Topologi Proxy (ZPH enabled) + Mikrotik

Teknologi ZPH di squid memang sangat membantu kinerja Proxy, apalagi jika dikawinkan dengan Mikrotik. Muaantaaappp kalleeee…







Hanya saja, semua tergantung topologi internet-nya.




Kalau topologi biasa, yang menggunakan satu ethernet di proxy, kurang mantap. Tapi, dengan topologi 2 ethernet dan bukan bridge, jadi bikin mantap.


Client memang di limit 128Kbps, tapi brosing-nya, enceeerrrr… kek sungai deli waktu lagi banjir. Delay Pools malah gak ada artinya…


Kalau warnet menggunakan RB-750. Dengan 5 Port yang ada, yang terpakai jadinya 4 Port. Ether1-ISP, Ether2-ProxyIN, Ether3-ProxyOut, Ether4-LAN.


Kalau setting ZPH di Squid-nya, aku gak perlu bahas lagi lah, banyak yang sudah bahas, nanti dibilang aku tukang copy paste pulak lagi, hahahah…


Setting Squid, malah standard. gak perlu banyak bikin refresh segala macam, cukup dengan mengaktifkan ZPH, lalu transparent proxy, lalu ip yang di allowkan untuk mengakses proxy, Besar cache_dir, maximum cache size, average cache size, cache_mem. Itu saja.


Untuk penghitungan cache_dir, aku juga gak bahas, dah banyak yang tulis di blog.


Lalu, di mikrotik, aku lebih banyak pakai queue tree. Kalau pake queue simple sih terserah, mangle untuk cache hit juga seperti yang telah dibahas banyak orang. Lalu per client di mangle, lalu di queue tree di limit 128kbps dengan satu parent utama. Sedangkan queue tree untuk proxy, parentnya langsung global-out.


Nah, di Mikrotik seperti yang kuketik di atas tadi, ada 4 Port yang di pakai. Contoh IP


Ether1-ISP=192.168.2.2/24

Ether2-ProxyIN=192.168.14.1/30

Ether3-ProxyOut=192.168.15.1/30

Ether4-LAN=192.168.150.1/28

DNS- mengiktui DNS ISP


Di Squid Proxy:

Ether1 = 192.168.14.2/30

Ether2= 192.168.15.2/30

Gateway=192.168.15.1

DNS- mengikuti DNS ISP.


Lalu yang di-masquerade adalah 192.168.15.0/30.

Pasti ada yang bingung kan.

Kenapa IP LAN range-nya 192.168.150.0/28, sementara IP Proxy 192.168.14.2/30 dan 192.168.15.2/30.

Nah aku pasti jawab, tapi aku mo lihat, seberapa banyak orang yang tertarik membaca blog-ku ini. Aku sengaja gak jelaskan. Send me a message…

Aku hanya tampilkan gambar aja untuk queue tree-nya

(Setelah sekian lama gak ku tulis, ini lah jamunya)


[admin@MikroTik] /ip route rule print

Flags: X – disabled, I – inactive

0 src-address=192.168.150.0/28 action=lookup table=warnet

[admin@MikroTik] /ip route print detail

Flags: X – disabled, A – active, D – dynamic, C – connect, S – static, r – rip, b – bgp, o – ospf, m – mme,

B – blackhole, U – unreachable, P – prohibit

0 A S dst-address=0.0.0.0/0 gateway=192.168.14.2 gateway-status=192.168.14.2 reachable ether2 distance=1 scope=30 target-scope=10

routing-mark=warnet

1 A S dst-address=0.0.0.0/0 gateway=192.168.2.1 gateway-status=192.168.2.1 reachable ether1 distance=1 scope=30 target-scope=10

[admin@MikroTik] /ip firewall nat print

Flags: X – disabled, I – invalid, D – dynamic

0 chain=srcnat action=masquerade src-address=192.168.15.0/30

[admin@MikroTik] /ip firewall mangle print

Flags: X – disabled, I – invalid, D – dynamic

0 ;;; Proxy HIT

chain=postrouting action=mark-connection new-connection-mark=capt_proxy passthrough=yes dscp=12

1 chain=postrouting action=mark-connection new-connection-mark=capt_proxy passthrough=yes content=X-Cache: HIT

2 chain=postrouting action=mark-packet new-packet-mark=proxy passthrough=no connection-mark=capt_proxy

3 ;;; Cabal

chain=postrouting action=mark-connection new-connection-mark=capt_cabal passthrough=yes protocol=tcp dst-address-list=cabal

dst-port=38111-38114,38121-38122,63112

4 chain=postrouting action=mark-packet new-packet-mark=cabal passthrough=no connection-mark=capt_cabal

5 chain=forward action=mark-packet new-packet-mark=spesial passthrough=no src-address=192.168.150.0/24 dst-address-list=spesial

