PT. Hawk Teknologi Solusi

Silahkan Cari Disini

Sabtu, 26 Februari 2011

Bonding Two ADSL

Because I must wait 1-2 months to upgrade my Intercity Leased Line (LL) between Indonesia Internet Exchange (IIX) locate in Cyber Building, South Jakarta with my remote site with distance 266km so i try using Mikrotik Interface Bonding Solution, and it works.

So this is the configuration for Mikrotik Router locate in remote site:

I used two ADSL connection

/interface pppoe-client
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 \
dial-on-demand=no disabled=no interface=ether1_adsl1 max-mru=1480 max-mtu=\
1480 mrru=disabled name=telkom1 password=123456 profile=pppoe \
service-name="" use-peer-dns=no
add ac-name="" add-default-route=no allow=pap,chap,mschap1,mschap2 \
dial-on-demand=no disabled=no interface=ether3_adsl2 max-mru=1480 max-mtu=\
1480 mrru=disabled name=telkom2 password=123456 profile=pppoe \
service-name="" use-peer-dns=no


  1. password=123456 , this is just example you must using your own password
  2., this is just example you must using your own user

[Me@RemoteSite] /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
address= network=
interface=BONDING_PDA1_D3_EOIP actual-interface=BONDING_PDA1_D3_EOIP

5 D address= network= interface=telkom2

6 D address= network= interface=telkom1


  1. address= , this is point-to-point ip address between bonding interface jakarta with remote site
  2. address= and address=, this is ip address from ADSL provider, this is good because between telkom1 and telkom2 using different gateway and network so we can create different routing statick for two eoip connection for each ADSL

/ip route
add check-gateway=ping comment="DEFAULT GATEWAY via BONDING RO JAKARTA" \
disabled=no distance=1 dst-address= gateway= scope=30 \
add comment="ROUTING To LOOPBACK1 RO JAKARTA via ADSL 1" \
disabled=no distance=1 dst-address= gateway= \
scope=30 target-scope=10
add comment="ROUTING To LOOPBACK2 RO JAKARTA via ADSL 2" \
disabled=no distance=1 dst-address= gateway= \
scope=30 target-scope=10
add comment="DNS ADSL1" disabled=no distance=1 dst-address= \
gateway=, scope=30 target-scope=10
add comment="DNS ADSL2" disabled=no distance=1 dst-address= \
gateway=, scope=30 target-scope=10


  1. LOOPBACK1 and LOOPBACK2 is the ip address on lobridge1 and lobridge2 interface at Jakarta Router, just to make sure each eoip interface have their remote-address

/interface eoip
add arp=enabled comment="remote address ip loopback rb1000 jkt" \
disabled=no l2mtu=65535 mac-address=02:83:30:AC:C5:18 mtu=1500 name=\
EOIP_PDA1_D3_4793 remote-address= tunnel-id=4793
add arp=enabled comment="remote address ip loopback rb1000 jkt" \
disabled=no l2mtu=65535 mac-address=02:83:30:AC:C5:18 mtu=1500 name=\
EOIP_PDA1_D3_7814 remote-address= tunnel-id=7814


  1. I using two EOIP interface , each EOIP connected using ADSL to Jakarta Router, because my Jakarta Router directly connected to IIX so from Jakarta Router to RemoteSite Router connected through IIX to ADSL provider

/interface bonding
add arp=enabled arp-interval=100ms arp-ip-targets= disabled=no \
down-delay=0ms lacp-rate=30secs link-monitoring=arp mii-interval=100ms \
mode=balance-rr mtu=1500 name=BONDING_PDA1_D3_EOIP primary=none slaves=\
EOIP_PDA1_D3_4793,EOIP_PDA1_D3_7814 transmit-hash-policy=layer-2 up-delay=\


  1. arp-ip-targets=, this is ip monitoring on Jakarta Router
  2. mode=balance-rr, this is bonding mode i used, balance-rr its mean the data will tx and rx using round-robin and give balance and fail-over between slave interface

I using NAT to masquerade all traffic out through Bonding interface to make sure the src-address from my remote-site is replace with IP

/ip firewall nat
add action=masquerade chain=srcnat comment="NAT via BONDING" disabled=no \

And this is configuration for Mikrotik Router locate in Jakarta:

/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment="" disabled=no forward-delay=15s l2mtu=65535 max-message-age=20s \
mtu=1500 name=lobridge1 priority=0x8000 protocol-mode=none \
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
comment="" disabled=no forward-delay=15s l2mtu=65535 max-message-age=20s \
mtu=1500 name=lobridge2 priority=0x8000 protocol-mode=none \


  1. lobridge interface using for ip loopback for remote-address eoip from RemoteSite

