Scribd Logo
Upload

Welcome to Scribd!

  • 76 views

    Failover

    Uploaded by

    Deisy
    The document contains a script that performs load balancing across 4 ISPs. It pings an external IP address to determine which ISPs are down. Rules are updated to distribute traffic only across working ISPs, by modifying connection marks and per-connection classifiers. Previously down ISPs are disabled and connection marks for active ISPs are re-enabled after updating rules.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Failover

    Uploaded by

    Deisy
    76 views7 pages
    The document contains a script that performs load balancing across 4 ISPs. It pings an external IP address to determine which ISPs are down. Rules are updated to distribute traffic only across working ISPs, by modifying connection marks and per-connection classifiers. Previously down ISPs are disabled and connection marks for active ISPs are re-enabled after updating rules.

    Original Title

    failover.docx

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document contains a script that performs load balancing across 4 ISPs. It pings an external IP address to determine which ISPs are down. Rules are updated to distribute traffic only across working ISPs, by modifying connection marks and per-connection classifiers. Previously down ISPs are disabled and connection marks for active ISPs are re-enabled after updating rules.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    76 views7 pages

    Failover

    Uploaded by

    Deisy
    The document contains a script that performs load balancing across 4 ISPs. It pings an external IP address to determine which ISPs are down. Rules are updated to distribute traffic only across working ISPs, by modifying connection marks and per-connection classifiers. Previously down ISPs are disabled and connection marks for active ISPs are re-enabled after updating rules.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    You are on page 1of 7

    # Configuración estandar generada por SGCM

    # Livaur SRL de CV

    # Versión de script: 1.0

    # 2019-05-07 11:36:01

    # ¡IMPORTANTE!

    # Trabaja exclusivamente con 4 ISPs con capacidades iguales o similares

    /system clock

    set date="may/07/2019"

    set time="11:36:01"

    /interface ethernet

    set [ find default-name=ether1 ] comment=WAN1

    set [ find default-name=ether2 ] comment=WAN2

    set [ find default-name=ether3 ] comment=WAN3

    set [ find default-name=ether4 ] comment=WAN4

    set [ find default-name=ether5 ] comment=LAN

    /ip pool

    add name=poolOficina ranges=192.168.77.10-192.168.77.100

    /ip dhcp-server

    add address-pool=poolOficina disabled=no interface=ether5 name=server1

    /ip address

    add address=192.168.11.2/24 comment="IPs para puertos WAN" interface=ether1


    network=192.168.11.0

    add address=192.168.12.2/24 interface=ether2 network=192.168.12.0

    add address=192.168.13.2/24 interface=ether3 network=192.168.13.0

    add address=192.168.14.2/24 interface=ether4 network=192.168.14.0

    add address=192.168.77.1/24 comment="IP para puerto LAN" interface=ether5


    network=192.168.77.0

    /ip dhcp-server network

    add address=192.168.77.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=192.168.77.1 netmask=24

    /ip firewall mangle


    add action=accept chain=prerouting dst-address=192.168.11.0/24 in-interface=ether5

    add action=accept chain=prerouting dst-address=192.168.12.0/24 in-interface=ether5

    add action=accept chain=prerouting dst-address=192.168.13.0/24 in-interface=ether5

    add action=accept chain=prerouting dst-address=192.168.14.0/24 in-interface=ether5

    add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether1


    new-connection-mark=ISP1_conn

    add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether2


    new-connection-mark=ISP2_conn

    add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether3


    new-connection-mark=ISP3_conn

    add action=mark-connection chain=prerouting connection-mark=no-mark in-interface=ether4


    new-connection-mark=ISP4_conn

    add action=mark-connection chain=prerouting connection-mark=no-mark disabled=yes dst-


    address-type=!local in-interface=ether5 new-connection-mark=ISP1_conn per-connection-
    classifier=both-addresses:4/0

    add action=mark-connection chain=prerouting connection-mark=no-mark disabled=yes dst-


    address-type=!local in-interface=ether5 new-connection-mark=ISP2_conn per-connection-
    classifier=both-addresses:4/1

    add action=mark-connection chain=prerouting connection-mark=no-mark disabled=yes dst-


    address-type=!local in-interface=ether5 new-connection-mark=ISP3_conn per-connection-
    classifier=both-addresses:4/2

