Balanceo de Carga NTH + Calidad de Servicio

(SOLUCIÓN )
mikrotikperu.pe/foros/threads/balanceo-de-carga-nth-calidad-de-servicio-solucion.73/

1. MikrotikPeru Well-Known Member

Bueno compañeros en esta guía veremos un tema sumamente interesante , Calidad de servicio es una solución
muy requerida por los WISP .En mi opinión diría que todo WISP debería de contar con un QoS configurado
según su necesidad , Por esa misma razón en esta guía veremos un QoS Estándar para mejorar el Servicio a
un 100%.
Diseño:

1 .Aplicando Balanceo NTH

a)Configurando el Direccionamiento de la WAN

WAN 1: En este escenario no se configura la wan 1 porque esta en bridge.

y automáticamente nos enviara una ip publica, para eso tenemos que configurar el PPPoE cliente .
Configuración de PPPoE cliente :
http://mikrotik.com.pe/foros/threads/configurar-pppoe-cliente.27/#post-130

WAN2: Es necesario colocar una ip fija porque el router que nos da acceso a Internet esta en modo Router
mas no en bridge .

Código (Text):

add address=192.168.1.2/24 interface=ether2 network=192.168.1.0

b)Configurando el Direccionamiento de la Lan

Código (Text):

add address=192.168.5.1/24 interface=ether5 network=192.168.5.0

Nota: Quedaría de la siguiente manera

1/7
c)Aplicando Nat:
Sirve para traducir todas las peticiones desde una red lan a una red wan.
"permitiría a un host dentro de la red ser visible desde Internet"

Código (Text):

/ip firewall nat

add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=ether2

d)Ingresando los DNS

Qué Función Cumple los DNS ?

Básicamente Sirve para traducir de IP a Nombre o de Nombre a IP.

Ejemplo : mikrotik.com.pe = 192.95.56.38

192.95.56.38 = mikrotik.com.p

2 .Balanceando

a) Enviando BCP por una linea

Código (Text):

/ip firewall mangle

add action=mark-routing chain=prerouting comment="WEB MAIL" dst
port=2095 new-routing-mark=to_ISP1 passthrough=no protocol=tcp
add action=mark-routing chain=prerouting comment=BCP dst-address=200.4.200.128/26 new-routing-
mark=to_ISP1 passthrough=no
2/7
add action=mark-routing chain=prerouting comment=BCP dst-address=200.37.27.128/26 new-routing-
mark=to_ISP1 passthrough=no

b) todo lo que entre por un WAN, debe salir por el mismo WAN

Código (Text):

/ip firewall mangle

add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=pppoe-out1 new-connection-mark=ISP1_conn
add action=mark-connection chain=prerouting connection-mark=no-mark \
in-interface=ether2 new-connection-mark=ISP2_conn
add action=mark-routing chain=output connection-mark=ISP1_conn \
new-routing-mark=to_ISP1 passthrough=no
add action=mark-routing chain=output connection-mark=ISP2_conn \
new-routing-mark=to_ISP2 passthrough=no

c )Ingresando la red que se Balanceara

Código (Text):

/ip firewall address-list

add address=192.168.5.0/24 list=RED
d)Balanceando las Peticiones

Código (Text):

/ip firewall mangle

add action=mark-connection chain=prerouting comment=NTH connection-mark=\
no-mark dst-address-type=!local new-connection-mark=ISP1_conn nth=2,1 \
src-address-list=RED
add action=mark-routing chain=prerouting connection-mark=ISP1_conn \
new-routing-mark=to_ISP1 passthrough=no src-address-list=RED
add action=mark-connection chain=prerouting connection-mark=no-mark \
dst-address-type=!local new-connection-mark=ISP2_conn nth=1,1 \
src-address-list=RED
add action=mark-routing chain=prerouting connection-mark=ISP2_conn \
new-routing-mark=to_ISP2 passthrough=no src-address-list=RED

e)Ingresando puerta de Enlace

Recuerden que nuestra puerta de enlace de las 2 wanes son la siguientes:

3/7
WAN1: Nos asignara automaticamente(Tendremos que apuntar a nuestro PPPoE )
WAN2: 192.168.2.1

después de haber identificado nuestra puerta de enlace , pasaremos a configurar.

Código (Text):

/ip route
add check-gateway=ping distance=1 gateway=pppoe-out1
add check-gateway=ping distance=2 gateway=192.168.2.1

f)Enviando las marcas por una Ruta

las marcas que creamos anteriormente se enviaran por sus respectivas puertas de enlaces.