6 ;;; Bilyard

chain=postrouting action=mark-connection new-connection-mark=capt_fbbilyard passthrough=yes protocol=tcp

dst-address=209.20.80.24 dst-port=2003,2015

7 chain=postrouting action=mark-packet new-packet-mark=bilyard passthrough=no connection-mark=capt_fbbilyard

8 ;;; Atlantica

chain=postrouting action=mark-connection new-connection-mark=capt_atlantica passthrough=yes protocol=tcp

dst-address-list=gemscool dst-port=4300

9 chain=postrouting action=mark-packet new-packet-mark=atlantica passthrough=no connection-mark=capt_atlantica

10 ;;; PointBlank

chain=postrouting action=mark-connection new-connection-mark=capt_pb passthrough=yes protocol=tcp dst-address-list=gemscool

dst-port=39100,39110,39120,39190,49100

11 chain=postrouting action=mark-connection new-connection-mark=capt_pb passthrough=yes protocol=udp dst-address-list=gemscool

dst-port=40000-40009

12 chain=postrouting action=mark-packet new-packet-mark=pb passthrough=no connection-mark=capt_pb

13 ;;; Poker

chain=postrouting action=mark-connection new-connection-mark=capt_poker passthrough=yes protocol=tcp

dst-address=74.114.14.0/24 dst-port=843,9339

14 chain=postrouting action=mark-packet new-packet-mark=poker passthrough=no connection-mark=capt_poker

15 ;;; FreeStyle

chain=postrouting action=mark-connection new-connection-mark=capt_freestyle passthrough=yes protocol=tcp

dst-address-list=gemscool dst-port=10010-10012

16 chain=postrouting action=mark-connection new-connection-mark=capt_freestyle passthrough=yes protocol=udp

dst-address-list=gemscool dst-port=10010-10012

17 chain=postrouting action=mark-packet new-packet-mark=freestyle passthrough=no connection-mark=capt_freestyle

18 ;;; Warnet

chain=forward action=mark-packet new-packet-mark=dn_warnet passthrough=no dst-address=192.168.150.0/28


[admin@MikroTik] > queue tree print

Flags: X – disabled, I – invalid

0 name=”warnet” parent=service packet-mark=dn_warnet limit-at=0 queue=pcq600k priority=8 max-limit=400k burst-limit=0 burst-threshold=0 burst-time=0s

1 name=”proxy” parent=global-out packet-mark=proxy limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

2 name=”poker” parent=game packet-mark=poker limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

3 name=”service” parent=global-out limit-at=0 priority=8 max-limit=2M burst-limit=0 burst-threshold=0 burst-time=0s

4 name=”game” parent=service limit-at=0 priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

5 name=”pointblank” parent=game packet-mark=pb limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

6 name=”freestyle” parent=game packet-mark=freestyle limit-at=300k queue=default priority=8 max-limit=500k burst-limit=0 burst-threshold=0 burst-time=0s

7 name=”cabal” parent=game packet-mark=cabal limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

8 name=”bilyard” parent=game packet-mark=bilyard limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

9 name=”atlantica” parent=game packet-mark=atlantica limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

10 name=”winbox” parent=global-out limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s




Dari gambar di atas terlihat bahwa, untuk traffik selain game yang diberi nama warnet dibatasi 400kb saja. Dan dibagian queue-types dilimit 400kbps pcq.

Sementara Proxy HIT terpisah dari traffik yang lain karena Cache HIT dibuat tidak dibatasi.


Di Proxy (Debian),


root@cache:~# iptables -t nat -nL

Chain PREROUTING (policy ACCEPT)

target prot opt source destination

REDIRECT tcp — 192.168.150.0/28 0.0.0.0/0 tcp dpt:80 redir ports 3128

Chain POSTROUTING (policy ACCEPT)

target prot opt source destination

MASQUERADE all — 192.168.150.0/28 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

root@cache:~#


di squid.

yang dikerjakan hanya beberapa baris ini

#untuk diterima di mangle mikrotik

zph_mode tos

zph_local 0×30

zph_parent 0

zph_option 136

#standar proxy

http_port 3128 transparent

acl localnet src 192.168.150.0/28

http_access allow localnet

Topologi ini udah banyak aku bikin di pelanggan warnet kami. Dan sudah menjadi standar dari ISP kami.

Sudah aku coba pakai ClearOS, tapi karena ZPH gak ada, jadinya gak maksimal. Aku coba-coba upgrade sendiri squid-nya, tapi ilmu linux ku masih kurang :-D. Gatotlah (gagal total)…

OS linux yang kupakai Debian 5 atau pun semua distro linux yang squid-nya udah support ZPH.




Sumber : http://wilferd2m3.wordpress.com/

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel