MikroTik

Balanceo 3 Lineas + Script Failover

Bueno Señores, quiero compartir algo con ustedes. Se trata de un balanceo PCC de 3 adsl con un script que activa y desactiva las rutas en caso de que no haya internet en alguna de las gateways.

Mis lineas esta ruteadas de la siguiente manera:

Gateway MODEM 1: 192.168.0.1
Gateway MODEM 2: 192.168.1.1
Gateway MODEM 3: 192.168.2.1

Si alguna gateway no responde a haciendo ping a “www.google.com” se desactiva automaticamente y se reactiva cuando ya funcione.

Aclaro, que éstas reglas están funcionando en un RB2011UiAS como Balanceador, aparte esta el administrador.

Bueno sin mas que hablar, este es el script:

/interface ethernet
set [ find default-name=ether1 ] comment=ISP1 mac-address=D4:CA:6D:A1:95:E9 name=ISP1
set [ find default-name=ether2 ] comment=ISP2 mac-address=D4:CA:6D:A1:95:EA name=ISP2
set [ find default-name=ether3 ] comment=ISP3 mac-address=D4:CA:6D:A1:95:EB name=ISP3
set [ find default-name=ether4 ] mac-address=D4:CA:6D:A1:95:EC name=ISP4
set [ find default-name=ether5 ] mac-address=D4:CA:6D:A1:95:ED name=ISP5
set [ find default-name=ether6 ] mac-address=D4:CA:6D:A1:95:EE name=ISP6
set [ find default-name=ether7 ] mac-address=D4:CA:6D:A1:95:EF name=ISP7
set [ find default-name=ether8 ] mac-address=D4:CA:6D:A1:95:F0 name=ISP8
set [ find default-name=ether9 ] mac-address=D4:CA:6D:A1:95:F1 name=ISP9
set [ find default-name=ether10 ] comment=LAN mac-address=D4:CA:6D:A1:95:F2 name=LAN
set [ find default-name=sfp1 ] disabled=yes

/ip neighbor discovery
set ISP1 comment=ISP1
set ISP2 comment=ISP2
set ISP3 comment=ISP3
set LAN comment=LAN

/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik

/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc

/ip pool
add name=dhcp_pool1 ranges=192.168.88.2-192.168.88.254

/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=LAN lease-time=3d name=dhcp1

/system logging action
add disk-file-name=”Gateways Check” disk-lines-per-file=10000 name=GatewaysCheck target=disk

/ip address
add address=192.168.88.1/24 interface=LAN network=192.168.88.0
add address=192.168.0.100/24 interface=ISP1 network=192.168.0.0
add address=192.168.1.100/24 interface=ISP2 network=192.168.1.0
add address=192.168.2.100/24 interface=ISP3 network=192.168.2.0

/ip arp
add address=192.168.88.254 interface=LAN mac-address=D4:CA:6D:5E:7F:CF

/ip cloud
set ddns-enabled=yes

/ip dhcp-server network
add address=192.168.88.0/24 gateway=192.168.88.1

/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4

/ip dns static
add address=208.69.34.230 name=www.google.com
add address=208.69.34.231 name=www.google.com

/ip firewall filter
add chain=input comment=”default configuration” protocol=icmp
add chain=input comment=”default configuration” connection-state=established
add chain=input comment=”default configuration” connection-state=related
add action=drop chain=input comment=”default configuration” disabled=yes in-interface=ISP1

/ip firewall mangle
add chain=prerouting comment=”Permitir Bancos en Balanceo de Suma” dst-port=443,8000-9000 protocol=tcp
add chain=prerouting dst-address=192.168.0.0/24
add chain=prerouting dst-address=192.168.1.0/24
add chain=prerouting dst-address=192.168.2.0/24
add action=mark-connection chain=prerouting connection-state=new in-interface=ISP1 new-connection-mark=ISP1_conn
add action=mark-connection chain=prerouting connection-state=new in-interface=ISP2 new-connection-mark=ISP2_conn
add action=mark-connection chain=prerouting connection-state=new in-interface=ISP3 new-connection-mark=ISP3_conn
add action=mark-routing chain=output connection-mark=ISP1_conn new-routing-mark=to_ISP1
add action=mark-routing chain=output connection-mark=ISP2_conn new-routing-mark=to_ISP2
add action=mark-routing chain=output connection-mark=ISP3_conn new-routing-mark=to_ISP3
add action=mark-connection chain=prerouting connection-state=new dst-address-type=!local in-interface=LAN new-connection-mark=ISP1_conn per-connection-classifier=\
both-addresses-and-ports:3/0
add action=mark-connection chain=prerouting connection-state=new dst-address-type=!local in-interface=LAN new-connection-mark=ISP2_conn per-connection-classifier=\
both-addresses-and-ports:3/1
add action=mark-connection chain=prerouting connection-state=new dst-address-type=!local in-interface=LAN new-connection-mark=ISP3_conn per-connection-classifier=\
both-addresses-and-ports:3/2
add action=mark-routing chain=prerouting connection-mark=ISP1_conn in-interface=LAN new-routing-mark=to_ISP1
add action=mark-routing chain=prerouting connection-mark=ISP2_conn in-interface=LAN new-routing-mark=to_ISP2
add action=mark-routing chain=prerouting connection-mark=ISP3_conn in-interface=LAN new-routing-mark=to_ISP3

