I Have 10 Mikrotik server : 1.exam.co, 2.exam.co, 3.exam.co, …, 10.exam.co
and I have 9000 Users to connect over PPTP or L2TP to these mikrotik servers to use as VPN
Users Have 10 Address to choose, and its depend on them to choose which server to connect !
How can I manage the users to give them a single domain address (vpn.exam.co) and they equally connect to all servers
right now sometimes on “server 1” I have 200 Users Online and Other servers almost have no online user
How about using DNS round-robin (i.e. have vpn.exam.co with 10 A records)? You’ll just have to be careful if you’re using server certificates … to install same certificate to all of VPN servers.
That’s pure DNS feature. If you have DNS configuration like this
vpn.exam.co. IN A 1.2.3.41
vpn.exam.co. IN A 1.2.3.42
vpn.exam.co. IN A 1.2.3.43
vpn.exam.co. IN A 1.2.3.44
vpn.exam.co. IN A 1.2.3.45
and client asks for IP address of vpn.exam.co, DNS server will return one of IP addresses … and will return different one every time in a round-robin manner (first it’ll serve 1.2.3.41, then 1.2.3.42, then …, then 1.2.3.45, then 1.2.3.41 and so forth) … so statistically all IP addresses will be used same number of times.
In the back-end, you have 5 (or whatever number you want) servers, each answering to one of those IP addresses. So statistically all servers will be used approximately the same.
This is an option as well … but requires to have VPN servers behind NAT router.
Both solutions are half-baked for high-availability: if one of VPN servers dies, clients will likely (but not guaranteed) get directed at another VPN server at next connection attempt in both cases.
one or more (ex failover router), depending on your network infrastructure
it’s boils down to implementing load balancer logic on router.
If you vpn server are directly exposed to internet, then RR-dns is preferred. If they are in dmz (or similar) and shielded, load balancing in router might be more interesting
well, our clients “using traffic” are very heavy (600 MB/s for 100 User Online) and each server has a 10G port
so I think its not possible to NAT two or more server over one NAT !
Am I right ?
That is a lot of traffic all right.
Sounds like service delivery is important. having proper client experience. With pure RR, client will cache the response and if that server is down, he won’t be able to connect. https://en.wikipedia.org/wiki/Round-robin_DNS
Client side software doing the “round” part would be more flexible. Not sure if it exists though
Some 3e party L2TP/PPTP “client” would be interesting so it would choose an available gateways.
Commercial VPN-clients often have this function. (eg. Cisco AnyConnect or something)
This is a long shot, but perhaps you might consider implementing it not on Mikrotik directly ?
Take a look at
This is an opensource (both VPN-client & VPN-server) that handles many types of VPN with some advanced features including clustering up to 64-nodes.
You could get some common “off the shelve” PC’s with fast CPU, some SSD and 10Gbits networking and put them in cluster.
Then have Mikrotik provide some NAT-services to the backend.
Perhaps Mikrotik could think about integrating such thing onto RouterOS Source code is available.
Source code is available.