Código (Text):

/ip route
add check-gateway=ping distance=1 gateway=pppoe-out1 \
routing-mark=to_ISP1
add check-gateway=ping distance=1 gateway=192.168.1.1 \
routing-mark=to_ISP2

g) Reflexión

3.Calidad de Servicio

Priorizar trafico en una red es muy importante , con este QoS decimos que pase lo que pase tenga
prioridad la navegación , cosa que si hay algún infiltrado descargando música lo podrá hacer pero el

4/7
mikrotik sabe que no es prioridad .

a)Ingresando las ip de los Servidores que serán Limitados

analizando un poco el esquema pude obtener algunas ips de unos servidores de youtube mp3 para limitarle la
velocidad.

Código (Text):

/ip firewall address-list

add address=46.105.0.0/16 list=FullDownload
add address=37.187.0.0/16 list=FullDownload
add address=167.114.0.0/16 list=FullDownload

b) Marcando los Paquetes

Con la siguiente imagen les indico de una manera rápida como realizamos el marcado de paquetes en mangle .

Código (Text):

add action=mark-packet chain=forward comment="QoS1 -Prio1" connection-mark=ISP1_conn dst-address-

list=RED in-interface=pppoe-out1 new-packet-mark=L1_PRIO1_down \
passthrough=no protocol=udp src-port=53
add action=mark-packet chain=forward connection-mark=ISP1_conn dst-port=53 new-packet-
mark=L1_PRIO1_up out-interface=pppoe-out1 passthrough=no protocol=udp \
src-address-list=RED
add action=mark-packet chain=forward comment="VOIP -INKAVOIP-Prio2" connection-mark=ISP1_conn
dst-address-list=RED in-interface=pppoe-out1 new-packet-mark=L1_PRIO2_down \
passthrough=no src-address=192.95.62.41
add action=mark-packet chain=forward connection-mark=ISP1_conn dst-address=192.95.62.41 new-packet-
mark=L1_PRIO2_up out-interface=pppoe-out1 passthrough=no \
src-address-list=RED
add action=mark-packet chain=forward comment="YOUTUBE MP3-Prio8" connection-mark=ISP1_conn

5/7
dst-address-list=FullDownload new-packet-mark=L1_PRIO8_up out-interface=\
pppoe-out1 passthrough=no src-address-list=RED
add action=mark-packet chain=forward connection-mark=ISP1_conn dst-address-list=RED in-
interface=pppoe-out1 new-packet-mark=L1_PRIO8_down passthrough=no \
src-address-list=FullDownload
add action=mark-packet chain=forward comment="NAVEGACION -Prio3" connection-mark=ISP1_conn
dst-address-list=RED in-interface=pppoe-out1 new-packet-mark=L1_PRIO3_down \
passthrough=no protocol=tcp src-port=80,443,8080,8081
add action=mark-packet chain=forward connection-mark=ISP1_conn dst-address-list=RED in-
interface=pppoe-out1 new-packet-mark=L1_PRIO3_down passthrough=no protocol=udp \
src-port=80,443,8080,8081
add action=mark-packet chain=forward connection-mark=ISP1_conn dst-port=80,443,8080,8081 new-
packet-mark=L1_PRIO3_up out-interface=pppoe-out1 passthrough=no protocol=tcp \
src-address-list=RED
add action=mark-packet chain=forward connection-mark=ISP1_conn dst-port=80,443,8080,8081 new-
packet-mark=L1_PRIO3_up out-interface=pppoe-out1 passthrough=no protocol=udp \
src-address-list=RED
add action=mark-packet chain=forward comment=OTROS-Prio8 connection-mark=ISP1_conn dst-address-
list=RED in-interface=pppoe-out1 new-packet-mark=L1_PRIO8_down \
packet-mark=no-mark passthrough=no
add action=mark-packet chain=forward connection-mark=ISP1_conn new-packet-mark=L1_PRIO8_up out-
interface=pppoe-out1 packet-mark=no-mark passthrough=no src-address-list=\
RED
add action=mark-packet chain=forward comment="QoS2 -Prio1" connection-mark=ISP2_conn dst-address-
list=RED in-interface=ether2 new-packet-mark=L2_PRIO1_down passthrough=\
no protocol=udp src-port=53
add action=mark-packet chain=forward connection-mark=ISP2_conn dst-port=53 new-packet-
mark=L2_PRIO1_up out-interface=ether2 passthrough=no protocol=udp src-address-list=\
RED
add action=mark-packet chain=forward comment="VOIP -INKAVOIP-Prio2" connection-mark=ISP2_conn
dst-address-list=RED in-interface=ether2 new-packet-mark=L2_PRIO2_down \
passthrough=no src-address=192.95.62.41
add action=mark-packet chain=forward connection-mark=ISP2_conn dst-address=192.95.62.41 new-packet-
mark=L2_PRIO2_up out-interface=ether2 passthrough=no src-address-list=\
RED
add action=mark-packet chain=forward comment="YOUTUBE MP3-Prio8" connection-mark=ISP2_conn
dst-address-list=RED in-interface=ether2 new-packet-mark=L2_PRIO8_down \
passthrough=no src-address-list=FullDownload
add action=mark-packet chain=forward connection-mark=ISP2_conn dst-address-list=FullDownload new-
packet-mark=L2_PRIO8_up out-interface=ether2 passthrough=no \
src-address-list=RED
add action=mark-packet chain=forward comment="NAVEGACION -Prio3" connection-mark=ISP2_conn
dst-address-list=RED in-interface=ether2 new-packet-mark=L2_PRIO3_down \
passthrough=no protocol=tcp src-port=80,443,8080,8081
add action=mark-packet chain=forward connection-mark=ISP2_conn dst-address-list=RED in-
interface=ether2 new-packet-mark=L2_PRIO3_down passthrough=no protocol=udp \
src-port=80,443,8080,8081
add action=mark-packet chain=forward connection-mark=ISP2_conn dst-port=80,443,8080,8081 new-
packet-mark=L2_PRIO3_up out-interface=ether2 passthrough=no protocol=tcp \
src-address-list=RED
add action=mark-packet chain=forward connection-mark=ISP2_conn dst-port=80,443,8080,8081 new-
packet-mark=L2_PRIO3_up out-interface=ether2 passthrough=no protocol=udp \
src-address-list=RED
add action=mark-packet chain=forward comment=OTROS-Prio8 connection-mark=ISP2_conn dst-address-
list=RED in-interface=ether2 new-packet-mark=L2_PRIO8_down packet-mark=\
no-mark passthrough=no
add action=mark-packet chain=forward connection-mark=ISP2_conn new-packet-mark=L2_PRIO8_up out-
6/7
interface=ether2 packet-mark=no-mark passthrough=no src-address-list=RED

