max-limit=0/96000 \
total-queue=default disabled=no
add name=”14″ target-addresses=192.168.0.14/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Phonix.Net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 max-limit=0/96000 \
total-queue=default disabled=no
add name=”15″ target-addresses=192.168.0.15/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Phonix.Net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 max-limit=8/96000 \
total-queue=default disabled=no
add name=”16″ target-addresses=192.168.0.16/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Phonix.Net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 max-limit=0/96000 \
total-queue=default disabled=no
add name=”17″ target-addresses=192.168.0.17/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Phonix.Net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 max-limit=0/96000 \
total-queue=default disabled=no
add name=”18″ target-addresses=192.168.0.18/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Phonix.Net packet-marks=”" priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 max-limit=0/96000 \
total-queue=default disabled=no
add name=”19″ target-addresses=192.168.0.19/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Phonix.Net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 max-limit=0/96000 \
total-queue=default disabled=no
add name=”20″ target-addresses=192.168.0.20/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Phonix.Net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 max-limit=0/96000 \
total-queue=default disabled=no
add name=”21″ target-addresses=192.168.0.21/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Phonix.Net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 max-limit=0/96000 \
total-queue=default disabled=no
add name=”22″ target-addresses=192.168.0.22/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Phonix.Net packet-marks=”" priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 max-limit=0/96000 \
total-queue=default disabled=no
add name=”23″ target-addresses=192.168.0.23/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Phonix.Net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 max-limit=0/96000 \
total-queue=default disabled=no
add name=”24″ target-addresses=192.168.0.24/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Phonix.Net priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 max-limit=0/96000 \
total-queue=default disabled=no
add name=”25″ target-addresses=192.168.0.25/32 dst-address=0.0.0.0/0 \
interface=Lan parent=Phonix.Net packet-marks=”" priority=8 \
queue=ethernet-default/ethernet-default limit-at=0/16000 max-limit=0/96000 \
total-queue=default disabled=no

quee tree

/ queue tree

a. pcq 

add name=”downstream” parent=Lan packet-mark=Turun limit-at=0 \
queue=pcq-download priority=1 max-limit=0 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name=”upstream” parent=global-in packet-mark=Naik limit-at=0 \
queue=pcq-upload priority=1 max-limit=0 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no

b. bw over untuk icmp / latensy 

add name=”ICMP” parent=global-in packet-mark=ICMP-PM limit-at=8000 \
queue=PFIFO-64 priority=1 max-limit=16000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name=”DNS” parent=global-in packet-mark=DNS-PM limit-at=8000 \
queue=PFIFO-64 priority=1 max-limit=16000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no

Regard kalau ada tambahan makin bagus. hehehe. ini sample aja


Referensi

Pranala Menarik

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=Mikrotik:_Sample_Load_Balancing_di_Game_Center_untuk_Speedy&oldid=13314"