SlideShare a Scribd company logo

ISP load balancing with mikrotik nth

Achmad Mardiansyah
Achmad Mardiansyah

In this webinar, we discussed an advanced topic of mikrotik firewall features: nth packet matcher. we assumed the readers already have a solid understanding of prerequisite knowledge. we started the discussion with the basic concepts of traffic load balancing, and then move to the nth discussion. The recording is available on youtube (GLC Networks Channel): https://youtu.be/s0JxxdKuh58

Internet
1 of 23
Download to read offline
www.glcnetworks.com ISP load balancing with GLC webinar, 19 october 2017 Achmad Mardiansyah achmad@glcnetworks.com GLC Networks, Indonesia 1 Nth (nth)
www.glcnetworks.com Agenda ● Introduction ● Prerequisite ● Load balancing ● Nth method ● Demo ● Q & A 2
www.glcnetworks.com What is GLC? ● Garda Lintas Cakrawala (www.glcnetworks.com) ● An Indonesian company ● Located in Bandung ● Areas: Training, IT Consulting ● Mikrotik Certified Training Partner/Consultant/Distributor ● Ubiquiti Certified Trainer/Consultant ● RedHat Certified Trainer 3
www.glcnetworks.com About GLC webinar? ● First webinar: january 1, 2010 (title: tahun baru bersama solaris - new year with solaris OS) ● As a sharing event with various topics: linux, networking, wireless, database, programming, etc ● Regular schedule: every 2 weeks ● Irregular schedule: as needed ● Checking schedule: http://www.glcnetworks.com/main/sc hedule ● You are invited to be a presenter ○ No need to be an expert ○ This is a forum for sharing: knowledge, experiences, information 4
www.glcnetworks.com Trainer Introduction ● Name: Achmad Mardiansyah ● Base: bandung, Indonesia ● Linux user (since 1999), Mikrotik user (since 2007), ubnt user (since 2011) ● Certified Trainer (Mikrotik, Ubiquiti, Redhat) ● Certified Consultant ● Work: Telco engineer, Sysadmin, PHP programmer, and Lecturer ● Personal website: http://achmadjournal.com ● More info: http://au.linkedin.com/in/achmadmardiansyah 5
www.glcnetworks.com Please introduce yourself ● Your name ● Your company/university? ● Your networking experience? ● Your mikrotik experience? ● Your expectation from this course? 6
www.glcnetworks.com Prerequisite 7
www.glcnetworks.com But hey, load balancing is easy... ● Lots of tutorials in internet!!! ● Tons of pages, tutorial, videos Questions to reader: ● Do you really understand what its written? ● Did the writer understand what they wrote? ● Is it really works as expected in real environment? 8
www.glcnetworks.com Well if it's easy, why these do not work? ● Information overloaded… which one suits you? ● Perhaps they have different environment on their network ● You need to understand how it works... 9
www.glcnetworks.com You should understand ● Firewall mangle. See GLC webinar: Mikrotik firewall mangle ● The differences between: ○ Packet vs Connection ○ Mark: packet / connection / routing ● How routing works: see GLC webinar: Routing with mikrotik ● How NAT works: see GLC webinar: Mikrotik firewall NAT 10
www.glcnetworks.com Load balancing 11
www.glcnetworks.com What is (traffic) load balancing? ● Is a process to forward traffic on several links ● Applied on router ● Load balancing != failover ● Can be done on per-packet or per-connection basis ● This doesnt increase your data rate. 4mbps ISP1 + 4mbps ISP2 -> your download rate = 8mbps (WRONG!) Benefits: ● Increase utilisation of upstream links 12 ISP1 ISP2 LAN ether1 ether2 webserver ISP3 ether4 R1
www.glcnetworks.com Load balancing techniques 13 Method Per-connection per-packet Firewall marking YES YES ECMP YES NO PCC YES NO Nth (our focus) YES YES Bonding NO YES OSPF YES NO BGP YES NO
www.glcnetworks.com Website contents: single connection Website with single connection: http://test.glcnetworks.com 1414 ISP1 ISP2 LAN ether1 ether2 ISP3 ether4 R1
www.glcnetworks.com Website contents: multi connection 1515 ISP1 ISP2 LAN ether1 ether2 ISP3 ● Client will open multiple connections to get website components Connect ion 1 Connect ion 2 Connect ion 3 ether4 R1
www.glcnetworks.com Nth (NTH) technique 16
www.glcnetworks.com How Nth (NTH) works? NTH method matches a particular Nth packet received by the rule. Format: (E,P). See below ● Every - match every Every Nth packet. For example, if Every=2 then rule will check every 2 packet ● Packet - match on the given packet number. ○ Must not be 0 ○ Must be less or equal to every 17 ISP1 LAN ether1 ISP3 packet 1 packet 2 packet 3
www.glcnetworks.com Nth example. nth=Every,Packet Original packet: nth=2,1 -> 50% of traffic nth=2,2 -> 50% of traffic nth=3,1 -> 1/3 of traffic nth=4,2 -> 1/4 of traffic 18 1 2 3 4 5 6 7 8 9 10 1 2 1 2 1 2 1 2 1 2 1 2 1 2 1 2 1 2 1 2 1 2 3 1 2 3 1 2 3 1 1 2 3 4 1 2 3 4 1 2
www.glcnetworks.com Example Nth firewall rules (per-packet basis) ● Matching every 2 packets, first-packet only /ip firewall mangle add action=mark-packet chain=prerouting new-packet-mark=AAA nth=2,1; ● Matching every 3 packets /ip firewall mangle add action=mark-packet chain=prerouting new-packet-mark=AAA nth=3,1 passthrough=yes; add action=mark-packet chain=prerouting new-packet-mark=BBB nth=3,2 passthrough=yes; add action=mark-packet chain=prerouting new-packet-mark=CCC nth=3,3 passthrough=yes; 19
www.glcnetworks.com Important to note ● Marking the packets is just half of the process of doing load balancing ● The next step is to route the marked packets to different gateway. See prerequisite ● 20
www.glcnetworks.com Some issues & recommendations Issues: ● Per-connection vs per-packet ○ Check your topology, which one is best suite you ● Beware of NATed connection ○ webserver will see inbound connection from 2 ip public addresses ○ webpage will not displayed correctly (as it is considered illegal session) ○ banking / https / game websites will not allow you to access their website. Sometimes you need to do authentication again Recommendations ● If you use NAT, Better to use classifier based on source IP address only -> will give client consistent path to the destination ● Avoid NAT if possible -> using public IP address end-to-end -> use BGP -> better performance 21
www.glcnetworks.com Interested? Just come to our training... Special price for webinar attendees… http://www.glcnetworks.c om/main/schedule 22
www.glcnetworks.com End of slides ● Thank you for your attention ● Please submit your feedback: http://bit.ly/glcfeedback ● Like our facebook page: “GLC networks” ● Slide: http://www.slideshare.net/r41nbuw ● Recording: https://www.youtube.com/channel/UCI611_IIkQC0rsLWIFIx_yg ● Stay tune with our schedule 23