C) Creando la Estructura HTB

Código (Text):

/queue tree
add max-limit=4100k name=##Download1 parent=global priority=1 queue=default
add name=PRIO.1 packet-mark=L1_PRIO1_down parent=##Download1 priority=1 queue=pcq-down1
add name=PRIO.2 packet-mark=L1_PRIO2_down parent=##Download1 priority=2 queue=pcq-down1
add name=PRIO.3 packet-mark=L1_PRIO3_down parent=##Download1 priority=3 queue=pcq-down1
add name=PRIO.8 packet-mark=L1_PRIO8_down parent=##Download1 queue=pcq-down1
add max-limit=1750k name=Download2 parent=global priority=1 queue=default
add name=PRIO..1 packet-mark=L2_PRIO1_down parent=Download2 priority=1 queue=pcq-down2
add name=PRIO..2 packet-mark=L2_PRIO2_down parent=Download2 priority=2 queue=pcq-down2
add name=PRIO..3 packet-mark=L2_PRIO3_down parent=Download2 priority=3 queue=pcq-down2
add name=PRIO..8 packet-mark=L2_PRIO8_down parent=Download2 queue=pcq-down2
add max-limit=800k name=##Upload1 parent=global priority=1 queue=default
add name=PRIO...1 packet-mark=L1_PRIO1_up parent=##Upload1 priority=1 queue=pcq-up1
add name=PRIO...2 packet-mark=L1_PRIO2_up parent=##Upload1 priority=2 queue=pcq-up1
add name=PRIO...3 packet-mark=L1_PRIO3_up parent=##Upload1 priority=3 queue=pcq-up1
add name=PRIO...8 packet-mark=L1_PRIO8_up parent=##Upload1 queue=pcq-up1
add max-limit=250k name=Upload2 parent=global priority=1 queue=default
add name=PRIO1 packet-mark=L2_PRIO1_up parent=Upload2 priority=1 queue=pcq-up2
add name=PRIO2 packet-mark=L2_PRIO2_up parent=Upload2 priority=2 queue=pcq-up2
add name=PRIO3 packet-mark=L2_PRIO3_up parent=Upload2 priority=3 queue=pcq-up2
add name=PRIO8 packet-mark=L2_PRIO8_up parent=Upload2 queue=pcq-up2

7/7