    add action=mark-connection chain=prerouting connection-mark=no-mark disabled=yes dst-


    address-type=!local in-interface=ether5 new-connection-mark=ISP4_conn per-connection-
    classifier=both-addresses:4/3

    add action=mark-routing chain=prerouting connection-mark=ISP1_conn in-interface=ether5


    new-routing-mark=to_ISP1

    add action=mark-routing chain=prerouting connection-mark=ISP2_conn in-interface=ether5


    new-routing-mark=to_ISP2

    add action=mark-routing chain=prerouting connection-mark=ISP3_conn in-interface=ether5


    new-routing-mark=to_ISP3

    add action=mark-routing chain=prerouting connection-mark=ISP4_conn in-interface=ether5


    new-routing-mark=to_ISP4

    add action=mark-routing chain=output connection-mark=ISP1_conn new-routing-


    mark=to_ISP1

    add action=mark-routing chain=output connection-mark=ISP2_conn new-routing-


    mark=to_ISP2

    add action=mark-routing chain=output connection-mark=ISP3_conn new-routing-


    mark=to_ISP3
    add action=mark-routing chain=output connection-mark=ISP4_conn new-routing-
    mark=to_ISP4

    /ip firewall nat

    add action=masquerade chain=srcnat out-interface=ether1

    add action=masquerade chain=srcnat out-interface=ether2

    add action=masquerade chain=srcnat out-interface=ether3

    add action=masquerade chain=srcnat out-interface=ether4

    /ip route

    add distance=1 gateway=192.168.11.1 routing-mark=to_ISP1

    add distance=1 gateway=192.168.12.1 routing-mark=to_ISP2

    add distance=1 gateway=192.168.13.1 routing-mark=to_ISP3

    add distance=1 gateway=192.168.14.1 routing-mark=to_ISP4

    #error exporting /system routerboard mode-button

    /system scheduler

    add interval=30s name=schedule1 on-event=failover


    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-
    date=nov/01/2017 start-time=00:00:00

    /system script

    add name=failover owner=admin


    policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#:log info
    \"Inicio failover para router con 4 ISPs\";\r\

    \n\r\

    \n:global ispsCaidosAnt;\r\

    \n\r\

    \n# PARA TRABAJAR CON MULTIPLES ISPS DE VELOCIDADES DIFERENTES\r\

    \n# es necesario usar el sistema SGCM de Livaur, ya que genera reglas adicionales,\r\

    \n# se encuentra en el link: https://www.livaur.com/sgcm \r\

    \n# \r\

    \n# {{ID:nPasos}; {ID:nPasos}};\r\

    \n#\r\

    \n#\r\

    \n:local isps {{1;1}; {2;1}; {3;1}; {4;1} };\r\

    \n:local pasos 0;\r\


    \n:local ispsCaidos;\r\

    \n\r\

    \n# Cantidad de pruebas ping que se lanzaran a la IP externa para determinar si\r\

    \n# el ISP est\E1 caido\r\

    \n:local nPruebasPing 5;\r\

    \n\r\

    \n# IP de DNS a donde se lanzan las pruebas de ping\r\

    \n# En este caso se usa una IP de OpenDNS\r\

    \n:local ipExterna \"208.67.222.222\";\r\

    \n\r\

    \n# Inicializaci\F3n de los ISP caidos anteriormente\r\

    \n:if ([:typeof \$ispsCaidosAnt]=\"nothing\") do={ :set ispsCaidosAnt {nil}; }\r\

    \n\r\

    \n\r\

    \n# Inicializaci\F3n de los ISPs caidos\r\

    \n:if ([:typeof \$ispsCaidos]=\"nothing\") do={ :set ispsCaidos {nil}; }\r\

    \n\r\

    \n# Proceso de pruebas de conexi\F3n a internet por los distintos ISPs\r\

    \n:foreach isp in=[\$isps] do={\r\

    \n #:log info (\$isp->1);\r\

    \n :local indiceIsp (\$isp->0);\r\

    \n\r\

    \n :local rping [/ping \$ipExterna routing-table=\"to_ISP\$indiceIsp\"


    count=\$nPruebasPing];\r\

    \n\r\

    \n # Si la respuesta de ping fue 0, entonces el ISP est\E1 caido y se agrega a la lista de