Recommended

Mikrotik Load Balancing with PCC
Mikrotik Load Balancing with PCCMikrotik Load Balancing with PCC
Mikrotik Load Balancing with PCC
GLC Networks
 
Mikrotik firewall filter
Mikrotik firewall filterMikrotik firewall filter
Mikrotik firewall filter
Achmad Mardiansyah
 
Policy Based Routing (PBR) on Mikrotik
Policy Based Routing (PBR) on MikrotikPolicy Based Routing (PBR) on Mikrotik
Policy Based Routing (PBR) on Mikrotik
GLC Networks
 
Mikrotik IP Settings For Performance and Security
Mikrotik IP Settings For Performance and SecurityMikrotik IP Settings For Performance and Security
Mikrotik IP Settings For Performance and Security
GLC Networks
 
Routing fundamentals with mikrotik
Routing fundamentals with mikrotikRouting fundamentals with mikrotik
Routing fundamentals with mikrotik
Achmad Mardiansyah
 
GLC webinar: limiting bandwidth using mikrotik
GLC webinar: limiting bandwidth using mikrotikGLC webinar: limiting bandwidth using mikrotik
GLC webinar: limiting bandwidth using mikrotik
Achmad Mardiansyah
 
OSPF On Router OS7
OSPF On Router OS7OSPF On Router OS7
OSPF On Router OS7
GLC Networks
 
Mikrotik fastpath
Mikrotik fastpathMikrotik fastpath
Mikrotik fastpath
Achmad Mardiansyah
 