/interface eoip
add arp=enabled comment="" disabled=no l2mtu=65535 mac-address=\
02:8B:E1:15:7E:C5 mtu=1500 name=EOIP_4793 remote-address=\ tunnel-id=4793
add arp=enabled comment="" disabled=no l2mtu=65535 mac-address=\
02:8B:E1:15:7E:C5 mtu=1500 name=EOIP_7814 remote-address=\ tunnel-id=7814

/interface bonding
add arp=enabled arp-interval=100ms arp-ip-targets= comment="" \
disabled=no down-delay=0s lacp-rate=30secs link-monitoring=arp \
mii-interval=100ms mode=balance-rr mtu=1500 name=BONDING_PDA1_D3_EOIP \
primary=none slaves=EOIP_PDA1_D3_4793,EOIP_PDA1_D3_7814 \
transmit-hash-policy=layer-2 up-delay=0s

[Me@Jakarta] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic
1 ;;; IIX BGP Peering ether2_OIXP
5 ;;; IP Loopback1 lobridge1
6 ;;; IP Loopback2 lobridge2


  1. Jakarta Router directly connected to IIX so routing table from Jakarta to ADSL at RemoteSite is through IIX and the routing table is using BGP protocol between Jakarta Router to IIX Router

Jumat, 25 Februari 2011

Youtube IP Address and how to manipulate Youtube routing in Mikrotik Router

If you have more then one ISP you can manipulate routing for Youtube traffic to ISP with the best download rate for Youtube content

/ip firewall address-list
add address= comment=Google disabled=no list=youtube
add address= comment=TuDou disabled=no list=youtube
add address= comment=TuDou disabled=no list=youtube
add address= comment=YouTube disabled=no list=youtube
add address= comment=YouTube disabled=no list=youtube
add address= comment=YouTube disabled=no list=youtube
add address= comment=YouTube disabled=no list=youtube
add address= comment=Google disabled=no list=youtube

/ip firewall mangle
add action=mark-routing chain=prerouting \
comment="Routing Mark Youtube" disabled=no \
dst-address-list=youtube new-routing-mark=youtube passthrough=no

because if you mangle routing-mark all protocol and you have email server inside your network the email from gmail will failed to received so better you just mangle routing-mark for protocol tcp dst-port 80, like this:

/ip firewall mangle
add action=mark-routing chain=prerouting comment="Routing Mark Youtube" \
disabled=no dst-address-list=youtube dst-port=80 new-routing-mark=\
youtube passthrough=no protocol=tcp

/ip route
add comment="Routing Youtube" disabled=no dst-address= \
gateway= routing-mark=youtube

/ip firewall nat
add action=masquerade chain=srcnat \
comment="NAT Youtube via ISP Youtube" \
disabled=no out-interface=INTERFACE_TO_ISP_YOUTUBE

  1. gateway=, you must using your ISP gateway for Youtube traffic depend on your choice whic one of your ISP is best for Youtube traffic
  2. out-interface=INTERFACE_TO_ISP_YOUTUBE, change to your ISP interface at your mikrotik router

To avoid problem if your ISP for Youtube down you can copy-paste this script to mikrotik terminal:

/system script
add name=check_youtube policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\
:if ( [/ping count=1]=1) do={\r\
\n:log info \"Youtube Up\";\r\
\n:foreach i in=[/ip route find routing-mark=\"youtube\"] do={/ip route se\
t \$i disable=no};\r\
\n/tool e-mail send to=\"\" subject=([/system ident\
ity get name] . \" Youtube Up \" . [/system clock get date]) body=\"Youtub\
e Routing Mark Enable\";\r\
\n} else={\r\
\n:log info \"Youtube Down\";\r\
\n:foreach i in=[/ip route find routing-mark=\"youtube\"] do={/ip route se\
t \$i disable=yes};\r\
\n/tool e-mail send to=\"\" subject=([/system ident\
ity get name] . \" Youtube Down \" . [/system clock get date]) body=\"Yout\
ube Routing Mark Disable\";\r\

and activate this script from Netwatch

/tool netwatch
add comment="Youtube Check" disabled=no down-script=check_youtube host=\ interval=1m timeout=25ms up-script=check_youtube


Kamis, 24 Februari 2011

Jika Paket Data Tidak mau jalan lewat tunnel

Kadang kala pengiriman data via tunnel mengalami kendala khususnya paket-paket TCP, jika anda menghadapi masalah tersebut jangan pusing solusinya adalah buat mangle di chain forward utk tcp syn action change mss clamp to pmtu, tujuannya agar tunnel tersebut bisa mengatur parameter MTU (Maximum Transfer Unit) yang mungkin berbeda diantara end-point tersebut