Has anyone utilized the address lists and NAT rules to dynamically load balance 2 or more servers (web, webmail, etc) that require stateful load balancing (like ASP, PHP scripts do)? Even VOIP / SIP servers could be balancing this way I would think.
My idea was to dynamically add a new “client” to the specified server’s address list, so that once connected it will go to that particular server until it times out after a few hours or if the server goes down (via netwatch & script).
My core router is still 2.8.28, and I’m not AS famaliar with 2.9’s routing rules, but is this even feasible or am I running in the wrong direction?
I love MikroTik and operate a distributorship and a wisp. I cannot see this working out well for you. I seriously recommend shelling out the big bucks for a cisco asa or a high end catalyst with the upgraded os, or even a cisco 3800 0r 7200 even depending on scale. RouterOS is great, but putting an x86 box together with the required horsepower to do what you want, and then managing the whole thing by yourself seems to me like a nightmare. Not to mention, you cannot really get commercial support for that sort of thing, so if you get hit by a bus, find a new job, or just don’t show up one day there are network problems, it cannot be fixed without you. I run my entire backhaul/ap network off MikroTik devices, but I really do not trust ros for datacenter applications.
I don’t see why you couldn’t do this … mikrotik can handle that no problem. A little scripting and firewall / mangle setup and you should be good to go.
We’ve been using MT in wired 100+mbps data center environment for years now. We’ve just now been getting into the wireless piece of mikrotik, which seems to be the less-stable side of MT : )
Well if I get hit by a bus the company will be in serious trouble, because it’s my company. Actually, I know another local certified MT admin that could easily help us out (we help him out too) if I were sick or in the hospital.
And the applications would be in trouble too because they are all custom written software applications for medical, and hotel resort management, in addition to email, etc.
So if it can be done I want to do it. I was testing with one of my AP’s firewall NAT / mangle and found maybe a combination of mangle & address-list rules combined with either random or Nth-marking, might allow me to round-robin between different internal NAT hosts (1 NAT entry per server, using a src-address-list entry to determine which server gets it), and having a persistent connection to that server once connected until timeout or server failure.
As far as Cisco, at the moment, if I were to buy a Cisco unit that was capable of doing this, or had to upgrade to MS W2K3 w/ Clustering (and SQL) I’d be out of business. If I can’t make an X86 2.8ghz P4 w/ 512MB RAM load balance & failover less than 10Mbps of traffic, something is wrong.
If you have another admin if you get hit by a bus, put ros on that connex. For simple load balancing, you could do this with a couple mangle rules. I thought you were talking about more traffic and not having someone on standby. Let us know how it goes!
A bit of modification to this and I think you will be in business, if you would also be kind enough to share it with us on the wiki that would be great!
Great wiki article. I’ll definitely work on that and if I reverse it (for “N” connections, rather than just 2), I’ll repost another solution.
The persistent load balancing is exactly what I had in mind, although it’s going to have to be scalable, and it looks like 5 rules per server IP.
Really, it doesn’t have to route OUT the same connection, just use the right NAT rule for inbound packets (the servers themselves will take care of replying, and the router will SRC-NAT it accordingly)