Wednesday, April 16, 2008

1 LAN dengan 2 ISP - Load Balancing

Seumpama kita mempunyai 2 ISP (anggaplah kedua duanya speedy) maka yang harus kita lakukan adalah sebagai berikut:

3 Ethernet Di Server:
- ETH0 —> Speedy 1
- ETH1 —> Speedy 2
- ETH2 —> Network Warnet

Setelah itu baru di setup untuk tiap ethernet, mis:
ETH0 —> 192.168.1.2
ETH1 —> 192.168.2.2
ETH2 —> 192.168.12.1

Isi file rt_tables:
120 speedy1
130 speedy2
140 lan

Setelah itu kita buat mini script:
# Flush semua table routing
/sbin/ip route flush table speedy1
/sbin/ip route flush table speedy2
/sbin/ip route flush table lan

# Beri prioritas untuk tiap tabel
/sbin/ip rule add prio 10 table main
/sbin/ip rule add prio 20 table speedy1
/sbin/ip rule add prio 30 table speedy2
/sbin/ip rule add prio 40 table lan

# delete routing ke arah default gateway
/sbin/ip route del default table main
/sbin/ip route del default table speedy1
/sbin/ip route del default table speedy2
/sbin/ip route del default table lan

# Buat tabel routing ke arah Speedy1
/sbin/ip rule add prio 20 from 192.168.1.0/24 table speedy1
/sbin/ip route add default via 192.168.1.1 dev eth2 src 192.168.1.2 \
proto static table speedy1
/sbin/ip route append prohibit default table speedy1 metric 1 proto static

# Buat tabel routing ke arah Speedy2
/sbin/ip rule add prio 30 from 192.168.2.0/24 table speedy2
/sbin/ip route add default via 192.168.2.1 dev eth0 src 192.168.2.2 \
proto static table speedy2
/sbin/ip route append prohibit default table speedy2 metric 1 proto static

# Buat load balancing ke dua (2) buah gateway ke Internet
/sbin/ip rule add prio 40 table lan
/sbin/ip route add default proto static table lan \
nexthop via 192.168.1.1 dev eth0 weight 1 \
nexthop via 192.168.2.1 dev eth1 weight 1
==========================================================
2 ISP 1 LAN

biar nge-cache di google ato search engine lainnya

* load balancing 2 ISP
* load balancing multiple ISP link
* http://www.lartc.org/howto/lartc.rpdb.multiple-links.html Load balancing LARTC

contohnya

Berikut ini file konfigurasi:

1. /etc/iproute2/rt_tables
2. loadbalancing.sh

—- /etc/iproute2/rt_tables —-
#
# reserved values
#
#255 local
#254 main
#253 default
#0 unspec
#
# local
#
#1 inr.ruhep
# ADSL1
10 T1
# ADSL2
20 T2

— loadbalancing.sh —-

#!/bin/sh

# Parameter

IF0=eth0
P0_NET=192.168.0.0/24

# Koneksi ke modem adsl (brige mode) via ppp0
IF1=ppp0
IP1=125.164.255.xxx
P1=125.164.255.1
P1_NET=125.164.255.0/24

# Koneksi ke modem adsl (router mode) via eth2
IF2=eth2
IP2=192.168.11.250
P2=192.168.11.200
P2_NET=192.168.11.0/24

ip route add $P1_NET dev $IF1 src $IP1 table T1
ip route add default via $P1 table T1
ip route add $P2_NET dev $IF2 src $IP2 table T2
ip route add default via $P2 table T2

ip route add $P1_NET dev $IF1 src $IP1
ip route add $P2_NET dev $IF2 src $IP2

ip route add default via $P1

ip rule add from $IP1 table T1
ip rule add from $IP2 table T2

ip route add $P0_NET dev $IF0 table T1
ip route add $P2_NET dev $IF2 table T1
ip route add 127.0.0.0/8 dev lo table T1
ip route add $P0_NET dev $IF0 table T2
ip route add $P1_NET dev $IF1 table T2
ip route add 127.0.0.0/8 dev lo table T2

ip route add default scope global nexthop via $P1 dev $IF1 weight 1 \
nexthop via $P2 dev $IF2 weight 1

=================================

Linux box pake 3 NIC / kartu jaringan / LAN Card :

eth0 nyambung ke ISP (misal “TELENET”) pake kabel

eth1 nyambung ke ISP ADSL (misal “SKYNET”) (pake modem eksternal)

eth2 nyambung ke LAN (misal “INTERN”).