Recommended

Mikrotik Load Balancing with PCC
Mikrotik Load Balancing with PCCMikrotik Load Balancing with PCC
Mikrotik Load Balancing with PCC
GLC Networks
 
Mikrotik firewall filter
Mikrotik firewall filterMikrotik firewall filter
Mikrotik firewall filter
Achmad Mardiansyah
 
Policy Based Routing (PBR) on Mikrotik
Policy Based Routing (PBR) on MikrotikPolicy Based Routing (PBR) on Mikrotik
Policy Based Routing (PBR) on Mikrotik
GLC Networks
 
Mikrotik IP Settings For Performance and Security
Mikrotik IP Settings For Performance and SecurityMikrotik IP Settings For Performance and Security
Mikrotik IP Settings For Performance and Security
GLC Networks
 
Routing fundamentals with mikrotik
Routing fundamentals with mikrotikRouting fundamentals with mikrotik
Routing fundamentals with mikrotik
Achmad Mardiansyah
 
GLC webinar: limiting bandwidth using mikrotik
GLC webinar: limiting bandwidth using mikrotikGLC webinar: limiting bandwidth using mikrotik
GLC webinar: limiting bandwidth using mikrotik
Achmad Mardiansyah
 
OSPF On Router OS7
OSPF On Router OS7OSPF On Router OS7
OSPF On Router OS7
GLC Networks
 
Mikrotik fastpath
Mikrotik fastpathMikrotik fastpath
Mikrotik fastpath
Achmad Mardiansyah
 
Mikrotik firewall raw table
Mikrotik firewall raw tableMikrotik firewall raw table
Mikrotik firewall raw table
Achmad Mardiansyah
 
Mikrotik Hotspot
Mikrotik HotspotMikrotik Hotspot
Mikrotik Hotspot
GLC Networks
 
ISP Load Balancing with Mikrotik ECMP
ISP Load Balancing with Mikrotik ECMPISP Load Balancing with Mikrotik ECMP
ISP Load Balancing with Mikrotik ECMP
GLC Networks
 
BGP vs OSPF on Mikrotik
BGP vs OSPF on MikrotikBGP vs OSPF on Mikrotik
BGP vs OSPF on Mikrotik
GLC Networks
 
Best Current Practice (BCP) 38 Ingress Filtering for Security
Best Current Practice (BCP) 38 Ingress Filtering for SecurityBest Current Practice (BCP) 38 Ingress Filtering for Security
Best Current Practice (BCP) 38 Ingress Filtering for Security
GLC Networks
 
Mikrotik firewall NAT
Mikrotik firewall NATMikrotik firewall NAT
Mikrotik firewall NAT
Achmad Mardiansyah
 
Using Mikrotik Switch Features to Improve Your Network
Using Mikrotik Switch Features to Improve Your Network Using Mikrotik Switch Features to Improve Your Network
Using Mikrotik Switch Features to Improve Your Network
GLC Networks
 
Mikrotik Fastpath vs Fasttrack
Mikrotik Fastpath vs FasttrackMikrotik Fastpath vs Fasttrack
Mikrotik Fastpath vs Fasttrack
GLC Networks
 
Mikrotik Bridge Deep Dive
Mikrotik Bridge Deep DiveMikrotik Bridge Deep Dive
Mikrotik Bridge Deep Dive
GLC Networks
 
VLAN on mikrotik
VLAN on mikrotikVLAN on mikrotik
VLAN on mikrotik
Achmad Mardiansyah
 
IPv6 with Mikrotik
IPv6 with MikrotikIPv6 with Mikrotik
IPv6 with Mikrotik
GLC Networks
 
Queue Type on Mikrotik
Queue Type on MikrotikQueue Type on Mikrotik
Queue Type on Mikrotik
GLC Networks
 
Connection load balancing with mikrotik [workshop]
Connection load balancing with mikrotik [workshop]Connection load balancing with mikrotik [workshop]
Connection load balancing with mikrotik [workshop]
Achmad Mardiansyah
 
Mikrotik VRRP
Mikrotik VRRPMikrotik VRRP
Mikrotik VRRP
Achmad Mardiansyah
 
Mikrotik pcq
Mikrotik pcqMikrotik pcq
Mikrotik pcq
Putra Jambak
 
Network Monitoring with The Dude and Whatsapp
Network Monitoring with The Dude and WhatsappNetwork Monitoring with The Dude and Whatsapp
Network Monitoring with The Dude and Whatsapp
GLC Networks
 