    ispsCaidos\r\

    \n :if (\$rping=0) do={\r\

    \n :set (\$ispsCaidos->\"\$indiceIsp\") \$indiceIsp;\r\

    \n :log info \"ISP\$indiceIsp caido\";\r\

    \n }\r\

    \n}\r\
    \n\r\

    \n\r\

    \n# Compara los ISPs caidos actualmente contra los ISPs caidos previamente\r\

    \n# Si son iguales evita ejecutar por completo el script\r\

    \n:if ( \$ispsCaidos = \$ispsCaidosAnt) do={\r\

    \n :exit;\r\

    \n}\r\

    \n# Si son diferentes, se actualizan los ispsCaidosAnt\r\

    \n:if ( \$ispsCaidos != \$ispsCaidosAnt ) do={\r\

    \n :set ispsCaidosAnt (\$ispsCaidos);\r\

    \n}\r\

    \n\r\

    \n\r\

    \n# C\E1lculo de los pasos totales\r\

    \n:foreach isp in=[\$isps] do={\r\

    \n :local estaCaido false;\r\

    \n\r\

    \n :foreach ispCaido in=[\$ispsCaidos] do={\r\

    \n :if (\$isp->0=\$ispCaido) do={\r\

    \n :set estaCaido true;\r\

    \n }\r\

    \n }\r\

    \n\r\

    \n :if (\$estaCaido=false) do={\r\

    \n :set pasos (\$pasos + (\$isp->1));\r\

    \n }\r\

    \n}\r\

    \n#:log info \$pasos;\r\

    \n\r\

    \n\r\

    \n# Desactivacion de las mark_connection de ISPs caidos\r\


    \n:foreach isp in=[\$ispsCaidos] do={\r\

    \n /ip firewall mangle disable [find new-connection-mark=\"ISP\$isp_conn\" and per-


    connection-classifier~\"both-addresses\"];\r\

    \n}\r\

    \n\r\

    \n\r\

    \n# Actualizaci\F3n de los pasos en funci\F3n de los ISPs activos\r\

    \n:local pasosTmp 0;\r\

    \n:foreach isp in=[\$isps] do={\r\

    \n :local estaCaido false;\r\

    \n :local idIsp (\$isp->0);\r\

    \n\r\

    \n :foreach ispCaido in=[\$ispsCaidos] do={\r\

    \n :if ((\$isp->0)=\$ispCaido) do={\r\

    \n :set estaCaido true;\r\

    \n }\r\

    \n }\r\

    \n\r\

    \n # Si el ISP no est\E1 caido se procede a actualizar las reglas con los \"pasos\" correctos\r\

    \n :if (\$estaCaido=false) do={\r\

    \n # Desactivar las reglas del ISP activo para hacer la actualizacion\r\

    \n /ip firewall mangle disable [find new-connection-mark=\"ISP\$idIsp_conn\" and per-


    connection-classifier~\"both-addresses\"];\r\

    \n\r\

    \n # Obtenci\F3n de los IDs de las reglas del ISP con new-connection-mark\r\

    \n :local idsReglas [/ip firewall mangle find new-connection-mark=\"ISP\$idIsp_conn\" and


    per-connection-classifier~\"both-addresses\"];\r\

    \n\r\

    \n # Por cada ID de la regla se procede a asignar el total de pasos y el n\FAmero de paso


    correspondiente\r\

    \n :foreach idRegla in=[\$idsReglas] do={\r\

    \n /ip firewall mangle set [find .id=\$idRegla] per-connection-classifier=\"both-


    addresses:\$pasos/\$pasosTmp\"\r\
    \n\r\

    \n #Incremento del contador de pasosTmp\r\

    \n :set pasosTmp (\$pasosTmp + 1);\r\

    \n }\r\

    \n\r\

    \n # Activaci\F3n de las reglas del ISP activo\r\

    \n /ip firewall mangle enable [find new-connection-mark=\"ISP\$idIsp_conn\" and per-


    connection-classifier~\"both-addresses\"];\r\

    \n }\r\

    \n}\r\

    \n\r\

    \n\r\

    \n#:log info \"Fin failover-script\";\r\

    \n"

    You might also like