I would like to load balance Mikrotik across multiple lines but also have a transparent proxy.
Something that will help me with:
ADSL Line #1 <masq> ADSL Route #1 <-> MT/Transparent Proxy <-> Clients
ADSL Line #2 <masq> ADSL Route #2
ADSL Line #3 <masq> ADSL Route #3
Does anyone have an example of such a configuration?
The src-address of the request going from the proxy server to the internet will always be the same, so no, it's not possible.
A dedicated proxy server connected to all three dsl lines (vlans, nics, take your pic), will however work, provided it is configured correctly. And yes, it could still be done transparently as well
A dedicated proxy server connected to all three dsl lines (vlans, nics, take your pic), will however work, provided it is configured correctly. And yes, it could still be done transparently as well
So are you saying that with source routing it will not work because of "fixed" output chain address - what about destination policy routing?The src-address of the request going from the proxy server to the internet will always be the same, so no, it's not possible.
When you say dedicated proxy server, do you mean MT proxy or some other operating system. What about this config:A dedicated proxy server connected to all three dsl lines (vlans, nics, take your pic), will however work, provided it is configured correctly. And yes, it could still be done transparently as well
________________________________Router A_____________Router B
ADSL Line #1 <masq> PPPoE1 <-> Destination Routing <-> MT/Transparent Proxy <-> Clients
ADSL Line #2 <masq> PPPoE2 <-> Destination Routing <->
ADSL Line #3 <masq> PPPoE3 <-> Destination Routing <->
Will work with destination policies yes...
A dedicated Squid system, you can supply multiple listen addresses (one connected to each router doing destination routing. Disable IP Forwarding on the proxy, and tell the proxy to use a src address that is the same as the interface address where the request came in from (You will need the latest version of Squid to accomplish this).
Thus a request coming in on Interface1 of the proxy (i.e. on PPPoE1), will always go to the Internet via PPPoE1, a request on PPPoE2, will always go out via PPPoE2, etc etc etc.
The result would be that the proxy is completely independant on what ever you do in regards to src or dst routing. The proxy will *always* go out on the same interface (i.e. network) that the request came in from. Your src-address will however still be over written which might cause problems on traffic queues...
Essentially you have one proxy, connected to three different networks...
ADSL Line #1 <masq> PPPoE1 <P VLAN 1> Destination Routing <-> MT <-> Clients
ADSL Line #2 <masq> PPPoE2 <P VLAN 2> Destination Routing <->
ADSL Line #3 <masq> PPPoE3 <P VLAN 3> Destination Routing <->
I would also never recomment a MT proxy be used due to the limitations in the performance, as well as the configuration options available in MT. Even a low end systems running a up to date version of Squid, with a properly optimised configuration file will outperform MT by far... Just getting decent refresh_patterns in place on Squid can make a significant increase in performance.
A dedicated Squid system, you can supply multiple listen addresses (one connected to each router doing destination routing. Disable IP Forwarding on the proxy, and tell the proxy to use a src address that is the same as the interface address where the request came in from (You will need the latest version of Squid to accomplish this).
Thus a request coming in on Interface1 of the proxy (i.e. on PPPoE1), will always go to the Internet via PPPoE1, a request on PPPoE2, will always go out via PPPoE2, etc etc etc.
The result would be that the proxy is completely independant on what ever you do in regards to src or dst routing. The proxy will *always* go out on the same interface (i.e. network) that the request came in from. Your src-address will however still be over written which might cause problems on traffic queues...
Essentially you have one proxy, connected to three different networks...
ADSL Line #1 <masq> PPPoE1 <P VLAN 1> Destination Routing <-> MT <-> Clients
ADSL Line #2 <masq> PPPoE2 <P VLAN 2> Destination Routing <->
ADSL Line #3 <masq> PPPoE3 <P VLAN 3> Destination Routing <->
I would also never recomment a MT proxy be used due to the limitations in the performance, as well as the configuration options available in MT. Even a low end systems running a up to date version of Squid, with a properly optimised configuration file will outperform MT by far... Just getting decent refresh_patterns in place on Squid can make a significant increase in performance.
thank you savage for your reply and I might contact you in the future to help me with such a "Squid" implementation.
However generally I prefer to not use a third party products to do transparent proxy / load balancing since I am already using Mikrotik and Mikrotik has both these features built in. Does Mikrotik have any plans to get transparent proxy with load balancing working?
However generally I prefer to not use a third party products to do transparent proxy / load balancing since I am already using Mikrotik and Mikrotik has both these features built in. Does Mikrotik have any plans to get transparent proxy with load balancing working?
Who is online
Users browsing this forum: Bing [Bot] and 117 guests