mikrotik ROS PCC 负载均衡

|

脚本1

改自 官方脚本
https://wiki.mikrotik.com/wiki/Manual:PCC

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66


重置 ROS
[admin@MikroTik] > /system reset-configuration

设置 IP 供 SSH 访问
/ip address
add address=192.168.88.100/24 interface=LAN network=192.168.88.0


开始:
/interface ethernet
set [ find mac-address=00:88:3A:B8:33:C8 ] name=LAN
set [ find mac-address=00:88:3A:B8:33:C9 ] name=ISP1
set [ find mac-address=00:88:3A:B8:33:CA ] name=ISP2


/ip dhcp-client
add add-default-route=no dhcp-options=hostname,clientid disabled=no interface=ISP1
add add-default-route=no dhcp-options=hostname,clientid disabled=no interface=ISP2

####  设置DHCP (非必须) ####
/ip pool
add name=dhcp_pool1 ranges=192.168.88.200-192.168.88.254

/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=LAN name=dhcp1

/ip dhcp-server lease
add address=192.168.88.99  mac-address=8C:89:A5:1D:FA:DC server=dhcp1
add address=192.168.88.97  mac-address=52:54:00:6B:92:2A server=dhcp1
add address=192.168.88.101 mac-address=F0:76:1C:38:5A:64 server=dhcp1
add address=192.168.88.105 mac-address=52:54:00:F6:58:9D server=dhcp1

/ip dhcp-server network
add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1
###########################

/ip dns
set allow-remote-requests=yes

/ip firewall mangle
add action=accept chain=prerouting dst-address=192.168.1.0/24   in-interface=LAN
add action=accept chain=prerouting dst-address=192.168.188.0/24 in-interface=LAN


add chain=prerouting in-interface=ISP1 connection-mark=no-mark action=mark-connection     new-connection-mark=ISP1_conn
add chain=prerouting in-interface=ISP2 connection-mark=no-mark action=mark-connection     new-connection-mark=ISP2_conn
add chain=prerouting in-interface=LAN  connection-mark=no-mark dst-address-type=!local    per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=ISP1_conn
add chain=prerouting in-interface=LAN  connection-mark=no-mark dst-address-type=!local    per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=ISP2_conn

add chain=prerouting connection-mark=ISP1_conn in-interface=LAN action=mark-routing       new-routing-mark=to_ISP1
add chain=prerouting connection-mark=ISP2_conn in-interface=LAN action=mark-routing       new-routing-mark=to_ISP2

add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=to_ISP1
add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=to_ISP2

/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1    routing-mark=to_ISP1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.188.253  routing-mark=to_ISP2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.1.1    distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.188.253  distance=2 check-gateway=ping

/ ip firewall nat
add chain=srcnat out-interface=ISP1 action=masquerade
add chain=srcnat out-interface=ISP2 action=masquerade

多线负载测试:

PCC 掉线检测 参数切换 脚本(在线方式: 基于ping 远程主机IP)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
版本1
#################################################################
{
:local str {"ISP1"; "ISP2"};
:local GatewayNum [:len $str];
:local GatewayOnline 0;
:local GatewayIndex  0;
:local NameServer 180.76.76.76;

# get online
foreach i in=$str do={
    if ([/ping $NameServer interface=$i interval=1 count=2] != 0) do={
        set $GatewayOnline ($GatewayOnline+1);
    }
}

#disable or enable
foreach i in=$str do={
    if ([/ping $NameServer interface=$i interval=1 count=2] = 0) do={
        #offline --> disable
        /ip firewall mangle set [find new-connection-mark=($i."_conn")] disable=yes
        /ip firewall mangle set [find new-routing-mark=("to_".$i)] disable=yes
    } else={
        #online --> enable
        /ip firewall mangle set [find new-connection-mark=($i."_conn") per-connection-classifier~("both-addresses")] per-connection-classifier=("both-addresses:".$GatewayOnline."/".$GatewayIndex) disable=no
        /ip firewall mangle set [find new-connection-mark=($i."_conn")] disable=no
        /ip firewall mangle set [find new-routing-mark=("to_".$i)] disable=no
        set $GatewayIndex ($GatewayIndex+1);
        }
    }
}
#################################################################


版本2. 避免频繁修改PCC参数.
#################################################################
{
:local str {"ISP1"; "ISP2"};
:local GatewayNum [:len $str];
:local GatewayOnline 0;
:local GatewayIndex  0;
:local NameServer 180.76.76.76;

# get online
foreach i in=$str do={
    if ([/ping $NameServer interface=$i interval=1 count=2] != 0) do={
        set $GatewayOnline ($GatewayOnline+1);
    }
}

# good  checking
if ($GatewayNum=$GatewayOnline && [:len [/ip firewall mangle find disabled=no per-connection-classifier~"both-addresses"]]=$GatewayNum) do={
    :return 0
}

#disable or enable
foreach i in=$str do={
    if ([/ping $NameServer interface=$i interval=1 count=2] = 0) do={
        #offline --> disable
        /ip firewall mangle set [find new-connection-mark=($i."_conn")] disable=yes
        /ip firewall mangle set [find new-routing-mark=("to_".$i)] disable=yes
    } else={
        #online --> enable
        /ip firewall mangle set [find new-connection-mark=($i."_conn") per-connection-classifier~("both-addresses")] per-connection-classifier=("both-addresses:".$GatewayOnline."/".$GatewayIndex) disable=no
        /ip firewall mangle set [find new-connection-mark=($i."_conn")] disable=no
        /ip firewall mangle set [find new-routing-mark=("to_".$i)] disable=no
        set $GatewayIndex ($GatewayIndex+1);
        }
    }
}
#################################################################

添加自动执行脚本:

30 秒检查一次
点击:system -> scheduler -> add -> interval=30s name=PCC_check
内容: 粘贴进来

掉线测试方法(严谨法):

ISP1 –> 光纤 –> 光猫1(DHCP) –> 交换机1 –> mikrotik_ISP1(网口 通过DHCP获取ip地址)
ISP2 –> 光纤 –> 光猫2(DHCP) –> 交换机2 –> mikrotik_ISP2(网口 通过DHCP获取ip地址)

为什么中间引入交换机?
为了方便制造网路断开, 直接拔光纤不太合适。光纤插口太脆弱,不折腾(因为光纤断了我不会熔接)。
所以要把从光猫 到 mikrotik的网口 线路断开。

直接拔网线从光猫接到mikrotik的网口不可以吗,中间引入交换机岂不是多此一举?
中间引入交换机是为了保持链路link信号, 让mikrotik以为网口一致存在, 不要让网卡down掉。
如果网卡down掉, mikrotik会触发其他机制, 影响评测.

测试用例1:
只拔掉 光猫1(DHCP) –> 交换机1 的网线,执行脚本, PC机执行网速测试。
预期: ISP1失活,跑满ISP2的带宽。

测试用例2:
只拔掉 光猫2(DHCP) –> 交换机2 的网线, 执行脚本, PC机执行网速测试。
预期: ISP2失活,跑满ISP1的带宽。

测试用例3:
拔掉 光猫1(DHCP) –> 交换机1 的网线,执行脚本, PC机执行网速测试。
拔掉 光猫2(DHCP) –> 交换机2 的网线,执行脚本, PC机执行网速测试。
预期:ISP1失活, ISP2失活. 无法通信。

测试用例1:
恢复 光猫1(DHCP) –> 交换机1 的网线,执行脚本, PC机执行网速测试。
恢复 光猫1(DHCP) –> 交换机1 的网线,执行脚本, PC机执行网速测试。
预期:ISP1激活, ISP2激活. 带宽叠加。