BGP filter with mikrotik
BGP filter with mikrotikBGP filter with mikrotik
BGP filter with mikrotik
Achmad Mardiansyah
 
Routing Information Protocol (RIP) on Mikrotik
Routing Information Protocol (RIP) on MikrotikRouting Information Protocol (RIP) on Mikrotik
Routing Information Protocol (RIP) on Mikrotik
Achmad Mardiansyah
 
Tunnel vs VPN on Mikrotik
Tunnel vs VPN on MikrotikTunnel vs VPN on Mikrotik
Tunnel vs VPN on Mikrotik
GLC Networks
 
Detecting network virus using mikrotik
Detecting network virus using mikrotikDetecting network virus using mikrotik
Detecting network virus using mikrotik
Achmad Mardiansyah
 
Mikrotik firewall mangle
Mikrotik firewall mangleMikrotik firewall mangle
Mikrotik firewall mangle
Achmad Mardiansyah
 
Troubleshooting load balancing
Troubleshooting load balancingTroubleshooting load balancing
Troubleshooting load balancing
Achmad Mardiansyah
 

More Related Content

What's hot

What's hot (20)

Mikrotik firewall raw table
Mikrotik firewall raw tableMikrotik firewall raw table
Mikrotik firewall raw table
 
Mikrotik Hotspot
Mikrotik HotspotMikrotik Hotspot
Mikrotik Hotspot
 
ISP Load Balancing with Mikrotik ECMP
ISP Load Balancing with Mikrotik ECMPISP Load Balancing with Mikrotik ECMP
ISP Load Balancing with Mikrotik ECMP
 
BGP vs OSPF on Mikrotik
BGP vs OSPF on MikrotikBGP vs OSPF on Mikrotik
BGP vs OSPF on Mikrotik
 
Best Current Practice (BCP) 38 Ingress Filtering for Security
Best Current Practice (BCP) 38 Ingress Filtering for SecurityBest Current Practice (BCP) 38 Ingress Filtering for Security
Best Current Practice (BCP) 38 Ingress Filtering for Security
 
Mikrotik firewall NAT
Mikrotik firewall NATMikrotik firewall NAT
Mikrotik firewall NAT
 
Using Mikrotik Switch Features to Improve Your Network
Using Mikrotik Switch Features to Improve Your Network Using Mikrotik Switch Features to Improve Your Network
Using Mikrotik Switch Features to Improve Your Network
 
Mikrotik Fastpath vs Fasttrack
Mikrotik Fastpath vs FasttrackMikrotik Fastpath vs Fasttrack
Mikrotik Fastpath vs Fasttrack
 
Mikrotik Bridge Deep Dive
Mikrotik Bridge Deep DiveMikrotik Bridge Deep Dive
Mikrotik Bridge Deep Dive
 
VLAN on mikrotik
VLAN on mikrotikVLAN on mikrotik
VLAN on mikrotik
 
IPv6 with Mikrotik
IPv6 with MikrotikIPv6 with Mikrotik
IPv6 with Mikrotik
 
Queue Type on Mikrotik
Queue Type on MikrotikQueue Type on Mikrotik
Queue Type on Mikrotik
 
Connection load balancing with mikrotik [workshop]
Connection load balancing with mikrotik [workshop]Connection load balancing with mikrotik [workshop]
Connection load balancing with mikrotik [workshop]
 
Mikrotik VRRP
Mikrotik VRRPMikrotik VRRP
Mikrotik VRRP
 
Mikrotik pcq
Mikrotik pcqMikrotik pcq
Mikrotik pcq
 
Network Monitoring with The Dude and Whatsapp
Network Monitoring with The Dude and WhatsappNetwork Monitoring with The Dude and Whatsapp
Network Monitoring with The Dude and Whatsapp
 
BGP filter with mikrotik
BGP filter with mikrotikBGP filter with mikrotik
BGP filter with mikrotik
 
Routing Information Protocol (RIP) on Mikrotik
Routing Information Protocol (RIP) on MikrotikRouting Information Protocol (RIP) on Mikrotik
Routing Information Protocol (RIP) on Mikrotik
 
Tunnel vs VPN on Mikrotik
Tunnel vs VPN on MikrotikTunnel vs VPN on Mikrotik
Tunnel vs VPN on Mikrotik
 