———— MAIN ROUTING TABLE ———–

# ip route show table main

192.168.0.0/24 dev eth2 proto kernel scope link src 192.168.0.254

192.168.254.0/24 dev eth1 proto kernel scope link src 192.168.254.2

81.82.0.0/19 dev eth0 proto kernel scope link src 81.82.x.x

default via 81.82.0.1 dev eth0

———— EXTRA ROUTING TABLE———–

# ip route show table 4

192.168.0.0/24 dev eth2 proto kernel scope link src 192.168.0.254

192.168.254.0/24 dev eth1 proto kernel scope link src 192.168.254.2

81.82.0.0/19 dev eth0 proto kernel scope link src 81.82.x.x

default via 192.168.254.1 dev eth1

———– ROUTING RULES ———–

# ip rule show

0: from all lookup 255

32764: from 192.168.254.1 lookup 4

32765: from all fwmark 0×4 lookup 4

32766: from all lookup main

32767: from all lookup default

More…

———- FIREWALL (rules) SCRIPT (partial) ———-

IPTABLES=/sbin/iptables

TELENET=”eth0″

SKYNET=”eth1″

INTERN=”eth2″

INTNET=”192.168.0.0/24″

$IPTABLES -F

$IPTABLES -F -t nat

$IPTABLES -F -t mangle

$IPTABLES -A INPUT -i lo -s 127.0.0.1/8 -d 0.0.0.0/0 -j ACCEPT

$IPTABLES -A OUTPUT -o lo -s 127.0.0.1/8 -d 0.0.0.0/0 -j ACCEPT

$IPTABLES -A INPUT -i $TELENET -s 0.0.0.0/0 -d $TELENETIP -m state –state ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A INPUT -i $SKYNET -s 0.0.0.0/0 -d $SKYNETIP -m state –state ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A OUTPUT -o $TELENET -s $TELENETIP -d 0.0.0.0/0 -j ACCEPT

$IPTABLES -A OUTPUT -o $SKYNET -s $SKYNETIP -d 0.0.0.0/0 -j ACCEPT

$IPTABLES -A INPUT -i $INTERN -s $INTNET -d 0.0.0.0/0 -j ACCEPT

$IPTABLES -A OUTPUT -o $INTERN -s $INTERNIP -d $INTNET -j ACCEPT

$IPTABLES -t mangle -A PREROUTING -s $SERVER1IP -p tcp -m tcp –sport 443 -j MARK –set-mark 0×4

$IPTABLES -t mangle -A PREROUTING -s $SERVER1IP -p tcp -m tcp –sport 444 -j MARK –set-mark 0×4

$IPTABLES -t mangle -A PREROUTING -s $SERVER1IP -p tcp -m tcp –sport 1723 -j MARK –set-mark 0×4

$IPTABLES -t mangle -A PREROUTING -s $SERVER1IP -p tcp -m tcp –sport 4125 -j MARK –set-mark 0×4

$IPTABLES -t nat -A PREROUTING -d $SKYNETIP -p tcp -m tcp –dport 443 -m state –state NEW,RELATED,ESTABLISHED -j DNAT –to-destination $SERVER1IP:443

$IPTABLES -t nat -A PREROUTING -d $SKYNETIP -p tcp -m tcp –dport 444 -m state –state NEW,RELATED,ESTABLISHED -j DNAT –to-destination $SERVER1IP:444

$IPTABLES -t nat -A PREROUTING -d $SKYNETIP -p tcp -m tcp –dport 1723 -m state –state NEW,RELATED,ESTABLISHED -j DNAT –to-destination $SERVER1IP:1723

$IPTABLES -t nat -A PREROUTING -d $SKYNETIP -p tcp -m tcp –dport 4125 -m state –state NEW,RELATED,ESTABLISHED -j DNAT –to-destination $SERVER1IP:4125

$IPTABLES -t nat -A POSTROUTING -o $TELENET -j SNAT –to-source $TELENETIP

$IPTABLES -t nat -A POSTROUTING -o $SKYNET -j SNAT –to-source $SKYNETIP

$IPTABLES -A INPUT -d $SKYNETIP -i $SKYNET -p tcp -m tcp –sport 1024:65535 –dport 443 -m state –state NEW,ESTABLISHED -j ACCEPT

$IPTABLES -A INPUT -d $SKYNETIP -i $SKYNET -p tcp -m tcp –sport 1024:65535 –dport 444 -m state –state NEW,ESTABLISHED -j ACCEPT

$IPTABLES -A INPUT -d $SKYNETIP -i $SKYNET -p tcp -m tcp –sport 1024:65535 –dport 1723 -m state –state NEW,ESTABLISHED -j ACCEPT

$IPTABLES -A INPUT -d $SKYNETIP -i $SKYNET -p tcp -m tcp –sport 1024:65535 –dport 4125 -m state –state NEW,ESTABLISHED -j ACCEPT

$IPTABLES -A FORWARD -d $INTNET -j ACCEPT

$IPTABLES -A FORWARD -s $INTNET -j ACCEPT

$IPTABLES -A FORWARD -i $SKYNET -o $INTERN -p tcp -m tcp –dport 443 -m state –state NEW,RELATED,ESTABLISHED -j ACCEPT

$IPTABLES -A FORWARD -i $SKYNET -o $INTERN -p tcp -m tcp –dport 444 -m state –state NEW,RELATED,ESTABLISHED -j ACCEPT

$IPTABLES -A FORWARD -i $SKYNET -o $INTERN -p tcp -m tcp –dport 1723 -m state –state NEW,RELATED,ESTABLISHED -j ACCEPT

$IPTABLES -A FORWARD -i $SKYNET -o $INTERN -p tcp -m tcp –dport 4125 -m state –state NEW,RELATED,ESTABLISHED -j ACCEPT

$IPTABLES -P FORWARD DROP

$IPTABLES -P INPUT DROP

$IPTABLES -P OUTPUT DROP

$IPTABLES -A FORWARD -d $INTNET -j ACCEPT

$IPTABLES -A FORWARD -s $INTNET -j ACCEPT

============

“Membuat Router Load Balancing Menggunakan Linux Ubuntu”
http://portal.cbn.net.id/cbprtl/cybertech/detail.aspx?x=Tech+Talk&y=cybertech%7C0%7C0%7C3%7C6

contoh lainnya

http://forum.linux.or.id/viewtopic.php?t=243&postdays=0&postorder=asc&start=0

Load Balancing

2 ISP 1 LAN

No comments:

Search This Blog