I'm using 7.12 Stable and have a question about the functionality of the routing rules.
The test circuit is something like this.
From the uplink network you need to route via src-addr to VRFs (VLANs) identical in addressing.
In ROS6, a similar problem was solved through ip rules.
Code: Select all
/interface ethernet
set [ find default-name=ether1 ] comment=to-vrf
set [ find default-name=ether2 ] comment=to-uplink
set [ find default-name=ether13 ] comment=management
# VLAN for identical net
/interface vlan
add interface=ether1 name=vlan106 vlan-id=106
add interface=ether1 name=vlan115 vlan-id=115
#create VFRs
/ip vrf
add interfaces=vlan106 name=vrf106
add interfaces=vlan115 name=vrf115
add interfaces=ether2 name=vrf_uplink
# nets in VRF106 and VRF115 identical
/ip address
add address=10.150.201.1/24 interface=ether2 network=10.150.201.0
add address=192.168.3.30/24 interface=ether13 network=192.168.3.0
add address=10.150.200.63/24 interface=vlan106 network=10.150.200.0
add address=10.150.200.63/24 interface=vlan115 network=10.150.200.0
# VRF106 and VRF115 nave defualt
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.3.2%ether13@main pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.150.200.1@vrf106 pref-src=0.0.0.0 routing-table=vrf106 scope=30 suppress-hw-offload=no target-scope=10
add disabled=no dst-address=10.225.0.0/16 gateway=10.150.201.2@vrf_uplink routing-table=vrf_uplink suppress-hw-offload=no
add disabled=no distance=1 dst-address=10.225.0.0/16 gateway=10.150.201.2@vrf_uplink pref-src=0.0.0.0 routing-table=vrf106 scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=10.225.0.0/16 gateway=10.150.201.2@vrf_uplink pref-src="" routing-table=vrf115 scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.150.200.1@vrf115 pref-src="" routing-table=vrf115 scope=30 suppress-hw-offload=no target-scope=10
Code: Select all
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=vrf115 passthrough=no src-address=10.225.1.0/24
This doesn’t work anymore, sniffer shows that Mikrotik doesn’t even try, it sends net unreachable.
I tried to specify Routing mark, Interface and even 0.0.0.0/0 as dst-address in any combination. It has no effect.
Code: Select all
routing rule
add action=lookup-only-in-table disabled=no src-address=10.225.1.0/24 table=vrf106
add action=lookup-only-in-table disabled=no src-address=10.225.2.0/24 table=vrf115