Detecting network virus using mikrotik
Detecting network virus using mikrotikDetecting network virus using mikrotik
Detecting network virus using mikrotik
 

Similar to ISP load balancing with mikrotik nth

Firewall mangle PBR: steering outbound path similar to inbound
Firewall mangle PBR: steering outbound path similar to inboundFirewall mangle PBR: steering outbound path similar to inbound
Firewall mangle PBR: steering outbound path similar to inbound
GLC Networks
 

Similar to ISP load balancing with mikrotik nth (20)

Mikrotik firewall mangle
Mikrotik firewall mangleMikrotik firewall mangle
Mikrotik firewall mangle
 
Troubleshooting load balancing
Troubleshooting load balancingTroubleshooting load balancing
Troubleshooting load balancing
 
Mikrotik fasttrack
Mikrotik fasttrackMikrotik fasttrack
Mikrotik fasttrack
 
Layer 7 Firewall on Mikrotik
Layer 7 Firewall on MikrotikLayer 7 Firewall on Mikrotik
Layer 7 Firewall on Mikrotik
 
Mikrotik the dude
Mikrotik the dudeMikrotik the dude
Mikrotik the dude
 
MUM Melbourne : Build Enterprise Wireless with CAPsMAN
MUM Melbourne : Build Enterprise Wireless with CAPsMANMUM Melbourne : Build Enterprise Wireless with CAPsMAN
MUM Melbourne : Build Enterprise Wireless with CAPsMAN
 
CCNA : Intro to Cisco IOS - Part 1
CCNA : Intro to Cisco IOS - Part 1CCNA : Intro to Cisco IOS - Part 1
CCNA : Intro to Cisco IOS - Part 1
 
Network LACP/Bonding/Teaming with Mikrotik
Network LACP/Bonding/Teaming with MikrotikNetwork LACP/Bonding/Teaming with Mikrotik
Network LACP/Bonding/Teaming with Mikrotik
 
Firewall mangle PBR: steering outbound path similar to inbound
Firewall mangle PBR: steering outbound path similar to inboundFirewall mangle PBR: steering outbound path similar to inbound
Firewall mangle PBR: steering outbound path similar to inbound
 
Stable OSPF: choosing network type.pdf
Stable OSPF: choosing network type.pdfStable OSPF: choosing network type.pdf
Stable OSPF: choosing network type.pdf
 
Using Control-Webpanel for Hosting Service - Part 1
Using Control-Webpanel for Hosting Service - Part 1Using Control-Webpanel for Hosting Service - Part 1
Using Control-Webpanel for Hosting Service - Part 1
 
Jumpstart your router with mikrotik quickset
Jumpstart your router with mikrotik quicksetJumpstart your router with mikrotik quickset
Jumpstart your router with mikrotik quickset
 
Zabbix for Monitoring
Zabbix for MonitoringZabbix for Monitoring
Zabbix for Monitoring
 
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
 
Build enterprise wireless with CAPsMAN
Build enterprise wireless with CAPsMANBuild enterprise wireless with CAPsMAN
Build enterprise wireless with CAPsMAN
 
MTCNA Intro to routerOS
MTCNA Intro to routerOSMTCNA Intro to routerOS
MTCNA Intro to routerOS
 
Building a Web Server with NGINX
Building a Web Server with NGINXBuilding a Web Server with NGINX
Building a Web Server with NGINX
 
Building Local-loop Services for Customers
Building Local-loop Services for CustomersBuilding Local-loop Services for Customers
Building Local-loop Services for Customers
 
Building Web Server with Linux
Building Web Server with LinuxBuilding Web Server with Linux
Building Web Server with Linux
 
RouterOS Migration From v6 to v7
RouterOS Migration From v6 to v7RouterOS Migration From v6 to v7
RouterOS Migration From v6 to v7
 

More from Achmad Mardiansyah

More from Achmad Mardiansyah (14)

01 introduction to mpls
01 introduction to mpls 01 introduction to mpls
01 introduction to mpls
 
Solaris 10 Container
Solaris 10 ContainerSolaris 10 Container
Solaris 10 Container
 
Backup & Restore (BR) in Solaris OS
Backup & Restore (BR) in Solaris OSBackup & Restore (BR) in Solaris OS
Backup & Restore (BR) in Solaris OS
 
Mikrotik User Meeting Manila: bgp vs ospf
Mikrotik User Meeting Manila: bgp vs ospfMikrotik User Meeting Manila: bgp vs ospf
Mikrotik User Meeting Manila: bgp vs ospf
 
PHPID online Learning #6 Migration from procedural to OOP
PHPID online Learning #6 Migration from procedural to OOPPHPID online Learning #6 Migration from procedural to OOP
PHPID online Learning #6 Migration from procedural to OOP
 
Wireless CSMA with mikrotik
Wireless CSMA with mikrotikWireless CSMA with mikrotik
Wireless CSMA with mikrotik
 
SSL certificate with mikrotik
SSL certificate with mikrotikSSL certificate with mikrotik
SSL certificate with mikrotik
 
Using protocol analyzer on mikrotik
Using protocol analyzer on mikrotikUsing protocol analyzer on mikrotik
Using protocol analyzer on mikrotik
 
IPv6 on Mikrotik
IPv6 on MikrotikIPv6 on Mikrotik
IPv6 on Mikrotik
 
Mikrotik metarouter
Mikrotik metarouterMikrotik metarouter
Mikrotik metarouter
 
Mikrotik API
Mikrotik APIMikrotik API
Mikrotik API
 
Using mikrotik with radius
Using mikrotik with radiusUsing mikrotik with radius
Using mikrotik with radius
 
BGP on mikrotik
BGP on mikrotikBGP on mikrotik
BGP on mikrotik
 
VPN on Mikrotik
VPN on MikrotikVPN on Mikrotik
VPN on Mikrotik
 

Recently uploaded

pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
JOHNBEBONYAP1
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
ayvbos
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Monica Sydney
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
Asmae Rabhi
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
pxcywzqs
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Monica Sydney
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
ydyuyu
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
galaxypingy
 

Recently uploaded (20)

Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolino
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 

ISP load balancing with mikrotik nth

  • 1. www.glcnetworks.com ISP load balancing with GLC webinar, 19 october 2017 Achmad Mardiansyah achmad@glcnetworks.com GLC Networks, Indonesia 1 Nth (nth)
  • 2. www.glcnetworks.com Agenda ● Introduction ● Prerequisite ● Load balancing ● Nth method ● Demo ● Q & A 2
  • 3. www.glcnetworks.com What is GLC? ● Garda Lintas Cakrawala (www.glcnetworks.com) ● An Indonesian company ● Located in Bandung ● Areas: Training, IT Consulting ● Mikrotik Certified Training Partner/Consultant/Distributor ● Ubiquiti Certified Trainer/Consultant ● RedHat Certified Trainer 3
  • 4. www.glcnetworks.com About GLC webinar? ● First webinar: january 1, 2010 (title: tahun baru bersama solaris - new year with solaris OS) ● As a sharing event with various topics: linux, networking, wireless, database, programming, etc ● Regular schedule: every 2 weeks ● Irregular schedule: as needed ● Checking schedule: http://www.glcnetworks.com/main/sc hedule ● You are invited to be a presenter ○ No need to be an expert ○ This is a forum for sharing: knowledge, experiences, information 4
  • 5. www.glcnetworks.com Trainer Introduction ● Name: Achmad Mardiansyah ● Base: bandung, Indonesia ● Linux user (since 1999), Mikrotik user (since 2007), ubnt user (since 2011) ● Certified Trainer (Mikrotik, Ubiquiti, Redhat) ● Certified Consultant ● Work: Telco engineer, Sysadmin, PHP programmer, and Lecturer ● Personal website: http://achmadjournal.com ● More info: http://au.linkedin.com/in/achmadmardiansyah 5
  • 6. www.glcnetworks.com Please introduce yourself ● Your name ● Your company/university? ● Your networking experience? ● Your mikrotik experience? ● Your expectation from this course? 6
  • 8. www.glcnetworks.com But hey, load balancing is easy... ● Lots of tutorials in internet!!! ● Tons of pages, tutorial, videos Questions to reader: ● Do you really understand what its written? ● Did the writer understand what they wrote? ● Is it really works as expected in real environment? 8
  • 9. www.glcnetworks.com Well if it's easy, why these do not work? ● Information overloaded… which one suits you? ● Perhaps they have different environment on their network ● You need to understand how it works... 9
  • 10. www.glcnetworks.com You should understand ● Firewall mangle. See GLC webinar: Mikrotik firewall mangle ● The differences between: ○ Packet vs Connection ○ Mark: packet / connection / routing ● How routing works: see GLC webinar: Routing with mikrotik ● How NAT works: see GLC webinar: Mikrotik firewall NAT 10
  • 12. www.glcnetworks.com What is (traffic) load balancing? ● Is a process to forward traffic on several links ● Applied on router ● Load balancing != failover ● Can be done on per-packet or per-connection basis ● This doesnt increase your data rate. 4mbps ISP1 + 4mbps ISP2 -> your download rate = 8mbps (WRONG!) Benefits: ● Increase utilisation of upstream links 12 ISP1 ISP2 LAN ether1 ether2 webserver ISP3 ether4 R1
  • 13. www.glcnetworks.com Load balancing techniques 13 Method Per-connection per-packet Firewall marking YES YES ECMP YES NO PCC YES NO Nth (our focus) YES YES Bonding NO YES OSPF YES NO BGP YES NO
  • 14. www.glcnetworks.com Website contents: single connection Website with single connection: http://test.glcnetworks.com 1414 ISP1 ISP2 LAN ether1 ether2 ISP3 ether4 R1
  • 15. www.glcnetworks.com Website contents: multi connection 1515 ISP1 ISP2 LAN ether1 ether2 ISP3 ● Client will open multiple connections to get website components Connect ion 1 Connect ion 2 Connect ion 3 ether4 R1
  • 17. www.glcnetworks.com How Nth (NTH) works? NTH method matches a particular Nth packet received by the rule. Format: (E,P). See below ● Every - match every Every Nth packet. For example, if Every=2 then rule will check every 2 packet ● Packet - match on the given packet number. ○ Must not be 0 ○ Must be less or equal to every 17 ISP1 LAN ether1 ISP3 packet 1 packet 2 packet 3
  • 18. www.glcnetworks.com Nth example. nth=Every,Packet Original packet: nth=2,1 -> 50% of traffic nth=2,2 -> 50% of traffic nth=3,1 -> 1/3 of traffic nth=4,2 -> 1/4 of traffic 18 1 2 3 4 5 6 7 8 9 10 1 2 1 2 1 2 1 2 1 2 1 2 1 2 1 2 1 2 1 2 1 2 3 1 2 3 1 2 3 1 1 2 3 4 1 2 3 4 1 2
  • 19. www.glcnetworks.com Example Nth firewall rules (per-packet basis) ● Matching every 2 packets, first-packet only /ip firewall mangle add action=mark-packet chain=prerouting new-packet-mark=AAA nth=2,1; ● Matching every 3 packets /ip firewall mangle add action=mark-packet chain=prerouting new-packet-mark=AAA nth=3,1 passthrough=yes; add action=mark-packet chain=prerouting new-packet-mark=BBB nth=3,2 passthrough=yes; add action=mark-packet chain=prerouting new-packet-mark=CCC nth=3,3 passthrough=yes; 19
  • 20. www.glcnetworks.com Important to note ● Marking the packets is just half of the process of doing load balancing ● The next step is to route the marked packets to different gateway. See prerequisite ● 20
  • 21. www.glcnetworks.com Some issues & recommendations Issues: ● Per-connection vs per-packet ○ Check your topology, which one is best suite you ● Beware of NATed connection ○ webserver will see inbound connection from 2 ip public addresses ○ webpage will not displayed correctly (as it is considered illegal session) ○ banking / https / game websites will not allow you to access their website. Sometimes you need to do authentication again Recommendations ● If you use NAT, Better to use classifier based on source IP address only -> will give client consistent path to the destination ● Avoid NAT if possible -> using public IP address end-to-end -> use BGP -> better performance 21
  • 22. www.glcnetworks.com Interested? Just come to our training... Special price for webinar attendees… http://www.glcnetworks.c om/main/schedule 22
  • 23. www.glcnetworks.com End of slides ● Thank you for your attention ● Please submit your feedback: http://bit.ly/glcfeedback ● Like our facebook page: “GLC networks” ● Slide: http://www.slideshare.net/r41nbuw ● Recording: https://www.youtube.com/channel/UCI611_IIkQC0rsLWIFIx_yg ● Stay tune with our schedule 23