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ISP1
add action=masquerade chain=srcnat out-interface=ISP2
add action=masquerade chain=srcnat out-interface=ISP3

/ip route
add check-gateway=ping disabled=yes distance=1 gateway=192.168.0.1 routing-mark=to_ISP1 scope=10
add check-gateway=ping distance=2 gateway=192.168.1.1 routing-mark=to_ISP2 scope=10
add check-gateway=ping distance=3 gateway=192.168.2.1 routing-mark=to_ISP3 scope=10
add check-gateway=ping comment=ISP2 distance=2 gateway=192.168.1.1 scope=10
add check-gateway=ping comment=ISP3 distance=3 gateway=192.168.2.1 scope=10
add check-gateway=ping comment=ISP1 disabled=yes distance=1 gateway=192.168.0.1 scope=10

/system clock
set time-zone-autodetect=no time-zone-name=America/Caracas

/system identity
set name=”Balanceador Corporacion Pacto, C.A.”

/system logging
add action=GatewaysCheck topics=script

/system ntp client
set enabled=yes primary-ntp=216.218.254.202

/system scheduler
add interval=2m30s name=”Enable/Disable Routes” on-event=”Enable/Disable Routes” policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=startup

/system script
add name=”Enable/Disable Routes” owner=admin policy=reboot,read,write,policy,test,password,sniff,sensitive source=”#set variables\r\
\n:local pingcount  3\r\
\n:local pingip [:resolve \”www.google.com\“]\r\
\n:local Gateways \”192.168.0.1,192.168.1.1,192.168.2.1\”\r\
\n:local Gateway [:toarray \$Gateways]\r\
\n\r\
\n#Setup Log File\r\
\n:if ([/system logging action print count-only where name=GatewaysCheck]=0) do={/system logging action add name=GatewaysCheck target=disk disk-file-name=\”Gateways Check\” disk\
-lines-per-file=10000}\r\
\n:if ([/system logging print count-only where action=GatewaysCheck]=0) do={/system logging add topics=script action=GatewaysCheck}\r\
\n\r\
\n:if ([/ip route print count-only where dst-address=\”\$pingip/32\”]=0) do={/ip route add dst-address=(\$pingip) gateway=(192.168.1.254) comment=\”Gateway Check\”};\r\
\n\r\
\n:foreach k in \$Gateway do={\r\
\n#Test Gateways:\r\
\n/ip route set [find dst-address=\”\$pingip/32\”] disabled=no gateway=\$k comment=\”Checking Gateway \$k …\”;\r\
\n:delay 1000ms;\r\
\n:if ([/ip route get [find dst-address=\”\$pingip/32\”] gateway-status] = \”\$k unreachable\”) do={:log info (\”Router \$k not present or unconfigured\”)} else={\r\
\n:local pingresult [/ping \$pingip count=\$pingcount];\r\
\n# Gateway enable/disable:\r\
\n:if (\$pingresult=0) do={:foreach i in=[/ip route find gateway=\$k] do={/ip route set \$i disabled=yes}};\r\
\n:if (\$pingresult>0) do={:foreach i in=[/ip route find gateway=\$k] do={:if ([/ip route get \$i disabled]) do={/ip route set \$i disabled=no}}};\r\
\n:if (\$pingresult=0) do={:log info (\”Gateway \$k Down! \$pingresult / \$pingcount\”)} else={:log info (\”Gateway \$k Up \$pingresult / \$pingcount\”)};\r\
\n:delay 3000ms;\r\
\n}\r\
\n}\r\
\n/ip route remove [find dst-address=\”\$pingip/32\”]”

 

Fuente  : Alterserv.com Autor- ZonaWifiSDP

About the author

Richard M.