I finally solved my routing problem. Despite every reference I found to Policy Route where you add a Mangle Rule and a 0.0.0.0/0 Route with a Marking Route, none of the information I found on policy routing was a solution. In the end I ended up having to first mark the packet with a mangle rule with passthrough. I then had to add a routing mark to the packet with the packet mark. Only then would the packet end up with a routing mark and hit the proper outgoing route. Unique to my RouterOS version (5.12), I don't know
COMMENTARY ABOUT SUPPORT:
Ladies and Gentlemen, Please, I wish to express a genuine concern with my experience regarding support here in general and with the Mikrotik product, it's Wiki and many How-To's. By all means, I wish to be humble with my expression.
My two main concerns:
First:
I was in real need here for some direction. However, I received not a single response, not even from a moderator. I admitted I came from and have a Cisco background; that does not translate into an expert on how to accomplish A or B on a Mikrotik product, only that I am very familiar with concept and application on Cisco devices. And despite taking the Mikrotik Routing Courses, they are by no means comparative to a Cisco CCNP or CCIE course in requirement and knowledge. That said, I have the knowledge needed, just lacking the long term practical application on the Mikrotik product.
I searched high and low and for some practical basic application of how to accomplish my goal. In "every" case, the solutions presented did so with the premise that a router has only a WAN and everything behind it is a LAN; no such thing as a WAN/WAN/WAN or even LAN/LAN/LAN. In the real world that simply is not the case. In fact, most routers serving in the world are routing public traffic, period. Referring to any how-to's one must remove/omit the steps stating to NAT in some fashsion, etc., where applying to a private IP Block. Simple enough. But when learning your way around the RouterOS, when your having difficulty with something not working, you question "what am I missing? I've followed every step up to but not including the NAT and it's not working." This is a simple example, which brings me to my second point.
Second:
Mikrotik has come out with the CC Series Routers. 36 Core Wire Speed 2M+ Packets a second. Who would use such a router with a private IP block behind it NAT'ing a Class B or Class C's. Perhaps there's a lot of you out there. I work with publics and serve my 10,000 customers with public IPV4 and am currently integrating my IPV6/32. My point again is a lack of documentation where private IP's are not part of the equation.
I express these concerns as my company is about to conclude a deal with a major carrier whereby our markets will increase by 6-15 fold, potentially 60,000 - 150,000 customers. I will continue to use Cisco, Brocade, and Ciena where is makes sense. But I'm reaching out to ask why would I use Mikrotik given my experience and comments thus far. Where is the Carrier Class level documentation. We're not just talking about BGP and the like. Remove yourselves from always seeing the network as a WAN to LAN environment, that's only part of the picture. Networking involves much more in the transport layer than just that last mile.
Please, don't misunderstand me, my comments are not meant to bash, demean, or cast negativity towards the Mikrotik product. Mikrotik's RouterOS is a phenomenal product and I clearly see a use for it. And would like to better manage the 60 or so routers I've inherited through company acquisitions. But I would like to be able to have greater confidence in not just the hardware, but the documentation to back it up. Compare the documentation to a Cisco, Brocade, Juniper, Ciena, etc. You'll find that Carrier Class documentaion.
Thank you very much for a moment of your time...
EDIT: I believe part of my issue is this. I'm finding that the Mangle Rule is not marking the packets and therefore if would naturally go out the 26.22.2.1 route. I'll do some additional digging on what would cause the packets not be marked. I know traffic is both hitting and coming from the 211.1.1.8/30 network.
Hello,
I am trying to migrate traffic from my current ISP/GW to a new ISP/GW (See Pic). Ordinarily I would do this all at once in one cut over making it easy. However, I need to do this migration in steps. So I have a customers Public IP Block (Green). I want to move it's GW from 26.22.2.1 to 10.9.0.29 which would travel to and out 21.2.2.1. The new GW, 21.2.2.0/17, and 211.1.1.0/24 is, of course, being announced by my upstream provider to router A. I can ping 211.1.1.9 and .10 from the internet which is correct. Traffic to 211.1.1.9 and .10 is hitting 21.22.2.1 -> 10.9.0.29 -> .30. However, I cannot seem to get sourced traffic from the 211.1.1.8/30 block to exit 10.9.0.30. It continues to hit 26.22.2.1 which won't work as you would expect. This is what I have in place for Default Routes, Rules, and Mangle Rules. Can someone steer me in the right direction? I've attempted a number of How-To's but met w/o success. I could sure use some advice from those who have worked more with Policy Routing on Mikrotik than I. I've got a Cisco background trying to integrate a Mikrotik Network. Thank you so much!
da
Code: Select all
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=26.22.2.1 scope=255 target-scope=10 comment=Current/Old ISP
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.9.0.29 pref-src=10.9.0.30 routing-mark="To New POP" scope=255 target-scope=10 comment=New ISP
/ip firewall mangle
add action=mark-routing chain=prerouting comment=Customer disabled=no \
new-routing-mark="To New POP" passthrough=no src-address=\
211.1.1.8/30
/ip route rule
add action=lookup comment="To New ISP GW" disabled=no dst-address=0.0.0.0/0 \
src-address=211.1.1.8/30 table="To New POP"
add action=lookup disabled=no routing-mark="To New POP" table="To New POP"